besoin d'aide pour un cheval de troie

Question

Bonjour,

Les virus c'est galère!!!
Je suis sur internet depuis un mois sans anti-virus

Donc un matin, j'ai eu un beau fond d'écran rouge sang avec un avertissement comme quoi je devais absolumment télécharger un logiciel etc... le blabla des virus

bref j'ai télécharger deux logiciel gratuit avast et bidifender, qui m'ont bien aider mais pas compléterment, mon cheval de troie persite et signe sur mon PC portable.

J'ai fait
AVGantispyware
AVAST
BIDIFENDER
Ccleaner

rien n'y fait et j'ai l'impression que c'est pire, toujours des annonces système.. etc et mon "adorable fond d'écran gore"

Je suis vraiment novice dans l'informatique
Votre site préconise de faire un rapport hijackthis

le voici
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:00, on 26/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\vsvsnqvo.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\bwfvbpws.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: GNX Bingo - {7DEE5BA2-CB70-4BBB-BD94-208BBA8AA6C4} - C:\WINDOWS\drnpfdxlsk.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [bwfvbpws] C:\WINDOWS\system32\bwfvbpws.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\bdnagent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [AGpULFfw0Q] C:\WINDOWS\vsvsnqvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: zip - {585d6709-61be-4523-9159-1437531d9d1c} - C:\WINDOWS\Installer\{585d6709-61be-4523-9159-1437531d9d1c}\zip.dll (file missing)
O21 - SSODL: altvxvm - {EACA6929-9911-4AA6-81CD-FA5E8CF1BF1C} - C:\WINDOWS\altvxvm.dll
O21 - SSODL: UnknownDrive - {034fa83b-8ffd-4b16-93c8-8559db32543e} - C:\WINDOWS\Installer\{034fa83b-8ffd-4b16-93c8-8559db32543e}\UnknownDrive.dll (file missing)
O21 - SSODL: KernelKernel - {b5764aac-0173-4a34-a7b3-95f8f62e9061} - C:\WINDOWS\Installer\{b5764aac-0173-4a34-a7b3-95f8f62e9061}\KernelKernel.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

jlpjlp · Answer

slt

lance rogue remover  et dis ce qui est trouvé

pour info :
http://www.libellules.ch/dotclear/index.php?2006/11/29/1518-rogue-remover

pour telecharger :
https://www.01net.com/telecharger/ 

________________



O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll
O2 - BHO: GNX Bingo - {7DEE5BA2-CB70-4BBB-BD94-208BBA8AA6C4} - C:\WINDOWS\drnpfdxlsk.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bwfvbpws] C:\WINDOWS\system32\bwfvbpws.exe
O4 - HKLM\..\Policies\Explorer\Run: [AGpULFfw0Q] C:\WINDOWS\vsvsnqvo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O21 - SSODL: zip - {585d6709-61be-4523-9159-1437531d9d1c} - C:\WINDOWS\Installer\{585d6709-61be-4523-9159-1437531d9d1c}\zip.dll (file missing)
O21 - SSODL: altvxvm - {EACA6929-9911-4AA6-81CD-FA5E8CF1BF1C} - C:\WINDOWS\altvxvm.dll
O21 - SSODL: UnknownDrive - {034fa83b-8ffd-4b16-93c8-8559db32543e} - C:\WINDOWS\Installer\{034fa83b-8ffd-4b16-93c8-8559db32543e}\UnknownDrive.dll (file missing)
O21 - SSODL: KernelKernel - {b5764aac-0173-4a34-a7b3-95f8f62e9061} - C:\WINDOWS\Installer\{b5764aac-0173-4a34-a7b3-95f8f62e9061}\KernelKernel.dll (file missing)

__________________

smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php


2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. 

3/ redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

____________________



Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
Sauvegarde le sur ton bureau et pas ailleurs ! 

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic 

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider. 
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. 

_______________________


télécharge OTMoveIt 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.  Ou sur  https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

Citation : 
C:\Program Files\PC-Antispyware\IeExtension.dll
C:\WINDOWS\drnpfdxlsk.dll
C:\WINDOWS\system32\bwfvbpws.exe
C:\WINDOWS\vsvsnqvo.exe
C:\WINDOWS\altvxvm.dll
C:\Program Files\PC-Antispyware

clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 
____________________

mets a jour java:
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

mets a jour internet explorer
http://www.01net.com/windows/Internet/navigateur/fiches/13759.html
_____________________

recolle hijakchits et dis tes soucis

jlpjlp · Answer

fix ces lignes:

O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Policies\Explorer\Run: [AGpULFfw0Q] C:\WINDOWS\vsvsnqvo.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O21 - SSODL: zip - {585d6709-61be-4523-9159-1437531d9d1c} - C:\WINDOWS\Installer\{585d6709-61be-4523-9159-1437531d9d1c}\zip.dll (file missing)
O21 - SSODL: UnknownDrive - {034fa83b-8ffd-4b16-93c8-8559db32543e} - C:\WINDOWS\Installer\{034fa83b-8ffd-4b16-93c8-8559db32543e}\UnknownDrive.dll (file missing)
O21 - SSODL: KernelKernel - {b5764aac-0173-4a34-a7b3-95f8f62e9061} - C:\WINDOWS\Installer\{b5764aac-0173-4a34-a7b3-95f8f62e9061}\KernelKernel.dll (file missing)
O21 - SSODL: altvxvm - {861C7C19-D910-436C-8B6D-F22D2E12C44C} - C:\WINDOWS\altvxvm.dll (file missing) 

_______________________


télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :
 C:\WINDOWS\vsvsnqvo.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 

_________


Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau. 
Ensuite double clique sur navilog1.exe pour lancer l'installation. 
Une fois l'installation terminée, le fix s'exécutera automatiquement. 
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau). 

Laisse-toi guider. Au menu principal, choisis 1 et valides. 
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord) 

Patiente jusqu'au message : 
*** Analyse Termine le ..... *** 
Appuie sur une touche comme demandé, le blocnote va s'ouvrir. 
Copie-colle l'intégralité dans une réponse. Referme le blocnote. 
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt) 








attends avant de faire la suite:

_________

 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr



____________

repare windows avec zeb restore

http://telechargement.zebulon.fr/zeb-restore.html

puis essaye de mettre a jour internet explorer et java


_______________
Mise a jour java


1/ Télécharger Windows (Installation hors ligne) 13.16 MB 
http://jdl.sun.com/webapps/download/AutoDL?BundleId=10156

2/ Fermer IE et tous le programmes en cours y compris l'antivirus, firewall... donc après avoir coupé sa liaison internet (fortement recommandé).  

3/ lancer l'exécutable (à partir du répertoire où vous l'avez enregistré en premiere partie) et laissez vous guider 
_________________

jlpjlp · Answer

oui tu as mis pc antispyware qui est un virus ....



si c'est bitdefender free que tu as ok par contre si tu as la version payante de bitdefender il faut virer avast sinon l'ordi va ramer et risque de planter!

______________



Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

____________


scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Calycox · Answer

Merci pour ton aide.. très très très précieuse,

Pour info, j'ai bitdefender free et avast gratuit aussi.
j'espère que ça pose pas de soucis.

Voici le premier rapport : celui de SDFix


[b]SDFix: Version 1.204 [/b]
Run by CARO on 11/07/2008 at 19:58

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\CARO\Bureau\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\Program Files\VAV\vav0.dat - Deleted
C:\Program Files\VAV\vav1.dat - Deleted
C:\DOCUME~1\CARO\LOCALS~1\Temp\lwpower.exe.bat - Deleted
C:\WINDOWS\system32\sex1.ico - Deleted
C:\WINDOWS\system32\sex2.ico - Deleted
C:\WINDOWS\gpefaowr.exe  - Deleted



Folder C:\Program Files\VAV - Removed


Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 20:08:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\CARO\Bureau\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Thu 16 Dec 2004         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 20 Oct 2003        73,688 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu  5 Feb 2004        18,432 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setup.dll"
Thu  5 Feb 2004         5,120 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Wed 11 Oct 2006         1,657 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti6.tmp"
Tue  3 Jun 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 26 Sep 2006        27,648 A..H. --- "C:\Documents and Settings\CARO\Mes documents\CV\~WRL0169.tmp"
Wed  7 May 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT5.tmp"
Sat 14 Jun 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BIT6.tmp"
Mon  4 Feb 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f092643004fe50cceed65d55dd41fd7d\BIT34.tmp"
Mon 23 May 2005        60,928 ...H. --- "C:\Documents and Settings\CARO\Application Data\Microsoft\Word\~WRL1704.tmp"
Thu 12 May 2005       751,616 ...H. --- "C:\Documents and Settings\CARO\Mes documents\ESCI\M‚moire\~WRL1545.tmp"
Wed 25 May 2005       782,336 ...H. --- "C:\Documents and Settings\CARO\Mes documents\ESCI\M‚moire\~WRL3694.tmp"
Thu 16 Dec 2004         4,348 ...H. --- "C:\Documents and Settings\CARO\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sat 17 Dec 2005            20 A..H. --- "C:\Documents and Settings\CARO\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Thu 16 Dec 2004           312 ...H. --- "C:\Documents and Settings\CARO\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Sat 17 Dec 2005         1,536 A..H. --- "C:\Documents and Settings\CARO\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Thu 28 Apr 2005        61,952 ...H. --- "C:\Documents and Settings\CARO\Mes documents\ESCI\M‚moire\Annexes\~WRL1028.tmp"
Tue 11 Aug 1998       294,400 A..H. --- "C:\Documents and Settings\CARO\Mes documents\Basso\BIBLE BASSO\Vieux GENERAL\002bible vieux\~WRL0392.tmp"
Wed 15 Sep 2004       366,592 A..H. --- "C:\Documents and Settings\CARO\Mes documents\Basso\BIBLE BASSO\Vieux GENERAL\DESCRIPTION\~WRL2368.tmp"
Fri  3 Dec 2004     1,423,872 A..H. --- "C:\Documents and Settings\CARO\Mes documents\ESCI\M‚moire\Document annex‚\PROCEDURE ATTIC\~WRL0925.tmp"
Wed 15 Sep 2004       366,592 A..H. --- "C:\Documents and Settings\CARO\Mes documents\Basso\BIBLE BASSO\Vieux GENERAL\bible tranfert attic+\Vieux\Tranformer en Txt\~WRL2368.tmp"

[b]Finished![/b]



Et le deuxième (celui de malware)

Malwarebytes' Anti-Malware 1.20
Version de la base de données: 940
Windows 5.1.2600 Service Pack 2

22:09:07 11/07/2008
mbam-log-7-11-2008 (22-08-58).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 110883
Temps écoulé: 46 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 19

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{10f0c2a9-8e38-43e3-204d-45524c494e20} (Rogue.PCAntispyware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10f0c2a9-8e38-43e3-204d-45524c494e20} (Rogue.PCAntispyware) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{28742fa0-111d-4716-b8a6-28560fd12470} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c47cde0b-a28d-4d71-a44c-3333646b286c} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\zip (Trojan.Clicker) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\WINDOWS\Installer\{585d6709-61be-4523-9159-1437531d9d1c} (Trojan.Alphabet) -> No action taken.
C:\WINDOWS\Installer\{034fa83b-8ffd-4b16-93c8-8559db32543e} (Trojan.Alphabet) -> No action taken.
C:\WINDOWS\Installer\{b5764aac-0173-4a34-a7b3-95f8f62e9061} (Trojan.Alphabet) -> No action taken.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
C:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> No action taken.
C:\Documents and Settings\CARO\Application Data\PC-Cleaner (Rogue.PC-Cleaner) -> No action taken.

Fichier(s) infecté(s):
C:\Program Files\PCHealthCenter\5.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP299\A0038884.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP300\A0039999.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP301\A0040031.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP301\A0040032.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP301\A0040033.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\egxk.exe (Trojan.FakeAlert) -> No action taken.
C:\_OTMoveIt\MovedFiles\03282008_170517\Program Files\PC-Antispyware\PopupBlocker.dll (Rogue.PCAntispyware) -> No action taken.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> No action taken.
C:\Documents and Settings\CARO\Application Data\PC-Cleaner\log.dat (Rogue.PC-Cleaner) -> No action taken.
C:\Documents and Settings\CARO\Application Data\PC-Cleaner\settings.dat (Rogue.PC-Cleaner) -> No action taken.
C:\WINDOWS\fsrpknov.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\sqvgnrpx.dll (Trojan.FakeAlert) -> No action taken.


Apparement il a supprimer pas mal de truc.
avant de faire ces deux analyse, Avast m'avait demander de faire un scan à l'allumage du PC et la aussi il m'a supprimer pas mal de choses

j'espère que c'est fini
J'attend ta réponse
merci

Caly

jlpjlp · Answer

recolle un rapport hijackthis 

et 

 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

Calycox · Answer

Voici les deux rapports demandés

Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:40:41, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\fichie~1\instal~1\update~1\isuspm.exe
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [bwfvbpws] C:\WINDOWS\system32\bwfvbpws.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\bdnagent.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: UnknownDrive - {034fa83b-8ffd-4b16-93c8-8559db32543e} - C:\WINDOWS\Installer\{034fa83b-8ffd-4b16-93c8-8559db32543e}\UnknownDrive.dll (file missing)
O21 - SSODL: KernelKernel - {b5764aac-0173-4a34-a7b3-95f8f62e9061} - C:\WINDOWS\Installer\{b5764aac-0173-4a34-a7b3-95f8f62e9061}\KernelKernel.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

jlpjlp · Answer

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :
C:\WINDOWS\system32\bwfvbpws.exe 

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 

_______________________


télécharge combofix (par sUBs) ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

et enregistre le sur le bureau. 


déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
_________________

mets a jour internet explorer ici


https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

Calycox · Answer

Voici les rapports

d'abord
OTMELT

[Custom Input]
< C:\WINDOWS\system32\bwfvbpws.exe >
File/Folder C:\WINDOWS\system32\bwfvbpws.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 07142008_115104

Je pense qu'il y a un soucis il ne trouve rien et m'a rien supprimer

ET combofix

ComboFix 08-07-13.9 - CARO 2008-07-14 11:58:15.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.115 [GMT 2:00]
Endroit: C:\Documents and Settings\CARO\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Installer\{034fa83b-8ffd-4b16-93c8-8559db32543e}\UnknownDrive.dll
C:\WINDOWS\Installer\{b5764aac-0173-4a34-a7b3-95f8f62e9061}\KernelKernel.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))))))))
.

2008-07-13 14:46 . 2008-07-13 14:46 268 --ah----- C:\sqmdata13.sqm
2008-07-13 14:46 . 2008-07-13 14:46 244 --ah----- C:\sqmnoopt13.sqm
2008-07-13 11:20 . 2008-07-13 11:20 244 --ah----- C:\sqmnoopt12.sqm
2008-07-13 11:20 . 2008-07-13 11:20 232 --ah----- C:\sqmdata12.sqm
2008-07-12 22:44 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-12 22:43 . 2008-07-12 22:43 <REP> d-------- C:\Program Files\Panda Security
2008-07-11 19:53 . 2008-07-11 19:53 <REP> d-------- C:\WINDOWS\ERUNT
2008-07-11 19:47 . 2008-07-11 19:47 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 19:47 . 2008-07-11 19:47 <REP> d-------- C:\Documents and Settings\CARO\Application Data\Malwarebytes
2008-07-11 19:47 . 2008-07-11 19:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 19:47 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-11 19:47 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-11 10:14 . 2008-07-11 10:14 244 --ah----- C:\sqmnoopt11.sqm
2008-07-11 10:14 . 2008-07-11 10:14 232 --ah----- C:\sqmdata11.sqm
2008-06-25 21:49 . 2008-06-25 21:49 244 --ah----- C:\sqmnoopt10.sqm
2008-06-25 21:49 . 2008-06-25 21:49 232 --ah----- C:\sqmdata10.sqm
2008-06-25 21:48 . 2008-06-25 21:48 244 --ah----- C:\sqmnoopt09.sqm
2008-06-25 21:48 . 2008-06-25 21:48 232 --ah----- C:\sqmdata09.sqm
2008-06-25 21:47 . 2008-06-25 21:47 244 --ah----- C:\sqmnoopt08.sqm
2008-06-25 21:47 . 2008-06-25 21:47 232 --ah----- C:\sqmdata08.sqm
2008-06-21 23:48 . 2008-06-21 23:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\hpqwmi
2008-06-20 19:41 . 2008-06-20 19:41 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-17 21:05 . 2008-06-17 21:05 <REP> d-------- C:\Program Files\Kodak
2008-06-17 21:05 . 2008-06-17 21:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-06-17 21:05 . 2008-06-17 21:05 22 --a------ C:\WINDOWS\kodakpcd.CARO.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 09:55 --------- d-----w C:\Program Files\Wanadoo
2008-07-13 12:22 --------- d-----w C:\Documents and Settings\CARO\Application Data\Skype
2008-07-13 09:23 --------- d-----w C:\Documents and Settings\CARO\Application Data\skypePM
2008-06-24 17:28 --------- d-----w C:\Documents and Settings\CARO\Application Data\AdobeUM
2008-06-21 09:11 --------- d-----w C:\Documents and Settings\CARO\Application Data\LimeWire
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 17:55 106,424 ----a-w C:\Documents and Settings\CARO\Application Data\GDIPFONTCACHEV1.DAT
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 17:28 --------- d-----w C:\Program Files\MSECache
2008-06-10 19:23 --------- d-----w C:\Documents and Settings\CARO\Application Data\TaoUSign
2008-06-03 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-05-12 17:58 286,720 ----a-w C:\WINDOWS\iun507.exe
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-03 19:21 57,632 ----a-w C:\PA207.DAT
2008-05-01 13:42 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-01 13:42 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-17 10:52 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-02-08 19:54 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-03-27_19.20.14,25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-20 07:56:50 1,846,016 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-12-18 14:32:57 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll
+ 2007-12-18 14:32:57 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll
+ 2008-02-20 05:20:23 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:50:24 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2008-02-16 09:31:57 1,024,512 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\browseui.dll
+ 2008-02-16 09:31:57 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\cdfview.dll
+ 2008-02-16 09:31:58 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\danim.dll
+ 2008-02-16 09:31:58 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll
+ 2008-02-16 09:31:58 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtrans.dll
+ 2008-02-16 09:31:58 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\extmgr.dll
+ 2008-02-15 09:07:53 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
+ 2008-02-16 09:31:58 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iepeers.dll
+ 2008-02-16 09:31:58 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\inseng.dll
+ 2008-02-16 09:31:58 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\jsproxy.dll
+ 2008-02-16 09:31:59 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtml.dll
+ 2008-02-16 09:31:59 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtmled.dll
+ 2008-02-16 09:31:59 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\msrating.dll
+ 2008-02-16 09:31:59 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mstime.dll
+ 2008-02-16 09:31:59 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\pngfilt.dll
+ 2008-02-16 09:32:00 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shdocvw.dll
+ 2008-02-16 09:32:00 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shlwapi.dll
+ 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\spru040c.dll
+ 2008-02-16 09:32:00 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\urlmon.dll
+ 2008-02-16 09:32:00 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\updspapi.dll
+ 2008-02-20 06:52:42 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
+ 2007-03-06 01:35:47 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-25 06:56:31 194,144 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-11-01 05:15:27 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-04-21 06:57:16 1,024,512 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll
+ 2008-04-21 06:57:16 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll
+ 2008-04-21 06:57:17 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll
+ 2008-04-21 06:57:17 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll
+ 2008-04-21 06:57:18 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll
+ 2008-04-21 06:57:18 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll
+ 2008-04-17 10:46:59 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe
+ 2008-04-21 06:57:18 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll
+ 2008-04-21 06:57:18 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll
+ 2008-04-21 06:57:18 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll
+ 2008-04-21 06:57:22 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll
+ 2008-04-21 06:57:22 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll
+ 2008-04-21 06:57:23 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll
+ 2008-04-21 06:57:23 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll
+ 2008-04-21 06:57:23 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll
+ 2008-04-21 06:57:25 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll
+ 2008-04-21 06:57:26 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll
+ 2008-04-17 11:03:45 370,176 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\spru040c.dll
+ 2008-04-21 06:57:26 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll
+ 2008-04-21 06:57:27 670,720 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
+ 2008-04-21 06:43:36 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
+ 2008-04-21 06:43:36 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
+ 2008-04-21 06:30:24 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
+ 2008-04-21 06:30:24 670,720 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
+ 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll
+ 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\updspapi.dll
+ 2008-05-08 12:14:51 203,008 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP2QFE\rmcast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3GDR\rmcast.sys
+ 2008-05-08 13:58:17 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys
+ 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\updspapi.dll
+ 2008-04-14 16:17:04 272,768 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP2QFE\bthport.sys
+ 2008-04-14 15:59:30 272,768 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3GDR\bthport.sys
+ 2008-04-14 16:22:05 272,768 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3QFE\bthport.sys
+ 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\update.exe
+ 2007-11-30 11:19:10 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\updspapi.dll
+ 2008-05-07 04:55:47 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:11:24 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:59 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\updspapi.dll
+ 2006-10-18 19:47:16 414,208 -c----w C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
+ 2005-06-28 08:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
+ 2005-06-28 08:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
+ 2005-06-28 08:23:40 216,800 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
+ 2005-06-28 08:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
+ 2006-10-18 19:47:20 10,834,432 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
+ 2005-06-28 08:23:40 216,800 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
+ 2005-06-28 08:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
+ 2006-11-03 07:58:34 317,440 -c----w C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\updspapi.dll
+ 2007-03-08 15:33:58 1,843,712 -c----w C:\WINDOWS\$NtUninstallKB941693$\win32k.sys
+ 2007-11-14 07:28:02 450,560 -c----w C:\WINDOWS\$NtUninstallKB944338$\jscript.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB944338$\spuninst\updspapi.dll
+ 2004-08-05 08:00:00 417,792 -c----w C:\WINDOWS\$NtUninstallKB944338$\vbscript.dll
+ 2006-06-26 17:41:32 148,480 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsapi.dll
+ 2004-08-05 08:00:00 45,568 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\updspapi.dll
+ 2007-12-07 01:07:03 1,024,000 -c----w C:\WINDOWS\$NtUninstallKB947864$\browseui.dll
+ 2007-12-07 01:07:03 152,064 -c----w C:\WINDOWS\$NtUninstallKB947864$\cdfview.dll
+ 2007-12-07 01:07:03 1,056,768 -c----w C:\WINDOWS\$NtUninstallKB947864$\danim.dll
+ 2007-12-07 01:07:03 357,888 -c----w C:\WINDOWS\$NtUninstallKB947864$\dxtmsft.dll
+ 2007-12-07 01:07:03 205,312 -c----w C:\WINDOWS\$NtUninstallKB947864$\dxtrans.dll
+ 2007-12-07 01:07:04 55,808 -c----w C:\WINDOWS\$NtUninstallKB947864$\extmgr.dll
+ 2007-12-06 13:07:07 18,432 -c----w C:\WINDOWS\$NtUninstallKB947864$\iedw.exe
+ 2007-12-07 01:07:04 251,392 -c----w C:\WINDOWS\$NtUninstallKB947864$\iepeers.dll
+ 2007-12-07 01:07:04 96,768 -c----w C:\WINDOWS\$NtUninstallKB947864$\inseng.dll
+ 2007-12-07 01:07:04 16,384 -c----w C:\WINDOWS\$NtUninstallKB947864$\jsproxy.dll
+ 2007-12-07 14:37:06 3,080,192 -c----w C:\WINDOWS\$NtUninstallKB947864$\mshtml.dll
+ 2007-12-07 01:07:04 449,024 -c----w C:\WINDOWS\$NtUninstallKB947864$\mshtmled.dll
+ 2007-12-07 01:07:04 146,432 -c----w C:\WINDOWS\$NtUninstallKB947864$\msrating.dll
+ 2007-12-07 01:07:04 532,480 -c----w C:\WINDOWS\$NtUninstallKB947864$\mstime.dll
+ 2007-12-07 01:07:04 39,424 -c----w C:\WINDOWS\$NtUninstallKB947864$\pngfilt.dll
+ 2007-12-07 01:07:05 1,495,040 -c----w C:\WINDOWS\$NtUninstallKB947864$\shdocvw.dll
+ 2007-12-07 01:07:05 474,624 -c----w C:\WINDOWS\$NtUninstallKB947864$\shlwapi.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB947864$\spuninst\updspapi.dll
+ 2007-12-07 01:07:05 617,472 -c----w C:\WINDOWS\$NtUninstallKB947864$\urlmon.dll
+ 2007-12-07 01:07:05 663,552 -c----w C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
+ 2007-12-06 23:40:30 369,152 -c----w C:\WINDOWS\$NtUninstallKB947864$\xpsp3res.dll
+ 2007-06-19 13:32:25 282,112 -c----w C:\WINDOWS\$NtUninstallKB948590$\gdi32.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\updspapi.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe
+ 2007-03-06 01:35:47 394,976 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\updspapi.dll
+ 2004-08-05 08:00:00 561,179 -c----w C:\WINDOWS\$NtUninstallKB950749$\dao360.dll
+ 2004-08-05 08:00:00 512,029 -c----w C:\WINDOWS\$NtUninstallKB950749$\msexch40.dll
+ 2004-08-05 08:00:00 319,517 -c----w C:\WINDOWS\$NtUninstallKB950749$\msexcl40.dll
+ 2004-08-05 08:00:00 1,507,356 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjet40.dll
+ 2004-08-05 08:00:00 358,976 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjetoledb40.dll
+ 2004-08-05 08:00:00 184,351 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjint40.dll
+ 2004-08-05 08:00:00 53,279 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjter40.dll
+ 2004-08-05 08:00:00 241,693 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjtes40.dll
+ 2004-08-05 08:00:00 213,023 -c----w C:\WINDOWS\$NtUninstallKB950749$\msltus40.dll
+ 2004-08-05 08:00:00 348,189 -c----w C:\WINDOWS\$NtUninstallKB950749$\mspbde40.dll
+ 2004-08-05 08:00:00 421,919 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrd2x40.dll
+ 2004-08-05 08:00:00 315,423 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrd3x40.dll
+ 2004-08-05 08:00:00 552,989 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrepl40.dll
+ 2004-08-05 08:00:00 258,077 -c----w C:\WINDOWS\$NtUninstallKB950749$\mstext40.dll
+ 2004-08-05 08:00:00 831,519 -c----w C:\WINDOWS\$NtUninstallKB950749$\mswdat10.dll
+ 2004-08-05 08:00:00 614,429 -c----w C:\WINDOWS\$NtUninstallKB950749$\mswstr10.dll
+ 2004-08-05 08:00:00 348,189 -c----w C:\WINDOWS\$NtUninstallKB950749$\msxbde40.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB950749$\spuninst\updspapi.dll
+ 2008-02-16 09:02:34 1,024,000 -c----w C:\WINDOWS\$NtUninstallKB950759$\browseui.dll
+ 2008-02-16 09:02:34 152,064 -c----w C:\WINDOWS\$NtUninstallKB950759$\cdfview.dll
+ 2008-02-16 09:02:34 1,056,768 -c----w C:\WINDOWS\$NtUninstallKB950759$\danim.dll
+ 2008-02-16 09:02:34 357,888 -c----w C:\WINDOWS\$NtUninstallKB950759$\dxtmsft.dll
+ 2008-02-16 09:02:35 205,312 -c----w C:\WINDOWS\$NtUninstallKB950759$\dxtrans.dll
+ 2008-02-16 09:02:35 55,808 -c----w C:\WINDOWS\$NtUninstallKB950759$\extmgr.dll
+ 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\$NtUninstallKB950759$\iedw.exe
+ 2008-02-16 09:02:35 251,392 -c----w C:\WINDOWS\$NtUninstallKB950759$\iepeers.dll
+ 2008-02-16 09:02:35 96,768 -c----w C:\WINDOWS\$NtUninstallKB950759$\inseng.dll
+ 2008-02-16 09:02:35 16,384 -c----w C:\WINDOWS\$NtUninstallKB950759$\jsproxy.dll
+ 2008-02-16 22:32:38 3,080,704 -c----w C:\WINDOWS\$NtUninstallKB950759$\mshtml.dll
+ 2008-02-16 09:02:36 449,024 -c----w C:\WINDOWS\$NtUninstallKB950759$\mshtmled.dll
+ 2008-02-16 09:02:37 146,432 -c----w C:\WINDOWS\$NtUninstallKB950759$\msrating.dll
+ 2008-02-16 09:02:37 532,480 -c----w C:\WINDOWS\$NtUninstallKB950759$\mstime.dll
+ 2008-02-16 09:02:37 39,424 -c----w C:\WINDOWS\$NtUninstallKB950759$\pngfilt.dll
+ 2008-02-16 09:02:38 1,495,040 -c----w C:\WINDOWS\$NtUninstallKB950759$\shdocvw.dll
+ 2008-02-16 09:02:38 474,624 -c----w C:\WINDOWS\$NtUninstallKB950759$\shlwapi.dll
+ 2007-11-30 11:19:06 234,872 -c----w C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe
+ 2007-11-30 12:39:31 406,392 -c----w C:\WINDOWS\$NtUninstallKB950759$\spuninst\updspapi.dll
+ 2008-02-16 09:02:39 617,984 -c----w C:\WINDOWS\$NtUninstallKB950759$\urlmon.dll
+ 2008-02-16 09:02:39 663,552 -c----w C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
+ 2008-02-15 23:03:14 370,176 -c----w C:\WINDOWS\$NtUninstallKB950759$\xpsp3res.dll
+ 2007-11-30 12:39:29 234,872 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe
+ 2007-11-30 12:39:31 406,392 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\updspapi.dll
+ 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys
+ 2007-11-30 12:39:29 234,872 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe
+ 2007-11-30 12:39:31 406,392 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\updspapi.dll
+ 2007-11-30 11:19:06 234,872 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe
+ 2007-11-30 11:19:10 406,392 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\updspapi.dll
+ 2007-10-29 22:43:32 1,293,824 -c----w C:\WINDOWS\$NtUninstallKB951698$\quartz.dll
+ 2007-11-30 11:19:06 234,872 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe
+ 2007-11-30 12:39:31 406,392 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\updspapi.dll
+ 2006-09-25 15:58:48 221,488 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
+ 2006-09-25 15:58:48 379,184 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
+ 2004-08-05 08:00:00 286,208 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
+ 2004-08-05 08:00:00 159,232 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
+ 2004-08-05 08:00:00 695,296 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\drmv2clt.dll
+ 2004-08-05 08:00:00 6,656 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
+ 2004-08-05 08:00:00 103,936 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
+ 2004-08-05 08:00:00 310,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp43dmod.dll
+ 2004-08-05 08:00:00 384,512 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp4sdmod.dll
+ 2004-08-05 08:00:00 240,640 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mpg4dmod.dll
+ 2004-08-05 08:00:00 259,072 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
+ 2004-08-05 08:00:00 52,736 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2004-08-05 08:00:00 201,728 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
+ 2004-08-05 08:00:00 356,352 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
+ 2004-08-05 08:00:00 246,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
+ 2004-08-05 08:00:00 237,568 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
+ 2006-05-16 16:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe
+ 2006-05-16 16:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\updspapi.dll
+ 2006-11-02 09:46:52 13,312 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
+ 2004-08-05 08:00:00 408,064 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
+ 2004-08-05 08:00:00 670,720 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
+ 2007-10-25 09:00:50 230,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmasf.dll
+ 2004-08-05 08:00:00 27,136 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
+ 2004-08-05 08:00:00 23,552 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
+ 2004-08-05 08:00:00 151,552 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
+ 2004-08-05 08:00:00 1,050,624 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
+ 2004-08-05 08:00:00 759,296 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
+ 2004-08-05 08:00:00 1,119,744 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
+ 2004-08-05 08:00:00 484,864 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
+ 2004-08-05 08:00:00 896,512 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
+ 2005-03-04 11:11:04 1,218,808 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadvd.dll
+ 2007-10-25 09:01:10 2,109,440 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvcore.dll
+ 2004-08-05 08:00:00 809,984 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
+ 2004-08-05 08:00:00 1,001,472 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
+ 2004-08-05 08:00:00 8,704 -c----w C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
+ 2004-08-05 08:00:00 368,640 -c----w C:\WINDOWS\$NtUninstallwmp11$\mpvis.dll
+ 2004-08-05 08:00:00 778,240 -c----w C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe
+ 2006-05-16 16:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe
+ 2006-05-16 16:11:56 394,976 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\updspapi.dll
+ 2004-08-05 08:00:00 208,896 -c----w C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe
+ 2004-08-05 08:00:00 200,704 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmerror.dll
+ 2007-04-30 01:22:16 4,734,976 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
+ 2004-08-05 08:00:00 114,688 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpasf.dll
+ 2004-08-05 08:00:00 98,304 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
+ 2004-08-05 08:00:00 233,472 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpdxm.dll
+ 2004-08-05 08:00:00 73,728 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
+ 2004-08-05 08:00:00 2,985,984 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
+ 2004-08-05 08:00:00 102,400 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
+ 2006-09-15 23:05:22 221,488 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2006-09-15 23:05:22 379,184 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2006-09-28 17:01:52 58,368 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2008-06-14 17:59:52 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-07-09 09:52:07 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-11 17:53:35 6,828,032 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-11 17:53:36 249,856 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-07-09 09:52:07 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-11 17:53:22 6,828,032 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-07-11 17:53:22 249,856 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
- 2004-08-05 08:00:00 208,896 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-29 09:59:14 318,976 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-03-21 16:58:40 4,145,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]00021090200C0400000000000F01FEC\12.0.6021\WRD12CNV.DLL
+ 2007-03-21 16:58:46 24,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]00021090200C0400000000000F01FEC\12.0.6021\WRD12EXE.EXE
+ 2007-05-10 08:25:40 14,677,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]00021090200C0400000000000F01FEC\12.0.6021\XL12CNV.EXE
+ 2004-12-17 19:16:14 2,048 ----a-r C:\WINDOWS\Installer\{0004040C-78E1-11D2-B60F-006097C998E7}\msd82ico.exe
+ 2004-12-17 19:16:14 2,048 ----a-r C:\WINDOWS\Installer\{0004040C-78E1-11D2-B60F-006097C998E7}\wa32ico.exe
+ 2008-06-13 13:51:29 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-03-25 20:29:48 167,936 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-05-13 20:18:22 167,936 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-05-13 20:18:22 2,560 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-03-25 20:29:48 81,920 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2008-05-13 20:18:22 81,920 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2008-03-25 20:29:48 34,304 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-05-13 20:18:22 34,304 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-03-25 20:29:48 8,192 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-05-13 20:18:23 8,192 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-03-25 20:29:48 3,584 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-05-13 20:18:23 3,584 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-03-25 20:29:48 114,688 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-05-13 20:18:23 114,688 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-03-25 20:29:48 16,384 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-05-13 20:18:22 16,384 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-03-25 20:29:48 30,720 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-05-13 20:18:22 30,720 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-03-25 20:29:48 22,528 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-05-13 20:18:23 22,528 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-03-25 20:29:48 45,056 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-05-13 20:18:22 45,056 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-03-25 20:29:48 90,112 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-05-13 20:18:22 90,112 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2007-03-08 16:47:44 2,560 ----a-r C:\WINDOWS\Installer\{911B040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-04-12 09:42:40 10,134 ----a-r C:\WINDOWS\Installer\{9B0A1878-5E40-499D-911A-3AF784BB7F69}\ARPPRODUCTICON.exe
- 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
+ 2006-11-20 07:01:08 163,840 ----a-w C:\WINDOWS\PixArt\PAC207\AMCap.exe
+ 2006-11-03 09:01:16 319,488 ----a-w C:\WINDOWS\PixArt\PAC207\Monitor.exe
+ 2006-10-12 16:09:56 413,696 ----a-w C:\WINDOWS\PixArt\PAC207\PASnap.exe
+ 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2004-08-05 08:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2004-08-05 08:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2004-08-05 08:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2004-08-05 08:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
- 2004-08-05 08:00:00 8,704 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-11-03 07:56:54 7,680 ----a-w C:\WINDOWS\system32\asferror.dll
- 2007-12-04 13:04:28 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2006-10-18 19:47:08 276,992 ------w C:\WINDOWS\system32\audiodev.dll
- 2007-12-04 12:54:04 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2004-08-05 08:00:00 286,208 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-18 19:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2007-12-07 01:07:03 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:02:27 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-12-07 01:07:03 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:02:27 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2004-08-05 08:00:00 159,232 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-18 19:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-11-20 07:04:24 6,656 ----a-w C:\WINDOWS\system32\CoInst_061205.dll
+ 2004-09-30 00:23:53 1,713 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Sonic\Update Manager\sumdb.dat
- 2007-12-07 01:07:03 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:02:28 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2004-08-05 08:00:00 1,788 ----a-w C:\WINDOWS\system32\Dcache.bin
- 2007-12-07 01:07:03 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:02:27 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2004-08-03 21:10:18 17,024 ----a-w C:\WINDOWS\system32\dllcache\ccdecode.sys
- 2007-12-07 01:07:03 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:02:27 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-12-07 01:07:03 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:02:28 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-03-25 04:50:25 554,008 ------w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-02-20 05:35:05 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-12-07 01:07:03 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:02:28 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 01:07:03 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:02:28 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 01:07:04 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:02:28 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:32:25 282,112 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:00 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-12-07 01:07:04 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:02:29 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-12-07 01:07:04 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:02:29 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-11-14 07:28:02 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:41:58 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-12-07 01:07:04 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:02:29 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-25 04:50:28 518,944 ------w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 ------w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2007-12-07 14:37:06 3,080,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:02:34 3,080,704 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 01:07:04 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:02:34 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-25 04:50:34 1,516,568 ------w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:40 355,112 ------w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:51:08 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:50:42 60,192 ------w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 ------w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:44 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:45 355,104 ------w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2007-12-07 01:07:04 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:02:34 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-25 04:50:47 432,928 ------w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 ------w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 ------w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2004-08-03 20:58:40 5,504 ----a-w C:\WINDOWS\system32\dllcache\mstee.sys
+ 2008-03-25 04:50:55 264,992 ------w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2007-12-07 01:07:04 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:02:35 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-25 04:50:57 838,432 ------w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:51:09 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 355,104 ------w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2004-08-03 21:10:30 85,376 ----a-w C:\WINDOWS\system32\dllcache\nabtsfec.sys
+ 2004-08-03 21:10:14 10,880 ----a-w C:\WINDOWS\system32\dllcache\ndisip.sys
- 2007-12-07 01:07:04 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:02:35 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-12-07 01:07:05 1,495,040 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:02:37 1,495,040 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2007-12-07 01:07:05 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:02:38 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2004-08-03 21:10:18 11,136 ----a-w C:\WINDOWS\system32\dllcache\slip.sys
+ 2004-08-03 21:10:14 15,360 ----a-w C:\WINDOWS\system32\dllcache\streamip.sys
- 2007-12-07 01:07:05 617,472 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:02:39 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-18 14:41:59 417,792 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2004-08-03 22:54:44 54,784 ----a-w C:\WINDOWS\system32\dllcache\vfwwdm32.dll
- 2007-03-08 15:33:58 1,843,712 ------w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-20 08:09:22 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-12-07 01:07:05 663,552 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:02:40 663,552 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-24 20:23:55 2,864 ----a-w C:\WINDOWS\system32\dllcache\winsock.dll
- 2007-10-25 09:00:50 230,912 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-25 07:28:30 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2007-10-25 09:01:10 2,109,440 ------w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-18 19:47:22 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2004-08-03 21:10:22 19,328 ----a-w C:\WINDOWS\system32\dllcache\wstcodec.sys
- 2006-06-26 17:41:32 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:06 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-05 08:00:00 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-02-20 05:35:05 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
- 2007-12-04 14:49:02 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2007-12-04 14:56:02 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
- 2007-12-04 14:55:46 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2007-12-04 14:53:39 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2007-12-04 14:51:52 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2004-08-03 21:10:18 17,024 ----a-w C:\WINDOWS\system32\drivers\CCDECODE.sys
+ 2004-08-03 21:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2004-08-03 20:58:40 5,504 ----a-w C:\WINDOWS\system32\drivers\MSTEE.sys
+ 2004-08-03 21:10:30 85,376 ----a-w C:\WINDOWS\system32\drivers\NABTSFEC.sys
+ 2004-08-03 21:10:14 10,880 ----a-w C:\WINDOWS\system32\drivers\NdisIP.sys
+ 2004-08-05 08:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
+ 2006-12-05 09:34:42 507,136 ----a-w C:\WINDOWS\system32\drivers\PFC027.SYS
- 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
+ 2004-08-03 21:10:18 11,136 ----a-w C:\WINDOWS\system32\drivers\SLIP.sys
+ 2004-08-03 21:10:14 15,360 ----a-w C:\WINDOWS\system32\drivers\StreamIP.sys
+ 2006-10-18 19:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
+ 2006-10-18 18:00:00 38,528 ------w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2004-08-03 21:10:22 19,328 ----a-w C:\WINDOWS\system32\drivers\WSTCODEC.SYS
+ 2006-09-28 16:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-28 17:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-10-18 18:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2004-08-05 08:00:00 695,296 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-18 19:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
- 2007-12-07 01:07:03 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:02:28 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 01:07:03 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:02:28 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 01:07:04 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:02:28 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-03-27 17:18:29 346,608 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-13 12:33:20 365,712 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-06-19 13:32:25 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-02-20 06:51:00 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2007-12-07 01:07:04 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:02:29 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-12-07 01:07:04 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:02:29 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2004-09-29 22:43:43 24,681 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2004-09-29 22:43:43 28,779 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-12-07 01:07:04 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:02:29 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2004-08-05 08:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
- 2004-08-05 08:00:00 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-18 19:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2004-08-05 08:00:00 103,936 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-18 18:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2004-08-05 08:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2008-03-24 18:21:00 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-24 18:21:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2003-03-18 20:20:00 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.dll
+ 2005-04-03 18:56:16 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
+ 2006-10-18 19:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2004-08-05 08:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
+ 2006-10-18 19:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-05 08:00:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-18 19:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-18 19:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-05 08:00:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-18 19:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-18 19:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-05 08:00:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-18 19:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
- 2008-03-05 07:30:56 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2006-10-02 13:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 2004-08-05 08:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-05 08:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2007-12-07 14:37:06 3,080,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:02:34 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 01:07:04 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:02:34 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-05 08:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-08-05 08:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-05 08:00:00 184,351 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-25 04:51:08 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2004-08-05 08:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-05 08:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-05 08:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-05 08:00:00 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-18 19:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-08-05 08:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-05 08:00:00 52,736 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
+ 2006-10-18 19:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2004-08-05 08:00:00 201,728 ----a-w C:\WINDOWS\system32\mspmsp.dll
+ 2006-10-18 19:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2007-12-07 01:07:04 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:02:34 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-05 08:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-05 08:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-05 08:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-05 08:00:00 356,352 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2006-12-04 14:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
- 2004-08-05 08:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2007-12-07 01:07:04 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:02:35 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-05 08:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-05 08:00:00 246,272 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2006-10-18 19:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
- 2004-08-05 08:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:51:09 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-05 08:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2006-10-12 09:57:32 14,336 ----a-w C:\WINDOWS\system32\P207USD.dll
- 2008-02-20 17:36:31 53,634 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-10 16:03:13 53,634 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-02-20 17:36:32 64,682 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-04-10 16:03:14 64,682 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-02-20 17:36:32 381,890 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-10 16:03:14 381,890 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-02-20 17:36:32 446,804 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-04-10 16:03:14 446,804 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2007-12-07 01:07:04 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:02:35 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2006-10-18 19:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-18 19:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-18 19:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-18 19:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 19:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2004-08-05 08:00:00 237,568 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-18 19:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-11-03 08:59:22 48,128 ----a-w C:\WINDOWS\system32\Remove.exe
- 2007-12-07 01:07:05 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:02:37 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-12-07 01:07:05 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2004-08-05 08:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
- 2007-03-06 01:34:33 15,072 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll
+ 2005-03-04 04:00:00 2,726 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAIFACE.DAT
+ 2001-07-22 01:57:08 1,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPNDDE3O.DAT
+ 2005-03-04 04:00:00 2,726 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx380035be\E_FAIFACE.DAT
- 2005-06-28 09:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-25 15:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2005-03-20 12:43:38 2,368 ----a-w C:\WINDOWS\system32\STEC3.sys
- 2007-12-07 01:07:05 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:02:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2006-10-18 19:58:00 8,704 ------w C:\WINDOWS\system32\uwdf.exe
- 2004-08-05 08:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:41:59 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2004-08-03 22:54:44 54,784 ----a-w C:\WINDOWS\system32\vfwwdm32.dll
+ 2004-08-05 08:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
+ 2006-10-18 19:47:18 4,096 ------w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-18 19:58:00 8,704 ------w C:\WINDOWS\system32\wdfmgr.exe
- 2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2008-03-20 08:09:22 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
- 2007-12-07 01:07:05 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-21 07:02:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-03-24 20:23:55 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2004-08-05 08:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
- 2004-08-05 08:00:00 408,064 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-18 19:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2004-08-05 08:00:00 670,720 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-18 19:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2007-10-25 09:00:50 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-25 07:28:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2004-08-05 08:00:00 27,136 ----a-w C:\WINDOWS\system32\wmdmlog.dll
+ 2006-10-18 19:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2004-08-05 08:00:00 23,552 ----a-w C:\WINDOWS\system32\wmdmps.dll
+ 2006-10-18 19:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
+ 2006-10-18 19:47:18 429,056 ------w C:\WINDOWS\system32\wmdrmdev.dll
+ 2006-10-18 19:47:20 348,672 ------w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-18 19:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-08-05 08:00:00 200,704 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-11-03 07:58:42 272,384 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2004-08-05 08:00:00 151,552 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-18 19:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2004-08-05 08:00:00 1,050,624 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-18 19:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2007-04-30 01:22:16 4,734,976 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-11 21:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-05 08:00:00 114,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-18 19:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-08-05 08:00:00 233,472 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-18 19:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-18 19:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
+ 2006-10-18 19:47:20 1,661,440 ------w C:\WINDOWS\system32\wmpencen.dll
- 2004-08-05 08:00:00 2,985,984 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-11-03 08:03:34 8,292,352 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-18 19:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-18 19:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-08-05 08:00:00 102,400 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-11-03 07:59:06 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-18 19:47:20 204,288 ------w C:\WINDOWS\system32\wmpsrcwp.dll
- 2004-08-05 08:00:00 759,296 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2004-08-05 08:00:00 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2004-08-05 08:00:00 484,864 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-18 19:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2004-08-05 08:00:00 896,512 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-18 19:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2005-03-04 11:11:04 1,218,808 ----a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
+ 2006-10-18 19:47:22 4,096 ------w C:\WINDOWS\system32\WMVADVE.DLL
- 2007-10-25 09:01:10 2,109,440 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 19:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 19:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2004-08-05 08:00:00 809,984 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2004-08-05 08:00:00 1,001,472 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 19:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-18 19:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-18 19:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-18 19:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
+ 2004-08-05 08:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
+ 2006-10-18 19:47:22 629,760 ------w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-18 19:47:22 35,840 ------w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-18 19:47:22 154,624 ------w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-18 19:47:22 63,488 ------w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-18 19:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll

jlpjlp · Answer

recolle un rapport hijackhtis et dis si encore des soucis

jlpjlp · Answer

ok c'est bon signe si otmovit a rien trouvé

mets a jour internet explorer:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

_____________________

pour virer ce que l'on a utilisé:


Télécharge ToolsCleaner sur ton bureau. 
-->  http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 

ps : pas besoin de m´envoyer le rapport si tout a ete supprimer ;-) 
















voilà c'est fini et bon pour toi!!!!!!






pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

AVAST en français   ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation  : il suffit de faire "update" pour mettre à jour tous les mois  et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version 
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) 

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

 https://forum.pcastuces.com/sujet.asp?f=25&s=35606 
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus  touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/

Besoin d'aide pour un cheval de troie

10 réponses

Votre réponse

Discussions similaires

Newsletters