Sujet Précédent Sujet Suivant

Trojan venu par Antivirus Plus

Fermé
camille - 28 févr. 2010 à 15:09
 camille - 5 avril 2010 à 16:18
Bonjour,

Un fenêtre "Antivirus Plus" est apparue brusquement. Je ne l'ai pas téléchargé mais les fenêtres ont continué à apparaître pendant plusieurs jours. Depuis, je ne peux aller sur internet (firexox+explorer) que par la barre d'adresse, sinon envoi vers des sites étranges. Plusieurs scans faits par Malware Bites indiquent 4 Trojans.Vundo: 1 dans Windows 32 et 3 dans des Register Key qui ne disparaissent pas après suppression. Impossible d'aller sur des sites de scanner en ligne, connexion Internet (Neuf) de plus en plus mauvaise et l'ordinateur s'éteint très souvent avec ou sans écran bleu. Le lecteur Windows Media Player est aussi atteint.
A voir également:

69 réponses

Réponse 1 / 69
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
6 mars 2010 à 22:18
C'est bien ce que je pensais, il y a un rootkit TDL... Ce fichier est infecté :

C:\WINDOWS\system32\DRIVERS\iaStor.sys


• Télécharge SEAF (de C_XX)
• Dans les options, règle "Calculer le checksum" sur "MD5", puis coche "Informations supplémentaires" et "Chercher également dans le Registre"
• Tape iaStor.sys dans le champs de recherche, clique sur "Lancer la recherche" et patiente.
• A la fin, poste le rapport dans ta prochaine réponse

1
Réponse 2 / 69
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
8 mars 2010 à 16:41
On va essayer de remplacer le fichier système infecté :


• Télécharge WinFileReplace (de Loup Blanc)
• Lance le, choisis la langue puis laisse toi guider
• Le bloc-note va s'ouvrir et te demander le fichier a restaurer, tape ceci :

C:\WINDOWS\system32\DRIVERS\iaStor.sys

• Ferme le bloc-notes et enregistre les modifications
• Un téléchargement va débuter, et tu vas devoir accepter le contrat de licence de Microsoft
• Confirme la restauration du fichier en appuyant sur la touche O quand cela te sera demandé, puis sur la touche entrée.
• L'ordinateur va redémarrer, laisse le faire.
• Au redémarrage, un rapport va apparaître : envoie le moi ici stp.

1
Réponse 3 / 69
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
8 mars 2010 à 22:47
On va essayer d'utiliser une copie de ce fichier présente sur ton ordinateur. Combofix va se charger de déplacer le fichier :


/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour camille, il n'est pas transposable sur un autre ordinateur !

• Télécharge ce dossier camille_149.zip
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau.

• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme sur ce lien)
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

1
Réponse 4 / 69
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
13 mars 2010 à 00:53
• Relance WinFileReplace, choisis la langue puis laisse toi guider
• Le bloc-note va s'ouvrir et te demander le fichier a restaurer, tape ceci :

c:\WINDOWS\system32\tftp.exe
c:\WINDOWS\system32\ftp.exe

• Ferme le bloc-notes et enregistre les modifications
• Un téléchargement va débuter, et tu vas devoir accepter le contrat de licence de Microsoft
• Confirme la restauration du fichier en appuyant sur la touche O quand cela te sera demandé, puis sur la touche entrée.
• L'ordinateur va redémarrer, laisse le faire.
• Au redémarrage, un rapport va apparaître : envoie le moi ici stp.



J'espère que ça va fonctionner cette fois, parce qu'il n'y a pas de copie saine d'un de ces deux fichiers sur ton ordinateur...

1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 69
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
18 mars 2010 à 13:39
Change l'extension .log en .txt, et ça devrait passer sur cijoint ;)

1
Réponse 6 / 69
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
19 mars 2010 à 22:33
Je pensais qu'on l'avait déjà utilisé ^^

* Télécharge ZHPDiag (de Nicolas Coolman)
* Laisse toi guider lors de l'installation
* Il se lancera automatiquement à la fin de l'installation
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur ce site, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

1
Réponse 7 / 69
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
28 févr. 2010 à 15:26
Bonjour,


Antivirus Plus est un rogue, c'est à dire un faux logiciel de sécurité annonçant la présence de fausses infections pour te faire peur et te pousser à acheter une fausse protection (plus d'infos ici)... Ignore les fausses alertes du rogue, et ne l'achète surtout pas, je vais t'aider à t'en débarrasser.


/!\ Attention /!\
Le logiciel qui suit peut faire des dégâts en cas de mauvaise utilisation ! A utiliser uniquement avec une aide appropriée.


/!\ Désactive tous tes logiciels de protection /!\

• Télécharge ComboFix (de sUBs) sur ton Bureau. Je l'ai volontairement renommé pour contourner l'infection
• Double-clique sur ComboFix.exe afin de le lancer.
• Si tu es sous Windows XP, il va te demander d'installer la console de récupération : tu dois absolument accepter.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Tutoriel officiel de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

0
camille
28 févr. 2010 à 16:55
Merci pour ta réponse si rapide!

Voici le rapport. Mais malgré l'avertissement de Combo Fix, j'ai été obligée d'éteindre l'ordinateur manuellement.
En outre, j'avais enregistré récemment tous mes documents sur un disque dur externe que je n'ai pas pensé ç allumer pendant le scan. Faut-il le recommencer au vu du rapport, bien que MalwareBytes ait indiqué qu'aucun fichier n'était infecté?


ComboFix 10-02-27.04 - camille 28/02/2010 16:11:52.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.357 [GMT 1:00]
Lancé depuis: d:\documents and settings\camille\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081130-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\recycler\S-1-5-21-3292415467-4024592229-281869871-500
c:\windows\EventSystem.log
c:\windows\N039_jpg.zip
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\3768292601.dat
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\cdoxqrc.dll
c:\windows\system32\drivers\ervhllnn.sys
c:\windows\system32\drivers\jnjqwfaz.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Ijl11.dll
c:\windows\system32\Microsoft\backup.ftp
c:\windows\system32\Microsoft\backup.tftp
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\sshnas21.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\yvqquxl.dll
c:\windows\system32\zwmlayso.dll
d:\documents and settings\All Users.\documents\settings
d:\documents and settings\arthur\Application Data\Mozilla\Firefox\Profiles\rpe3gebp.default\extensions\{955213db-dd61-47e1-a160-6a80724d2a27}
d:\documents and settings\arthur\Application Data\Mozilla\Firefox\Profiles\rpe3gebp.default\extensions\{955213db-dd61-47e1-a160-6a80724d2a27}\chrome.manifest
d:\documents and settings\arthur\Application Data\Mozilla\Firefox\Profiles\rpe3gebp.default\extensions\{955213db-dd61-47e1-a160-6a80724d2a27}\chrome\xulcache.jar
d:\documents and settings\arthur\Application Data\Mozilla\Firefox\Profiles\rpe3gebp.default\extensions\{955213db-dd61-47e1-a160-6a80724d2a27}\defaults\preferences\xulcache.js
d:\documents and settings\arthur\Application Data\Mozilla\Firefox\Profiles\rpe3gebp.default\extensions\{955213db-dd61-47e1-a160-6a80724d2a27}\install.rdf
d:\documents and settings\camille\Application Data\Mozilla\Firefox\Profiles\5j55f2wk.default\extensions\{955213db-dd61-47e1-a160-6a80724d2a27}
d:\documents and settings\camille\Application Data\Mozilla\Firefox\Profiles\5j55f2wk.default\extensions\{955213db-dd61-47e1-a160-6a80724d2a27}\chrome.manifest
d:\documents and settings\camille\Application Data\Mozilla\Firefox\Profiles\5j55f2wk.default\extensions\{955213db-dd61-47e1-a160-6a80724d2a27}\chrome\xulcache.jar
d:\documents and settings\camille\Application Data\Mozilla\Firefox\Profiles\5j55f2wk.default\extensions\{955213db-dd61-47e1-a160-6a80724d2a27}\defaults\preferences\xulcache.js
d:\documents and settings\camille\Application Data\Mozilla\Firefox\Profiles\5j55f2wk.default\extensions\{955213db-dd61-47e1-a160-6a80724d2a27}\install.rdf
d:\documents and settings\camille\Application Data\SystemProc
d:\documents and settings\isabelle\Application Data\Mozilla\Firefox\Profiles\h75we7cm.default\extensions\{955213db-dd61-47e1-a160-6a80724d2a27}
d:\documents and settings\isabelle\Application Data\Mozilla\Firefox\Profiles\h75we7cm.default\extensions\{955213db-dd61-47e1-a160-6a80724d2a27}\chrome.manifest
d:\documents and settings\isabelle\Application Data\Mozilla\Firefox\Profiles\h75we7cm.default\extensions\{955213db-dd61-47e1-a160-6a80724d2a27}\chrome\xulcache.jar
d:\documents and settings\isabelle\Application Data\Mozilla\Firefox\Profiles\h75we7cm.default\extensions\{955213db-dd61-47e1-a160-6a80724d2a27}\defaults\preferences\xulcache.js
d:\documents and settings\isabelle\Application Data\Mozilla\Firefox\Profiles\h75we7cm.default\extensions\{955213db-dd61-47e1-a160-6a80724d2a27}\install.rdf
d:\documents and settings\isabelle\Mes documents\ZbThumbnail.info

c:\windows\system32\ftp.exe . . . est infecté!!

c:\windows\system32\tftp.exe . . . est infecté!!

c:\windows\system32\drivers\3xHybrid.sys . . . est infecté!! . . .Failed to restore. Attempting to replace on reboot

Une copie infectée de c:\windows\system32\drivers\3xHybrid.sys a été trouvée et désinfectée
Copie restaurée à partir de - c:\system volume information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP20\A0124410.sys
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ERVHLLNN
-------\Legacy_ORJPVIDW
-------\Legacy_PERFORMANCE_MONITOR
-------\Legacy_SSHNAS
-------\Legacy_USERINIT_LOGON_APPLICATION
-------\Service_ervhllnn
-------\Service_orjpvidw
-------\Service_Userinit Logon Application


((((((((((((((((((((((((((((( Fichiers créés du 2010-01-28 au 2010-02-28 ))))))))))))))))))))))))))))))))))))
.

2010-02-28 14:59 . 2010-02-28 15:07 -------- d-----w- C:\32788R22FWJFW
2010-02-24 13:44 . 2010-02-24 13:44 -------- d-----w- d:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-02-22 22:20 . 2010-02-22 22:21 -------- d-----w- d:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-22 22:20 . 2010-02-22 22:21 -------- d-----w- c:\program files\iTunes
2010-02-22 22:20 . 2010-02-22 22:20 -------- d-----w- c:\program files\Bonjour
2010-02-22 22:18 . 2010-02-22 22:18 -------- d-----w- d:\documents and settings\camille\Local Settings\Application Data\Apple
2010-02-22 22:17 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-02-22 22:17 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-02-22 22:17 . 2010-02-22 22:23 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple
2010-02-22 22:17 . 2010-02-22 22:20 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-02-18 10:37 . 2010-02-18 10:37 -------- d-----w- d:\documents and settings\NetworkService\Mes documents
2010-02-18 10:37 . 2010-02-18 10:37 -------- d-----w- d:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-02-15 15:41 . 2010-02-15 15:41 -------- d-s---w- d:\documents and settings\LocalService\UserData
2010-02-01 17:14 . 2010-02-01 17:14 -------- d-----w- d:\documents and settings\camille\Application Data\Malwarebytes
2010-02-01 17:14 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 17:14 . 2010-02-01 17:14 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-01 17:14 . 2010-02-01 17:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-01 17:14 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 21:37 . 2006-09-18 19:18 -------- d-----w- c:\program files\eMule
2010-02-24 15:05 . 2009-01-06 20:55 -------- d-----w- d:\documents and settings\camille\Application Data\Skype
2010-02-24 15:04 . 2009-01-06 20:58 -------- d-----w- d:\documents and settings\camille\Application Data\skypePM
2010-02-22 22:39 . 2006-09-04 12:15 -------- d-----w- d:\documents and settings\camille\Application Data\Apple Computer
2010-02-22 22:23 . 2006-08-23 14:45 67144 ----a-w- d:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-22 22:20 . 2006-09-04 12:14 -------- d-----w- c:\program files\iPod
2010-02-22 22:19 . 2006-08-23 14:44 -------- d-----w- c:\program files\QuickTime
2010-02-22 22:18 . 2007-03-11 12:13 -------- d-----w- c:\program files\Apple Software Update
2010-02-15 18:37 . 2010-02-15 18:37 4096 ----a-w- c:\windows\system32\06.tmp
2010-02-15 18:36 . 2010-02-15 18:36 4096 ----a-w- c:\windows\system32\05.tmp
2010-02-15 18:29 . 2010-02-15 18:29 4096 ----a-w- c:\windows\system32\04.tmp
2010-02-15 18:17 . 2010-02-15 18:17 4096 ----a-w- c:\windows\system32\03.tmp
2010-02-15 18:13 . 2010-02-15 18:13 4096 ----a-w- c:\windows\system32\02.tmp
2010-01-15 19:02 . 2010-01-15 19:02 4096 ----a-w- c:\windows\system32\01.tmp
2009-12-10 02:23 . 2004-09-23 16:12 84526 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-10 02:23 . 2004-09-23 16:12 510324 ----a-w- c:\windows\system32\perfh00C.dat
2008-12-19 21:42 . 2006-11-13 18:15 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 21:42 . 2006-11-13 18:15 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 21:42 . 2006-11-13 18:15 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 21:42 . 2006-11-13 18:15 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 21:42 . 2006-11-13 18:15 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-03-21 14:20 . 2004-09-23 16:10 162155 --sha-r- c:\windows\system32\ddmoqykh.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\kbdclass.sys
[-] 2004-08-03 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\I386\NTFS.SYS

[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB913446$\tcpip.sys

[-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\browser.dll
[-] 2004-08-10 . CE9DC7CC6D75515EE62CA341473EC5F3 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

[-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\lsass.exe
[-] 2004-08-10 . 9F3744A5C6F49291A7A685040A013399 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\netman.dll
[-] 2005-08-22 . 0D55724D88488BBFC53BC2EA219240F3 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 31748843AD5811351B115CC52CEA8D77 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-10 . 624CF700BBFD8BE4097AAA146E6BD363 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\qmgr.dll
[-] 2004-08-10 . 87424817F82CF6A7F55DAC01A20111A3 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

[-] 2009-02-09 . F83B964469D230F445613C44DF9FE25D . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . BA1EF616F55210820F6462D033088497 . 401408 . . [5.1.2600.3520] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . BA1EF616F55210820F6462D033088497 . 401408 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\rpcss.dll
[-] 2005-07-26 . CB7D37602638369A516757E994CBB31D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2005-07-26 . B38D431ACE730452CD1FEE4FB7ECD6E2 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . FD292BFE003558F4C39AA3D44F420AC7 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . D0F724BDF4A0647F1A52985FD629EFCE . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-10 . 2477917B158327410E615C582A3A4C0B . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . 51A24094F076961A7FF73E5F7E991D68 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\services.exe
[-] 2009-02-09 . 51A24094F076961A7FF73E5F7E991D68 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\services.exe
[-] 2008-04-14 . 54CB50058851D95E56EC70D09F70857F . 109056 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\services.exe
[-] 2004-08-10 . 732E0B1ABAACE15D80EC19056B0A2AF9 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
[-] 2004-08-10 . B4EF928E4FAD79364A80ACBA6D999934 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\winlogon.exe
[-] 2004-08-10 . D2DE785AEAB0BB8CA4C14A8A199DBE4E . 506368 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\comctl32.dll
[-] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-08-25 . 5BBCD65CFD7610F36BCA96B72BBAED4B . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . 5BBCD65CFD7610F36BCA96B72BBAED4B . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2004-08-10 . A53B48B5AB9A5DA76ED247D61B0B0ADD . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL

[-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\cryptsvc.dll
[-] 2004-08-10 . BDDF3723D95DC28D78B1E93119E0E6AB . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll

[-] 2008-07-07 20:31 . A5B1B7C76134329AA7547F6E6DA35410 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:31 . A5B1B7C76134329AA7547F6E6DA35410 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:18 . 74ECF4DDC685BD3249CAB323405FCC49 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 02:33 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\es.dll
[-] 2005-07-26 04:39 . D9CDB9380E0EFC9E97CC589B5F484B94 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2005-07-26 04:29 . B56B69129181FF63BAED5EDE65DCC9B1 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-10 12:00 . BBA1D0A306ABE68A13F58FDBE97E9AF4 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\imm32.dll
[-] 2004-08-10 . 39EE5FAF56260EBB8D77A08F525EBBB4 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

[-] 2009-03-21 . 534040750B9E70B156A98F5D0E8F6D2A . 1051136 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 534040750B9E70B156A98F5D0E8F6D2A . 1051136 . . [5.1.2600.3541] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . C3AF0EEE26B59484E674673E3016AAB7 . 1056768 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 2087E2764822A8D93A4CA7FA0FED35E8 . 1054208 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\kernel32.dll
[-] 2007-04-16 . 62E3F0E9ABFCBCEE62C51546F622C455 . 1051136 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . 6F1FE2AE7B22EB9CED1BFF533C9455EA . 1049600 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2006-07-05 . FB85EF2A6713E3A58A497E093626B93C . 1050112 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . CE4AF1FA47A29ADF97CB107775CE395C . 1049088 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2004-08-10 . 7830E20C74611281B1BDAE5888CD50F5 . 1048576 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

[-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\linkinfo.dll
[-] 2005-09-01 . D9BD4CCA0533401B6609E47FF74F40DC . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . 8D9A075C065DFE1228688D10155D6624 . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-10 . 9D21BC0235494F2B403026A1D3619E00 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\lpk.dll
[-] 2004-08-10 . 8C97E0E3DAA99659D4F4B44CC1F282A6 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll

[-] 2009-10-29 . BD80B64DCB52FFA71CF5ACF8EDD3475F . 3091968 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3GDR\mshtml.dll
[-] 2009-10-29 . 68A29F2A4EA35F40339FC89549F388CE . 3094016 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll
[-] 2009-10-29 . E184AA9779789DC4EE9DBFDE54074BA3 . 3091968 . . [6.00.2900.3640] . . c:\windows\system32\mshtml.dll
[-] 2009-10-29 . E184AA9779789DC4EE9DBFDE54074BA3 . 3091968 . . [6.00.2900.3640] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-10-20 . 914F42631ACE8544F76BF9E529309B19 . 3091968 . . [6.00.2900.3636] . . c:\windows\$NtUninstallKB976325$\mshtml.dll
[-] 2009-10-19 . D64D8B11BA4A50E497C8A0342DC5BF2B . 3091968 . . [6.00.2900.5890] . . c:\windows\$hf_mig$\KB976749\SP3GDR\mshtml.dll
[-] 2009-10-19 . 96A5441C54E16340477D1B051AF5BEED . 3093504 . . [6.00.2900.5890] . . c:\windows\$hf_mig$\KB976749\SP3QFE\mshtml.dll
[-] 2009-09-25 . 1EB78FBCE3D44AE3070356268DD60A9C . 3091968 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB976749$\mshtml.dll
[-] 2009-09-25 . DCE11719021491A5F8E226E31A2074C3 . 3091968 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3GDR\mshtml.dll
[-] 2009-09-25 . CA9EE77EACF0021761764C28C2063D9A . 3093504 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\mshtml.dll
[-] 2009-07-18 . E0E80E9B1B3321B1AF943720AB16E7C2 . 3090432 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3GDR\mshtml.dll
[-] 2009-07-18 . 169C482CD18E2A1D80135974902F88F7 . 3090432 . . [6.00.2900.3603] . . c:\windows\$NtUninstallKB974455$\mshtml.dll
[-] 2009-07-18 . 4E816F8F7F18C2774EC5BACAC42635C0 . 3090944 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll
[-] 2009-04-29 . D324BAC264319E0C1A832CBC0DCAA516 . 3089920 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\mshtml.dll
[-] 2009-04-29 . DACDAF05E6B664F8E62480182CBA2C78 . 3089920 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\mshtml.dll
[-] 2009-04-29 . 96C819527CD6AB12AF4652D48F9B5196 . 3090432 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll
[-] 2009-02-20 . D5F02ACCD671A99D15F59DA56B2EA3EC . 3088896 . . [6.00.2900.3527] . . c:\windows\$NtUninstallKB969897$\mshtml.dll
[-] 2009-02-20 . EB1C22D91F6363367656872ED813DAB5 . 3089408 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3GDR\mshtml.dll
[-] 2009-02-20 . BAE9A8994957EF57BB429A7E5688EC80 . 3089408 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\mshtml.dll
[-] 2008-12-12 . 19442577E63238262B8CA132E64FA5BE . 3088384 . . [6.00.2900.3492] . . c:\windows\$NtUninstallKB963027$\mshtml.dll
[-] 2008-12-12 . 6F69E698F11B1214F05195873B73BED4 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-12-12 . A3C8A9D3F61F721FCA1A841164FB0CF2 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3GDR\mshtml.dll
[-] 2008-10-16 . 14BBFF7E52B9FF4645AB4EF9D4CE6182 . 3088384 . . [6.00.2900.3462] . . c:\windows\$NtUninstallKB960714$\mshtml.dll
[-] 2008-10-16 . 72299C6CD21801EAB5CBBC3F7B1DB195 . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[-] 2008-10-16 . CC8B4DA84F4621329ACA3F7A81584F83 . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\mshtml.dll
[-] 2008-08-20 . EB2B003122AA714FE93979CFA4EEAA55 . 3088384 . . [6.00.2900.3429] . . c:\windows\$NtUninstallKB958215$\mshtml.dll
[-] 2008-08-20 . E1772442035064C97BA6B4D60BDA1BB9 . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll
[-] 2008-08-20 . 4229C8960DE4DC5B6C326E2B65175E9F . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
[-] 2008-06-25 . 8758CE41A129C23B1A1BD7C9FEE2CCCB . 3088896 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3QFE\mshtml.dll
[-] 2008-06-23 . A9D7198AAAC327D413D7941B2C0046A4 . 3088384 . . [6.00.2900.3395] . . c:\windows\$NtUninstallKB956390$\mshtml.dll
[-] 2008-06-23 . DB0D7FB7B08ED1A861ACDD3A684049DD . 3088384 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3GDR\mshtml.dll
[-] 2008-04-21 . 57BC3BE475F34AE089878A016C2CA46E . 3087872 . . [6.00.2900.3354] . . c:\windows\$NtUninstallKB953838$\mshtml.dll
[-] 2008-04-21 . 840E79E91BCCD80B2FC3CCAD2C60B35A . 3087872 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\mshtml.dll
[-] 2008-04-21 . B3CD09A5DBD2A569ADFA8654E3C8879D . 3088384 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\mshtml.dll
[-] 2008-04-14 . C4153F037157C7BE7C54FD88887F027D . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\mshtml.dll
[-] 2008-02-16 . 7A78A2B4118A5F18B4CC93A83F157FD3 . 3087872 . . [6.00.2900.3314] . . c:\windows\$NtUninstallKB950759$\mshtml.dll
[-] 2007-12-07 . 538016006E65697948DC04305FC60212 . 3087360 . . [6.00.2900.3268] . . c:\windows\$NtUninstallKB947864$\mshtml.dll
[-] 2007-10-30 . 1B0CD3D5B664C7786698FBB8C381A4D3 . 3086848 . . [6.00.2900.3243] . . c:\windows\$NtUninstallKB944533$\mshtml.dll
[-] 2007-08-22 . 6B815842B4A9CDED3D7E9846639E69FA . 3085824 . . [6.00.2900.3199] . . c:\windows\$NtUninstallKB942615$\mshtml.dll
[-] 2007-06-15 . CA8215FF55022B47D6948C4BB09E8D52 . 3085312 . . [6.00.2900.3157] . . c:\windows\$NtUninstallKB939653$\mshtml.dll
[-] 2007-05-04 . BE930AD339B283D83030BD7E67D1CCFD . 3085312 . . [6.00.2900.3132] . . c:\windows\$NtUninstallKB937143$\mshtml.dll
[-] 2007-02-19 . 942AB79C4A9DDEED3FE39C424967B91B . 3084288 . . [6.00.2900.3086] . . c:\windows\$NtUninstallKB933566$\mshtml.dll
[-] 2007-01-04 . 1703F708C9D604CDD3D8C199861DC2E4 . 3083264 . . [6.00.2900.3059] . . c:\windows\$NtUninstallKB931768$\mshtml.dll
[-] 2006-10-23 . EE542871960ACFD459F4113B1BCC6C10 . 3082240 . . [6.00.2900.3020] . . c:\windows\$NtUninstallKB928090$\mshtml.dll
[-] 2006-09-14 . DDF783ED4C24E7126E3FF25AD07CB25A . 3079680 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454$\mshtml.dll
[-] 2006-07-28 . DC9A660A7E39F90903B79E893B121FC9 . 3079168 . . [6.00.2900.2963] . . c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2006-02-01 . 1138DFC763E237BEC92AE086AC5FED2D . 3035648 . . [6.00.2900.2838] . . c:\windows\$NtUninstallKB918899$\mshtml.dll
[-] 2004-08-10 . 3FE8D0C4C2F3B928192BD06DCEE34B32 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB912945$\mshtml.dll

[-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\msvcrt.dll
[-] 2008-04-14 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2004-08-10 12:00 . E826A484EDE25C3AE19F1B8086511F4B . 267536 . . [4.20.6201] . . c:\windows\I386\WIN9XUPG\MSVCRT.DLL
[-] 2004-08-10 . 351B1AD22FD0EC70D889766E0B4F72ED . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll

[-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 8A52DE10680A40ECD04FA2C0FBC34190 . 247808 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 8A52DE10680A40ECD04FA2C0FBC34190 . 247808 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 4138FBDEDBC6FEAD215BB4C4B102F7DE . 247808 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\mswsock.dll
[-] 2004-08-10 . CCDD3433F3C3BD0D8502B38FD155B2F0 . 247808 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2009-02-06 . ECD7791E0E9246CA5F218A19F3911EB9 . 408064 . . [5.1.2600.3520] . . c:\windows\system32\netlogon.dll
[-] 2009-02-06 . ECD7791E0E9246CA5F218A19F3911EB9 . 408064 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\netlogon.dll
[-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\netlogon.dll
[-] 2004-08-10 . FAF07FDCDE76000621A28D19F8E2E8EB . 407040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB968389$\netlogon.dll

[-] 2009-08-04 . 263FA3A73C588A26306D3B403A45F5A9 . 2191232 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . 63864AF70CAC631077A6C1223617336B . 2191360 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . E23599BE2D89A295771CAD1212C7772A . 2188032 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-08-04 . E23599BE2D89A295771CAD1212C7772A . 2188032 . . [5.1.2600.3610] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . DCEFB166769B708F654742C0E3634CFB . 2144768 . . [5.1.2600.3610] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . A1FF4DE51A704E4E5E1DD9BEFCCB4C31 . 2144768 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . D79210549BBF09B7638E860440504299 . 2191232 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . B853AD3E9A1604596126D3BEFE0CC52A . 2144768 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-08-14 . C8D4D5974F9671DA0A37175650912960 . 2191232 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-04-14 . 099D639DA1EF6968D4E41795BB507E6B . 2191104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntoskrnl.exe
[-] 2007-02-28 . DE41F3B43B9F15E08CCD4B98A7BB2CA3 . 2139648 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2006-12-19 . D9F5291648962A1733F8D3E59DA47BEE . 2139648 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2005-09-29 . CD6A9F81C8B9BAF1E4393C6C476D17E7 . 2138112 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2005-03-02 . 3E2A0A4A0C0B19FC113618A9562A3B2A . 2181632 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . E75F7AA5A33479F29C636FD0890F5762 . 2137600 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB896256$\ntoskrnl.exe
[-] 2004-08-03 . 36F32A5A83DF734E022734D93860A9A4 . 2150400 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\powrprof.dll
[-] 2004-08-10 . B02E4DDBE0E98F42F3B61292DDB3A104 . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\scecli.dll
[-] 2004-08-10 . DEC0397F35D027874804EC72979D03CC . 186368 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

[-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\sfc.dll
[-] 2004-08-10 . 94559DE281DADCB58E6A3919C7EAC0B4 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

[-] 2008-04-14 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\svchost.exe
[-] 2004-08-10 . 1BD6C2F707A275CB7C16FD99FE0F31CA . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tapisrv.dll
[-] 2005-07-08 . C9FA05D271A0066764FE75BE38E24D69 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . 720DA0C9DB8996AD9B7F5164B2242DAA . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-10 . 2490CAE37DB8B6EC55E7A9415473D0AB . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\user32.dll
[-] 2007-03-08 . 4D88AAF39ADABFE45958EA1384E2C4FF . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 753354F594809A9B96F73999B435A533 . 578560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 753354F594809A9B96F73999B435A533 . 578560 . . [5.1.2600.3099] . . c:\windows\system32\dllcache\user32.dll
[-] 2005-03-02 . C34920EB988CE98910BD6B0417F334EB . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . 0DF75FB73F705B011630159A43D7C354 . 578048 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-10 . E46FB493E3B33704F0715020CF52106B . 578048 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\userinit.exe
[-] 2004-08-10 . D6D65EA32B190401B57EDB6706F29669 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2009-10-29 . D89926AF5796E322D229B1C2E4FC8D1D . 671232 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3GDR\wininet.dll
[-] 2009-10-29 . 1DF357F4537A7F5D77F46D9C4F36DDF0 . 672768 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll
[-] 2009-10-29 . 26A2F945BB0E60D5590B61D650162E1B . 672768 . . [6.00.2900.3640] . . c:\windows\system32\wininet.dll
[-] 2009-10-29 . 26A2F945BB0E60D5590B61D650162E1B . 672768 . . [6.00.2900.3640] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-09-25 . 442959D8A81262A1EFAC539AB5551FAE . 672768 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB976325$\wininet.dll
[-] 2009-09-25 . 52725B1CDF5C27A19BB316BE4C7CFDCE . 671232 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3GDR\wininet.dll
[-] 2009-09-25 . 529081B5F266D9E18F85A2EF7725F21A . 672768 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\wininet.dll
[-] 2009-06-26 . 1B086DE4AFB06F40C5949992314738D4 . 670720 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3GDR\wininet.dll
[-] 2009-06-26 . 421625BFBCED3CCAFC30EBA47A05CECB . 672256 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll
[-] 2009-06-26 . D7F5C0B6497908C84F9C1E9D2BB36396 . 672256 . . [6.00.2900.3592] . . c:\windows\$NtUninstallKB974455$\wininet.dll
[-] 2009-04-29 . 0A4B365061992BC4EF268229BE616F57 . 670720 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll
[-] 2009-04-29 . 4C0CAC19431E83809003460D2E54F5FB . 672256 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\wininet.dll
[-] 2009-04-29 . 2B73F48C9BD74FD54E07556B41684AC3 . 672256 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[-] 2009-02-20 . AD9AB4386AE234EA5C8EED51CD934C44 . 672256 . . [6.00.2900.3527] . . c:\windows\$NtUninstallKB969897$\wininet.dll
[-] 2009-02-20 . 273B84C3C339341F917D7DDAD0722F51 . 670208 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
[-] 2009-02-20 . 8EAE861274F3E0C00C10C871371A1A8E . 671744 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[-] 2008-10-16 . F9AE6DBB4EC5B4D1A82BF2F0CB7EE200 . 671744 . . [6.00.2900.3462] . . c:\windows\$NtUninstallKB963027$\wininet.dll
[-] 2008-10-16 . 1C6E9FDAB1F4CB983A39EFBA6F131ACC . 671232 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . 05033943FF61ABD13B93C00337D04E92 . 670208 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[-] 2008-08-20 . AEF39AC3BCBAFE971155D0073191B5A6 . 671744 . . [6.00.2900.3429] . . c:\windows\$NtUninstallKB958215$\wininet.dll
[-] 2008-08-20 . 50D19E569C83A9C1AE7EFAEF6A93BC50 . 670208 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[-] 2008-08-20 . 96D50ACA60DA22ADBD253F2825C98D1A . 670720 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[-] 2008-06-23 . 8CA18FD7CCCABFF7E84702BC1BBF5DCB . 671232 . . [6.00.2900.3395] . . c:\windows\$NtUninstallKB956390$\wininet.dll
[-] 2008-06-23 . D2177655BC338A07B99913F6A4BED52D . 670208 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[-] 2008-06-23 . 4E00327DA458BEFFEA8F4B222F466B20 . 670720 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[-] 2008-04-21 . F2F343D7ED0223645BA773B840EB4993 . 670720 . . [6.00.2900.3354] . . c:\windows\$NtUninstallKB953838$\wininet.dll
[-] 2008-04-21 . 7AF7D7D178F2863E7E7C880B55C88B76 . 670208 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[-] 2008-04-21 . 82B3264706B9921C67B196319FDA51DE . 670720 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[-] 2008-04-14 . 4A6E04EA20F48D750D9BFED8600D516B . 670208 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\wininet.dll
[-] 2008-02-16 . DCB8A9F102663D962BE60CDE38A6C1D7 . 670208 . . [6.00.2900.3314] . . c:\windows\$NtUninstallKB950759$\wininet.dll
[-] 2007-12-07 . C057D734B1951393FD07E2607513D4D9 . 670208 . . [6.00.2900.3268] . . c:\windows\$NtUninstallKB947864$\wininet.dll
[-] 2007-10-11 . 0465CDE31ADD22F6233FFB4FE4AF01CF . 670208 . . [6.00.2900.3231] . . c:\windows\$NtUninstallKB944533$\wininet.dll
[-] 2007-08-22 . 4F6A45B54D26708E2C2BF2C43D83EDEA . 669696 . . [6.00.2900.3199] . . c:\windows\$NtUninstallKB942615$\wininet.dll
[-] 2007-06-26 . 19058FBDC72F7BAE085369C6D0A7D074 . 669696 . . [6.00.2900.3164] . . c:\windows\$NtUninstallKB939653$\wininet.dll
[-] 2007-04-18 . A3BF56A786B277E881FD9137F55F0B4B . 669696 . . [6.00.2900.3121] . . c:\windows\$NtUninstallKB937143$\wininet.dll
[-] 2007-02-19 . 1BDE6D5DBA35797ECA8DB8FCB80FC015 . 669696 . . [6.00.2900.3086] . . c:\windows\$NtUninstallKB933566$\wininet.dll
[-] 2007-01-04 . 114342601AC7EA73B0D2A0ED8505B8B9 . 669184 . . [6.00.2900.3059] . . c:\windows\$NtUninstallKB931768$\wininet.dll
[-] 2006-10-23 . EFA0C2870CBA1747809A13E09F35BF82 . 668672 . . [6.00.2900.3020] . . c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2006-09-14 . B8B6F05885A6F42724E8D6BFEDE6BD3F . 668672 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-06-23 . 582953780721AC5D38F98CAB229EC7B9 . 668672 . . [6.00.2900.2937] . . c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-01-09 . 5404E2EAD19D7E2A5C4086015062343C . 666112 . . [6.00.2900.2823] . . c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2004-08-10 . 58FE94EF42E074F4CAD8BF02E70E6478 . 660480 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB912945$\wininet.dll

[-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ws2_32.dll
[-] 2004-08-10 . BC41F51A39D3B255805FDB759B7814AE . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

[-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\explorer.exe
[-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-10 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\srsvc.dll
[-] 2004-08-10 . 6469C53F4D16FA6055CCA265BC03DB66 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\wscntfy.exe
[-] 2004-08-10 . 54CDDAD404557ED98433D6ECBFC92691 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\xmlprov.dll
[-] 2004-08-10 . 21056AEF44322C3E2DD5391B6AEFA75A . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\eventlog.dll
[-] 2004-08-10 . 21E83876A6287F15538EF187D286FE11 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll

[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\sfcfiles.dll
[-] 2004-08-10 . ACF04FB3448D2C2CD3A851C138EC8AB6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ctfmon.exe
[-] 2004-08-10 . 5584247B568C2E53934873F4B655FE6A . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\shsvcs.dll
[-] 2006-12-19 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2006-12-19 . 1839CDF416A5AA8BF2EFE377F57452CC . 135680 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-10 . B590E69A45AE8FCBF7DDADE89CCE3588 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\regsvc.dll
[-] 2004-08-10 . 345D02087F5696749C6120359B1E2988 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

[-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\schedsvc.dll
[-] 2004-08-10 . 4612EC6DAF695B87A2529FCBB95B75DE . 193024 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

[-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ssdpsrv.dll
[-] 2004-08-10 . B636478A2569AE69CAF003254022A742 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

[-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\termsrv.dll
[-] 2005-03-10 . 70921DE4C83652DC301A05F0CC46C985 . 297984 . . [5.1.2600.2627] . . c:\windows\system32\termsrv.dll
[-] 2004-08-10 . 7D521B8CF926459E270D18C559323815 . 297984 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB895961$\termsrv.dll

[-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\appmgmts.dll
[-] 2004-08-10 . CE66077813D83C2D6908CDC64AE7E55A . 176640 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll

[-] 2004-08-10 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\AGP440.SYS

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 02:33 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\mfc40u.dll
[-] 2006-11-01 19:18 . FCD58951B3B2392007E0EE34D2CF944F . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:18 . FCD58951B3B2392007E0EE34D2CF944F . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2004-08-10 12:00 . E1A34560BF6CE7C703BB67EC4FA70F43 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\msgsvc.dll
[-] 2004-08-10 . 97939358ED4487CBB4A0D743CE958266 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-08-03 16:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-08-03 16:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-10 12:00 . B751CE6043B33A2EFEABB2D6BA83EC67 . 25600 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2009-08-04 . FE0C9C9035E3FDC193255C646BAC2C3D . 2068224 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 6472BC2A0D37D13D9D177CCC11F9726B . 2068096 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . 4DD301E924F866170FEF3B6AB15A3FF9 . 2065024 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . 4DD301E924F866170FEF3B6AB15A3FF9 . 2065024 . . [5.1.2600.3610] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-08-04 . F33D8E4EF6AF136995639BDFA0466E23 . 2022912 . . [5.1.2600.3610] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 . F751E041E682F53EAF34F7FAEA78994D . 2068096 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-09 . B7E5994E1A974A55EB9F25AC91736D8A . 2022912 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 755B50949D0DBC0F0136B0DB58765331 . 2068096 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 2D1A003D7FAB4741A3D0D388C21E2C69 . 2022912 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-08-14 . 8DA71F1900721E1E4FCB5B02D55FB771 . 2068096 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-04-14 . B71A8F101CEFAF82FC5EC16130A54A3F . 2067968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntkrnlpa.exe
[-] 2007-02-28 . 3E3DF9F5D56B719F055E7D652E79F96B . 2019328 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2006-12-19 . C46168890982D41FB8ACCDBAC8E0A56C . 2019328 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2005-09-29 . 7A319C9E0C14ED6410E8B2753E3A32CE . 2017792 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2005-03-02 . 50B3A210B6FA8D3089A36A32E7D8B21F . 2017280 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB896256$\ntkrnlpa.exe
[-] 2005-03-02 . 5311776074B6C13F983DC75BAEAC9C0C . 2059008 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2004-08-03 . 35567C8C50986C2BC5C3EFD79CB045E4 . 2017280 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2008-04-14 02:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntmssvc.dll
[-] 2004-08-10 12:00 . 3F82A4226289510DF300813B9B87F0E5 . 438272 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll

[-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\upnphost.dll
[-] 2007-02-05 . 385DB2591BF11955F26E0A97728B1B31 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . 96B3C690ED82E36E04C130F916E3AE91 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 96B3C690ED82E36E04C130F916E3AE91 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\dllcache\upnphost.dll
[-] 2004-08-10 . 168AE9938F6BE31D198AF92496CCFA33 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-01-30 06:53 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Contrôleur de calendrier Ulead.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Contrôleur de calendrier Ulead.lnk
backup=c:\windows\pss\Contrôleur de calendrier Ulead.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
2003-05-02 09:31 24576 ----a-w- c:\apps\ABOARD\ABOARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-23 18:33 57344 ----a-w- c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autoconfigurateur WiFi Neuf]
2006-07-06 20:32 122880 ----a-w- c:\program files\Neuf\Kit\WiFi\9wifi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-06-08 14:55 57344 ----a-w- c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-10 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp]
2005-10-20 04:15 102400 ----a-w- c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 12:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4800 Series]
2005-02-02 04:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIADE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 15:07 61952 ----a-w- c:\windows\system32\HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-10-12 10:30 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-10 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2005-03-23 23:26 217088 ----a-w- c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 17:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-04-27 22:47 7573504 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-04-27 22:47 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-04-27 22:47 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-10 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-10 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-06-29 11:25 14720000 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-06-03 01:52 36975 ----a-w- c:\program files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vade Retro Outlook Express]
2004-10-04 11:03 310272 ----a-w- c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"USBDeviceService"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"omniserv"=2 (0x2)
"NVSvc"=2 (0x2)
"iPod Service"=3 (0x3)
"IAANTMon"=2 (0x2)
"ELService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=
0
Réponse 8 / 69
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
1 mars 2010 à 02:31
Il manque la fin du rapport. S'il était comme ça, essaye de faire un nouveau scan stp.
Héberge le rapport sur ce site, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

0
Réponse 9 / 69
camille
1 mars 2010 à 13:32
En effet, la fin n'avait pas été collée.
Voici le rapport: http://www.cijoint.fr/cjlink.php?file=cj201003/cijttSHWd5.txt

Par ailleurs, même si l'ordinateur se bloque et s'éteint (écran bleu) toujours, je peux de nouveau avoir accès aux sites internet sans devoir taper sur la barre d'adresse depuis le scan que tu m'as dit de faire hier.
0
Réponse 10 / 69
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
1 mars 2010 à 16:31
Ton ordinateur est encore très infecté... On va commencer par utiliser un script avec Combofix :


/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour camille, il n'est pas transposable sur un autre ordinateur !

• Télécharge ce dossier camille.zip
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau.

• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme sur ce lien)
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

0
Réponse 11 / 69
camille
2 mars 2010 à 14:30
Merci pour ton aide! Voici le rapport du scan (j'ai encore du redémarrer manuellement car rien l'ordinateur ne le faisait pas seul après 45 minutes)


ComboFix 10-02-27.04 - camille 02/03/2010 13:35:02.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.362 [GMT 1:00]
Lancé depuis: d:\documents and settings\camille\Bureau\ComboFix.exe
Commutateurs utilisés :: d:\documents and settings\camille\Bureau\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\windows\system32\01.tmp"
"c:\windows\system32\02.tmp"
"c:\windows\system32\03.tmp"
"c:\windows\system32\04.tmp"
"c:\windows\system32\05.tmp"
"c:\windows\system32\06.tmp"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\01.tmp
c:\windows\system32\02.tmp
c:\windows\system32\03.tmp
c:\windows\system32\04.tmp
c:\windows\system32\05.tmp
c:\windows\system32\06.tmp

c:\windows\system32\ftp.exe . . . est infecté!!

c:\windows\system32\tftp.exe . . . est infecté!!

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_cqaqbkec
-------\Service_cqaqbkec


((((((((((((((((((((((((((((( Fichiers créés du 2010-02-02 au 2010-03-02 ))))))))))))))))))))))))))))))))))))
.

2010-03-02 12:28 . 2010-03-02 13:18 -------- d-----w- \ComboFix
2010-02-28 15:00 . 2010-03-02 13:18 -------- d---a-w- \Qoobox
2010-02-24 13:44 . 2010-02-24 13:44 -------- d-----w- d:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-02-22 22:20 . 2010-02-22 22:21 -------- d-----w- d:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-22 22:20 . 2010-02-22 22:21 -------- d-----w- c:\program files\iTunes
2010-02-22 22:20 . 2010-02-22 22:20 -------- d-----w- c:\program files\Bonjour
2010-02-22 22:18 . 2010-02-22 22:21 -------- d-----w- \Config.Msi
2010-02-22 22:18 . 2010-02-22 22:18 -------- d-----w- d:\documents and settings\camille\Local Settings\Application Data\Apple
2010-02-22 22:17 . 2010-02-22 22:23 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple
2010-02-22 22:17 . 2010-02-22 22:20 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-02-18 10:37 . 2010-02-18 10:37 -------- d-----w- d:\documents and settings\NetworkService\Mes documents
2010-02-18 10:37 . 2010-02-18 10:37 -------- d-----w- d:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-02-15 15:41 . 2010-02-15 15:41 -------- d-s---w- d:\documents and settings\LocalService\UserData
2010-02-01 17:14 . 2010-02-01 17:14 -------- d-----w- d:\documents and settings\camille\Application Data\Malwarebytes
2010-02-01 17:14 . 2010-02-01 17:14 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-01 17:14 . 2010-02-01 17:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 21:37 . 2006-09-18 19:18 -------- d-----w- c:\program files\eMule
2010-02-24 15:05 . 2009-01-06 20:55 -------- d-----w- d:\documents and settings\camille\Application Data\Skype
2010-02-24 15:04 . 2009-01-06 20:58 -------- d-----w- d:\documents and settings\camille\Application Data\skypePM
2010-02-22 22:39 . 2006-09-04 12:15 -------- d-----w- d:\documents and settings\camille\Application Data\Apple Computer
2010-02-22 22:23 . 2006-08-23 14:45 67144 ----a-w- d:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-22 22:20 . 2006-09-04 12:14 -------- d-----w- c:\program files\iPod
2010-02-22 22:19 . 2006-08-23 14:44 -------- d-----w- c:\program files\QuickTime
2010-02-22 22:18 . 2007-03-11 12:13 -------- d-----w- c:\program files\Apple Software Update
2008-12-19 21:42 . 2006-11-13 18:15 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 21:42 . 2006-11-13 18:15 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 21:42 . 2006-11-13 18:15 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 21:42 . 2006-11-13 18:15 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 21:42 . 2006-11-13 18:15 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\kbdclass.sys
[-] 2004-08-03 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\I386\NTFS.SYS

[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB913446$\tcpip.sys

[-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\browser.dll
[-] 2004-08-10 . CE9DC7CC6D75515EE62CA341473EC5F3 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

[-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\lsass.exe
[-] 2004-08-10 . 9F3744A5C6F49291A7A685040A013399 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\netman.dll
[-] 2005-08-22 . 0D55724D88488BBFC53BC2EA219240F3 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 31748843AD5811351B115CC52CEA8D77 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-10 . 624CF700BBFD8BE4097AAA146E6BD363 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\qmgr.dll
[-] 2004-08-10 . 87424817F82CF6A7F55DAC01A20111A3 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

[-] 2009-02-09 . F83B964469D230F445613C44DF9FE25D . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . BA1EF616F55210820F6462D033088497 . 401408 . . [5.1.2600.3520] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . BA1EF616F55210820F6462D033088497 . 401408 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\rpcss.dll
[-] 2005-07-26 . CB7D37602638369A516757E994CBB31D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2005-07-26 . B38D431ACE730452CD1FEE4FB7ECD6E2 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . FD292BFE003558F4C39AA3D44F420AC7 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . D0F724BDF4A0647F1A52985FD629EFCE . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-10 . 2477917B158327410E615C582A3A4C0B . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . 51A24094F076961A7FF73E5F7E991D68 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\services.exe
[-] 2009-02-09 . 51A24094F076961A7FF73E5F7E991D68 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\services.exe
[-] 2008-04-14 . 54CB50058851D95E56EC70D09F70857F . 109056 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\services.exe
[-] 2004-08-10 . 732E0B1ABAACE15D80EC19056B0A2AF9 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
[-] 2004-08-10 . B4EF928E4FAD79364A80ACBA6D999934 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\winlogon.exe
[-] 2004-08-10 . D2DE785AEAB0BB8CA4C14A8A199DBE4E . 506368 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\comctl32.dll
[-] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-08-25 . 5BBCD65CFD7610F36BCA96B72BBAED4B . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . 5BBCD65CFD7610F36BCA96B72BBAED4B . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2004-08-10 . A53B48B5AB9A5DA76ED247D61B0B0ADD . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL

[-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\cryptsvc.dll
[-] 2004-08-10 . BDDF3723D95DC28D78B1E93119E0E6AB . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll

[-] 2008-07-07 20:31 . A5B1B7C76134329AA7547F6E6DA35410 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:31 . A5B1B7C76134329AA7547F6E6DA35410 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:18 . 74ECF4DDC685BD3249CAB323405FCC49 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 02:33 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\es.dll
[-] 2005-07-26 04:39 . D9CDB9380E0EFC9E97CC589B5F484B94 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2005-07-26 04:29 . B56B69129181FF63BAED5EDE65DCC9B1 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-10 12:00 . BBA1D0A306ABE68A13F58FDBE97E9AF4 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\imm32.dll
[-] 2004-08-10 . 39EE5FAF56260EBB8D77A08F525EBBB4 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

[-] 2009-03-21 . 534040750B9E70B156A98F5D0E8F6D2A . 1051136 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 534040750B9E70B156A98F5D0E8F6D2A . 1051136 . . [5.1.2600.3541] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . C3AF0EEE26B59484E674673E3016AAB7 . 1056768 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 2087E2764822A8D93A4CA7FA0FED35E8 . 1054208 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\kernel32.dll
[-] 2007-04-16 . 62E3F0E9ABFCBCEE62C51546F622C455 . 1051136 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . 6F1FE2AE7B22EB9CED1BFF533C9455EA . 1049600 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2006-07-05 . FB85EF2A6713E3A58A497E093626B93C . 1050112 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . CE4AF1FA47A29ADF97CB107775CE395C . 1049088 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2004-08-10 . 7830E20C74611281B1BDAE5888CD50F5 . 1048576 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

[-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\linkinfo.dll
[-] 2005-09-01 . D9BD4CCA0533401B6609E47FF74F40DC . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . 8D9A075C065DFE1228688D10155D6624 . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-10 . 9D21BC0235494F2B403026A1D3619E00 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\lpk.dll
[-] 2004-08-10 . 8C97E0E3DAA99659D4F4B44CC1F282A6 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll

[-] 2009-10-29 . BD80B64DCB52FFA71CF5ACF8EDD3475F . 3091968 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3GDR\mshtml.dll
[-] 2009-10-29 . 68A29F2A4EA35F40339FC89549F388CE . 3094016 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll
[-] 2009-10-29 . E184AA9779789DC4EE9DBFDE54074BA3 . 3091968 . . [6.00.2900.3640] . . c:\windows\system32\mshtml.dll
[-] 2009-10-29 . E184AA9779789DC4EE9DBFDE54074BA3 . 3091968 . . [6.00.2900.3640] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-10-20 . 914F42631ACE8544F76BF9E529309B19 . 3091968 . . [6.00.2900.3636] . . c:\windows\$NtUninstallKB976325$\mshtml.dll
[-] 2009-10-19 . D64D8B11BA4A50E497C8A0342DC5BF2B . 3091968 . . [6.00.2900.5890] . . c:\windows\$hf_mig$\KB976749\SP3GDR\mshtml.dll
[-] 2009-10-19 . 96A5441C54E16340477D1B051AF5BEED . 3093504 . . [6.00.2900.5890] . . c:\windows\$hf_mig$\KB976749\SP3QFE\mshtml.dll
[-] 2009-09-25 . 1EB78FBCE3D44AE3070356268DD60A9C . 3091968 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB976749$\mshtml.dll
[-] 2009-09-25 . DCE11719021491A5F8E226E31A2074C3 . 3091968 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3GDR\mshtml.dll
[-] 2009-09-25 . CA9EE77EACF0021761764C28C2063D9A . 3093504 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\mshtml.dll
[-] 2009-07-18 . E0E80E9B1B3321B1AF943720AB16E7C2 . 3090432 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3GDR\mshtml.dll
[-] 2009-07-18 . 169C482CD18E2A1D80135974902F88F7 . 3090432 . . [6.00.2900.3603] . . c:\windows\$NtUninstallKB974455$\mshtml.dll
[-] 2009-07-18 . 4E816F8F7F18C2774EC5BACAC42635C0 . 3090944 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll
[-] 2009-04-29 . D324BAC264319E0C1A832CBC0DCAA516 . 3089920 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\mshtml.dll
[-] 2009-04-29 . DACDAF05E6B664F8E62480182CBA2C78 . 3089920 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\mshtml.dll
[-] 2009-04-29 . 96C819527CD6AB12AF4652D48F9B5196 . 3090432 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll
[-] 2009-02-20 . D5F02ACCD671A99D15F59DA56B2EA3EC . 3088896 . . [6.00.2900.3527] . . c:\windows\$NtUninstallKB969897$\mshtml.dll
[-] 2009-02-20 . EB1C22D91F6363367656872ED813DAB5 . 3089408 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3GDR\mshtml.dll
[-] 2009-02-20 . BAE9A8994957EF57BB429A7E5688EC80 . 3089408 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\mshtml.dll
[-] 2008-12-12 . 19442577E63238262B8CA132E64FA5BE . 3088384 . . [6.00.2900.3492] . . c:\windows\$NtUninstallKB963027$\mshtml.dll
[-] 2008-12-12 . 6F69E698F11B1214F05195873B73BED4 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-12-12 . A3C8A9D3F61F721FCA1A841164FB0CF2 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3GDR\mshtml.dll
[-] 2008-10-16 . 14BBFF7E52B9FF4645AB4EF9D4CE6182 . 3088384 . . [6.00.2900.3462] . . c:\windows\$NtUninstallKB960714$\mshtml.dll
[-] 2008-10-16 . 72299C6CD21801EAB5CBBC3F7B1DB195 . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[-] 2008-10-16 . CC8B4DA84F4621329ACA3F7A81584F83 . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\mshtml.dll
[-] 2008-08-20 . EB2B003122AA714FE93979CFA4EEAA55 . 3088384 . . [6.00.2900.3429] . . c:\windows\$NtUninstallKB958215$\mshtml.dll
[-] 2008-08-20 . E1772442035064C97BA6B4D60BDA1BB9 . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll
[-] 2008-08-20 . 4229C8960DE4DC5B6C326E2B65175E9F . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
[-] 2008-06-25 . 8758CE41A129C23B1A1BD7C9FEE2CCCB . 3088896 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3QFE\mshtml.dll
[-] 2008-06-23 . A9D7198AAAC327D413D7941B2C0046A4 . 3088384 . . [6.00.2900.3395] . . c:\windows\$NtUninstallKB956390$\mshtml.dll
[-] 2008-06-23 . DB0D7FB7B08ED1A861ACDD3A684049DD . 3088384 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3GDR\mshtml.dll
[-] 2008-04-21 . 57BC3BE475F34AE089878A016C2CA46E . 3087872 . . [6.00.2900.3354] . . c:\windows\$NtUninstallKB953838$\mshtml.dll
[-] 2008-04-21 . 840E79E91BCCD80B2FC3CCAD2C60B35A . 3087872 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\mshtml.dll
[-] 2008-04-21 . B3CD09A5DBD2A569ADFA8654E3C8879D . 3088384 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\mshtml.dll
[-] 2008-04-14 . C4153F037157C7BE7C54FD88887F027D . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\mshtml.dll
[-] 2008-02-16 . 7A78A2B4118A5F18B4CC93A83F157FD3 . 3087872 . . [6.00.2900.3314] . . c:\windows\$NtUninstallKB950759$\mshtml.dll
[-] 2007-12-07 . 538016006E65697948DC04305FC60212 . 3087360 . . [6.00.2900.3268] . . c:\windows\$NtUninstallKB947864$\mshtml.dll
[-] 2007-10-30 . 1B0CD3D5B664C7786698FBB8C381A4D3 . 3086848 . . [6.00.2900.3243] . . c:\windows\$NtUninstallKB944533$\mshtml.dll
[-] 2007-08-22 . 6B815842B4A9CDED3D7E9846639E69FA . 3085824 . . [6.00.2900.3199] . . c:\windows\$NtUninstallKB942615$\mshtml.dll
[-] 2007-06-15 . CA8215FF55022B47D6948C4BB09E8D52 . 3085312 . . [6.00.2900.3157] . . c:\windows\$NtUninstallKB939653$\mshtml.dll
[-] 2007-05-04 . BE930AD339B283D83030BD7E67D1CCFD . 3085312 . . [6.00.2900.3132] . . c:\windows\$NtUninstallKB937143$\mshtml.dll
[-] 2007-02-19 . 942AB79C4A9DDEED3FE39C424967B91B . 3084288 . . [6.00.2900.3086] . . c:\windows\$NtUninstallKB933566$\mshtml.dll
[-] 2007-01-04 . 1703F708C9D604CDD3D8C199861DC2E4 . 3083264 . . [6.00.2900.3059] . . c:\windows\$NtUninstallKB931768$\mshtml.dll
[-] 2006-10-23 . EE542871960ACFD459F4113B1BCC6C10 . 3082240 . . [6.00.2900.3020] . . c:\windows\$NtUninstallKB928090$\mshtml.dll
[-] 2006-09-14 . DDF783ED4C24E7126E3FF25AD07CB25A . 3079680 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454$\mshtml.dll
[-] 2006-07-28 . DC9A660A7E39F90903B79E893B121FC9 . 3079168 . . [6.00.2900.2963] . . c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2006-02-01 . 1138DFC763E237BEC92AE086AC5FED2D . 3035648 . . [6.00.2900.2838] . . c:\windows\$NtUninstallKB918899$\mshtml.dll
[-] 2004-08-10 . 3FE8D0C4C2F3B928192BD06DCEE34B32 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB912945$\mshtml.dll

[-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\msvcrt.dll
[-] 2008-04-14 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2004-08-10 12:00 . E826A484EDE25C3AE19F1B8086511F4B . 267536 . . [4.20.6201] . . c:\windows\I386\WIN9XUPG\MSVCRT.DLL
[-] 2004-08-10 . 351B1AD22FD0EC70D889766E0B4F72ED . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll

[-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 8A52DE10680A40ECD04FA2C0FBC34190 . 247808 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 8A52DE10680A40ECD04FA2C0FBC34190 . 247808 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 4138FBDEDBC6FEAD215BB4C4B102F7DE . 247808 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\mswsock.dll
[-] 2004-08-10 . CCDD3433F3C3BD0D8502B38FD155B2F0 . 247808 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2009-02-06 . ECD7791E0E9246CA5F218A19F3911EB9 . 408064 . . [5.1.2600.3520] . . c:\windows\system32\netlogon.dll
[-] 2009-02-06 . ECD7791E0E9246CA5F218A19F3911EB9 . 408064 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\netlogon.dll
[-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\netlogon.dll
[-] 2004-08-10 . FAF07FDCDE76000621A28D19F8E2E8EB . 407040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB968389$\netlogon.dll

[-] 2009-08-04 . 263FA3A73C588A26306D3B403A45F5A9 . 2191232 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . 63864AF70CAC631077A6C1223617336B . 2191360 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . E23599BE2D89A295771CAD1212C7772A . 2188032 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-08-04 . E23599BE2D89A295771CAD1212C7772A . 2188032 . . [5.1.2600.3610] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . DCEFB166769B708F654742C0E3634CFB . 2144768 . . [5.1.2600.3610] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . A1FF4DE51A704E4E5E1DD9BEFCCB4C31 . 2144768 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . D79210549BBF09B7638E860440504299 . 2191232 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . B853AD3E9A1604596126D3BEFE0CC52A . 2144768 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-08-14 . C8D4D5974F9671DA0A37175650912960 . 2191232 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-04-14 . 099D639DA1EF6968D4E41795BB507E6B . 2191104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntoskrnl.exe
[-] 2007-02-28 . DE41F3B43B9F15E08CCD4B98A7BB2CA3 . 2139648 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2006-12-19 . D9F5291648962A1733F8D3E59DA47BEE . 2139648 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2005-09-29 . CD6A9F81C8B9BAF1E4393C6C476D17E7 . 2138112 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2005-03-02 . 3E2A0A4A0C0B19FC113618A9562A3B2A . 2181632 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . E75F7AA5A33479F29C636FD0890F5762 . 2137600 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB896256$\ntoskrnl.exe
[-] 2004-08-03 . 36F32A5A83DF734E022734D93860A9A4 . 2150400 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\powrprof.dll
[-] 2004-08-10 . B02E4DDBE0E98F42F3B61292DDB3A104 . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\scecli.dll
[-] 2004-08-10 . DEC0397F35D027874804EC72979D03CC . 186368 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

[-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\sfc.dll
[-] 2004-08-10 . 94559DE281DADCB58E6A3919C7EAC0B4 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

[-] 2008-04-14 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\svchost.exe
[-] 2004-08-10 . 1BD6C2F707A275CB7C16FD99FE0F31CA . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tapisrv.dll
[-] 2005-07-08 . C9FA05D271A0066764FE75BE38E24D69 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . 720DA0C9DB8996AD9B7F5164B2242DAA . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-10 . 2490CAE37DB8B6EC55E7A9415473D0AB . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\user32.dll
[-] 2007-03-08 . 4D88AAF39ADABFE45958EA1384E2C4FF . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 753354F594809A9B96F73999B435A533 . 578560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 753354F594809A9B96F73999B435A533 . 578560 . . [5.1.2600.3099] . . c:\windows\system32\dllcache\user32.dll
[-] 2005-03-02 . C34920EB988CE98910BD6B0417F334EB . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . 0DF75FB73F705B011630159A43D7C354 . 578048 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-10 . E46FB493E3B33704F0715020CF52106B . 578048 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\userinit.exe
[-] 2004-08-10 . D6D65EA32B190401B57EDB6706F29669 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2009-10-29 . D89926AF5796E322D229B1C2E4FC8D1D . 671232 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3GDR\wininet.dll
[-] 2009-10-29 . 1DF357F4537A7F5D77F46D9C4F36DDF0 . 672768 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll
[-] 2009-10-29 . 26A2F945BB0E60D5590B61D650162E1B . 672768 . . [6.00.2900.3640] . . c:\windows\system32\wininet.dll
[-] 2009-10-29 . 26A2F945BB0E60D5590B61D650162E1B . 672768 . . [6.00.2900.3640] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-09-25 . 442959D8A81262A1EFAC539AB5551FAE . 672768 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB976325$\wininet.dll
[-] 2009-09-25 . 52725B1CDF5C27A19BB316BE4C7CFDCE . 671232 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3GDR\wininet.dll
[-] 2009-09-25 . 529081B5F266D9E18F85A2EF7725F21A . 672768 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\wininet.dll
[-] 2009-06-26 . 1B086DE4AFB06F40C5949992314738D4 . 670720 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3GDR\wininet.dll
[-] 2009-06-26 . 421625BFBCED3CCAFC30EBA47A05CECB . 672256 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll
[-] 2009-06-26 . D7F5C0B6497908C84F9C1E9D2BB36396 . 672256 . . [6.00.2900.3592] . . c:\windows\$NtUninstallKB974455$\wininet.dll
[-] 2009-04-29 . 0A4B365061992BC4EF268229BE616F57 . 670720 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll
[-] 2009-04-29 . 4C0CAC19431E83809003460D2E54F5FB . 672256 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\wininet.dll
[-] 2009-04-29 . 2B73F48C9BD74FD54E07556B41684AC3 . 672256 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[-] 2009-02-20 . AD9AB4386AE234EA5C8EED51CD934C44 . 672256 . . [6.00.2900.3527] . . c:\windows\$NtUninstallKB969897$\wininet.dll
[-] 2009-02-20 . 273B84C3C339341F917D7DDAD0722F51 . 670208 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
[-] 2009-02-20 . 8EAE861274F3E0C00C10C871371A1A8E . 671744 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[-] 2008-10-16 . F9AE6DBB4EC5B4D1A82BF2F0CB7EE200 . 671744 . . [6.00.2900.3462] . . c:\windows\$NtUninstallKB963027$\wininet.dll
[-] 2008-10-16 . 1C6E9FDAB1F4CB983A39EFBA6F131ACC . 671232 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . 05033943FF61ABD13B93C00337D04E92 . 670208 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[-] 2008-08-20 . AEF39AC3BCBAFE971155D0073191B5A6 . 671744 . . [6.00.2900.3429] . . c:\windows\$NtUninstallKB958215$\wininet.dll
[-] 2008-08-20 . 50D19E569C83A9C1AE7EFAEF6A93BC50 . 670208 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[-] 2008-08-20 . 96D50ACA60DA22ADBD253F2825C98D1A . 670720 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[-] 2008-06-23 . 8CA18FD7CCCABFF7E84702BC1BBF5DCB . 671232 . . [6.00.2900.3395] . . c:\windows\$NtUninstallKB956390$\wininet.dll
[-] 2008-06-23 . D2177655BC338A07B99913F6A4BED52D . 670208 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[-] 2008-06-23 . 4E00327DA458BEFFEA8F4B222F466B20 . 670720 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[-] 2008-04-21 . F2F343D7ED0223645BA773B840EB4993 . 670720 . . [6.00.2900.3354] . . c:\windows\$NtUninstallKB953838$\wininet.dll
[-] 2008-04-21 . 7AF7D7D178F2863E7E7C880B55C88B76 . 670208 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[-] 2008-04-21 . 82B3264706B9921C67B196319FDA51DE . 670720 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[-] 2008-04-14 . 4A6E04EA20F48D750D9BFED8600D516B . 670208 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\wininet.dll
[-] 2008-02-16 . DCB8A9F102663D962BE60CDE38A6C1D7 . 670208 . . [6.00.2900.3314] . . c:\windows\$NtUninstallKB950759$\wininet.dll
[-] 2007-12-07 . C057D734B1951393FD07E2607513D4D9 . 670208 . . [6.00.2900.3268] . . c:\windows\$NtUninstallKB947864$\wininet.dll
[-] 2007-10-11 . 0465CDE31ADD22F6233FFB4FE4AF01CF . 670208 . . [6.00.2900.3231] . . c:\windows\$NtUninstallKB944533$\wininet.dll
[-] 2007-08-22 . 4F6A45B54D26708E2C2BF2C43D83EDEA . 669696 . . [6.00.2900.3199] . . c:\windows\$NtUninstallKB942615$\wininet.dll
[-] 2007-06-26 . 19058FBDC72F7BAE085369C6D0A7D074 . 669696 . . [6.00.2900.3164] . . c:\windows\$NtUninstallKB939653$\wininet.dll
[-] 2007-04-18 . A3BF56A786B277E881FD9137F55F0B4B . 669696 . . [6.00.2900.3121] . . c:\windows\$NtUninstallKB937143$\wininet.dll
[-] 2007-02-19 . 1BDE6D5DBA35797ECA8DB8FCB80FC015 . 669696 . . [6.00.2900.3086] . . c:\windows\$NtUninstallKB933566$\wininet.dll
[-] 2007-01-04 . 114342601AC7EA73B0D2A0ED8505B8B9 . 669184 . . [6.00.2900.3059] . . c:\windows\$NtUninstallKB931768$\wininet.dll
[-] 2006-10-23 . EFA0C2870CBA1747809A13E09F35BF82 . 668672 . . [6.00.2900.3020] . . c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2006-09-14 . B8B6F05885A6F42724E8D6BFEDE6BD3F . 668672 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-06-23 . 582953780721AC5D38F98CAB229EC7B9 . 668672 . . [6.00.2900.2937] . . c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-01-09 . 5404E2EAD19D7E2A5C4086015062343C . 666112 . . [6.00.2900.2823] . . c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2004-08-10 . 58FE94EF42E074F4CAD8BF02E70E6478 . 660480 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB912945$\wininet.dll

[-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ws2_32.dll
[-] 2004-08-10 . BC41F51A39D3B255805FDB759B7814AE . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

[-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\explorer.exe
[-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-10 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\srsvc.dll
[-] 2004-08-10 . 6469C53F4D16FA6055CCA265BC03DB66 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\wscntfy.exe
[-] 2004-08-10 . 54CDDAD404557ED98433D6ECBFC92691 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\xmlprov.dll
[-] 2004-08-10 . 21056AEF44322C3E2DD5391B6AEFA75A . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\eventlog.dll
[-] 2004-08-10 . 21E83876A6287F15538EF187D286FE11 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll

[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\sfcfiles.dll
[-] 2004-08-10 . ACF04FB3448D2C2CD3A851C138EC8AB6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ctfmon.exe
[-] 2004-08-10 . 5584247B568C2E53934873F4B655FE6A . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\shsvcs.dll
[-] 2006-12-19 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2006-12-19 . 1839CDF416A5AA8BF2EFE377F57452CC . 135680 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-10 . B590E69A45AE8FCBF7DDADE89CCE3588 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\regsvc.dll
[-] 2004-08-10 . 345D02087F5696749C6120359B1E2988 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

[-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\schedsvc.dll
[-] 2004-08-10 . 4612EC6DAF695B87A2529FCBB95B75DE . 193024 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

[-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ssdpsrv.dll
[-] 2004-08-10 . B636478A2569AE69CAF003254022A742 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

[-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\termsrv.dll
[-] 2005-03-10 . 70921DE4C83652DC301A05F0CC46C985 . 297984 . . [5.1.2600.2627] . . c:\windows\system32\termsrv.dll
[-] 2004-08-10 . 7D521B8CF926459E270D18C559323815 . 297984 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB895961$\termsrv.dll

[-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\appmgmts.dll
[-] 2004-08-10 . CE66077813D83C2D6908CDC64AE7E55A . 176640 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll

[-] 2004-08-10 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\AGP440.SYS

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 02:33 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\mfc40u.dll
[-] 2006-11-01 19:18 . FCD58951B3B2392007E0EE34D2CF944F . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:18 . FCD58951B3B2392007E0EE34D2CF944F . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2004-08-10 12:00 . E1A34560BF6CE7C703BB67EC4FA70F43 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\msgsvc.dll
[-] 2004-08-10 . 97939358ED4487CBB4A0D743CE958266 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-08-03 16:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-08-03 16:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-10 12:00 . B751CE6043B33A2EFEABB2D6BA83EC67 . 25600 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2009-08-04 . FE0C9C9035E3FDC193255C646BAC2C3D . 2068224 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 6472BC2A0D37D13D9D177CCC11F9726B . 2068096 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . 4DD301E924F866170FEF3B6AB15A3FF9 . 2065024 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . 4DD301E924F866170FEF3B6AB15A3FF9 . 2065024 . . [5.1.2600.3610] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-08-04 . F33D8E4EF6AF136995639BDFA0466E23 . 2022912 . . [5.1.2600.3610] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 . F751E041E682F53EAF34F7FAEA78994D . 2068096 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-09 . B7E5994E1A974A55EB9F25AC91736D8A . 2022912 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 755B50949D0DBC0F0136B0DB58765331 . 2068096 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 2D1A003D7FAB4741A3D0D388C21E2C69 . 2022912 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-08-14 . 8DA71F1900721E1E4FCB5B02D55FB771 . 2068096 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-04-14 . B71A8F101CEFAF82FC5EC16130A54A3F . 2067968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntkrnlpa.exe
[-] 2007-02-28 . 3E3DF9F5D56B719F055E7D652E79F96B . 2019328 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2006-12-19 . C46168890982D41FB8ACCDBAC8E0A56C . 2019328 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2005-09-29 . 7A319C9E0C14ED6410E8B2753E3A32CE . 2017792 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2005-03-02 . 50B3A210B6FA8D3089A36A32E7D8B21F . 2017280 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB896256$\ntkrnlpa.exe
[-] 2005-03-02 . 5311776074B6C13F983DC75BAEAC9C0C . 2059008 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2004-08-03 . 35567C8C50986C2BC5C3EFD79CB045E4 . 2017280 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2008-04-14 02:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntmssvc.dll
[-] 2004-08-10 12:00 . 3F82A4226289510DF300813B9B87F0E5 . 438272 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll

[-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\upnphost.dll
[-] 2007-02-05 . 385DB2591BF11955F26E0A97728B1B31 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . 96B3C690ED82E36E04C130F916E3AE91 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 96B3C690ED82E36E04C130F916E3AE91 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\dllcache\upnphost.dll
[-] 2004-08-10 . 168AE9938F6BE31D198AF92496CCFA33 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"khebxwdrv"="ddbcbc.dll" [2010-03-01 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ssrrsssys"="bywwur.dll" [2010-03-01 91648]
"urponldrv"="ddbcbc.dll" [2010-03-01 96768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"nnomkksys"="bywwur.dll" [2010-03-01 91648]
"nnmjigdrv"="ddbcbc.dll" [2010-03-01 96768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-01-30 06:53 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 bywwur.dll

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Contrôleur de calendrier Ulead.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Contrôleur de calendrier Ulead.lnk
backup=c:\windows\pss\Contrôleur de calendrier Ulead.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
2003-05-02 09:31 24576 ----a-w- c:\apps\ABOARD\ABOARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-23 18:33 57344 ----a-w- c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autoconfigurateur WiFi Neuf]
2006-07-06 20:32 122880 ----a-w- c:\program files\Neuf\Kit\WiFi\9wifi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-06-08 14:55 57344 ----a-w- c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-10 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp]
2005-10-20 04:15 102400 ----a-w- c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 12:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4800 Series]
2005-02-02 04:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIADE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 15:07 61952 ----a-w- c:\windows\system32\HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-10-12 10:30 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-10 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2005-03-23 23:26 217088 ----a-w- c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 17:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-04-27 22:47 7573504 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-04-27 22:47 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-04-27 22:47 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-10 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-10 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-06-29 11:25 14720000 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-06-03 01:52 36975 ----a-w- c:\program files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vade Retro Outlook Express]
2004-10-04 11:03 310272 ----a-w- c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"USBDeviceService"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"omniserv"=2 (0x2)
"NVSvc"=2 (0x2)
"iPod Service"=3 (0x3)
"IAANTMon"=2 (0x2)
"ELService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"4965:TCP"= 4965:TCP:dffkvd
"9804:TCP"= 9804:TCP:Services

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [23/08/2006 15:31 825600]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [21/03/2006 16:28 402944]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [23/08/2006 15:33 7040]
S2 cqaqbkec;Driver Update;c:\windows\system32\svchost.exe -k netsvcs [23/09/2004 17:11 14336]
S2 Dhcpwinmgmt;Client DHCP Dhcpwinmgmt;ð%€|x srv --> ð%€|x srv [?]
S2 gupdate1ca201f9e172f38;Service Google Update (gupdate1ca201f9e172f38);c:\program files\Google\Update\GoogleUpdate.exe [18/08/2009 17:19 133104]
.
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.nixud.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\camille\Application Data\Mozilla\Firefox\Profiles\5j55f2wk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-02 14:18
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xF7965C51]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf769ffc3
\Driver\ACPI -> ACPI.sys @ 0xf74b1cb8
\Driver\atapi -> atapi.sys @ 0xf73557b4
\Driver\iaStor -> 0x85b98d98
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcpwinmgmt]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cqaqbkec]
"ServiceDll"="c:\windows\system32\ddmoqykh.dll"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1249593741-2168839879-1691005334-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e5,92,29,09,c6,cc,46,20,39,78,bf,b2,04,5f,2e,47,47,0f,c2,bf,30,1d,da,
84,ec,b7,ae,64,d5,e5,a4,be,a3,6c,f7,f1,b1,7b,ed,e8,38,3f,fd,49,25,8f,27,78,\
"??"=hex:db,04,0e,52,89,49,8c,2b,47,79,02,ff,71,4f,c8,12
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\smss.exe
c:\windows\system32\csrss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\System32\svchost.exe
c:\apps\Softex\OmniPass
0
Réponse 12 / 69
camille
2 mars 2010 à 14:35
Je crois que le rapport ne s'est pas complètement collé, voici donc le lien par cijoint.fr comme la dernière fois

http://www.cijoint.fr/cjlink.php?file=cj201003/cijKfd2jJc.txt


Un rapport log s'est également affiché, je ne sais pas si tu en as besoin
0
Réponse 13 / 69
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
2 mars 2010 à 16:59
Normalement il n'y a qu'un rapport, mais si tu en as plusieurs, poste tout à chaque fois stp

Le script n'a pas supprimé tout ce que j'espérais et il y a en plus d'autres problèmes que le script ne visait pas --> on va avoir du travail pour tout désinfecter correctement...
Entre autre, certains fichiers systèmes semblent infectés : as-tu un CD de Windows ?


On va commencer par vérifier quelque chose avec ces deux programmes :


1) Gmer

• Rends toi sur cette page, et clique sur "Download EXE" pour télécharger Gmer (sous un nom aléatoire, pour éviter qu'il soit bloqué par l'infection)
/!\ Il faut IMPERATIVEMENT désactiver tous tes logiciels de protection pour utiliser ce programme/!\
• Lance Gmer
• Dans l'onglet "Rootkit", clique sur "SCAN" puis patiente...
• A la fin, clique sur "SAVE" et enregistre le rapport sur ton Bureau.
• Héberge le rapport de Gmer sur ce site, puis copie/colle le lien fournit dans ta prochaine réponse sur le forum



2) MBR Rootkit Detector

• Télécharge MBR Rootkit Detector (gmer) et enregistre-le sur le Bureau.
• Désactive provisoirement tes logiciels de protection
• Double-clique sur mbr.exe, une fenêtre d'invite de commande va s'ouvrir et se refermer,
• Un rapport sera créé : mbr.log ==> Copie/colle le résultat de ce rapport dans ta réponse.

0
Réponse 14 / 69
camille
2 mars 2010 à 19:37
J ai installé GMER mais dès que je lance le scan l'ordinateur se bloque, j'ai essayé 3 fois sans succès. Est ce que je dois faire directement MBR Rootkit Detector ?
0
Réponse 15 / 69
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
2 mars 2010 à 19:38
Est-ce que tu avais bien désactivé tes logiciels de protection avant de lancer Gmer ?

Dan tous les cas oui, tu peux passer à l'analyse du MBR

0
Réponse 16 / 69
camille
2 mars 2010 à 19:46
Oui, il me semble avoir desactivé les logiciels car l'ordinateur m'indique qu'il n'y a aucune protection.
Et pour répondre à ta question de tout à l'heure, je n'ai pas de CD de windows et n'ai pas fait d'enregistrement du système. Voilà le rapport:


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
0
Réponse 17 / 69
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
2 mars 2010 à 21:18
Redémarre ton ordinateur en mode sans échec (n'utilise pas la méthode passant par msconfig !)

Et réessaye Gmer dans ce mode stp

0
Réponse 18 / 69
camille
2 mars 2010 à 21:51
J'ai voulu redémarrer en mode sans échec mais pas réussi. 2 choix possibles après être allée sur "mode sans échec":
-windows xp media center edition
-console de récupération Microsoft Windows XP

J'ai d'abord choisi le premier: Windows XP Media center edition ==> écran bleu avec juste un point d interrogation en haut à gauche

J ai donc redémarré manuellement et choisi cette fois "console de récupération Wicrosoft Windows XP" ==> autre écran bleu avec des écritures sur tout l'écran et commençant par "Windows a detecté un problème et doit fermer". J'ai redémarré manuellement et retenté le mode sans échec ==> directement l'écran bleu avec juste le point d'interrogation

Je viens donc de reprendre en mode normal
0
Réponse 19 / 69
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
2 mars 2010 à 23:48
Essaye de faire cette manipulation stp :

Clique sur le menu Démarrer
Sélectionne "Exécuter"
Tape SFC /scannow puis clique sur OK (l'espace entre SFC et /scannow est important).



Ensuite :

Télécharge ToolsCleaner sur ton Bureau
Lance le puis clique sur Recherche et patiente pendant le scan.
Quand le résultat apparait, clique sur Suppression (tu peux aussi supprimer les fichiers temporaires en utilisant le bouton correspondant)

Supprime aussi toute trace de Gmer sur ton Bureau


Puis réessaye :

/!\ Il faut IMPERATIVEMENT désactiver tous tes logiciels de protection pour utiliser ce programme/!\

• Télécharge Gmer ici
• Lance Gmer
• Dans l'onglet "Rootkit", clique sur "SCAN" puis patiente...
• A la fin, clique sur "SAVE" et enregistre le rapport sur ton Bureau.
• Héberge le rapport de Gmer sur ce site, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

0
Réponse 20 / 69
camille
3 mars 2010 à 17:58
Je suis désolée de ne pas avoir répondu avant, j'ai essayé de faire le scan 6 ou 7 fois mais l'ordinateur s'éteint à chaque fois (écran bleu). Lors du dernier que j'ai fait, il a réussi à rester allumé 2 heures et je crois que le scan a pu se terminer. Comme tu m'as dit, j'ai cliqué sur SAVE. Rien ne s'est passé pendant environ 5 minutes puis l'ordinateur s'est encore éteint. Je pense donc que le rapport n'a pas pu être sauvegardé.

Est ce qu'il faut que je réessaye? Merci!
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
Coco71 -

15 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses