Win32:LoadAdv-I [Trj]
gwendk
Messages postés
27
Statut
Membre
-
philae83 Messages postés 12854 Statut Contributeur sécurité -
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour,
ça fait 3 jours que je me bat avec un virus.
J'ai tout d'abord suivi vos conseils en installant le SP2 et ces MAJ (je ne l'avais pas encore fait suite à un formatage le mois dernier)
J'ai télécharger Spybot et Ad-Aware également.
Mais le virus est tjrs là !
A chaque nouvelle connection à internet Avast me detecte ça :
Je supprime directement et je tente de surfer mais rien, plus de navigation.
Voici mon rapport Hijackthis
Quelqu'un peut m'aider ??
ça fait 3 jours que je me bat avec un virus.
J'ai tout d'abord suivi vos conseils en installant le SP2 et ces MAJ (je ne l'avais pas encore fait suite à un formatage le mois dernier)
J'ai télécharger Spybot et Ad-Aware également.
Mais le virus est tjrs là !
A chaque nouvelle connection à internet Avast me detecte ça :
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IJKUV5O7\if[1].exe\[UPX] Win32:LoadAdv-I [Trj] Cheval de Troie 000774-4, 12/09/2007 C:\ify32.exe\[UPX] Win32:LoadAdv-I [Trj] 000774-4, 12/09/2007
Je supprime directement et je tente de surfer mais rien, plus de navigation.
Voici mon rapport Hijackthis
Logfile of HijackThis v1.99.0
Scan saved at 18:47:50, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\mscdex.exe
C:\WINDOWS\system32\dllcache\ivchost.exe
C:\WINDOWS\system\NOTEPAD.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\-= Download & Setup =-\Setup\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: dumpregged - Unknown - C:\WINDOWS\mscdex.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: ms hexidecimal defx - Unknown - C:\WINDOWS\system32\dllcache\ivchost.exe
O23 - Service: NOTEPAD - Unknown - C:\WINDOWS\system\NOTEPAD.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Quelqu'un peut m'aider ??
A voir également:
- Win32:LoadAdv-I [Trj]
- Trojan win32 - Forum Virus
- Puadimanager win32/offercore ✓ - Forum Virus
- PUA:Win32/InstallCore detecté par windows sécurité ✓ - Forum Virus
- Puabundler win32 rostpay ✓ - Forum Antivirus
- Win32 pup gen ✓ - Forum Linux / Unix
28 réponses
bonsoir,
* Fait un scan antivirus en ligne ICI
https://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.
tuto en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
* Fait un scan antivirus en ligne ICI
https://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.
tuto en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
Je n'ai plus de navigation jsui bloqué, il me charge pas les pages il m'indique "Terminé" directement.
Jvais retenter au cas où ...
Jvais retenter au cas où ...
ok fait autre chose
* Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
* Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
* Redémarre ton ordinateur en mode sans échec
* Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,
avec un nouveau log Hijackthis
* Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
* Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
* Redémarre ton ordinateur en mode sans échec
* Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,
avec un nouveau log Hijackthis
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
SDFix: Version 1.104
Run by Celti on 12/09/2007 at 22:15
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Celti\Bureau\sdfix\SDFix
Safe Mode:
Checking Services:
Name:
mshexdefx
ImagePath:
"C:\WINDOWS\system32\dllcache\ivchost.exe"
mshexdefx - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\dllcache\ivchost.exe - Deleted
C:\WINDOWS\system32\i - Deleted
C:\WINDOWS\system32\NSecurity.exe - Deleted
C:\WINDOWS\system32\setup_07585.exe - Deleted
C:\WINDOWS\system32\setup_36141.exe - Deleted
C:\WINDOWS\system32\setup_42775.exe - Deleted
C:\WINDOWS\system32\winldr.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\Celti\Bureau\sdfix\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\WINDOWS\mscdex.exe
C:\WINDOWS\system\NOTEPAD.exe
C:\WINDOWS\system32\a.exe
Finished!
Et Pour HijackThis
Logfile of HijackThis v1.99.0
Scan saved at 22:20:56, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\mscdex.exe
C:\WINDOWS\system\NOTEPAD.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Avast4\ashDisp.exe
D:\-= Download & Setup =-\Setup\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: dumpregged - Unknown - C:\WINDOWS\mscdex.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NOTEPAD - Unknown - C:\WINDOWS\system\NOTEPAD.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
J'ai essayé de lancer bitdefender mais jai à peine le tps de lancer la page d'accueil qu'il me bloque. toujours les méme virus détecté par avast au lancement de ma cnx
re
et avast ne peut te les mettre en quarantaine ?
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.
dit moi si avast te les détecte toujours.
Ton rapport n'a plus rien d'anormal.....
et avast ne peut te les mettre en quarantaine ?
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IJKUV5O7\if[1].exe C:\ify32.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.
dit moi si avast te les détecte toujours.
Ton rapport n'a plus rien d'anormal.....
Avast me les met en quarentaine mais ça change rien.
Jai essayer de me connecter aprés, j'ai réussi à avancer de 2 pages mais rebloqué.
J'ai donc lancer OTMoveIt mais forcement il les a pas trouvé.
Jai essayer de me connecter aprés, j'ai réussi à avancer de 2 pages mais rebloqué.
J'ai donc lancer OTMoveIt mais forcement il les a pas trouvé.
J'ai mis en quarantaine, jai reboot, relance la cnx, Avast me detecte de nouveau, je lance donc OTMoveIt avant de faire quoi que ce soit sur Avast. Il me supp les 2 lignes.
Je reboot, relance cnx et là Avast me retrouve C:\ify32.exe mais cette fois je ne peux pas mettre en quarantaine Avast me dit que le fichier est déjà utilisé par une autre ressources.
Je reboot, relance cnx et là Avast me retrouve C:\ify32.exe mais cette fois je ne peux pas mettre en quarantaine Avast me dit que le fichier est déjà utilisé par une autre ressources.
c'est une histoire de fou ton truc.
* Télécharge le script "Silent Runners"
clic droit > "enregistrer sous" (et non pas clic gauche) sur le lien suivant :
https://www.silentrunners.org/Silent%20Runners.vbs
clique ensuite 2 fois sur "yes"
Laisse lui le temps de faire son analyse (compte une minute, montre en main)
poste le rapport généré qui se trouve dans le meme dossier que Silent Runners...
Si ton antivirus s'affole, autorise ce script. Ou au pire, désactive-le juste le temps du téléchargement et du scan. Ce script n'est pas dangereux
* Télécharge le script "Silent Runners"
clic droit > "enregistrer sous" (et non pas clic gauche) sur le lien suivant :
https://www.silentrunners.org/Silent%20Runners.vbs
clique ensuite 2 fois sur "yes"
Laisse lui le temps de faire son analyse (compte une minute, montre en main)
poste le rapport généré qui se trouve dans le meme dossier que Silent Runners...
Si ton antivirus s'affole, autorise ce script. Ou au pire, désactive-le juste le temps du téléchargement et du scan. Ce script n'est pas dangereux
Avant de faire ton test jai reboot 2 ou 3 fois avast planté.
Le virus est apparu sans lancé la cnx cette fois, jai finalement réussi a mettre en quarantaine.
J'ai lancé la cnx pensant avoir réussi mais non navigation encore bloqué !!!
Jvais tester ton script ...
Le virus est apparu sans lancé la cnx cette fois, jai finalement réussi a mettre en quarantaine.
J'ai lancé la cnx pensant avoir réussi mais non navigation encore bloqué !!!
Jvais tester ton script ...
"Silent Runners.vbs", revision 52, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"avast!" = "C:\PROGRA~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Celti\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
dumpregged, dumpregged, ""C:\WINDOWS\mscdex.exe"" [null data]
NOTEPAD, NOTEPAD, ""C:\WINDOWS\system\NOTEPAD.exe"" [null data]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]
---------- (launch time: 2007-09-12 23:48:44)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 41 seconds, including 7 seconds for message boxes)
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"avast!" = "C:\PROGRA~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Celti\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
dumpregged, dumpregged, ""C:\WINDOWS\mscdex.exe"" [null data]
NOTEPAD, NOTEPAD, ""C:\WINDOWS\system\NOTEPAD.exe"" [null data]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]
---------- (launch time: 2007-09-12 23:48:44)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 41 seconds, including 7 seconds for message boxes)
On reprend depuis le début ...
Maintenant c'est à cet emplacement qu'il est revenu :
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IJKUV5O7\if[1].exe
Sauf que c'est plus IJKUV5O7 mais un autre dossier de méme type ...
Maintenant c'est à cet emplacement qu'il est revenu :
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IJKUV5O7\if[1].exe
Sauf que c'est plus IJKUV5O7 mais un autre dossier de méme type ...
pas plus avancée.
* Télécharge WinPFind
http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe
* Dézippe-le dans C:\
* Redémarre en mode sans échec.
* Double-clique sur le fichier c:\winpfind\winpfind.exe,
clique ensuite sur le bouton "Start Scan button"
Patiente le temps du scan.
Quand c'est terminé,
* redémarre normalement et
poste le contenu du fichier WinPFind.Txt qui se trouve dans le répertoire c:\winpfind
* Télécharge WinPFind
http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe
* Dézippe-le dans C:\
* Redémarre en mode sans échec.
* Double-clique sur le fichier c:\winpfind\winpfind.exe,
clique ensuite sur le bouton "Start Scan button"
Patiente le temps du scan.
Quand c'est terminé,
* redémarre normalement et
poste le contenu du fichier WinPFind.Txt qui se trouve dans le répertoire c:\winpfind
WinPFind3 logfile created on: 13/09/2007 00:18:09
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\winpfind3u\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
767,48 Mb Total Physical Memory | 633,32 Mb Available Physical Memory | 82,52% Memory free
1,83 Gb Paging File | 1,76 Gb Available in Paging File | 95,70% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15,00 Gb Total Space | 8,36 Gb Free Space | 55,72% Space Free
Drive D: | 61,33 Gb Total Space | 17,25 Gb Free Space | 28,13% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: GWEN-M
Current User Name: Celti
Logged in as Administrator.
Cannot determine boot mode.
[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 5 | Size = 561152 bytes | Modified Date = 06/07/2007 14:02:26 | Attr = ]
winpfind3u.exe -> %SystemDrive%\winpfind3u\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 5 | Size = 561152 bytes | Modified Date = 06/07/2007 14:02:26 | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 06/09/2007 11:54:58 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 06/09/2007 12:06:04 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 06/09/2007 12:05:42 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 06/09/2007 12:04:44 | Attr = ]
(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 19/08/2004 16:09:52 | Attr = ]
(dumpregged) dumpregged [Win32_Own | Auto | Stopped] -> %SystemRoot%\mscdex.exe -> [Ver = | Size = 115712 bytes | Modified Date = 11/09/2007 10:41:34 | Attr = RHS]
(NOTEPAD) NOTEPAD [Win32_Own | Auto | Stopped] -> %SystemRoot%\system\NOTEPAD.exe -> [Ver = | Size = 38912 bytes | Modified Date = 11/09/2007 18:53:30 | Attr = RHS]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5672 | Size = 110659 bytes | Modified Date = 24/03/2004 10:04:00 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avast! -> %ProgramFiles%\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 06/09/2007 12:06:10 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5672 | Size = 3309568 bytes | Modified Date = 24/03/2004 10:04:00 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> about:blank ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.0.2003051500 | Size = 50376 bytes | Modified Date = 15/05/2003 00:47:54 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0A290CB5-FB44-4227-9419-7C1E135DF65D} -> (Carte réseau Fast Ethernet PCI Realtek RTL8139 Family) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->
[Files/Folders - Created Within 30 days]
HiJackThis -> %SystemDrive%\HiJackThis -> [Folder | Created Date = 11/09/2007 09:35:24 | Attr = ]
HiJackThis.zip -> %SystemDrive%\HiJackThis.zip -> [Ver = | Size = 318369 bytes | Created Date = 11/09/2007 09:35:21 | Attr = ]
winpfind3u -> %SystemDrive%\winpfind3u -> [Folder | Created Date = 12/09/2007 23:14:30 | Attr = ]
winpfind3u.exe -> %SystemDrive%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Created Date = 12/09/2007 23:14:23 | Attr = ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Created Date = 12/09/2007 15:42:13 | Attr = H ]
$NtUninstallKB834707$ -> %SystemRoot%\$NtUninstallKB834707$ -> [Folder | Created Date = 12/09/2007 16:00:54 | Attr = H ]
$NtUninstallKB867282$ -> %SystemRoot%\$NtUninstallKB867282$ -> [Folder | Created Date = 12/09/2007 16:03:36 | Attr = H ]
$NtUninstallKB873333$ -> %SystemRoot%\$NtUninstallKB873333$ -> [Folder | Created Date = 12/09/2007 16:03:53 | Attr = H ]
$NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Created Date = 12/09/2007 16:01:29 | Attr = H ]
$NtUninstallKB883939$ -> %SystemRoot%\$NtUninstallKB883939$ -> [Folder | Created Date = 12/09/2007 16:06:18 | Attr = H ]
$NtUninstallKB885250$ -> %SystemRoot%\$NtUninstallKB885250$ -> [Folder | Created Date = 12/09/2007 16:03:09 | Attr = H ]
$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Created Date = 12/09/2007 16:01:41 | Attr = H ]
$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Created Date = 12/09/2007 16:02:14 | Attr = H ]
$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Created Date = 12/09/2007 16:01:53 | Attr = H ]
$NtUninstallKB887742$ -> %SystemRoot%\$NtUninstallKB887742$ -> [Folder | Created Date = 12/09/2007 16:01:18 | Attr = H ]
$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Created Date = 12/09/2007 16:02:34 | Attr = H ]
$NtUninstallKB890046$ -> %SystemRoot%\$NtUninstallKB890046$ -> [Folder | Created Date = 12/09/2007 16:05:45 | Attr = H ]
$NtUninstallKB890047$ -> %SystemRoot%\$NtUninstallKB890047$ -> [Folder | Created Date = 12/09/2007 16:02:47 | Attr = H ]
$NtUninstallKB890175$ -> %SystemRoot%\$NtUninstallKB890175$ -> [Folder | Created Date = 12/09/2007 16:02:24 | Attr = H ]
$NtUninstallKB890859$ -> %SystemRoot%\$NtUninstallKB890859$ -> [Folder | Created Date = 12/09/2007 16:04:24 | Attr = H ]
$NtUninstallKB891781$ -> %SystemRoot%\$NtUninstallKB891781$ -> [Folder | Created Date = 12/09/2007 16:03:22 | Attr = H ]
$NtUninstallKB893066$ -> %SystemRoot%\$NtUninstallKB893066$ -> [Folder | Created Date = 12/09/2007 16:06:36 | Attr = H ]
$NtUninstallKB893086$ -> %SystemRoot%\$NtUninstallKB893086$ -> [Folder | Created Date = 12/09/2007 16:04:09 | Attr = H ]
$NtUninstallKB893756$ -> %SystemRoot%\$NtUninstallKB893756$ -> [Folder | Created Date = 12/09/2007 16:07:18 | Attr = H ]
$NtUninstallKB894391$ -> %SystemRoot%\$NtUninstallKB894391$ -> [Folder | Created Date = 12/09/2007 16:05:22 | Attr = H ]
$NtUninstallKB896358$ -> %SystemRoot%\$NtUninstallKB896358$ -> [Folder | Created Date = 12/09/2007 16:05:34 | Attr = H ]
$NtUninstallKB896422$ -> %SystemRoot%\$NtUninstallKB896422$ -> [Folder | Created Date = 12/09/2007 16:05:56 | Attr = H ]
$NtUninstallKB896423$ -> %SystemRoot%\$NtUninstallKB896423$ -> [Folder | Created Date = 12/09/2007 16:08:26 | Attr = H ]
$NtUninstallKB896424$ -> %SystemRoot%\$NtUninstallKB896424$ -> [Folder | Created Date = 12/09/2007 16:10:00 | Attr = H ]
$NtUninstallKB896428$ -> %SystemRoot%\$NtUninstallKB896428$ -> [Folder | Created Date = 12/09/2007 16:06:06 | Attr = H ]
$NtUninstallKB896727$ -> %SystemRoot%\$NtUninstallKB896727$ -> [Folder | Created Date = 12/09/2007 16:08:41 | Attr = H ]
$NtUninstallKB897338$ -> %SystemRoot%\$NtUninstallKB897338$ -> [Folder | Created Date = 12/09/2007 16:16:53 | Attr = H ]
$NtUninstallKB899587$ -> %SystemRoot%\$NtUninstallKB899587$ -> [Folder | Created Date = 12/09/2007 16:07:28 | Attr = H ]
$NtUninstallKB899588$ -> %SystemRoot%\$NtUninstallKB899588$ -> [Folder | Created Date = 12/09/2007 16:07:39 | Attr = H ]
$NtUninstallKB899589$ -> %SystemRoot%\$NtUninstallKB899589$ -> [Folder | Created Date = 12/09/2007 16:08:57 | Attr = H ]
$NtUninstallKB899591$ -> %SystemRoot%\$NtUninstallKB899591$ -> [Folder | Created Date = 12/09/2007 16:07:59 | Attr = H ]
$NtUninstallKB900725$ -> %SystemRoot%\$NtUninstallKB900725$ -> [Folder | Created Date = 12/09/2007 16:09:12 | Attr = H ]
$NtUninstallKB900930$ -> %SystemRoot%\$NtUninstallKB900930$ -> [Folder | Created Date = 12/09/2007 16:06:49 | Attr = H ]
$NtUninstallKB901017$ -> %SystemRoot%\$NtUninstallKB901017$ -> [Folder | Created Date = 12/09/2007 16:09:26 | Attr = H ]
$NtUninstallKB901214$ -> %SystemRoot%\$NtUninstallKB901214$ -> [Folder | Created Date = 12/09/2007 16:07:05 | Attr = H ]
$NtUninstallKB905414$ -> %SystemRoot%\$NtUninstallKB905414$ -> [Folder | Created Date = 12/09/2007 16:09:49 | Attr = H ]
$NtUninstallKB905749$ -> %SystemRoot%\$NtUninstallKB905749$ -> [Folder | Created Date = 12/09/2007 16:09:38 | Attr = H ]
$NtUninstallKB905915$ -> %SystemRoot%\$NtUninstallKB905915$ -> [Folder | Created Date = 12/09/2007 16:12:25 | Attr = H ]
$NtUninstallKB908519$ -> %SystemRoot%\$NtUninstallKB908519$ -> [Folder | Created Date = 12/09/2007 16:12:59 | Attr = H ]
$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Created Date = 12/09/2007 16:12:06 | Attr = H ]
$NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Created Date = 12/09/2007 16:17:07 | Attr = H ]
$NtUninstallKB911562$ -> %SystemRoot%\$NtUninstallKB911562$ -> [Folder | Created Date = 12/09/2007 16:14:10 | Attr = H ]
$NtUninstallKB911564$ -> %SystemRoot%\$NtUninstallKB911564$ -> [Folder | Created Date = 12/09/2007 16:13:17 | Attr = H ]
$NtUninstallKB911565$ -> %SystemRoot%\$NtUninstallKB911565$ -> [Folder | Created Date = 12/09/2007 16:13:34 | Attr = H ]
$NtUninstallKB911927$ -> %SystemRoot%\$NtUninstallKB911927$ -> [Folder | Created Date = 12/09/2007 16:13:45 | Attr = H ]
$NtUninstallKB912812$ -> %SystemRoot%\$NtUninstallKB912812$ -> [Folder | Created Date = 12/09/2007 16:14:40 | Attr = H ]
$NtUninstallKB912919$ -> %SystemRoot%\$NtUninstallKB912919$ -> [Folder | Created Date = 12/09/2007 16:12:47 | Attr = H ]
$NtUninstallKB913446$ -> %SystemRoot%\$NtUninstallKB913446$ -> [Folder | Created Date = 12/09/2007 16:13:57 | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Created Date = 12/09/2007 16:15:01 | Attr = H ]
$NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Created Date = 12/09/2007 16:17:31 | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Created Date = 12/09/2007 16:16:14 | Attr = H ]
$NtUninstallKB917159$ -> %SystemRoot%\$NtUninstallKB917159$ -> [Folder | Created Date = 12/09/2007 16:17:19 | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Created Date = 12/09/2007 16:16:27 | Attr = H ]
$NtUninstallKB917422$ -> %SystemRoot%\$NtUninstallKB917422$ -> [Folder | Created Date = 12/09/2007 16:19:32 | Attr = H ]
$NtUninstallKB917537$ -> %SystemRoot%\$NtUninstallKB917537$ -> [Folder | Created Date = 12/09/2007 16:17:45 | Attr = H ]
$NtUninstallKB917734_WMP9$ -> %SystemRoot%\$NtUninstallKB917734_WMP9$ -> [Folder | Created Date = 12/09/2007 16:15:52 | Attr = H ]
$NtUninstallKB917953$ -> %SystemRoot%\$NtUninstallKB917953$ -> [Folder | Created Date = 12/09/2007 16:16:39 | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 12/09/2007 16:25:50 | Attr = H ]
$NtUninstallKB918439$ -> %SystemRoot%\$NtUninstallKB918439$ -> [Folder | Created Date = 12/09/2007 16:16:03 | Attr = H ]
$NtUninstallKB918899$ -> %SystemRoot%\$NtUninstallKB918899$ -> [Folder | Created Date = 12/09/2007 16:19:13 | Attr = H ]
$NtUninstallKB919007$ -> %SystemRoot%\$NtUninstallKB919007$ -> [Folder | Created Date = 12/09/2007 16:19:57 | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Created Date = 12/09/2007 16:22:36 | Attr = H ]
$NtUninstallKB920214$ -> %SystemRoot%\$NtUninstallKB920214$ -> [Folder | Created Date = 12/09/2007 16:18:58 | Attr = H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Created Date = 12/09/2007 16:21:28 | Attr = H ]
$NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Created Date = 12/09/2007 16:18:45 | Attr = H ]
$NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Created Date = 12/09/2007 16:18:34 | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Created Date = 12/09/2007 16:19:45 | Attr = H ]
$NtUninstallKB921398$ -> %SystemRoot%\$NtUninstallKB921398$ -> [Folder | Created Date = 12/09/2007 16:18:21 | Attr = H ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 12/09/2007 16:30:21 | Attr = H ]
$NtUninstallKB921883$ -> %SystemRoot%\$NtUninstallKB921883$ -> [Folder | Created Date = 12/09/2007 16:18:07 | Attr = H ]
$NtUninstallKB922616$ -> %SystemRoot%\$NtUninstallKB922616$ -> [Folder | Created Date = 12/09/2007 16:17:56 | Attr = H ]
$NtUninstallKB922760$ -> %SystemRoot%\$NtUninstallKB922760$ -> [Folder | Created Date = 12/09/2007 16:23:24 | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Created Date = 12/09/2007 16:21:14 | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Created Date = 12/09/2007 16:20:23 | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Created Date = 12/09/2007 16:20:48 | Attr = H ]
$NtUninstallKB923694$ -> %SystemRoot%\$NtUninstallKB923694$ -> [Folder | Created Date = 12/09/2007 16:23:51 | Attr = H ]
$NtUninstallKB923723$ -> %SystemRoot%\$NtUninstallKB923723$ -> [Folder | Created Date = 12/09/2007 16:24:59 | Attr = H ]
$NtUninstallKB923980$ -> %SystemRoot%\$NtUninstallKB923980$ -> [Folder | Created Date = 12/09/2007 16:22:25 | Attr = H ]
$NtUninstallKB924191$ -> %SystemRoot%\$NtUninstallKB924191$ -> [Folder | Created Date = 12/09/2007 16:20:36 | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Created Date = 12/09/2007 16:22:46 | Attr = H ]
$NtUninstallKB924496$ -> %SystemRoot%\$NtUninstallKB924496$ -> [Folder | Created Date = 12/09/2007 16:21:02 | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Created Date = 12/09/2007 16:25:38 | Attr = H ]
$NtUninstallKB925454$ -> %SystemRoot%\$NtUninstallKB925454$ -> [Folder | Created Date = 12/09/2007 16:23:01 | Attr = H ]
$NtUninstallKB925486$ -> %SystemRoot%\$NtUninstallKB925486$ -> [Folder | Created Date = 12/09/2007 16:20:10 | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 12/09/2007 16:26:11 | Attr = H ]
$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Created Date = 12/09/2007 16:23:37 | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Created Date = 12/09/2007 16:26:01 | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Created Date = 12/09/2007 16:24:23 | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Created Date = 12/09/2007 16:25:27 | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 12/09/2007 16:28:09 | Attr = H ]
$NtUninstallKB928090$ -> %SystemRoot%\$NtUninstallKB928090$ -> [Folder | Created Date = 12/09/2007 16:24:41 | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Created Date = 12/09/2007 16:25:12 | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Created Date = 12/09/2007 16:24:12 | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 12/09/2007 16:29:26 | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 12/09/2007 16:26:37 | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 12/09/2007 16:26:51 | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Created Date = 12/09/2007 16:27:37 | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 12/09/2007 16:27:04 | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 12/09/2007 16:27:21 | Attr = H ]
$NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Created Date = 12/09/2007 16:28:36 | Attr = H ]
$NtUninstallKB935448$ -> %SystemRoot%\$NtUninstallKB935448$ -> [Folder | Created Date = 12/09/2007 16:26:24 | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 12/09/2007 16:29:14 | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 12/09/2007 16:28:21 | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 12/09/2007 16:30:45 | Attr = H ]
$NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Created Date = 12/09/2007 16:31:51 | Attr = H ]
$NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Created Date = 12/09/2007 16:31:26 | Attr = H ]
$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Created Date = 12/09/2007 16:31:11 | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 12/09/2007 16:30:33 | Attr = H ]
002421_.tmp -> %SystemRoot%\002421_.tmp -> [Ver = | Size = 19528 bytes | Created Date = 12/09/2007 15:45:04 | Attr = ]
CDEC84Euro.ini -> %SystemRoot%\CDEC84Euro.ini -> [Ver = | Size = 25 bytes | Created Date = 16/08/2007 18:41:51 | Attr = ]
EHome -> %SystemRoot%\EHome -> [Folder | Created Date = 12/09/2007 15:42:10 | Attr = ]
EPSTPLOG.BAK -> %SystemRoot%\EPSTPLOG.BAK -> [Ver = | Size = 7757 bytes | Created Date = 16/08/2007 18:42:12 | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 12/09/2007 21:14:12 | Attr = ]
mscdex.exe -> %SystemRoot%\mscdex.exe -> [Ver = | Size = 115712 bytes | Created Date = 11/09/2007 09:41:43 | Attr = RHS]
peernet -> %SystemRoot%\peernet -> [Folder | Created Date = 12/09/2007 15:50:17 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 12/09/2007 15:56:04 | Attr = ]
provisioning -> %SystemRoot%\provisioning -> [Folder | Created Date = 12/09/2007 15:50:15 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 24/08/2007 10:23:16 | Attr = ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Created Date = 12/09/2007 15:48:22 | Attr = ]
slrundll.exe -> %SystemRoot%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 12/09/2007 15:50:18 | Attr = ]
UninstallThunderbird.exe -> %SystemRoot%\UninstallThunderbird.exe -> [Ver = | Size = 99965 bytes | Created Date = 06/09/2007 10:15:33 | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Created Date = 12/09/2007 15:51:08 | Attr = ]
a.exe -> %System32%\a.exe -> [Ver = | Size = 52736 bytes | Created Date = 10/09/2007 13:26:05 | Attr = HS]
ati2cqag.dll -> %System32%\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0233 | Size = 229376 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
ati2dvaa.dll -> %System32%\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
ati2dvag.dll -> %System32%\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 201728 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
ati3d1ag.dll -> %System32%\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.14.10.4071 | Size = 870784 bytes | Created Date = 12/09/2007 15:50:25 | Attr = ]
ati3duag.dll -> %System32%\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0231 | Size = 1888992 bytes | Created Date = 12/09/2007 15:50:25 | Attr = ]
ativdaxx.ax -> %System32%\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Created Date = 12/09/2007 15:50:25 | Attr = ]
ativmvxx.ax -> %System32%\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Created Date = 12/09/2007 15:50:25 | Attr = ]
ativtmxx.dll -> %System32%\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Created Date = 12/09/2007 15:50:25 | Attr = ]
ativvaxx.dll -> %System32%\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.01.0009 | Size = 516768 bytes | Created Date = 12/09/2007 15:50:25 | Attr = ]
EBAPI.dll -> %System32%\EBAPI.dll -> [Ver = | Size = 65536 bytes | Created Date = 16/08/2007 18:45:27 | Attr = ]
EBPCHP.DLL -> %System32%\EBPCHP.DLL -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 34304 bytes | Created Date = 16/08/2007 18:42:55 | Attr = ]
EBPPORT4.DAT -> %System32%\EBPPORT4.DAT -> [Ver = | Size = 182 bytes | Created Date = 16/08/2007 18:42:56 | Attr = ]
ECBTEG.DLL -> %System32%\ECBTEG.DLL -> SEIKO EPSON CORPORATION [Ver = 2, 0, 0, 255 | Size = 63488 bytes | Created Date = 16/08/2007 18:42:56 | Attr = ]
EEBAPI.dll -> %System32%\EEBAPI.dll -> [Ver = | Size = 122880 bytes | Created Date = 16/08/2007 18:45:27 | Attr = ]
EEBDSCVR.dll -> %System32%\EEBDSCVR.dll -> [Ver = | Size = 102400 bytes | Created Date = 16/08/2007 18:45:27 | Attr = ]
EEBSDKIF.dll -> %System32%\EEBSDKIF.dll -> SEIKO EPSON CORPORATION [Ver = 1.00 | Size = 54272 bytes | Created Date = 16/08/2007 18:45:27 | Attr = ]
EEBUtil.dll -> %System32%\EEBUtil.dll -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 65536 bytes | Created Date = 16/08/2007 18:45:27 | Attr = ]
hsfcisp2.dll -> %System32%\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Created Date = 12/09/2007 15:50:24 | Attr = ]
iac25_32.ax -> %System32%\iac25_32.ax -> Intel Corporation [Ver = 2.05.53 | Size = 199680 bytes | Created Date = 12/09/2007 15:50:24 | Attr = ]
ieencode.dll -> %System32%\ieencode.dll -> [Ver = | Size = 81920 bytes | Created Date = 12/09/2007 15:50:23 | Attr = ]
ir41_32.ax -> %System32%\ir41_32.ax -> Intel Corporation [Ver = 4.51.16.03 | Size = 848384 bytes | Created Date = 12/09/2007 15:50:23 | Attr = ]
ir41_qc.dll -> %System32%\ir41_qc.dll -> Intel Corporation. [Ver = 4.30.62.02 | Size = 120320 bytes | Created Date = 12/09/2007 15:50:23 | Attr = ]
ir41_qcx.dll -> %System32%\ir41_qcx.dll -> Intel Corporation. [Ver = 4.30.64.01 | Size = 338432 bytes | Created Date = 12/09/2007 15:50:23 | Attr = ]
ir50_32.dll -> %System32%\ir50_32.dll -> Intel Corporation [Ver = R.5.10.15.2.55 | Size = 755200 bytes | Created Date = 12/09/2007 15:50:23 | Attr = ]
ir50_qc.dll -> %System32%\ir50_qc.dll -> Intel Corporation. [Ver = R.5.10.63.2.48 | Size = 200192 bytes | Created Date = 12/09/2007 15:50:23 | Attr = ]
ir50_qcx.dll -> %System32%\ir50_qcx.dll -> Intel Corporation. [Ver = R.5.10.64.2.48 | Size = 183808 bytes | Created Date = 12/09/2007 15:50:23 | Attr = ]
ivfsrc.ax -> %System32%\ivfsrc.ax -> Intel Corporation [Ver = R.5.10.15.2.51 | Size = 154624 bytes | Created Date = 12/09/2007 15:50:23 | Attr = ]
mdmxsdk.dll -> %System32%\mdmxsdk.dll -> Conexant [Ver = 1.0.2.006 | Size = 86016 bytes | Created Date = 12/09/2007 15:50:23 | Attr = ]
mtxparhd.dll -> %System32%\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Created Date = 12/09/2007 15:50:22 | Attr = ]
s3gnb.dll -> %System32%\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Created Date = 12/09/2007 15:50:21 | Attr = ]
slcoinst.dll -> %System32%\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Created Date = 12/09/2007 15:50:21 | Attr = ]
slextspk.dll -> %System32%\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Created Date = 12/09/2007 15:50:21 | Attr = ]
slgen.dll -> %System32%\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Created Date = 12/09/2007 15:50:21 | Attr = ]
slrundll.exe -> %System32%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 12/09/2007 15:50:21 | Attr = ]
slserv.exe -> %System32%\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Created Date = 12/09/2007 15:50:21 | Attr = ]
vbicodec.ax -> %System32%\vbicodec.ax -> [Ver = | Size = 53248 bytes | Created Date = 12/09/2007 15:50:31 | Attr = ]
wstpager.ax -> %System32%\wstpager.ax -> [Ver = | Size = 164352 bytes | Created Date = 12/09/2007 15:50:31 | Attr = ]
wstrenderer.ax -> %System32%\wstrenderer.ax -> [Ver = | Size = 239616 bytes | Created Date = 12/09/2007 15:50:31 | Attr = ]
locale.nls -> %System32%\dllcache\locale.nls -> [Ver = | Size = 265948 bytes | Created Date = 12/09/2007 16:16:46 | Attr = ]
micross.ttf -> %System32%\dllcache\micross.ttf -> [Ver = | Size = 461672 bytes | Created Date = 12/09/2007 16:16:46 | Attr = ]
sortkey.nls -> %System32%\dllcache\sortkey.nls -> [Ver = | Size = 262148 bytes | Created Date = 12/09/2007 16:16:46 | Attr = ]
tahoma.ttf -> %System32%\dllcache\tahoma.ttf -> [Ver = | Size = 383804 bytes | Created Date = 12/09/2007 16:16:46 | Attr = ]
tahomabd.ttf -> %System32%\dllcache\tahomabd.ttf -> [Ver = | Size = 355680 bytes | Created Date = 12/09/2007 16:16:46 | Attr = ]
adv01nt5.dll -> %System32%\drivers\adv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 4255 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
adv02nt5.dll -> %System32%\drivers\adv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3967 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
adv05nt5.dll -> %System32%\drivers\adv05nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3615 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
adv07nt5.dll -> %System32%\drivers\adv07nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3647 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
adv08nt5.dll -> %System32%\drivers\adv08nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3135 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
adv09nt5.dll -> %System32%\drivers\adv09nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3711 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
adv11nt5.dll -> %System32%\drivers\adv11nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3775 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
amdagp.sys -> %System32%\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1btxx.sys -> %System32%\drivers\ati1btxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56623 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1mdxx.sys -> %System32%\drivers\ati1mdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1pdxx.sys -> %System32%\drivers\ati1pdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1raxx.sys -> %System32%\drivers\ati1raxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1rvxx.sys -> %System32%\drivers\ati1rvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1snxx.sys -> %System32%\drivers\ati1snxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1ttxx.sys -> %System32%\drivers\ati1ttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1tuxx.sys -> %System32%\drivers\ati1tuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1xbxx.sys -> %System32%\drivers\ati1xbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1xsxx.sys -> %System32%\drivers\ati1xsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati2mtaa.sys -> %System32%\drivers\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327168 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati2mtag.sys -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atinbtxx.sys -> %System32%\drivers\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 57856 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atinmdxx.sys -> %System32%\drivers\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atinpdxx.sys -> %System32%\drivers\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 14336 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atinraxx.sys -> %System32%\drivers\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 52224 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atinrvxx.sys -> %System32%\drivers\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 104960 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atinsnxx.sys -> %System32%\drivers\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 28672 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atinttxx.sys -> %System32%\drivers\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atintuxx.sys -> %System32%\drivers\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 73216 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atinxbxx.sys -> %System32%\drivers\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 31744 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atinxsxx.sys -> %System32%\drivers\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 63488 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ativmc20.cod -> %System32%\drivers\ativmc20.cod -> [Ver = | Size = 64352 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atv01nt5.dll -> %System32%\drivers\atv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 21183 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atv02nt5.dll -> %System32%\drivers\atv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11359 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atv04nt5.dll -> %System32%\drivers\atv04nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atv06nt5.dll -> %System32%\drivers\atv06nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 14143 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atv10nt5.dll -> %System32%\drivers\atv10nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 17279 bytes | Created Date = 12/09/2007 15:50:27 | Attr = ]
ch7xxnt5.dll -> %System32%\drivers\ch7xxnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 15423 bytes | Created Date = 12/09/2007 15:50:27 | Attr = ]
cxthsfs2.cty -> %System32%\drivers\cxthsfs2.cty -> [Ver = | Size = 129045 bytes | Created Date = 12/09/2007 15:50:27 | Attr = ]
hsfbs2s2.sys -> %System32%\drivers\hsfbs2s2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Created Date = 12/09/2007 15:50:27 | Attr = ]
hsfcxts2.sys -> %System32%\drivers\hsfcxts2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Created Date = 12/09/2007 15:50:27 | Attr = ]
hsfdpsp2.sys -> %System32%\drivers\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Created Date = 12/09/2007 15:50:27 | Attr = ]
mdmxsdk.sys -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 11868 bytes | Created Date = 12/09/2007 15:50:27 | Attr = ]
mtlmnt5.sys -> %System32%\drivers\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Created Date = 12/09/2007 15:50:27 | Attr = ]
mtlstrm.sys -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Created Date = 12/09/2007 15:50:27 | Attr = ]
mtxparhm.sys -> %System32%\drivers\mtxparhm.sys -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 452736 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
netwlan5.img -> %System32%\drivers\netwlan5.img -> [Ver = | Size = 67866 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
ntmtlfax.sys -> %System32%\drivers\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
recagent.sys -> %System32%\drivers\recagent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
s3gnbm.sys -> %System32%\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
siint5.dll -> %System32%\drivers\siint5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3901 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
sisagp.sys -> %System32%\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
slnt7554.sys -> %System32%\drivers\slnt7554.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 129535 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
slntamr.sys -> %System32%\drivers\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
slnthal.sys -> %System32%\drivers\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
slwdmsup.sys -> %System32%\drivers\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
vchnt5.dll -> %System32%\drivers\vchnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11325 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
wadv07nt.sys -> %System32%\drivers\wadv07nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11807 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
wadv08nt.sys -> %System32%\drivers\wadv08nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11295 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
wadv09nt.sys -> %System32%\drivers\wadv09nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11871 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
wadv11nt.sys -> %System32%\drivers\wadv11nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11935 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
watv06nt.sys -> %System32%\drivers\watv06nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 22271 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
watv10nt.sys -> %System32%\drivers\watv10nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 495 bytes | Created Date = 10/09/2007 12:05:09 | Attr = ]
hosts.msn -> %System32%\drivers\etc\hosts.msn -> [Ver = | Size = 790 bytes | Created Date = 21/08/2007 15:58:36 | Attr = ]
[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 212 bytes | Modified Date = 12/09/2007 17:36:52 | Attr = RHS]
HiJackThis -> %SystemDrive%\HiJackThis -> [Folder | Modified Date = 11/09/2007 15:17:48 | Attr = ]
HiJackThis.zip -> %SystemDrive%\HiJackThis.zip -> [Ver = | Size = 318369 bytes | Modified Date = 11/09/2007 10:34:48 | Attr = ]
NTDETECT.COM -> %SystemDrive%\NTDETECT.COM -> [Ver = | Size = 47564 bytes | Modified Date = 12/09/2007 16:45:34 | Attr = RHS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 12/09/2007 17:21:52 | Attr = R ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 12/09/2007 16:55:40 | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 12/09/2007 22:14:14 | Attr = ]
winpfind3u -> %SystemDrive%\winpfind3u -> [Folder | Modified Date = 13/09/2007 00:14:32 | Attr = ]
winpfind3u.exe -> %SystemDrive%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Modified Date = 13/09/2007 00:12:50 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 12/09/2007 17:31:26 | Attr = H ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 12/09/2007 16:44:08 | Attr = H ]
$NtUninstallKB834707$ -> %SystemRoot%\$NtUninstallKB834707$ -> [Folder | Modified Date = 12/09/2007 17:00:56 | Attr = H ]
$NtUninstallKB867282$ -> %SystemRoot%\$NtUninstallKB867282$ -> [Folder | Modified Date = 12/09/2007 17:03:38 | Attr = H ]
$NtUninstallKB873333$ -> %SystemRoot%\$NtUninstallKB873333$ -> [Folder | Modified Date = 12/09/2007 17:03:54 | Attr = H ]
$NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Modified Date = 12/09/2007 17:01:32 | Attr = H ]
$NtUninstallKB883939$ -> %SystemRoot%\$NtUninstallKB883939$ -> [Folder | Modified Date = 12/09/2007 17:06:22 | Attr = H ]
$NtUninstallKB885250$ -> %SystemRoot%\$NtUninstallKB885250$ -> [Folder | Modified Date = 12/09/2007 17:03:10 | Attr = H ]
$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Modified Date = 12/09/2007 17:01:42 | Attr = H ]
$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Modified Date = 12/09/2007 17:02:16 | Attr = H ]
$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Modified Date = 12/09/2007 17:01:54 | Attr = H ]
$NtUninstallKB887742$ -> %SystemRoot%\$NtUninstallKB887742$ -> [Folder | Modified Date = 12/09/2007 17:01:20 | Attr = H ]
$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Modified Date = 12/09/2007 17:02:36 | Attr = H ]
$NtUninstallKB890046$ -> %SystemRoot%\$NtUninstallKB890046$ -> [Folder | Modified Date = 12/09/2007 17:05:48 | Attr = H ]
$NtUninstallKB890047$ -> %SystemRoot%\$NtUninstallKB890047$ -> [Folder | Modified Date = 12/09/2007 17:02:48 | Attr = H ]
$NtUninstallKB890175$ -> %SystemRoot%\$NtUninstallKB890175$ -> [Folder | Modified Date = 12/09/2007 17:02:26 | Attr = H ]
$NtUninstallKB890859$ -> %SystemRoot%\$NtUninstallKB890859$ -> [Folder | Modified Date = 12/09/2007 17:04:28 | Attr = H ]
$NtUninstallKB891781$ -> %SystemRoot%\$NtUninstallKB891781$ -> [Folder | Modified Date = 12/09/2007 17:03:24 | Attr = H ]
$NtUninstallKB893066$ -> %SystemRoot%\$NtUninstallKB893066$ -> [Folder | Modified Date = 12/09/2007 17:06:38 | Attr = H ]
$NtUninstallKB893086$ -> %SystemRoot%\$NtUninstallKB893086$ -> [Folder | Modified Date = 12/09/2007 17:04:12 | Attr = H ]
$NtUninstallKB893756$ -> %SystemRoot%\$NtUninstallKB893756$ -> [Folder | Modified Date = 12/09/2007 17:07:20 | Attr = H ]
$NtUninstallKB894391$ -> %SystemRoot%\$NtUninstallKB894391$ -> [Folder | Modified Date = 12/09/2007 17:05:24 | Attr = H ]
$NtUninstallKB896358$ -> %SystemRoot%\$NtUninstallKB896358$ -> [Folder | Modified Date = 12/09/2007 17:05:36 | Attr = H ]
$NtUninstallKB896422$ -> %SystemRoot%\$NtUninstallKB896422$ -> [Folder | Modified Date = 12/09/2007 17:05:58 | Attr = H ]
$NtUninstallKB896423$ -> %SystemRoot%\$NtUninstallKB896423$ -> [Folder | Modified Date = 12/09/2007 17:08:28 | Attr = H ]
$NtUninstallKB896424$ -> %SystemRoot%\$NtUninstallKB896424$ -> [Folder | Modified Date = 12/09/2007 17:10:02 | Attr = H ]
$NtUninstallKB896428$ -> %SystemRoot%\$NtUninstallKB896428$ -> [Folder | Modified Date = 12/09/2007 17:06:08 | Attr = H ]
$NtUninstallKB896727$ -> %SystemRoot%\$NtUninstallKB896727$ -> [Folder | Modified Date = 12/09/2007 17:08:44 | Attr = H ]
$NtUninstallKB897338$ -> %SystemRoot%\$NtUninstallKB897338$ -> [Folder | Modified Date = 12/09/2007 17:16:56 | Attr = H ]
$NtUninstallKB899587$ -> %SystemRoot%\$NtUninstallKB899587$ -> [Folder | Modified Date = 12/09/2007 17:07:30 | Attr = H ]
$NtUninstallKB899588$ -> %SystemRoot%\$NtUninstallKB899588$ -> [Folder | Modified Date = 12/09/2007 17:07:42 | Attr = H ]
$NtUninstallKB899589$ -> %SystemRoot%\$NtUninstallKB899589$ -> [Folder | Modified Date = 12/09/2007 17:09:00 | Attr = H ]
$NtUninstallKB899591$ -> %SystemRoot%\$NtUninstallKB899591$ -> [Folder | Modified Date = 12/09/2007 17:08:02 | Attr = H ]
$NtUninstallKB900725$ -> %SystemRoot%\$NtUninstallKB900725$ -> [Folder | Modified Date = 12/09/2007 17:09:16 | Attr = H ]
$NtUninstallKB900930$ -> %SystemRoot%\$NtUninstallKB900930$ -> [Folder | Modified Date = 12/09/2007 17:06:52 | Attr = H ]
$NtUninstallKB901017$ -> %SystemRoot%\$NtUninstallKB901017$ -> [Folder | Modified Date = 12/09/2007 17:09:28 | Attr = H ]
$NtUninstallKB901214$ -> %SystemRoot%\$NtUninstallKB901214$ -> [Folder | Modified Date = 12/09/2007 17:07:08 | Attr = H ]
$NtUninstallKB905414$ -> %SystemRoot%\$NtUninstallKB905414$ -> [Folder | Modified Date = 12/09/2007 17:09:52 | Attr = H ]
$NtUninstallKB905749$ -> %SystemRoot%\$NtUninstallKB905749$ -> [Folder | Modified Date = 12/09/2007 17:09:40 | Attr = H ]
$NtUninstallKB905915$ -> %SystemRoot%\$NtUninstallKB905915$ -> [Folder | Modified Date = 12/09/2007 17:12:30 | Attr = H ]
$NtUninstallKB908519$ -> %SystemRoot%\$NtUninstallKB908519$ -> [Folder | Modified Date = 12/09/2007 17:13:02 | Attr = H ]
$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Modified Date = 12/09/2007 17:12:08 | Attr = H ]
$NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Modified Date = 12/09/2007 17:17:10 | Attr = H ]
$NtUninstallKB911562$ -> %SystemRoot%\$NtUninstallKB911562$ -> [Folder | Modified Date = 12/09/2007 17:14:12 | Attr = H ]
$NtUninstallKB911564$ -> %SystemRoot%\$NtUninstallKB911564$ -> [Folder | Modified Date = 12/09/2007 17:13:20 | Attr = H ]
$NtUninstallKB911565$ -> %SystemRoot%\$NtUninstallKB911565$ -> [Folder | Modified Date = 12/09/2007 17:13:36 | Attr = H ]
$NtUninstallKB911927$ -> %SystemRoot%\$NtUninstallKB911927$ -> [Folder | Modified Date = 12/09/2007 17:13:48 | Attr = H ]
$NtUninstallKB912812$ -> %SystemRoot%\$NtUninstallKB912812$ -> [Folder | Modified Date = 12/09/2007 17:14:46 | Attr = H ]
$NtUninstallKB912919$ -> %SystemRoot%\$NtUninstallKB912919$ -> [Folder | Modified Date = 12/09/2007 17:12:50 | Attr = H ]
$NtUninstallKB913446$ -> %SystemRoot%\$NtUninstallKB913446$ -> [Folder | Modified Date = 12/09/2007 17:14:00 | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Modified Date = 12/09/2007 17:15:04 | Attr = H ]
$NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Modified Date = 12/09/2007 17:17:34 | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Modified Date = 12/09/2007 17:16:18 | Attr = H ]
$NtUninstallKB917159$ -> %SystemRoot%\$NtUninstallKB917159$ -> [Folder | Modified Date = 12/09/2007 17:17:22 | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Modified Date = 12/09/2007 17:16:30 | Attr = H ]
$NtUninstallKB917422$ -> %SystemRoot%\$NtUninstallKB917422$ -> [Folder | Modified Date = 12/09/2007 17:19:34 | Attr = H ]
$NtUninstallKB917537$ -> %SystemRoot%\$NtUninstallKB917537$ -> [Folder | Modified Date = 12/09/2007 17:17:46 | Attr = H ]
$NtUninstallKB917734_WMP9$ -> %SystemRoot%\$NtUninstallKB917734_WMP9$ -> [Folder | Modified Date = 12/09/2007 17:15:54 | Attr = H ]
$NtUninstallKB917953$ -> %SystemRoot%\$NtUninstallKB917953$ -> [Folder | Modified Date = 12/09/2007 17:16:42 | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Modified Date = 12/09/2007 17:25:52 | Attr = H ]
$NtUninstallKB918439$ -> %SystemRoot%\$NtUninstallKB918439$ -> [Folder | Modified Date = 12/09/2007 17:16:06 | Attr = H ]
$NtUninstallKB918899$ -> %SystemRoot%\$NtUninstallKB918899$ -> [Folder | Modified Date = 12/09/2007 17:19:18 | Attr = H ]
$NtUninstallKB919007$ -> %SystemRoot%\$NtUninstallKB919007$ -> [Folder | Modified Date = 12/09/2007 17:20:00 | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Modified Date = 12/09/2007 17:22:38 | Attr = H ]
$NtUninstallKB920214$ -> %SystemRoot%\$NtUninstallKB920214$ -> [Folder | Modified Date = 12/09/2007 17:19:00 | Attr = H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Modified Date = 12/09/2007 17:21:30 | Attr = H ]
$NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Modified Date = 12/09/2007 17:18:48 | Attr = H ]
$NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Modified Date = 12/09/2007 17:18:36 | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Modified Date = 12/09/2007 17:19:48 | Attr = H ]
$NtUninstallKB921398$ -> %SystemRoot%\$NtUninstallKB921398$ -> [Folder | Modified Date = 12/09/2007 17:18:24 | Attr = H ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 12/09/2007 17:30:22 | Attr = H ]
$NtUninstallKB921883$ -> %SystemRoot%\$NtUninstallKB921883$ -> [Folder | Modified Date = 12/09/2007 17:18:10 | Attr = H ]
$NtUninstallKB922616$ -> %SystemRoot%\$NtUninstallKB922616$ -> [Folder | Modified Date = 12/09/2007 17:17:58 | Attr = H ]
$NtUninstallKB922760$ -> %SystemRoot%\$NtUninstallKB922760$ -> [Folder | Modified Date = 12/09/2007 17:23:28 | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Modified Date = 12/09/2007 17:21:16 | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Modified Date = 12/09/2007 17:20:26 | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Modified Date = 12/09/2007 17:20:50 | Attr = H ]
$NtUninstallKB923694$ -> %SystemRoot%\$NtUninstallKB923694$ -> [Folder | Modified Date = 12/09/2007 17:23:54 | Attr = H ]
$NtUninstallKB923723$ -> %SystemRoot%\$NtUninstallKB923723$ -> [Folder | Modified Date = 12/09/2007 17:25:00 | Attr = H ]
$NtUninstallKB923980$ -> %SystemRoot%\$NtUninstallKB923980$ -> [Folder | Modified Date = 12/09/2007 17:22:28 | Attr = H ]
$NtUninstallKB924191$ -> %SystemRoot%\$NtUninstallKB924191$ -> [Folder | Modified Date = 12/09/2007 17:20:38 | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Modified Date = 12/09/2007 17:22:48 | Attr = H ]
$NtUninstallKB924496$ -> %SystemRoot%\$NtUninstallKB924496$ -> [Folder | Modified Date = 12/09/2007 17:21:04 | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Modified Date = 12/09/2007 17:25:40 | Attr = H ]
$NtUninstallKB925454$ -> %SystemRoot%\$NtUninstallKB925454$ -> [Folder | Modified Date = 12/09/2007 17:23:08 | Attr = H ]
$NtUninstallKB925486$ -> %SystemRoot%\$NtUninstallKB925486$ -> [Folder | Modified Date = 12/09/2007 17:20:12 | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 12/09/2007 17:26:14 | Attr = H ]
$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Modified Date = 12/09/2007 17:23:40 | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Modified Date = 12/09/2007 17:26:02 | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Modified Date = 12/09/2007 17:24:26 | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Modified Date = 12/09/2007 17:25:28 | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 12/09/2007 17:28:10 | Attr = H ]
$NtUninstallKB928090$ -> %SystemRoot%\$NtUninstallKB928090$ -> [Folder | Modified Date = 12/09/2007 17:24:46 | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Modified Date = 12/09/2007 17:25:14 | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Modified Date = 12/09/2007 17:24:14 | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Modified Date = 12/09/2007 17:29:28 | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 12/09/2007 17:26:38 | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 12/09/2007 17:26:52 | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Modified Date = 12/09/2007 17:27:44 | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 12/09/2007 17:27:06 | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 12/09/2007 17:27:24 | Attr = H ]
$NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Modified Date = 12/09/2007 17:28:42 | Attr = H ]
$NtUninstallKB935448$ -> %SystemRoot%\$NtUninstallKB935448$ -> [Folder | Modified Date = 12/09/2007 17:26:26 | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Modified Date = 12/09/2007 17:29:16 | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Modified Date = 12/09/2007 17:28:22 | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 12/09/2007 17:30:48 | Attr = H ]
$NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Modified Date = 12/09/2007 17:31:52 | Attr = H ]
$NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Modified Date = 12/09/2007 17:31:32 | Attr = H ]
$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Modified Date = 12/09/2007 17:31:12 | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 12/09/2007 17:30:36 | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 12/09/2007 16:55:36 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 13/09/2007 00:15:56 | Attr = S]
CDEC84Euro.ini -> %SystemRoot%\CDEC84Euro.ini -> [Ver = | Size = 25 bytes | Modified Date = 16/08/2007 19:41:52 | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 12/09/2007 16:57:58 | Attr = ]
EHome -> %SystemRoot%\EHome -> [Folder | Modified Date = 12/09/2007 16:50:34 | Attr = ]
EPSTPLOG.BAK -> %SystemRoot%\EPSTPLOG.BAK -> [Ver = | Size = 7757 bytes | Modified Date = 16/08/2007 19:45:20 | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 12/09/2007 22:14:20 | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 12/09/2007 17:35:48 | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 12/09/2007 16:50:32 | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 12/09/2007 16:50:32 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 12/09/2007 17:31:40 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 12/09/2007 17:31:56 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 12/09/2007 17:31:04 | Attr = HS]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 12/09/2007 16:50:16 | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 7550 bytes | Modified Date = 06/09/2007 11:15:34 | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 12/09/2007 17:35:48 | Attr = ]
mscdex.exe -> %SystemRoot%\mscdex.exe -> [Ver = | Size = 115712 bytes | Modified Date = 11/09/2007 10:41:34 | Attr = RHS]
peernet -> %SystemRoot%\peernet -> [Folder | Modified Date = 12/09/2007 16:50:18 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 12/09/2007 23:50:00 | Attr = ]
provisioning -> %SystemRoot%\provisioning -> [Folder | Modified Date = 12/09/2007 16:50:16 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 24/08/2007 11:23:18 | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 12/09/2007 17:37:10 | Attr = ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 12/09/2007 17:16:58 | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 11/09/2007 11:26:10 | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 12/09/2007 16:48:04 | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 12/09/2007 16:47:28 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 12/09/2007 17:36:52 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 12/09/2007 22:17:04 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 12/09/2007 23:53:02 | Attr = ]
UninstallThunderbird.exe -> %SystemRoot%\UninstallThunderbird.exe -> [Ver = | Size = 99965 bytes | Modified Date = 06/09/2007 11:15:34 | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 12/09/2007 16:45:46 | Attr = R ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 609 bytes | Modified Date = 12/09/2007 17:36:52 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 12/09/2007 17:31:02 | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 12/09/2007 16:57:44 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 13/09/2007 00:14:58 | Attr = H ]
a.exe -> %System32%\a.exe -> [Ver = | Size = 5273
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\winpfind3u\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
767,48 Mb Total Physical Memory | 633,32 Mb Available Physical Memory | 82,52% Memory free
1,83 Gb Paging File | 1,76 Gb Available in Paging File | 95,70% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15,00 Gb Total Space | 8,36 Gb Free Space | 55,72% Space Free
Drive D: | 61,33 Gb Total Space | 17,25 Gb Free Space | 28,13% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: GWEN-M
Current User Name: Celti
Logged in as Administrator.
Cannot determine boot mode.
[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 5 | Size = 561152 bytes | Modified Date = 06/07/2007 14:02:26 | Attr = ]
winpfind3u.exe -> %SystemDrive%\winpfind3u\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 5 | Size = 561152 bytes | Modified Date = 06/07/2007 14:02:26 | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 06/09/2007 11:54:58 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 06/09/2007 12:06:04 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 06/09/2007 12:05:42 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 06/09/2007 12:04:44 | Attr = ]
(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 19/08/2004 16:09:52 | Attr = ]
(dumpregged) dumpregged [Win32_Own | Auto | Stopped] -> %SystemRoot%\mscdex.exe -> [Ver = | Size = 115712 bytes | Modified Date = 11/09/2007 10:41:34 | Attr = RHS]
(NOTEPAD) NOTEPAD [Win32_Own | Auto | Stopped] -> %SystemRoot%\system\NOTEPAD.exe -> [Ver = | Size = 38912 bytes | Modified Date = 11/09/2007 18:53:30 | Attr = RHS]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5672 | Size = 110659 bytes | Modified Date = 24/03/2004 10:04:00 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avast! -> %ProgramFiles%\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 06/09/2007 12:06:10 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5672 | Size = 3309568 bytes | Modified Date = 24/03/2004 10:04:00 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> about:blank ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.0.2003051500 | Size = 50376 bytes | Modified Date = 15/05/2003 00:47:54 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0A290CB5-FB44-4227-9419-7C1E135DF65D} -> (Carte réseau Fast Ethernet PCI Realtek RTL8139 Family) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->
[Files/Folders - Created Within 30 days]
HiJackThis -> %SystemDrive%\HiJackThis -> [Folder | Created Date = 11/09/2007 09:35:24 | Attr = ]
HiJackThis.zip -> %SystemDrive%\HiJackThis.zip -> [Ver = | Size = 318369 bytes | Created Date = 11/09/2007 09:35:21 | Attr = ]
winpfind3u -> %SystemDrive%\winpfind3u -> [Folder | Created Date = 12/09/2007 23:14:30 | Attr = ]
winpfind3u.exe -> %SystemDrive%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Created Date = 12/09/2007 23:14:23 | Attr = ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Created Date = 12/09/2007 15:42:13 | Attr = H ]
$NtUninstallKB834707$ -> %SystemRoot%\$NtUninstallKB834707$ -> [Folder | Created Date = 12/09/2007 16:00:54 | Attr = H ]
$NtUninstallKB867282$ -> %SystemRoot%\$NtUninstallKB867282$ -> [Folder | Created Date = 12/09/2007 16:03:36 | Attr = H ]
$NtUninstallKB873333$ -> %SystemRoot%\$NtUninstallKB873333$ -> [Folder | Created Date = 12/09/2007 16:03:53 | Attr = H ]
$NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Created Date = 12/09/2007 16:01:29 | Attr = H ]
$NtUninstallKB883939$ -> %SystemRoot%\$NtUninstallKB883939$ -> [Folder | Created Date = 12/09/2007 16:06:18 | Attr = H ]
$NtUninstallKB885250$ -> %SystemRoot%\$NtUninstallKB885250$ -> [Folder | Created Date = 12/09/2007 16:03:09 | Attr = H ]
$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Created Date = 12/09/2007 16:01:41 | Attr = H ]
$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Created Date = 12/09/2007 16:02:14 | Attr = H ]
$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Created Date = 12/09/2007 16:01:53 | Attr = H ]
$NtUninstallKB887742$ -> %SystemRoot%\$NtUninstallKB887742$ -> [Folder | Created Date = 12/09/2007 16:01:18 | Attr = H ]
$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Created Date = 12/09/2007 16:02:34 | Attr = H ]
$NtUninstallKB890046$ -> %SystemRoot%\$NtUninstallKB890046$ -> [Folder | Created Date = 12/09/2007 16:05:45 | Attr = H ]
$NtUninstallKB890047$ -> %SystemRoot%\$NtUninstallKB890047$ -> [Folder | Created Date = 12/09/2007 16:02:47 | Attr = H ]
$NtUninstallKB890175$ -> %SystemRoot%\$NtUninstallKB890175$ -> [Folder | Created Date = 12/09/2007 16:02:24 | Attr = H ]
$NtUninstallKB890859$ -> %SystemRoot%\$NtUninstallKB890859$ -> [Folder | Created Date = 12/09/2007 16:04:24 | Attr = H ]
$NtUninstallKB891781$ -> %SystemRoot%\$NtUninstallKB891781$ -> [Folder | Created Date = 12/09/2007 16:03:22 | Attr = H ]
$NtUninstallKB893066$ -> %SystemRoot%\$NtUninstallKB893066$ -> [Folder | Created Date = 12/09/2007 16:06:36 | Attr = H ]
$NtUninstallKB893086$ -> %SystemRoot%\$NtUninstallKB893086$ -> [Folder | Created Date = 12/09/2007 16:04:09 | Attr = H ]
$NtUninstallKB893756$ -> %SystemRoot%\$NtUninstallKB893756$ -> [Folder | Created Date = 12/09/2007 16:07:18 | Attr = H ]
$NtUninstallKB894391$ -> %SystemRoot%\$NtUninstallKB894391$ -> [Folder | Created Date = 12/09/2007 16:05:22 | Attr = H ]
$NtUninstallKB896358$ -> %SystemRoot%\$NtUninstallKB896358$ -> [Folder | Created Date = 12/09/2007 16:05:34 | Attr = H ]
$NtUninstallKB896422$ -> %SystemRoot%\$NtUninstallKB896422$ -> [Folder | Created Date = 12/09/2007 16:05:56 | Attr = H ]
$NtUninstallKB896423$ -> %SystemRoot%\$NtUninstallKB896423$ -> [Folder | Created Date = 12/09/2007 16:08:26 | Attr = H ]
$NtUninstallKB896424$ -> %SystemRoot%\$NtUninstallKB896424$ -> [Folder | Created Date = 12/09/2007 16:10:00 | Attr = H ]
$NtUninstallKB896428$ -> %SystemRoot%\$NtUninstallKB896428$ -> [Folder | Created Date = 12/09/2007 16:06:06 | Attr = H ]
$NtUninstallKB896727$ -> %SystemRoot%\$NtUninstallKB896727$ -> [Folder | Created Date = 12/09/2007 16:08:41 | Attr = H ]
$NtUninstallKB897338$ -> %SystemRoot%\$NtUninstallKB897338$ -> [Folder | Created Date = 12/09/2007 16:16:53 | Attr = H ]
$NtUninstallKB899587$ -> %SystemRoot%\$NtUninstallKB899587$ -> [Folder | Created Date = 12/09/2007 16:07:28 | Attr = H ]
$NtUninstallKB899588$ -> %SystemRoot%\$NtUninstallKB899588$ -> [Folder | Created Date = 12/09/2007 16:07:39 | Attr = H ]
$NtUninstallKB899589$ -> %SystemRoot%\$NtUninstallKB899589$ -> [Folder | Created Date = 12/09/2007 16:08:57 | Attr = H ]
$NtUninstallKB899591$ -> %SystemRoot%\$NtUninstallKB899591$ -> [Folder | Created Date = 12/09/2007 16:07:59 | Attr = H ]
$NtUninstallKB900725$ -> %SystemRoot%\$NtUninstallKB900725$ -> [Folder | Created Date = 12/09/2007 16:09:12 | Attr = H ]
$NtUninstallKB900930$ -> %SystemRoot%\$NtUninstallKB900930$ -> [Folder | Created Date = 12/09/2007 16:06:49 | Attr = H ]
$NtUninstallKB901017$ -> %SystemRoot%\$NtUninstallKB901017$ -> [Folder | Created Date = 12/09/2007 16:09:26 | Attr = H ]
$NtUninstallKB901214$ -> %SystemRoot%\$NtUninstallKB901214$ -> [Folder | Created Date = 12/09/2007 16:07:05 | Attr = H ]
$NtUninstallKB905414$ -> %SystemRoot%\$NtUninstallKB905414$ -> [Folder | Created Date = 12/09/2007 16:09:49 | Attr = H ]
$NtUninstallKB905749$ -> %SystemRoot%\$NtUninstallKB905749$ -> [Folder | Created Date = 12/09/2007 16:09:38 | Attr = H ]
$NtUninstallKB905915$ -> %SystemRoot%\$NtUninstallKB905915$ -> [Folder | Created Date = 12/09/2007 16:12:25 | Attr = H ]
$NtUninstallKB908519$ -> %SystemRoot%\$NtUninstallKB908519$ -> [Folder | Created Date = 12/09/2007 16:12:59 | Attr = H ]
$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Created Date = 12/09/2007 16:12:06 | Attr = H ]
$NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Created Date = 12/09/2007 16:17:07 | Attr = H ]
$NtUninstallKB911562$ -> %SystemRoot%\$NtUninstallKB911562$ -> [Folder | Created Date = 12/09/2007 16:14:10 | Attr = H ]
$NtUninstallKB911564$ -> %SystemRoot%\$NtUninstallKB911564$ -> [Folder | Created Date = 12/09/2007 16:13:17 | Attr = H ]
$NtUninstallKB911565$ -> %SystemRoot%\$NtUninstallKB911565$ -> [Folder | Created Date = 12/09/2007 16:13:34 | Attr = H ]
$NtUninstallKB911927$ -> %SystemRoot%\$NtUninstallKB911927$ -> [Folder | Created Date = 12/09/2007 16:13:45 | Attr = H ]
$NtUninstallKB912812$ -> %SystemRoot%\$NtUninstallKB912812$ -> [Folder | Created Date = 12/09/2007 16:14:40 | Attr = H ]
$NtUninstallKB912919$ -> %SystemRoot%\$NtUninstallKB912919$ -> [Folder | Created Date = 12/09/2007 16:12:47 | Attr = H ]
$NtUninstallKB913446$ -> %SystemRoot%\$NtUninstallKB913446$ -> [Folder | Created Date = 12/09/2007 16:13:57 | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Created Date = 12/09/2007 16:15:01 | Attr = H ]
$NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Created Date = 12/09/2007 16:17:31 | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Created Date = 12/09/2007 16:16:14 | Attr = H ]
$NtUninstallKB917159$ -> %SystemRoot%\$NtUninstallKB917159$ -> [Folder | Created Date = 12/09/2007 16:17:19 | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Created Date = 12/09/2007 16:16:27 | Attr = H ]
$NtUninstallKB917422$ -> %SystemRoot%\$NtUninstallKB917422$ -> [Folder | Created Date = 12/09/2007 16:19:32 | Attr = H ]
$NtUninstallKB917537$ -> %SystemRoot%\$NtUninstallKB917537$ -> [Folder | Created Date = 12/09/2007 16:17:45 | Attr = H ]
$NtUninstallKB917734_WMP9$ -> %SystemRoot%\$NtUninstallKB917734_WMP9$ -> [Folder | Created Date = 12/09/2007 16:15:52 | Attr = H ]
$NtUninstallKB917953$ -> %SystemRoot%\$NtUninstallKB917953$ -> [Folder | Created Date = 12/09/2007 16:16:39 | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 12/09/2007 16:25:50 | Attr = H ]
$NtUninstallKB918439$ -> %SystemRoot%\$NtUninstallKB918439$ -> [Folder | Created Date = 12/09/2007 16:16:03 | Attr = H ]
$NtUninstallKB918899$ -> %SystemRoot%\$NtUninstallKB918899$ -> [Folder | Created Date = 12/09/2007 16:19:13 | Attr = H ]
$NtUninstallKB919007$ -> %SystemRoot%\$NtUninstallKB919007$ -> [Folder | Created Date = 12/09/2007 16:19:57 | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Created Date = 12/09/2007 16:22:36 | Attr = H ]
$NtUninstallKB920214$ -> %SystemRoot%\$NtUninstallKB920214$ -> [Folder | Created Date = 12/09/2007 16:18:58 | Attr = H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Created Date = 12/09/2007 16:21:28 | Attr = H ]
$NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Created Date = 12/09/2007 16:18:45 | Attr = H ]
$NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Created Date = 12/09/2007 16:18:34 | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Created Date = 12/09/2007 16:19:45 | Attr = H ]
$NtUninstallKB921398$ -> %SystemRoot%\$NtUninstallKB921398$ -> [Folder | Created Date = 12/09/2007 16:18:21 | Attr = H ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 12/09/2007 16:30:21 | Attr = H ]
$NtUninstallKB921883$ -> %SystemRoot%\$NtUninstallKB921883$ -> [Folder | Created Date = 12/09/2007 16:18:07 | Attr = H ]
$NtUninstallKB922616$ -> %SystemRoot%\$NtUninstallKB922616$ -> [Folder | Created Date = 12/09/2007 16:17:56 | Attr = H ]
$NtUninstallKB922760$ -> %SystemRoot%\$NtUninstallKB922760$ -> [Folder | Created Date = 12/09/2007 16:23:24 | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Created Date = 12/09/2007 16:21:14 | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Created Date = 12/09/2007 16:20:23 | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Created Date = 12/09/2007 16:20:48 | Attr = H ]
$NtUninstallKB923694$ -> %SystemRoot%\$NtUninstallKB923694$ -> [Folder | Created Date = 12/09/2007 16:23:51 | Attr = H ]
$NtUninstallKB923723$ -> %SystemRoot%\$NtUninstallKB923723$ -> [Folder | Created Date = 12/09/2007 16:24:59 | Attr = H ]
$NtUninstallKB923980$ -> %SystemRoot%\$NtUninstallKB923980$ -> [Folder | Created Date = 12/09/2007 16:22:25 | Attr = H ]
$NtUninstallKB924191$ -> %SystemRoot%\$NtUninstallKB924191$ -> [Folder | Created Date = 12/09/2007 16:20:36 | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Created Date = 12/09/2007 16:22:46 | Attr = H ]
$NtUninstallKB924496$ -> %SystemRoot%\$NtUninstallKB924496$ -> [Folder | Created Date = 12/09/2007 16:21:02 | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Created Date = 12/09/2007 16:25:38 | Attr = H ]
$NtUninstallKB925454$ -> %SystemRoot%\$NtUninstallKB925454$ -> [Folder | Created Date = 12/09/2007 16:23:01 | Attr = H ]
$NtUninstallKB925486$ -> %SystemRoot%\$NtUninstallKB925486$ -> [Folder | Created Date = 12/09/2007 16:20:10 | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 12/09/2007 16:26:11 | Attr = H ]
$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Created Date = 12/09/2007 16:23:37 | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Created Date = 12/09/2007 16:26:01 | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Created Date = 12/09/2007 16:24:23 | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Created Date = 12/09/2007 16:25:27 | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 12/09/2007 16:28:09 | Attr = H ]
$NtUninstallKB928090$ -> %SystemRoot%\$NtUninstallKB928090$ -> [Folder | Created Date = 12/09/2007 16:24:41 | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Created Date = 12/09/2007 16:25:12 | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Created Date = 12/09/2007 16:24:12 | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 12/09/2007 16:29:26 | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 12/09/2007 16:26:37 | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 12/09/2007 16:26:51 | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Created Date = 12/09/2007 16:27:37 | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 12/09/2007 16:27:04 | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 12/09/2007 16:27:21 | Attr = H ]
$NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Created Date = 12/09/2007 16:28:36 | Attr = H ]
$NtUninstallKB935448$ -> %SystemRoot%\$NtUninstallKB935448$ -> [Folder | Created Date = 12/09/2007 16:26:24 | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 12/09/2007 16:29:14 | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 12/09/2007 16:28:21 | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 12/09/2007 16:30:45 | Attr = H ]
$NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Created Date = 12/09/2007 16:31:51 | Attr = H ]
$NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Created Date = 12/09/2007 16:31:26 | Attr = H ]
$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Created Date = 12/09/2007 16:31:11 | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 12/09/2007 16:30:33 | Attr = H ]
002421_.tmp -> %SystemRoot%\002421_.tmp -> [Ver = | Size = 19528 bytes | Created Date = 12/09/2007 15:45:04 | Attr = ]
CDEC84Euro.ini -> %SystemRoot%\CDEC84Euro.ini -> [Ver = | Size = 25 bytes | Created Date = 16/08/2007 18:41:51 | Attr = ]
EHome -> %SystemRoot%\EHome -> [Folder | Created Date = 12/09/2007 15:42:10 | Attr = ]
EPSTPLOG.BAK -> %SystemRoot%\EPSTPLOG.BAK -> [Ver = | Size = 7757 bytes | Created Date = 16/08/2007 18:42:12 | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 12/09/2007 21:14:12 | Attr = ]
mscdex.exe -> %SystemRoot%\mscdex.exe -> [Ver = | Size = 115712 bytes | Created Date = 11/09/2007 09:41:43 | Attr = RHS]
peernet -> %SystemRoot%\peernet -> [Folder | Created Date = 12/09/2007 15:50:17 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 12/09/2007 15:56:04 | Attr = ]
provisioning -> %SystemRoot%\provisioning -> [Folder | Created Date = 12/09/2007 15:50:15 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 24/08/2007 10:23:16 | Attr = ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Created Date = 12/09/2007 15:48:22 | Attr = ]
slrundll.exe -> %SystemRoot%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 12/09/2007 15:50:18 | Attr = ]
UninstallThunderbird.exe -> %SystemRoot%\UninstallThunderbird.exe -> [Ver = | Size = 99965 bytes | Created Date = 06/09/2007 10:15:33 | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Created Date = 12/09/2007 15:51:08 | Attr = ]
a.exe -> %System32%\a.exe -> [Ver = | Size = 52736 bytes | Created Date = 10/09/2007 13:26:05 | Attr = HS]
ati2cqag.dll -> %System32%\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0233 | Size = 229376 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
ati2dvaa.dll -> %System32%\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
ati2dvag.dll -> %System32%\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 201728 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
ati3d1ag.dll -> %System32%\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.14.10.4071 | Size = 870784 bytes | Created Date = 12/09/2007 15:50:25 | Attr = ]
ati3duag.dll -> %System32%\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0231 | Size = 1888992 bytes | Created Date = 12/09/2007 15:50:25 | Attr = ]
ativdaxx.ax -> %System32%\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Created Date = 12/09/2007 15:50:25 | Attr = ]
ativmvxx.ax -> %System32%\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Created Date = 12/09/2007 15:50:25 | Attr = ]
ativtmxx.dll -> %System32%\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Created Date = 12/09/2007 15:50:25 | Attr = ]
ativvaxx.dll -> %System32%\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.01.0009 | Size = 516768 bytes | Created Date = 12/09/2007 15:50:25 | Attr = ]
EBAPI.dll -> %System32%\EBAPI.dll -> [Ver = | Size = 65536 bytes | Created Date = 16/08/2007 18:45:27 | Attr = ]
EBPCHP.DLL -> %System32%\EBPCHP.DLL -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 34304 bytes | Created Date = 16/08/2007 18:42:55 | Attr = ]
EBPPORT4.DAT -> %System32%\EBPPORT4.DAT -> [Ver = | Size = 182 bytes | Created Date = 16/08/2007 18:42:56 | Attr = ]
ECBTEG.DLL -> %System32%\ECBTEG.DLL -> SEIKO EPSON CORPORATION [Ver = 2, 0, 0, 255 | Size = 63488 bytes | Created Date = 16/08/2007 18:42:56 | Attr = ]
EEBAPI.dll -> %System32%\EEBAPI.dll -> [Ver = | Size = 122880 bytes | Created Date = 16/08/2007 18:45:27 | Attr = ]
EEBDSCVR.dll -> %System32%\EEBDSCVR.dll -> [Ver = | Size = 102400 bytes | Created Date = 16/08/2007 18:45:27 | Attr = ]
EEBSDKIF.dll -> %System32%\EEBSDKIF.dll -> SEIKO EPSON CORPORATION [Ver = 1.00 | Size = 54272 bytes | Created Date = 16/08/2007 18:45:27 | Attr = ]
EEBUtil.dll -> %System32%\EEBUtil.dll -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 65536 bytes | Created Date = 16/08/2007 18:45:27 | Attr = ]
hsfcisp2.dll -> %System32%\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Created Date = 12/09/2007 15:50:24 | Attr = ]
iac25_32.ax -> %System32%\iac25_32.ax -> Intel Corporation [Ver = 2.05.53 | Size = 199680 bytes | Created Date = 12/09/2007 15:50:24 | Attr = ]
ieencode.dll -> %System32%\ieencode.dll -> [Ver = | Size = 81920 bytes | Created Date = 12/09/2007 15:50:23 | Attr = ]
ir41_32.ax -> %System32%\ir41_32.ax -> Intel Corporation [Ver = 4.51.16.03 | Size = 848384 bytes | Created Date = 12/09/2007 15:50:23 | Attr = ]
ir41_qc.dll -> %System32%\ir41_qc.dll -> Intel Corporation. [Ver = 4.30.62.02 | Size = 120320 bytes | Created Date = 12/09/2007 15:50:23 | Attr = ]
ir41_qcx.dll -> %System32%\ir41_qcx.dll -> Intel Corporation. [Ver = 4.30.64.01 | Size = 338432 bytes | Created Date = 12/09/2007 15:50:23 | Attr = ]
ir50_32.dll -> %System32%\ir50_32.dll -> Intel Corporation [Ver = R.5.10.15.2.55 | Size = 755200 bytes | Created Date = 12/09/2007 15:50:23 | Attr = ]
ir50_qc.dll -> %System32%\ir50_qc.dll -> Intel Corporation. [Ver = R.5.10.63.2.48 | Size = 200192 bytes | Created Date = 12/09/2007 15:50:23 | Attr = ]
ir50_qcx.dll -> %System32%\ir50_qcx.dll -> Intel Corporation. [Ver = R.5.10.64.2.48 | Size = 183808 bytes | Created Date = 12/09/2007 15:50:23 | Attr = ]
ivfsrc.ax -> %System32%\ivfsrc.ax -> Intel Corporation [Ver = R.5.10.15.2.51 | Size = 154624 bytes | Created Date = 12/09/2007 15:50:23 | Attr = ]
mdmxsdk.dll -> %System32%\mdmxsdk.dll -> Conexant [Ver = 1.0.2.006 | Size = 86016 bytes | Created Date = 12/09/2007 15:50:23 | Attr = ]
mtxparhd.dll -> %System32%\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Created Date = 12/09/2007 15:50:22 | Attr = ]
s3gnb.dll -> %System32%\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Created Date = 12/09/2007 15:50:21 | Attr = ]
slcoinst.dll -> %System32%\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Created Date = 12/09/2007 15:50:21 | Attr = ]
slextspk.dll -> %System32%\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Created Date = 12/09/2007 15:50:21 | Attr = ]
slgen.dll -> %System32%\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Created Date = 12/09/2007 15:50:21 | Attr = ]
slrundll.exe -> %System32%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 12/09/2007 15:50:21 | Attr = ]
slserv.exe -> %System32%\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Created Date = 12/09/2007 15:50:21 | Attr = ]
vbicodec.ax -> %System32%\vbicodec.ax -> [Ver = | Size = 53248 bytes | Created Date = 12/09/2007 15:50:31 | Attr = ]
wstpager.ax -> %System32%\wstpager.ax -> [Ver = | Size = 164352 bytes | Created Date = 12/09/2007 15:50:31 | Attr = ]
wstrenderer.ax -> %System32%\wstrenderer.ax -> [Ver = | Size = 239616 bytes | Created Date = 12/09/2007 15:50:31 | Attr = ]
locale.nls -> %System32%\dllcache\locale.nls -> [Ver = | Size = 265948 bytes | Created Date = 12/09/2007 16:16:46 | Attr = ]
micross.ttf -> %System32%\dllcache\micross.ttf -> [Ver = | Size = 461672 bytes | Created Date = 12/09/2007 16:16:46 | Attr = ]
sortkey.nls -> %System32%\dllcache\sortkey.nls -> [Ver = | Size = 262148 bytes | Created Date = 12/09/2007 16:16:46 | Attr = ]
tahoma.ttf -> %System32%\dllcache\tahoma.ttf -> [Ver = | Size = 383804 bytes | Created Date = 12/09/2007 16:16:46 | Attr = ]
tahomabd.ttf -> %System32%\dllcache\tahomabd.ttf -> [Ver = | Size = 355680 bytes | Created Date = 12/09/2007 16:16:46 | Attr = ]
adv01nt5.dll -> %System32%\drivers\adv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 4255 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
adv02nt5.dll -> %System32%\drivers\adv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3967 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
adv05nt5.dll -> %System32%\drivers\adv05nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3615 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
adv07nt5.dll -> %System32%\drivers\adv07nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3647 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
adv08nt5.dll -> %System32%\drivers\adv08nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3135 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
adv09nt5.dll -> %System32%\drivers\adv09nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3711 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
adv11nt5.dll -> %System32%\drivers\adv11nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3775 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
amdagp.sys -> %System32%\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1btxx.sys -> %System32%\drivers\ati1btxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56623 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1mdxx.sys -> %System32%\drivers\ati1mdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1pdxx.sys -> %System32%\drivers\ati1pdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1raxx.sys -> %System32%\drivers\ati1raxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1rvxx.sys -> %System32%\drivers\ati1rvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1snxx.sys -> %System32%\drivers\ati1snxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1ttxx.sys -> %System32%\drivers\ati1ttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1tuxx.sys -> %System32%\drivers\ati1tuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1xbxx.sys -> %System32%\drivers\ati1xbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati1xsxx.sys -> %System32%\drivers\ati1xsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati2mtaa.sys -> %System32%\drivers\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327168 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ati2mtag.sys -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atinbtxx.sys -> %System32%\drivers\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 57856 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atinmdxx.sys -> %System32%\drivers\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atinpdxx.sys -> %System32%\drivers\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 14336 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atinraxx.sys -> %System32%\drivers\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 52224 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atinrvxx.sys -> %System32%\drivers\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 104960 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atinsnxx.sys -> %System32%\drivers\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 28672 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atinttxx.sys -> %System32%\drivers\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atintuxx.sys -> %System32%\drivers\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 73216 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atinxbxx.sys -> %System32%\drivers\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 31744 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atinxsxx.sys -> %System32%\drivers\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 63488 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
ativmc20.cod -> %System32%\drivers\ativmc20.cod -> [Ver = | Size = 64352 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atv01nt5.dll -> %System32%\drivers\atv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 21183 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atv02nt5.dll -> %System32%\drivers\atv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11359 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atv04nt5.dll -> %System32%\drivers\atv04nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atv06nt5.dll -> %System32%\drivers\atv06nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 14143 bytes | Created Date = 12/09/2007 15:50:28 | Attr = ]
atv10nt5.dll -> %System32%\drivers\atv10nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 17279 bytes | Created Date = 12/09/2007 15:50:27 | Attr = ]
ch7xxnt5.dll -> %System32%\drivers\ch7xxnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 15423 bytes | Created Date = 12/09/2007 15:50:27 | Attr = ]
cxthsfs2.cty -> %System32%\drivers\cxthsfs2.cty -> [Ver = | Size = 129045 bytes | Created Date = 12/09/2007 15:50:27 | Attr = ]
hsfbs2s2.sys -> %System32%\drivers\hsfbs2s2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Created Date = 12/09/2007 15:50:27 | Attr = ]
hsfcxts2.sys -> %System32%\drivers\hsfcxts2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Created Date = 12/09/2007 15:50:27 | Attr = ]
hsfdpsp2.sys -> %System32%\drivers\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Created Date = 12/09/2007 15:50:27 | Attr = ]
mdmxsdk.sys -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 11868 bytes | Created Date = 12/09/2007 15:50:27 | Attr = ]
mtlmnt5.sys -> %System32%\drivers\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Created Date = 12/09/2007 15:50:27 | Attr = ]
mtlstrm.sys -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Created Date = 12/09/2007 15:50:27 | Attr = ]
mtxparhm.sys -> %System32%\drivers\mtxparhm.sys -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 452736 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
netwlan5.img -> %System32%\drivers\netwlan5.img -> [Ver = | Size = 67866 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
ntmtlfax.sys -> %System32%\drivers\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
recagent.sys -> %System32%\drivers\recagent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
s3gnbm.sys -> %System32%\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
siint5.dll -> %System32%\drivers\siint5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3901 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
sisagp.sys -> %System32%\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
slnt7554.sys -> %System32%\drivers\slnt7554.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 129535 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
slntamr.sys -> %System32%\drivers\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
slnthal.sys -> %System32%\drivers\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
slwdmsup.sys -> %System32%\drivers\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
vchnt5.dll -> %System32%\drivers\vchnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11325 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
wadv07nt.sys -> %System32%\drivers\wadv07nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11807 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
wadv08nt.sys -> %System32%\drivers\wadv08nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11295 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
wadv09nt.sys -> %System32%\drivers\wadv09nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11871 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
wadv11nt.sys -> %System32%\drivers\wadv11nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11935 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
watv06nt.sys -> %System32%\drivers\watv06nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 22271 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
watv10nt.sys -> %System32%\drivers\watv10nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 12/09/2007 15:50:26 | Attr = ]
hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 495 bytes | Created Date = 10/09/2007 12:05:09 | Attr = ]
hosts.msn -> %System32%\drivers\etc\hosts.msn -> [Ver = | Size = 790 bytes | Created Date = 21/08/2007 15:58:36 | Attr = ]
[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 212 bytes | Modified Date = 12/09/2007 17:36:52 | Attr = RHS]
HiJackThis -> %SystemDrive%\HiJackThis -> [Folder | Modified Date = 11/09/2007 15:17:48 | Attr = ]
HiJackThis.zip -> %SystemDrive%\HiJackThis.zip -> [Ver = | Size = 318369 bytes | Modified Date = 11/09/2007 10:34:48 | Attr = ]
NTDETECT.COM -> %SystemDrive%\NTDETECT.COM -> [Ver = | Size = 47564 bytes | Modified Date = 12/09/2007 16:45:34 | Attr = RHS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 12/09/2007 17:21:52 | Attr = R ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 12/09/2007 16:55:40 | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 12/09/2007 22:14:14 | Attr = ]
winpfind3u -> %SystemDrive%\winpfind3u -> [Folder | Modified Date = 13/09/2007 00:14:32 | Attr = ]
winpfind3u.exe -> %SystemDrive%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Modified Date = 13/09/2007 00:12:50 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 12/09/2007 17:31:26 | Attr = H ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 12/09/2007 16:44:08 | Attr = H ]
$NtUninstallKB834707$ -> %SystemRoot%\$NtUninstallKB834707$ -> [Folder | Modified Date = 12/09/2007 17:00:56 | Attr = H ]
$NtUninstallKB867282$ -> %SystemRoot%\$NtUninstallKB867282$ -> [Folder | Modified Date = 12/09/2007 17:03:38 | Attr = H ]
$NtUninstallKB873333$ -> %SystemRoot%\$NtUninstallKB873333$ -> [Folder | Modified Date = 12/09/2007 17:03:54 | Attr = H ]
$NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Modified Date = 12/09/2007 17:01:32 | Attr = H ]
$NtUninstallKB883939$ -> %SystemRoot%\$NtUninstallKB883939$ -> [Folder | Modified Date = 12/09/2007 17:06:22 | Attr = H ]
$NtUninstallKB885250$ -> %SystemRoot%\$NtUninstallKB885250$ -> [Folder | Modified Date = 12/09/2007 17:03:10 | Attr = H ]
$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Modified Date = 12/09/2007 17:01:42 | Attr = H ]
$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Modified Date = 12/09/2007 17:02:16 | Attr = H ]
$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Modified Date = 12/09/2007 17:01:54 | Attr = H ]
$NtUninstallKB887742$ -> %SystemRoot%\$NtUninstallKB887742$ -> [Folder | Modified Date = 12/09/2007 17:01:20 | Attr = H ]
$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Modified Date = 12/09/2007 17:02:36 | Attr = H ]
$NtUninstallKB890046$ -> %SystemRoot%\$NtUninstallKB890046$ -> [Folder | Modified Date = 12/09/2007 17:05:48 | Attr = H ]
$NtUninstallKB890047$ -> %SystemRoot%\$NtUninstallKB890047$ -> [Folder | Modified Date = 12/09/2007 17:02:48 | Attr = H ]
$NtUninstallKB890175$ -> %SystemRoot%\$NtUninstallKB890175$ -> [Folder | Modified Date = 12/09/2007 17:02:26 | Attr = H ]
$NtUninstallKB890859$ -> %SystemRoot%\$NtUninstallKB890859$ -> [Folder | Modified Date = 12/09/2007 17:04:28 | Attr = H ]
$NtUninstallKB891781$ -> %SystemRoot%\$NtUninstallKB891781$ -> [Folder | Modified Date = 12/09/2007 17:03:24 | Attr = H ]
$NtUninstallKB893066$ -> %SystemRoot%\$NtUninstallKB893066$ -> [Folder | Modified Date = 12/09/2007 17:06:38 | Attr = H ]
$NtUninstallKB893086$ -> %SystemRoot%\$NtUninstallKB893086$ -> [Folder | Modified Date = 12/09/2007 17:04:12 | Attr = H ]
$NtUninstallKB893756$ -> %SystemRoot%\$NtUninstallKB893756$ -> [Folder | Modified Date = 12/09/2007 17:07:20 | Attr = H ]
$NtUninstallKB894391$ -> %SystemRoot%\$NtUninstallKB894391$ -> [Folder | Modified Date = 12/09/2007 17:05:24 | Attr = H ]
$NtUninstallKB896358$ -> %SystemRoot%\$NtUninstallKB896358$ -> [Folder | Modified Date = 12/09/2007 17:05:36 | Attr = H ]
$NtUninstallKB896422$ -> %SystemRoot%\$NtUninstallKB896422$ -> [Folder | Modified Date = 12/09/2007 17:05:58 | Attr = H ]
$NtUninstallKB896423$ -> %SystemRoot%\$NtUninstallKB896423$ -> [Folder | Modified Date = 12/09/2007 17:08:28 | Attr = H ]
$NtUninstallKB896424$ -> %SystemRoot%\$NtUninstallKB896424$ -> [Folder | Modified Date = 12/09/2007 17:10:02 | Attr = H ]
$NtUninstallKB896428$ -> %SystemRoot%\$NtUninstallKB896428$ -> [Folder | Modified Date = 12/09/2007 17:06:08 | Attr = H ]
$NtUninstallKB896727$ -> %SystemRoot%\$NtUninstallKB896727$ -> [Folder | Modified Date = 12/09/2007 17:08:44 | Attr = H ]
$NtUninstallKB897338$ -> %SystemRoot%\$NtUninstallKB897338$ -> [Folder | Modified Date = 12/09/2007 17:16:56 | Attr = H ]
$NtUninstallKB899587$ -> %SystemRoot%\$NtUninstallKB899587$ -> [Folder | Modified Date = 12/09/2007 17:07:30 | Attr = H ]
$NtUninstallKB899588$ -> %SystemRoot%\$NtUninstallKB899588$ -> [Folder | Modified Date = 12/09/2007 17:07:42 | Attr = H ]
$NtUninstallKB899589$ -> %SystemRoot%\$NtUninstallKB899589$ -> [Folder | Modified Date = 12/09/2007 17:09:00 | Attr = H ]
$NtUninstallKB899591$ -> %SystemRoot%\$NtUninstallKB899591$ -> [Folder | Modified Date = 12/09/2007 17:08:02 | Attr = H ]
$NtUninstallKB900725$ -> %SystemRoot%\$NtUninstallKB900725$ -> [Folder | Modified Date = 12/09/2007 17:09:16 | Attr = H ]
$NtUninstallKB900930$ -> %SystemRoot%\$NtUninstallKB900930$ -> [Folder | Modified Date = 12/09/2007 17:06:52 | Attr = H ]
$NtUninstallKB901017$ -> %SystemRoot%\$NtUninstallKB901017$ -> [Folder | Modified Date = 12/09/2007 17:09:28 | Attr = H ]
$NtUninstallKB901214$ -> %SystemRoot%\$NtUninstallKB901214$ -> [Folder | Modified Date = 12/09/2007 17:07:08 | Attr = H ]
$NtUninstallKB905414$ -> %SystemRoot%\$NtUninstallKB905414$ -> [Folder | Modified Date = 12/09/2007 17:09:52 | Attr = H ]
$NtUninstallKB905749$ -> %SystemRoot%\$NtUninstallKB905749$ -> [Folder | Modified Date = 12/09/2007 17:09:40 | Attr = H ]
$NtUninstallKB905915$ -> %SystemRoot%\$NtUninstallKB905915$ -> [Folder | Modified Date = 12/09/2007 17:12:30 | Attr = H ]
$NtUninstallKB908519$ -> %SystemRoot%\$NtUninstallKB908519$ -> [Folder | Modified Date = 12/09/2007 17:13:02 | Attr = H ]
$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Modified Date = 12/09/2007 17:12:08 | Attr = H ]
$NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Modified Date = 12/09/2007 17:17:10 | Attr = H ]
$NtUninstallKB911562$ -> %SystemRoot%\$NtUninstallKB911562$ -> [Folder | Modified Date = 12/09/2007 17:14:12 | Attr = H ]
$NtUninstallKB911564$ -> %SystemRoot%\$NtUninstallKB911564$ -> [Folder | Modified Date = 12/09/2007 17:13:20 | Attr = H ]
$NtUninstallKB911565$ -> %SystemRoot%\$NtUninstallKB911565$ -> [Folder | Modified Date = 12/09/2007 17:13:36 | Attr = H ]
$NtUninstallKB911927$ -> %SystemRoot%\$NtUninstallKB911927$ -> [Folder | Modified Date = 12/09/2007 17:13:48 | Attr = H ]
$NtUninstallKB912812$ -> %SystemRoot%\$NtUninstallKB912812$ -> [Folder | Modified Date = 12/09/2007 17:14:46 | Attr = H ]
$NtUninstallKB912919$ -> %SystemRoot%\$NtUninstallKB912919$ -> [Folder | Modified Date = 12/09/2007 17:12:50 | Attr = H ]
$NtUninstallKB913446$ -> %SystemRoot%\$NtUninstallKB913446$ -> [Folder | Modified Date = 12/09/2007 17:14:00 | Attr = H ]
$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Modified Date = 12/09/2007 17:15:04 | Attr = H ]
$NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Modified Date = 12/09/2007 17:17:34 | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Modified Date = 12/09/2007 17:16:18 | Attr = H ]
$NtUninstallKB917159$ -> %SystemRoot%\$NtUninstallKB917159$ -> [Folder | Modified Date = 12/09/2007 17:17:22 | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Modified Date = 12/09/2007 17:16:30 | Attr = H ]
$NtUninstallKB917422$ -> %SystemRoot%\$NtUninstallKB917422$ -> [Folder | Modified Date = 12/09/2007 17:19:34 | Attr = H ]
$NtUninstallKB917537$ -> %SystemRoot%\$NtUninstallKB917537$ -> [Folder | Modified Date = 12/09/2007 17:17:46 | Attr = H ]
$NtUninstallKB917734_WMP9$ -> %SystemRoot%\$NtUninstallKB917734_WMP9$ -> [Folder | Modified Date = 12/09/2007 17:15:54 | Attr = H ]
$NtUninstallKB917953$ -> %SystemRoot%\$NtUninstallKB917953$ -> [Folder | Modified Date = 12/09/2007 17:16:42 | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Modified Date = 12/09/2007 17:25:52 | Attr = H ]
$NtUninstallKB918439$ -> %SystemRoot%\$NtUninstallKB918439$ -> [Folder | Modified Date = 12/09/2007 17:16:06 | Attr = H ]
$NtUninstallKB918899$ -> %SystemRoot%\$NtUninstallKB918899$ -> [Folder | Modified Date = 12/09/2007 17:19:18 | Attr = H ]
$NtUninstallKB919007$ -> %SystemRoot%\$NtUninstallKB919007$ -> [Folder | Modified Date = 12/09/2007 17:20:00 | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Modified Date = 12/09/2007 17:22:38 | Attr = H ]
$NtUninstallKB920214$ -> %SystemRoot%\$NtUninstallKB920214$ -> [Folder | Modified Date = 12/09/2007 17:19:00 | Attr = H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Modified Date = 12/09/2007 17:21:30 | Attr = H ]
$NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Modified Date = 12/09/2007 17:18:48 | Attr = H ]
$NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Modified Date = 12/09/2007 17:18:36 | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Modified Date = 12/09/2007 17:19:48 | Attr = H ]
$NtUninstallKB921398$ -> %SystemRoot%\$NtUninstallKB921398$ -> [Folder | Modified Date = 12/09/2007 17:18:24 | Attr = H ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 12/09/2007 17:30:22 | Attr = H ]
$NtUninstallKB921883$ -> %SystemRoot%\$NtUninstallKB921883$ -> [Folder | Modified Date = 12/09/2007 17:18:10 | Attr = H ]
$NtUninstallKB922616$ -> %SystemRoot%\$NtUninstallKB922616$ -> [Folder | Modified Date = 12/09/2007 17:17:58 | Attr = H ]
$NtUninstallKB922760$ -> %SystemRoot%\$NtUninstallKB922760$ -> [Folder | Modified Date = 12/09/2007 17:23:28 | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Modified Date = 12/09/2007 17:21:16 | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Modified Date = 12/09/2007 17:20:26 | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Modified Date = 12/09/2007 17:20:50 | Attr = H ]
$NtUninstallKB923694$ -> %SystemRoot%\$NtUninstallKB923694$ -> [Folder | Modified Date = 12/09/2007 17:23:54 | Attr = H ]
$NtUninstallKB923723$ -> %SystemRoot%\$NtUninstallKB923723$ -> [Folder | Modified Date = 12/09/2007 17:25:00 | Attr = H ]
$NtUninstallKB923980$ -> %SystemRoot%\$NtUninstallKB923980$ -> [Folder | Modified Date = 12/09/2007 17:22:28 | Attr = H ]
$NtUninstallKB924191$ -> %SystemRoot%\$NtUninstallKB924191$ -> [Folder | Modified Date = 12/09/2007 17:20:38 | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Modified Date = 12/09/2007 17:22:48 | Attr = H ]
$NtUninstallKB924496$ -> %SystemRoot%\$NtUninstallKB924496$ -> [Folder | Modified Date = 12/09/2007 17:21:04 | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Modified Date = 12/09/2007 17:25:40 | Attr = H ]
$NtUninstallKB925454$ -> %SystemRoot%\$NtUninstallKB925454$ -> [Folder | Modified Date = 12/09/2007 17:23:08 | Attr = H ]
$NtUninstallKB925486$ -> %SystemRoot%\$NtUninstallKB925486$ -> [Folder | Modified Date = 12/09/2007 17:20:12 | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 12/09/2007 17:26:14 | Attr = H ]
$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Modified Date = 12/09/2007 17:23:40 | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Modified Date = 12/09/2007 17:26:02 | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Modified Date = 12/09/2007 17:24:26 | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Modified Date = 12/09/2007 17:25:28 | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 12/09/2007 17:28:10 | Attr = H ]
$NtUninstallKB928090$ -> %SystemRoot%\$NtUninstallKB928090$ -> [Folder | Modified Date = 12/09/2007 17:24:46 | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Modified Date = 12/09/2007 17:25:14 | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Modified Date = 12/09/2007 17:24:14 | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Modified Date = 12/09/2007 17:29:28 | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 12/09/2007 17:26:38 | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 12/09/2007 17:26:52 | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Modified Date = 12/09/2007 17:27:44 | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 12/09/2007 17:27:06 | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 12/09/2007 17:27:24 | Attr = H ]
$NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Modified Date = 12/09/2007 17:28:42 | Attr = H ]
$NtUninstallKB935448$ -> %SystemRoot%\$NtUninstallKB935448$ -> [Folder | Modified Date = 12/09/2007 17:26:26 | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Modified Date = 12/09/2007 17:29:16 | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Modified Date = 12/09/2007 17:28:22 | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 12/09/2007 17:30:48 | Attr = H ]
$NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Modified Date = 12/09/2007 17:31:52 | Attr = H ]
$NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Modified Date = 12/09/2007 17:31:32 | Attr = H ]
$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Modified Date = 12/09/2007 17:31:12 | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 12/09/2007 17:30:36 | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 12/09/2007 16:55:36 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 13/09/2007 00:15:56 | Attr = S]
CDEC84Euro.ini -> %SystemRoot%\CDEC84Euro.ini -> [Ver = | Size = 25 bytes | Modified Date = 16/08/2007 19:41:52 | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 12/09/2007 16:57:58 | Attr = ]
EHome -> %SystemRoot%\EHome -> [Folder | Modified Date = 12/09/2007 16:50:34 | Attr = ]
EPSTPLOG.BAK -> %SystemRoot%\EPSTPLOG.BAK -> [Ver = | Size = 7757 bytes | Modified Date = 16/08/2007 19:45:20 | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 12/09/2007 22:14:20 | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 12/09/2007 17:35:48 | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 12/09/2007 16:50:32 | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 12/09/2007 16:50:32 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 12/09/2007 17:31:40 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 12/09/2007 17:31:56 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 12/09/2007 17:31:04 | Attr = HS]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 12/09/2007 16:50:16 | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 7550 bytes | Modified Date = 06/09/2007 11:15:34 | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 12/09/2007 17:35:48 | Attr = ]
mscdex.exe -> %SystemRoot%\mscdex.exe -> [Ver = | Size = 115712 bytes | Modified Date = 11/09/2007 10:41:34 | Attr = RHS]
peernet -> %SystemRoot%\peernet -> [Folder | Modified Date = 12/09/2007 16:50:18 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 12/09/2007 23:50:00 | Attr = ]
provisioning -> %SystemRoot%\provisioning -> [Folder | Modified Date = 12/09/2007 16:50:16 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 24/08/2007 11:23:18 | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 12/09/2007 17:37:10 | Attr = ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 12/09/2007 17:16:58 | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 11/09/2007 11:26:10 | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 12/09/2007 16:48:04 | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 12/09/2007 16:47:28 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 12/09/2007 17:36:52 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 12/09/2007 22:17:04 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 12/09/2007 23:53:02 | Attr = ]
UninstallThunderbird.exe -> %SystemRoot%\UninstallThunderbird.exe -> [Ver = | Size = 99965 bytes | Modified Date = 06/09/2007 11:15:34 | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 12/09/2007 16:45:46 | Attr = R ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 609 bytes | Modified Date = 12/09/2007 17:36:52 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 12/09/2007 17:31:02 | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 12/09/2007 16:57:44 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 13/09/2007 00:14:58 | Attr = H ]
a.exe -> %System32%\a.exe -> [Ver = | Size = 5273
je n'ai pas tout regardé, mais je voudrais au vu d'une ligne pernitieuse que tu fasses ceci :
* Télécharge ce fichier (par ejvindh)
http://www.uploads.ejvindh.net/rustbfix.exe
* sauvegarde-le sur ton Bureau.
* Double clique rustbfix.exe afin de lancer l'outil.
Si une infection Rustock.b est détectée, une invite t'indiquera qu'il est nécessaire de redémarrer l'ordi. Ce redémarrage pourrait être plus long que d'habitude, et il est possible que deux redémarrages soient requis. Tout cela se fera automatiquement.
Suite au(x) redémarrage(s), deux rapports s'ouvriront : (%root%\avenger.txt & %root%\rustbfix\pelog.txt).
* Copie colle le contenu de ces deux rapports, ainsi qu'un nouveau log HijackThis
* Télécharge ce fichier (par ejvindh)
http://www.uploads.ejvindh.net/rustbfix.exe
* sauvegarde-le sur ton Bureau.
* Double clique rustbfix.exe afin de lancer l'outil.
Si une infection Rustock.b est détectée, une invite t'indiquera qu'il est nécessaire de redémarrer l'ordi. Ce redémarrage pourrait être plus long que d'habitude, et il est possible que deux redémarrages soient requis. Tout cela se fera automatiquement.
Suite au(x) redémarrage(s), deux rapports s'ouvriront : (%root%\avenger.txt & %root%\rustbfix\pelog.txt).
* Copie colle le contenu de ces deux rapports, ainsi qu'un nouveau log HijackThis
