Sujet Précédent Sujet Suivant

Publicité - log hijack

Fermé
anncé - 11 juin 2008 à 19:48
Anncekwe Messages postés 17 Date d'inscription mercredi 11 juin 2008 Statut Membre Dernière intervention 12 juin 2008 - 12 juin 2008 à 13:11
Bonjour,
je suis sur lordinateur de mon frère, je ne sais pas trop ce qu il en a fait mais part totalement en co*****!!!

En gros, des pubs s invitent dès l ouverture d internet et des alertes virus se pop up de partout sans qu on leur ai demandé leur avis :) j ai lu plusieurs sujets sur la grandeur de hijack this et surtout de vous qui aidez les internautes à régler leur problème ... je vous mets le log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:26, on 11/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vcsron\Vcsron.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pierre Etienne\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BM1f4fa228] Rundll32.exe "C:\WINDOWS\system32\sjxeciwg.dll",s
O4 - HKLM\..\Run: [1c7c91b4] rundll32.exe "C:\WINDOWS\system32\ynrflbrj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Pierre Etienne\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [Vcsron] C:\Program Files\Vcsron\Vcsron.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


j'espère que vous allez pouvoir m'aider, et surtout mon frère ...

merci !!!
A voir également:

24 réponses

  • 1
  • 2
Réponse 1 / 24
Utilisateur anonyme
11 juin 2008 à 19:55
Salut ,


Préalable
• Vider la corbeille
• Fermer toutes les applications

================NAVILOG====================

Télécharge ceci http://il.mafioso.pagesperso-orange.fr/Navifix/download.htm

prend navilog1.exe

Choisir option 1 uniquement

Ensuite suit ce tutorial :http://www.commentcamarche.net/faq/sujet 2490 popups ouverture de fenetres internet publicitaires pop up#premiere methode utiliser navilog d il mafioso sous xp

Et enfin post le rapport du scan navilog
0
Anncé
11 juin 2008 à 20:50
Voici ce que s dit Navilog :

Search Navipromo version 3.5.8 commencé le mer. 11/06/2008 à 20:42:29,06

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Pierre Etienne"

Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Pierre Etienne\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Pierre Etienne\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Pierre Etienne\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Pierre Etienne\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Pierre Etienne\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\jklUFfhk.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\nqpYxGgh.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le mer. 11/06/2008 à 20:49:01,23 ***

...
0
Réponse 2 / 24
Utilisateur anonyme
11 juin 2008 à 21:02
ok infection vundo :

Telecharge malwarebytes

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

ps : les rapport sont aussi rangé dans l onglet rapport/log
0
Réponse 3 / 24
Anncekwe Messages postés 17 Date d'inscription mercredi 11 juin 2008 Statut Membre Dernière intervention 12 juin 2008
11 juin 2008 à 21:42
Voici voici !

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 848

21:37:50 11/06/2008
mbam-log-6-11-2008 (21-37-50).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 146634
Temps écoulé: 23 minute(s), 27 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
C:\Program Files\Vcsron\Vcsron.exe (Trojan.Clicker) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\cawsefvy.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\hgGxYpqn.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ynrflbrj.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ssqPifgE.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08ec49cb-ce31-4404-9248-49dbe791eb26} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{08ec49cb-ce31-4404-9248-49dbe791eb26} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{48bb0056-8aa7-4843-95fc-0c32438fd5c9} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48bb0056-8aa7-4843-95fc-0c32438fd5c9} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqpifge (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1c7c91b4 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vcsron (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SfKg6w (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM1f4fa228 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{48bb0056-8aa7-4843-95fc-0c32438fd5c9} (Trojan.Vundo) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggxypqn -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggxypqn


je m'en remets à ton grd savoir pour me dire si c bon :) (je lèche les bottes ici loool)

un grand merci en tous cas !!
0
Réponse 4 / 24
Utilisateur anonyme
11 juin 2008 à 21:54
IL nous reste plusieures etapes :


réouvre malewarebyte
va sur quarantaine
supprime tout

Télécharge clean.zip, de Malekal
http://www.malekal.com/download/clean.zip



(1) Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

(2) Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd

une fenêtre noire va apparaître pendant un instant, laisse la ouverte.

(3) Choisis l'option 1 puis patiente
Poste le rapport obtenu


pour retrouver le rapport : double clique sur > C > double clique sur " rapport_clean txt.
et copie/colle le sur ta prochaine réponse .

Ne passe pas à l'option 2 sans notre avis !
0
Anncekwe Messages postés 17 Date d'inscription mercredi 11 juin 2008 Statut Membre Dernière intervention 12 juin 2008
11 juin 2008 à 22:03
Okay, je viens de lancer le tout, j'ai aussi envoyé le fichier upload_moi etc. à l'adresse indiquée, mais maintenant, je fais quoi ? :-/
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
jorginho67 Messages postés 14716 Date d'inscription mardi 11 septembre 2007 Statut Contributeur sécurité Dernière intervention 11 février 2011 1 169
11 juin 2008 à 22:02
Salut ;-)

Pour MBAM , les fichiers ou il est mentionné Delete on reboot. ...

Il faut redémarrer l'ordi pour que la suppression soit effective..

En vidant uniquement la quarantaine, ces fichiers ne s'effaceront pas, et si Anncekwe est du genre a laisser le pc 24 sur 24 allumé....

@+
0
Anncekwe Messages postés 17 Date d'inscription mercredi 11 juin 2008 Statut Membre Dernière intervention 12 juin 2008
11 juin 2008 à 22:04
j'ai redémarré l'ordi aussi :)

je suis à la lettre ce qu'on me dit de faire :)
0
Réponse 6 / 24
Utilisateur anonyme
11 juin 2008 à 22:09
merci jorginho

anncekwe envoi le rapport clean stp ici

pour retrouver le rapport : double clique sur > C > double clique sur " rapport_clean txt.
0
Réponse 7 / 24
Anncekwe Messages postés 17 Date d'inscription mercredi 11 juin 2008 Statut Membre Dernière intervention 12 juin 2008
11 juin 2008 à 22:14
voilà ..


mer. 11/06/2008 a 21:58:02,31

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\starter.exe FOUND

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !


c normal qu'il y ait si peu ? j'ai pas zappé un truc ?
0
Réponse 8 / 24
Utilisateur anonyme
11 juin 2008 à 22:18
non c normal

réouvre clean et passe l option 2

puis envoi le rapport clean + un nouveau rapport hijackthis stp
0
Anncekwe Messages postés 17 Date d'inscription mercredi 11 juin 2008 Statut Membre Dernière intervention 12 juin 2008
11 juin 2008 à 22:23
le rapport clean :

Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec mer. 11/06/2008 a 22:18:53,59

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\starter.exe

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !


le raport hijack this :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:10, on 11/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Pierre Etienne\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: {18a5083a-85ef-8d08-11a4-ea54ab184fd7} - {7df481ba-45ae-4a11-80d8-fe58a3805a81} - C:\WINDOWS\system32\qtykqllo.dll
O2 - BHO: (no name) - {BFCC6B77-7554-4336-B936-3A84A7C3EF0D} - C:\WINDOWS\system32\khfFUlkj.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: hgGyvsts - hgGyvsts.dll (file missing)
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
0
Réponse 9 / 24
jorginho67 Messages postés 14716 Date d'inscription mardi 11 septembre 2007 Statut Contributeur sécurité Dernière intervention 11 février 2011 1 169
11 juin 2008 à 22:23
Chiquitine, L'option 2 de cleanzip se fait en MODE SANS ECHEC ;-))


Anncekwe

Je te conseille de copie/coler ce texte et de l'enregister sur ton bureau !

noirci le texte a l'aide de ta souris, puis clic droit > copier!
fais un clic droit sur ton bureau et selectionnes > nouveau > doccument texte
colles le texte dans le blocnotes !
laisse le sur le bureau .

Important: tu n'auras pas accès à Internet à partir du moment ou te redémarrera en mode sans échec)
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection

1) Redémarre en mode sans échec
comment demarrer en mode sans echec en images

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuyer sur la touche [F8] ou [F5] jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuyer sur [Entrée]
Il te faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.

2) Cleanzip

_ Ouvre le dossier Clean qui se trouve sur ton bureau.
_ Double-clique sur clean.cmd.
Une fenêtre noire va apparaître,

choisis l'option 2.
Clean va maintenant supprimer les fichiers infectés,

3) Rapport
_ Appuis sur la touche ENTREE du clavier pour ouvrir le rapport. tu l'enregistrer si besoin.
(menu Edition / Enregistrer sous).
Sans quoi le rapport sera quand même sauvegardé dans le fichier suivant :
"rapport_clean.txt" à la racine de ton disque dur (ex : C:\rapport_clean.txt).

Comment faire ?

Redémarre en mode normal et poste le rapport qui se trouve ici C:\rapport_clean.txt

@+
0
Réponse 10 / 24
jorginho67 Messages postés 14716 Date d'inscription mardi 11 septembre 2007 Statut Contributeur sécurité Dernière intervention 11 février 2011 1 169
11 juin 2008 à 22:26
edit...

Bien vu Anncekwe, tu connaissait la manip' pour clean ?

Bon, je vous laisse...
0
Réponse 11 / 24
Utilisateur anonyme
11 juin 2008 à 22:27
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe


-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 12 / 24
Anncekwe Messages postés 17 Date d'inscription mercredi 11 juin 2008 Statut Membre Dernière intervention 12 juin 2008
11 juin 2008 à 22:28
eeeuh alors là non, ca s'est fait tout seul faut croire :)

je ne dois pas le refaire alors ? paske j'ai recommencé en mode sans echec (là je suis sur mon pc)
0
jorginho67 Messages postés 14716 Date d'inscription mardi 11 septembre 2007 Statut Contributeur sécurité Dernière intervention 11 février 2011 1 169
11 juin 2008 à 22:30
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec mer. 11/06/2008 a 22:18:53,59

Pas la peine de le refaire ;-))

Je te laisse avec Chiquitine

@+
0
Réponse 13 / 24
Utilisateur anonyme
11 juin 2008 à 22:31
non c bon pour clean passe a combofix
0
Anncekwe Messages postés 17 Date d'inscription mercredi 11 juin 2008 Statut Membre Dernière intervention 12 juin 2008
11 juin 2008 à 22:53
Voilà le rapport combofix :

ComboFix 08-06-10.5 - Pierre Etienne 2008-06-11 22:37:49.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.595 [GMT 2:00]
Endroit: C:\Documents and Settings\Pierre Etienne\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM1f4fa228.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cawsefvy.dll
C:\WINDOWS\system32\dgtkxnye.dll
C:\WINDOWS\system32\fikwrhxg.dll
C:\WINDOWS\system32\hgGxYpqn.dll
C:\WINDOWS\system32\jklUFfhk.ini
C:\WINDOWS\system32\jklUFfhk.ini2
C:\WINDOWS\system32\nqpYxGgh.ini
C:\WINDOWS\system32\owbslxpd.ini
C:\WINDOWS\system32\qtykqllo.dll
C:\WINDOWS\system32\ssqPifgE.dll
C:\WINDOWS\system32\wdcqbcyi.dll
C:\WINDOWS\system32\ynrflbrj.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))))))))
.

2008-06-11 22:44 . 2008-06-11 22:45 <REP> d-------- C:\WINDOWS\LastGood
2008-06-11 22:44 . 2004-08-19 18:09 290,816 --a--c--- C:\WINDOWS\system32\dllcache\OLD12.tmp
2008-06-11 22:44 . 2004-08-19 18:09 43,520 --a--c--- C:\WINDOWS\system32\dllcache\OLDF.tmp
2008-06-11 22:44 . 2003-03-24 16:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\OLD8.tmp
2008-06-11 22:44 . 2003-03-24 16:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\OLDC.tmp
2008-06-11 21:58 . 2008-06-11 21:58 888,319 --a------ C:\upload_moi_PIERRE_ETIENNE.tar.gz
2008-06-11 21:11 . 2008-06-11 21:11 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 21:11 . 2008-06-11 21:11 <REP> d-------- C:\Documents and Settings\Pierre Etienne\Application Data\Malwarebytes
2008-06-11 21:11 . 2008-06-11 21:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-11 21:11 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-11 21:11 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-11 20:39 . 2008-06-11 20:49 <REP> d-------- C:\Program Files\Navilog1

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 19:37 --------- d-----w C:\Program Files\Vcsron
2008-06-02 08:01 --------- d-----w C:\Documents and Settings\Pierre Etienne\Application Data\Vso
2008-06-02 07:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-01 19:45 3,766 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-05-01 19:36 88 --sh--r C:\Documents and Settings\All Users\Application Data\DB8D112856.sys
2008-05-01 19:36 --------- d-----w C:\Documents and Settings\Pierre Etienne\Application Data\Corel
2008-05-01 19:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 19:35 --------- d-----w C:\Program Files\Fichiers communs\Protexis
2008-05-01 19:35 --------- d-----w C:\Program Files\Fichiers communs\InterVideo
2008-05-01 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-05-01 19:34 --------- d-----w C:\Program Files\Corel
2008-05-01 19:13 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-01 19:13 --------- d-----w C:\Documents and Settings\Pierre Etienne\Application Data\SUPERAntiSpyware.com
2008-05-01 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-01 18:20 --------- d-----w C:\Program Files\InterActual
2008-04-27 09:09 10 ----a-w C:\Program Files\.autoreg
2008-01-08 15:15 87,608 ----a-w C:\Documents and Settings\Pierre Etienne\Application Data\inst.exe
2008-01-08 15:15 47,360 ----a-w C:\Documents and Settings\Pierre Etienne\Application Data\pcouffin.sys
2007-12-22 22:08 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-12-22 22:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
2007-12-22 22:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007122220071223\index.dat
2007-12-22 22:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2006-11-11 15:02 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\system32\drivers\tcpip.sys

2006-11-19 00:59 1035264 7ba68df484b550c1f75dd80ae1d7ef67 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFCC6B77-7554-4336-B936-3A84A7C3EF0D}]
C:\WINDOWS\system32\khfFUlkj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 13:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 13:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 13:17 118784]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-11-11 21:40 1236992]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 12:23 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-08-16 12:21 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 12:20 53248]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 12:51 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 12:52 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 12:56 569413]
"CaAvTray"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" [2007-12-23 10:51 230512]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2007-12-23 10:51 185456]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24 620152]
"Adobe_ID0EYTHM"="C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"RegistryMechanic"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"MaxRecentDocs"= 15 (0xf)
"NoInstrumentation"= 0 (0x0)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGyvsts]
hgGyvsts.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 PSI_SVC_2;Protexis Licensing V2;"C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]
R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 20:09]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-13 15:01:05 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1198425630.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-06-03 12:09:17 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1212494904.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 22:44:31
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\iSafe.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\temp\RtkBtMnt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-11 22:50:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 20:49:09

Pre-Run: 13,890,863,104 octets libres
Post-Run: 13,830,131,712 octets libres

178


Windows est tjrs en train de vérifier si les fichiers windows sont restés intacts dans la procédure, c'est normal ? j'le laisse faire j'imagine ...
0
Réponse 14 / 24
Utilisateur anonyme
11 juin 2008 à 22:58
ok refais un scan hijackthis et post le rapport stp
0
Réponse 15 / 24
Anncekwe Messages postés 17 Date d'inscription mercredi 11 juin 2008 Statut Membre Dernière intervention 12 juin 2008
11 juin 2008 à 23:04
Okidoki here it is :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:10, on 11/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Pierre Etienne\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {BFCC6B77-7554-4336-B936-3A84A7C3EF0D} - C:\WINDOWS\system32\khfFUlkj.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: hgGyvsts - hgGyvsts.dll (file missing)
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
0
Réponse 16 / 24
Utilisateur anonyme
11 juin 2008 à 23:26
Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\dllcache\OLD12.tmp
C:\WINDOWS\system32\dllcache\OLDF.tmp
C:\WINDOWS\system32\dllcache\OLD8.tmp
C:\WINDOWS\system32\dllcache\OLDC.tmp
C:\upload_moi_PIERRE_ETIENNE.tar.gz
C:\WINDOWS\system32\khfFUlkj.dll

Folder::
C:\Program Files\Navilog1

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFCC6B77-7554-4336-B936-3A84A7C3EF0D}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGyvsts]







Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
0
Anncekwe Messages postés 17 Date d'inscription mercredi 11 juin 2008 Statut Membre Dernière intervention 12 juin 2008
11 juin 2008 à 23:42
Rapport de Combo Fix :

ComboFix 08-06-10.5 - Pierre Etienne 2008-06-11 23:33:40.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.562 [GMT 2:00]
Endroit: C:\Documents and Settings\Pierre Etienne\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pierre Etienne\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\upload_moi_PIERRE_ETIENNE.tar.gz
C:\WINDOWS\system32\dllcache\OLD12.tmp
C:\WINDOWS\system32\dllcache\OLD8.tmp
C:\WINDOWS\system32\dllcache\OLDC.tmp
C:\WINDOWS\system32\dllcache\OLDF.tmp
C:\WINDOWS\system32\khfFUlkj.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Pierre Etienne\Application Data\inst.exe
C:\Documents and Settings\Pierre Etienne\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Pierre Etienne\Local Settings\Temporary Internet Files\CPV.stt
C:\Program Files\Navilog1
C:\Program Files\Navilog1\catchme.exe
C:\Program Files\Navilog1\GetPaths.exe
C:\Program Files\Navilog1\gnc.exe
C:\Program Files\Navilog1\navilog1.bat
C:\Program Files\Navilog1\navreb.bat
C:\Program Files\Navilog1\oem2ansi.exe
C:\Program Files\Navilog1\Process.exe
C:\Program Files\Navilog1\reboot.exe
C:\Program Files\Navilog1\recherok.txt
C:\Program Files\Navilog1\reg.exe
C:\Program Files\Navilog1\regnavi.reg
C:\Program Files\Navilog1\traite.bat
C:\Program Files\Navilog1\traite2.bat
C:\Program Files\Navilog1\traite3.bat
C:\Program Files\Navilog1\unins000.dat
C:\Program Files\Navilog1\unins000.exe
C:\upload_moi_PIERRE_ETIENNE.tar.gz
C:\WINDOWS\system32\dllcache\OLD12.tmp
C:\WINDOWS\system32\dllcache\OLD8.tmp
C:\WINDOWS\system32\dllcache\OLDC.tmp
C:\WINDOWS\system32\dllcache\OLDF.tmp

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))))))))
.

2008-06-11 23:07 . 2001-08-17 21:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-06-11 23:06 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-06-11 23:05 . 2004-08-19 18:09 466,944 --a--c--- C:\WINDOWS\system32\dllcache\OLD986.tmp
2008-06-11 23:04 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-06-11 23:03 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-06-11 23:02 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-06-11 23:01 . 2004-08-19 16:09 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-06-11 23:00 . 2002-09-06 21:59 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\OLD73E.tmp
2008-06-11 22:59 . 2001-08-17 21:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-06-11 22:58 . 2002-09-06 21:59 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\OLD6BD.tmp
2008-06-11 22:57 . 2004-08-04 00:31 811,064 --a--c--- C:\WINDOWS\system32\dllcache\OLD5CF.tmp
2008-06-11 22:56 . 2002-09-06 21:59 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\OLD56E.tmp
2008-06-11 22:55 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-06-11 22:54 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-06-11 22:53 . 2001-08-23 17:47 622,621 --a--c--- C:\WINDOWS\system32\dllcache\digiview.exe
2008-06-11 22:52 . 2002-09-06 21:59 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\OLD309.tmp
2008-06-11 22:51 . 2004-08-19 15:55 274,944 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 22:50 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-06-11 22:49 . 2004-08-19 16:09 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-06-11 22:48 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-06-11 22:47 . 2004-08-19 18:09 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\OLDA5.tmp
2008-06-11 22:47 . 2004-08-19 18:09 189,440 --a--c--- C:\WINDOWS\system32\dllcache\OLDA2.tmp
2008-06-11 22:47 . 2003-03-24 16:52 32,827 --a--c--- C:\WINDOWS\system32\dllcache\OLDAC.tmp
2008-06-11 22:47 . 2003-03-24 16:52 20,536 --a--c--- C:\WINDOWS\system32\dllcache\OLD9B.tmp
2008-06-11 22:47 . 2003-03-24 16:52 16,437 --a--c--- C:\WINDOWS\system32\dllcache\OLD9F.tmp
2008-06-11 22:47 . 2003-04-14 21:29 16,384 --a--c--- C:\WINDOWS\system32\dllcache\OLDB0.tmp
2008-06-11 22:47 . 2004-08-19 18:09 8,192 --a--c--- C:\WINDOWS\system32\dllcache\OLDA8.tmp
2008-06-11 22:47 . 2002-09-06 21:59 7,168 --a--c--- C:\WINDOWS\system32\dllcache\OLDB3.tmp
2008-06-11 22:45 . 2004-05-13 01:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\OLD4E.tmp
2008-06-11 22:44 . 2008-06-11 23:08 <REP> d-------- C:\WINDOWS\LastGood
2008-06-11 21:11 . 2008-06-11 21:11 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 21:11 . 2008-06-11 21:11 <REP> d-------- C:\Documents and Settings\Pierre Etienne\Application Data\Malwarebytes
2008-06-11 21:11 . 2008-06-11 21:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-11 21:11 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-11 21:11 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 19:37 --------- d-----w C:\Program Files\Vcsron
2008-06-02 08:01 --------- d-----w C:\Documents and Settings\Pierre Etienne\Application Data\Vso
2008-06-02 07:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-01 19:45 3,766 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-05-01 19:36 88 --sh--r C:\Documents and Settings\All Users\Application Data\DB8D112856.sys
2008-05-01 19:36 --------- d-----w C:\Documents and Settings\Pierre Etienne\Application Data\Corel
2008-05-01 19:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 19:35 --------- d-----w C:\Program Files\Fichiers communs\Protexis
2008-05-01 19:35 --------- d-----w C:\Program Files\Fichiers communs\InterVideo
2008-05-01 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-05-01 19:34 --------- d-----w C:\Program Files\Corel
2008-05-01 19:13 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-01 19:13 --------- d-----w C:\Documents and Settings\Pierre Etienne\Application Data\SUPERAntiSpyware.com
2008-05-01 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-01 18:20 --------- d-----w C:\Program Files\InterActual
2008-04-27 09:09 10 ----a-w C:\Program Files\.autoreg
2008-01-08 15:15 47,360 ----a-w C:\Documents and Settings\Pierre Etienne\Application Data\pcouffin.sys
2007-12-22 22:08 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-12-22 22:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
2007-12-22 22:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007122220071223\index.dat
2007-12-22 22:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2006-11-11 15:02 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\LastGood\system32\drivers\tcpip.sys
2006-11-11 15:02 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\system32\drivers\tcpip.sys

2006-11-19 00:59 1035264 7ba68df484b550c1f75dd80ae1d7ef67 C:\WINDOWS\explorer.exe
2006-11-19 00:59 1035264 7ba68df484b550c1f75dd80ae1d7ef67 C:\WINDOWS\LastGood\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-11_22.48.32.96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-07-05 20:52:10 577,536 ----a-w C:\WINDOWS\LastGood\notepad.exe
+ 2004-08-19 14:10:04 331,264 ----a-w C:\WINDOWS\LastGood\regedit.exe
+ 2004-08-19 16:09:19 29,696 ----a-w C:\WINDOWS\LastGood\system32\dllcache\admexs.dll
+ 2003-03-24 14:52:04 16,439 ----a-w C:\WINDOWS\LastGood\system32\dllcache\admin.exe
+ 2004-08-19 16:09:19 43,520 ----a-w C:\WINDOWS\LastGood\system32\dllcache\admwprox.dll
+ 2002-09-06 19:59:59 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\admxprox.dll
+ 2002-09-06 19:59:59 50,176 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adrot.dll
+ 2004-08-19 16:09:19 290,816 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adsiis51.dll
+ 2004-08-19 16:09:19 110,080 ----a-w C:\WINDOWS\LastGood\system32\dllcache\appconf.dll
+ 2004-08-19 16:09:19 334,336 ----a-w C:\WINDOWS\LastGood\system32\dllcache\aqueue.dll
+ 2006-12-13 11:52:44 377,344 ----a-w C:\WINDOWS\LastGood\system32\dllcache\asp51.dll
+ 2002-09-06 19:59:59 10,240 ----a-w C:\WINDOWS\LastGood\system32\dllcache\aspperf.dll
+ 2002-09-06 19:59:59 29,184 ----a-w C:\WINDOWS\LastGood\system32\dllcache\asptxn.dll
+ 2002-09-06 19:59:59 9,216 ----a-w C:\WINDOWS\LastGood\system32\dllcache\authfilt.dll
+ 2003-03-24 14:52:04 20,540 ----a-w C:\WINDOWS\LastGood\system32\dllcache\author.dll
+ 2003-03-24 14:52:04 16,439 ----a-w C:\WINDOWS\LastGood\system32\dllcache\author.exe
+ 2002-09-06 19:59:59 45,568 ----a-w C:\WINDOWS\LastGood\system32\dllcache\browscap.dll
+ 2002-09-06 19:59:59 218,112 ----a-w C:\WINDOWS\LastGood\system32\dllcache\c_g18030.dll
+ 2002-09-06 19:59:59 6,656 ----a-w C:\WINDOWS\LastGood\system32\dllcache\c_is2022.dll
+ 2002-09-06 19:59:59 10,752 ----a-w C:\WINDOWS\LastGood\system32\dllcache\c_iscii.dll
+ 2002-09-06 19:59:59 54,528 ----a-w C:\WINDOWS\LastGood\system32\dllcache\cap7146.sys
+ 2003-03-24 14:52:04 188,480 ----a-w C:\WINDOWS\LastGood\system32\dllcache\cfgwiz.exe
+ 2002-09-06 19:59:59 10,240 ----a-w C:\WINDOWS\LastGood\system32\dllcache\change.exe
+ 2002-09-06 19:59:59 13,824 ----a-w C:\WINDOWS\LastGood\system32\dllcache\chglogon.exe
+ 2002-09-06 19:59:59 15,872 ----a-w C:\WINDOWS\LastGood\system32\dllcache\chgport.exe
+ 2002-09-06 19:59:59 14,848 ----a-w C:\WINDOWS\LastGood\system32\dllcache\chgusr.exe
+ 2002-09-06 19:59:59 1,677,824 ----a-w C:\WINDOWS\LastGood\system32\dllcache\chsbrkr.dll
+ 2002-09-06 19:59:59 838,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\chtbrkr.dll
+ 2004-08-03 22:31:51 97,792 ----a-w C:\WINDOWS\LastGood\system32\dllcache\chtmbx.dll
+ 2004-08-03 22:31:53 56,320 ----a-w C:\WINDOWS\LastGood\system32\dllcache\chtskdic.dll
+ 2004-08-03 22:31:53 173,568 ----a-w C:\WINDOWS\LastGood\system32\dllcache\chtskf.dll
+ 2004-08-03 22:31:53 198,656 ----a-w C:\WINDOWS\LastGood\system32\dllcache\cintime.dll
+ 2004-08-03 22:31:55 480,256 ----a-w C:\WINDOWS\LastGood\system32\dllcache\cintsetp.exe
+ 2004-08-19 16:09:21 47,104 ----a-w C:\WINDOWS\LastGood\system32\dllcache\coadmin.dll
+ 2004-08-19 16:09:21 24,064 ----a-w C:\WINDOWS\LastGood\system32\dllcache\compfilt.dll
+ 2002-09-06 19:59:59 33,792 ----a-w C:\WINDOWS\LastGood\system32\dllcache\controt.dll
+ 2002-09-06 19:59:59 56,832 ----a-w C:\WINDOWS\LastGood\system32\dllcache\convlog.exe
+ 2002-09-06 19:59:59 20,480 ----a-w C:\WINDOWS\LastGood\system32\dllcache\counters.dll
+ 2004-08-03 22:31:39 57,399 ----a-w C:\WINDOWS\LastGood\system32\dllcache\cplexe.exe
+ 2002-09-06 19:59:59 19,456 ----a-w C:\WINDOWS\LastGood\system32\dllcache\cprofile.exe
+ 2004-08-19 16:09:51 42,496 ----a-w C:\WINDOWS\LastGood\system32\dllcache\davcdata.exe
+ 2002-09-06 19:59:59 514,587 ----a-w C:\WINDOWS\LastGood\system32\dllcache\edb500.dll
+ 2001-08-17 18:10:54 19,996 ----a-w C:\WINDOWS\LastGood\system32\dllcache\em556n4.sys
+ 2002-09-06 19:59:59 31,744 ----a-w C:\WINDOWS\LastGood\system32\dllcache\esucmd.dll
+ 2002-09-06 19:59:59 57,856 ----a-w C:\WINDOWS\LastGood\system32\dllcache\esuimgd.dll
+ 2002-09-06 19:59:59 45,568 ----a-w C:\WINDOWS\LastGood\system32\dllcache\esunid.dll
+ 2002-09-06 19:59:59 25,856 ----a-w C:\WINDOWS\LastGood\system32\dllcache\et4000.sys
+ 2004-08-19 16:09:25 109,568 ----a-w C:\WINDOWS\LastGood\system32\dllcache\evntagnt.dll
+ 2004-08-19 16:09:53 26,112 ----a-w C:\WINDOWS\LastGood\system32\dllcache\evntcmd.exe
+ 2004-08-19 16:09:53 94,720 ----a-w C:\WINDOWS\LastGood\system32\dllcache\evntwin.exe
+ 2001-08-23 16:46:58 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_adsiisex.dll
+ 2001-08-23 16:46:58 45,056 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_aqadmin.dll
+ 2001-08-23 16:47:04 43,520 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_fcachdll.dll
+ 2001-08-23 16:47:06 65,536 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_mailmsg.dll
+ 2001-08-23 16:47:16 38,912 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_ntfsdrv.dll
+ 2001-08-23 16:47:44 23,040 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_regtrace.exe
+ 2001-08-23 16:47:16 57,856 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_scripto.dll
+ 2001-08-23 16:47:18 26,112 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_seos.dll
+ 2001-08-23 16:47:18 12,800 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_smtpctrs.dll
+ 2001-08-23 16:47:18 7,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_snprfdll.dll
+ 2004-08-19 16:09:25 14,336 ----a-w C:\WINDOWS\LastGood\system32\dllcache\exstrace.dll
+ 2002-09-06 19:59:59 7,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\f3ahvoas.dll
+ 2001-08-17 18:10:54 22,090 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fem556n5.sys
+ 2002-09-06 19:59:59 15,360 ----a-w C:\WINDOWS\LastGood\system32\dllcache\flattemp.exe
+ 2004-05-12 23:39:48 184,435 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4amsft.dll
+ 2003-03-24 14:52:04 82,035 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4anscp.dll
+ 2003-03-24 14:52:04 147,513 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4apws.dll
+ 2003-03-24 14:52:04 49,210 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4areg.dll
+ 2003-03-24 14:52:04 102,509 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4atxt.dll
+ 2003-03-24 14:52:04 41,020 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4avnb.dll
+ 2003-03-24 14:52:04 32,826 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4avss.dll
+ 2003-03-24 14:52:04 49,212 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4awebs.dll
+ 2004-05-12 23:39:48 876,653 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4awel.dll
+ 2002-05-14 12:08:54 14,608 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp98sadm.exe
+ 2002-05-14 12:08:54 109,328 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp98swin.exe
+ 2003-03-24 14:52:04 24,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpadmcgi.exe
+ 2003-03-24 14:52:04 20,541 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpadmdll.dll
+ 2003-03-24 14:52:04 188,494 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpcount.exe
+ 2002-05-14 12:08:54 94,208 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpencode.dll
+ 2003-03-24 14:52:04 20,541 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpexedll.dll
+ 2004-05-12 23:39:48 598,071 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpmmc.dll
+ 2003-04-14 19:29:34 217,088 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpmmcsat.dll
+ 2003-03-24 14:52:04 20,538 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpremadm.exe
+ 2002-09-06 19:59:59 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ftlx041e.dll
+ 2002-09-06 19:59:59 7,680 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ftpctrs2.dll
+ 2004-08-19 16:09:27 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ftpmib.dll
+ 2002-09-06 19:59:59 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ftpsapi2.dll
+ 2004-08-19 16:09:27 127,488 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ftpsv251.dll
+ 2004-08-19 16:09:27 452,096 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsapi.dll
+ 2002-09-06 19:59:59 113,664 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxscfgwz.dll
+ 2004-08-19 16:09:55 143,360 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsclnt.exe
+ 2002-09-06 19:59:59 141,312 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsclntr.dll
+ 2004-08-19 16:09:27 72,192 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxscom.dll
+ 2004-08-19 16:09:27 285,184 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxscomex.dll
+ 2004-08-19 16:09:55 238,592 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxscover.exe
+ 2004-08-19 16:09:27 27,136 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsdrv.dll
+ 2004-08-19 16:09:27 66,048 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsevent.dll
+ 2004-08-19 16:09:27 23,552 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsext32.dll
+ 2004-08-19 16:09:27 24,064 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsmon.dll
+ 2004-08-19 16:09:27 8,704 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsperf.dll
+ 2004-08-19 16:08:13 7,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsres.dll
+ 2002-09-06 19:59:59 31,744 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsroute.dll
+ 2002-09-06 19:59:59 11,776 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxssend.exe
+ 2004-08-19 16:09:27 563,712 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsst.dll
+ 2004-08-19 16:09:55 268,800 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxssvc.exe
+ 2004-08-19 16:09:27 246,272 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxst30.dll
+ 2004-08-19 16:09:27 397,312 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxstiff.dll
+ 2004-08-19 16:09:27 156,672 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsui.dll
+ 2004-08-19 16:09:27 197,120 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxswzrd.dll
+ 2004-08-19 16:09:27 400,896 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsxp32.dll
+ 2004-08-19 16:09:27 32,256 ----a-w C:\WINDOWS\LastGood\system32\dllcache\gzip.dll
+ 2002-09-06 19:59:59 36,864 ----a-w C:\WINDOWS\LastGood\system32\dllcache\hanjadic.dll
+ 2004-08-19 16:09:27 39,936 ----a-w C:\WINDOWS\LastGood\system32\dllcache\hostmib.dll
+ 2004-08-19 16:09:27 268,288 ----a-w C:\WINDOWS\LastGood\system32\dllcache\httpext.dll
+ 2004-08-19 16:09:27 8,192 ----a-w C:\WINDOWS\LastGood\system32\dllcache\httpmb51.dll
+ 2004-08-19 16:09:27 62,464 ----a-w C:\WINDOWS\LastGood\system32\dllcache\httpod51.dll
+ 2002-09-06 19:59:59 10,096,640 ----a-w C:\WINDOWS\LastGood\system32\dllcache\hwxcht.dll
+ 2002-09-06 19:59:59 13,463,552 ----a-w C:\WINDOWS\LastGood\system32\dllcache\hwxjpn.dll
+ 2002-09-06 19:59:59 10,129,408 ----a-w C:\WINDOWS\LastGood\system32\dllcache\hwxkor.dll
+ 2004-08-19 16:09:27 25,088 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisadmin.dll
+ 2004-08-19 16:09:27 145,408 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iische51.dll
+ 2002-09-06 19:59:59 60,928 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisclex4.dll
+ 2002-09-06 19:59:59 19,456 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iiscrmap.dll
+ 2004-08-19 16:09:27 68,608 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisext51.dll
+ 2004-08-19 16:09:27 7,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisfecnv.dll
+ 2004-08-19 16:09:27 79,872 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iislog51.dll
+ 2004-08-19 16:09:27 64,512 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iismap.dll
+ 2002-09-06 19:59:59 3,584 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iismui.dll
+ 2002-09-06 19:59:59 14,848 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisreset.exe
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisrstap.dll
+ 2004-08-19 16:09:55 31,232 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisrstas.exe
+ 2004-08-19 16:09:27 133,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisrtl.dll
+ 2002-09-06 19:59:59 6,656 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iissync.exe
+ 2002-09-06 19:59:59 173,056 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisui.dll
+ 2004-08-03 23:04:37 106,496 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imekrcic.dll
+ 2004-08-03 23:04:33 86,016 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imekrmbx.dll
+ 2002-09-06 19:59:59 44,032 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imekrmig.exe
+ 2002-09-06 19:59:59 102,463 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imepadsm.dll
+ 2002-09-06 19:59:59 311,359 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imepadsv.exe
+ 2004-08-03 22:31:49 811,064 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjp81k.dll
+ 2004-08-03 22:31:51 368,696 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjpcic.dll
+ 2004-08-03 22:31:51 716,856 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjpcus.dll
+ 2002-09-06 19:59:59 57,398 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjpdadm.exe
+ 2004-08-03 22:31:53 81,976 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjpdct.dll
+ 2004-08-03 22:31:53 307,257 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjpdct.exe
+ 2004-08-03 22:31:55 155,705 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjpdsvr.exe
+ 2004-08-03 22:31:57 196,665 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjpinst.exe
+ 2004-08-03 22:31:59 208,952 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjpmig.exe
+ 2004-08-03 22:32:11 233,527 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjprw.exe
+ 2002-09-06 19:59:59 45,109 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjpuex.exe
+ 2004-08-03 22:32:15 262,200 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjputy.exe
+ 2004-08-03 22:32:15 274,489 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjputyc.dll
+ 2002-09-06 19:59:59 59,904 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imkrinst.exe
+ 2004-08-03 22:32:27 102,456 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imlang.dll
+ 2004-08-03 22:31:49 59,392 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imscinst.exe
+ 2002-09-06 19:59:59 471,102 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imskdic.dll
+ 2002-09-06 19:59:59 315,452 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imskf.dll
+ 2004-08-19 16:09:55 15,872 ----a-w C:\WINDOWS\LastGood\system32\dllcache\inetin51.exe
+ 2004-08-19 16:09:29 842,240 ----a-w C:\WINDOWS\LastGood\system32\dllcache\inetmgr.dll
+ 2002-09-06 19:59:59 7,680 ----a-w C:\WINDOWS\LastGood\system32\dllcache\inetmgr.exe
+ 2002-09-06 19:59:59 19,968 ----a-w C:\WINDOWS\LastGood\system32\dllcache\inetsloc.dll
+ 2004-08-19 16:09:29 13,312 ----a-w C:\WINDOWS\LastGood\system32\dllcache\infoadmn.dll
+ 2004-08-19 16:09:29 257,024 ----a-w C:\WINDOWS\LastGood\system32\dllcache\infocomm.dll
+ 2002-09-06 19:59:59 8,704 ----a-w C:\WINDOWS\LastGood\system32\dllcache\infoctrs.dll
+ 2004-08-19 16:09:31 36,864 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iprip.dll
+ 2002-09-06 19:59:59 7,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\isapips.dll
+ 2004-08-19 16:09:31 68,608 ----a-w C:\WINDOWS\LastGood\system32\dllcache\isatq.dll
+ 2004-08-19 16:09:31 27,648 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iscomlog.dll
+ 2002-09-06 19:59:59 9,216 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iwrps.dll
+ 2002-09-06 19:59:59 18,432 ----a-w C:\WINDOWS\LastGood\system32\dllcache\jupiw.dll
+ 2002-09-06 19:59:59 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbd101.dll
+ 2002-09-06 19:59:59 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbd101a.dll
+ 2002-09-06 19:59:59 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbd106n.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbda1.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbda2.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbda3.dll
+ 2002-09-06 19:59:59 5,120 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdarme.dll
+ 2002-09-06 19:59:59 5,120 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdarmw.dll
+ 2002-09-06 19:59:59 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdax2.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbddiv1.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbddiv2.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdfa.dll
+ 2002-09-06 19:59:59 5,120 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdgeo.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdheb.dll
+ 2002-09-06 19:59:59 7,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdibm02.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdindev.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdinguj.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdinhin.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdinkan.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdinmar.dll
+ 2002-09-06 19:59:59 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdinpun.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdintam.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdintel.dll
+ 2002-09-06 19:59:59 6,656 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdlk41a.dll
+ 2002-09-06 19:59:59 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdlk41j.dll
+ 2002-09-06 19:59:59 7,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdnec95.dll
+ 2002-09-06 19:59:59 9,216 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdnecat.dll
+ 2002-09-06 19:59:59 7,680 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdnecnt.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdsyr1.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdsyr2.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdth0.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdth1.dll
+ 2002-09-06 19:59:59 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdth2.dll
+ 2002-09-06 19:59:59 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdth3.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdurdu.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdusa.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdvntc.dll
+ 2002-09-06 19:59:59 70,656 ----a-w C:\WINDOWS\LastGood\system32\dllcache\korwbrkr.dll
+ 2004-08-19 16:09:31 33,792 ----a-w C:\WINDOWS\LastGood\system32\dllcache\lmmib2.dll
+ 2002-09-06 19:59:59 22,016 ----a-w C:\WINDOWS\LastGood\system32\dllcache\logscrpt.dll
+ 2004-08-19 16:09:31 13,312 ----a-w C:\WINDOWS\LastGood\system32\dllcache\lonsint.dll
+ 2004-08-19 16:09:31 23,040 ----a-w C:\WINDOWS\LastGood\system32\dllcache\lpdsvc.dll
+ 2004-08-19 16:09:31 19,456 ----a-w C:\WINDOWS\LastGood\system32\dllcache\lprmon.dll
+ 2004-08-19 16:09:31 37,888 ----a-w C:\WINDOWS\LastGood\system32\dllcache\md5filt.dll
+ 2002-09-06 19:59:59 26,624 ----a-w C:\WINDOWS\LastGood\system32\dllcache\mdsync.dll
+ 2004-08-19 16:09:31 86,016 ----a-w C:\WINDOWS\LastGood\system32\dllcache\metada51.dll
+ 2002-09-06 19:59:59 92,032 ----a-w C:\WINDOWS\LastGood\system32\dllcache\mga.dll
+ 2002-09-06 19:59:59 92,416 ----a-w C:\WINDOWS\LastGood\system32\dllcache\mga.sys
+ 2002-09-06 19:59:59 34,816 ----a-w C:\WINDOWS\LastGood\system32\dllcache\migisol.exe
+ 2006-12-13 11:50:36 8,704 ----a-w C:\WINDOWS\LastGood\system32\dllcache\migregdb.exe
+ 2002-09-06 19:59:59 98,304 ----a-w C:\WINDOWS\LastGood\system32\dllcache\msir3jp.dll
+ 2004-08-19 16:09:59 40,960 ----a-w C:\WINDOWS\LastGood\system32\dllcache\msiregmv.exe
+ 2002-09-06 19:59:59 111,104 ----a-w C:\WINDOWS\LastGood\system32\dllcache\mtstocom.exe
+ 2002-09-06 19:59:59 229,439 ----a-w C:\WINDOWS\LastGood\system32\dllcache\multibox.dll
+ 2002-09-06 19:59:59 53,248 ----a-w C:\WINDOWS\LastGood\system32\dllcache\nextlink.dll
+ 2004-08-19 16:09:37 45,056 ----a-w C:\WINDOWS\LastGood\system32\dllcache\nsepm.dll
+ 2004-08-03 22:32:11 15,872 ----a-w C:\WINDOWS\LastGood\system32\dllcache\padrs404.dll
+ 2002-09-06 19:59:59 36,927 ----a-w C:\WINDOWS\LastGood\system32\dllcache\padrs411.dll
+ 2002-09-06 19:59:59 14,336 ----a-w C:\WINDOWS\LastGood\system32\dllcache\padrs412.dll
+ 2004-08-03 22:31:49 15,360 ----a-w C:\WINDOWS\LastGood\system32\dllcache\padrs804.dll
+ 2002-09-06 19:59:59 31,744 ----a-w C:\WINDOWS\LastGood\system32\dllcache\pagecnt.dll
+ 2002-09-06 19:59:59 20,992 ----a-w C:\WINDOWS\LastGood\system32\dllcache\permchk.dll
+ 2004-08-03 22:31:49 175,104 ----a-w C:\WINDOWS\LastGood\system32\dllcache\pintlcsa.dll
+ 2004-08-03 22:31:49 53,760 ----a-w C:\WINDOWS\LastGood\system32\dllcache\pintlcsd.dll
+ 2004-08-03 22:31:49 70,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\pintlphr.exe
+ 2004-08-03 22:31:49 67,584 ----a-w C:\WINDOWS\LastGood\system32\dllcache\pmigrate.dll
+ 2002-09-06 19:59:59 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\pmxgl.dll
+ 2002-09-06 19:59:59 11,264 ----a-w C:\WINDOWS\LastGood\system32\dllcache\pmxmcro.dll
+ 2002-09-06 19:59:59 131,584 ----a-w C:\WINDOWS\LastGood\system32\dllcache\pmxviceo.dll
+ 2004-08-19 16:09:39 7,680 ----a-w C:\WINDOWS\LastGood\system32\dllcache\pwsdata.dll
+ 2002-09-06 19:59:59 10,240 ----a-w C:\WINDOWS\LastGood\system32\dllcache\query.exe
+ 2002-09-06 19:59:59 16,896 ----a-w C:\WINDOWS\LastGood\system32\dllcache\quser.exe
+ 2004-08-03 23:00:51 20,736 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ramdisk.sys
+ 2002-09-06 19:59:59 15,360 ----a-w C:\WINDOWS\LastGood\system32\dllcache\register.exe
+ 2004-08-19 16:09:39 4,096 ----a-w C:\WINDOWS\LastGood\system32\dllcache\rpcref.dll
+ 2002-09-06 19:59:59 25,088 ----a-w C:\WINDOWS\LastGood\system32\dllcache\rw001ext.dll
+ 2002-09-06 19:59:59 26,624 ----a-w C:\WINDOWS\LastGood\system32\dllcache\rw330ext.dll
+ 2002-09-06 19:59:59 81,408 ----a-w C:\WINDOWS\LastGood\system32\dllcache\rwia001.dll
+ 2002-09-06 19:59:59 81,408 ----a-w C:\WINDOWS\LastGood\system32\dllcache\rwia330.dll
+ 2004-08-19 16:09:39 9,728 ----a-w C:\WINDOWS\LastGood\system32\dllcache\rwnh.dll
+ 2004-08-19 16:09:41 221,696 ----a-w C:\WINDOWS\LastGood\system32\dllcache\seo.dll
+ 2003-03-24 14:52:04 20,536 ----a-w C:\WINDOWS\LastGood\system32\dllcache\shtml.dll
+ 2003-03-24 14:52:04 16,437 ----a-w C:\WINDOWS\LastGood\system32\dllcache\shtml.exe
+ 2002-09-06 19:59:59 18,944 ----a-w C:\WINDOWS\LastGood\system32\dllcache\simptcp.dll
+ 2002-09-06 19:59:59 25,088 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm59w.dll
+ 2002-09-06 19:59:59 30,208 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm81w.dll
+ 2002-09-06 19:59:59 30,208 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm87w.dll
+ 2002-09-06 19:59:59 26,112 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm89w.dll
+ 2002-09-06 19:59:59 26,112 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm8aw.dll
+ 2002-09-06 19:59:59 29,184 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm8cw.dll
+ 2002-09-06 19:59:59 26,112 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm8dw.dll
+ 2002-09-06 19:59:59 26,112 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm90w.dll
+ 2002-09-06 19:59:59 26,624 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm92w.dll
+ 2002-09-06 19:59:59 26,624 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm93w.dll
+ 2002-09-06 19:59:59 38,912 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm9aw.dll
+ 2002-09-06 19:59:59 31,744 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sma3w.dll
+ 2002-09-06 19:59:59 31,744 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smb6w.dll
+ 2004-08-19 16:10:03 236,544 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smi2smir.exe
+ 2002-09-06 19:59:59 15,872 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smierrsm.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smierrsy.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smimsgif.dll
+ 2004-08-19 16:09:41 189,440 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smtpadm.dll
+ 2004-08-19 16:09:41 10,752 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smtpapi.dll
+ 2004-08-19 16:09:43 2,134,528 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smtpsnap.dll
+ 2004-08-19 16:09:43 466,944 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smtpsvc.dll
+ 2004-08-19 16:10:03 32,768 ----a-w C:\WINDOWS\LastGood\system32\dllcache\snmp.exe
+ 2004-08-19 16:09:43 259,072 ----a-w C:\WINDOWS\LastGood\system32\dllcache\snmpcl.dll
+ 2004-08-19 16:09:43 358,400 ----a-w C:\WINDOWS\LastGood\system32\dllcache\snmpincl.dll
+ 2004-08-19 16:09:43 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\snmpmib.dll
+ 2004-08-19 16:09:43 188,416 ----a-w C:\WINDOWS\LastGood\system32\dllcache\snmpsmir.dll
+ 2002-09-06 19:59:59 10,240 ----a-w C:\WINDOWS\LastGood\system32\dllcache\snmpstup.dll
+ 2004-08-19 16:09:43 40,448 ----a-w C:\WINDOWS\LastGood\system32\dllcache\snmpthrd.dll
+ 2004-08-19 16:10:03 8,704 ----a-w C:\WINDOWS\LastGood\system32\dllcache\snmptrap.exe
+ 2002-09-06 19:59:59 143,422 ----a-w C:\WINDOWS\LastGood\system32\dllcache\softkey.dll
+ 2002-09-06 19:59:59 101,888 ----a-w C:\WINDOWS\LastGood\system32\dllcache\srusbusd.dll
+ 2004-08-19 16:09:45 45,568 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ssinc51.dll
+ 2004-08-19 16:09:45 46,592 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sspifilt.dll
+ 2002-09-06 19:59:59 16,896 ----a-w C:\WINDOWS\LastGood\system32\dllcache\status.dll
+ 2004-08-19 16:09:45 8,192 ----a-w C:\WINDOWS\LastGood\system32\dllcache\staxmem.dll
+ 2004-08-19 16:09:45 46,592 ----a-w C:\WINDOWS\LastGood\system32\dllcache\svcext51.dll
+ 2003-03-24 14:52:04 32,827 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tcptest.exe
+ 2003-04-14 19:29:34 16,384 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tcptsat.dll
+ 2002-09-06 19:59:59 13,192 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tdasync.sys
+ 2002-09-06 19:59:59 21,896 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tdipx.sys
+ 2002-09-06 19:59:59 19,464 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tdspx.sys
+ 2002-09-06 19:59:59 185,344 ----a-w C:\WINDOWS\LastGood\system32\dllcache\thawbrkr.dll
+ 2004-08-03 22:32:15 44,032 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tintlphr.exe
+ 2004-08-03 22:32:15 455,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tintsetp.exe
+ 2004-08-03 22:32:13 10,240 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tmigrate.dll
+ 2002-09-06 19:59:59 31,232 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tools.dll
+ 2002-09-06 19:59:59 14,336 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tsprof.exe
+ 2004-08-19 16:09:47 104,448 ----a-w C:\WINDOWS\LastGood\system32\dllcache\uihelper.dll
+ 2004-08-03 23:04:11 76,288 ----a-w C:\WINDOWS\LastGood\system32\dllcache\uniime.dll
+ 2004-08-03 22:32:35 426,041 ----a-w C:\WINDOWS\LastGood\system32\dllcache\voicepad.dll
+ 2004-08-03 22:32:35 86,073 ----a-w C:\WINDOWS\LastGood\system32\dllcache\voicesub.dll
+ 2002-09-06 19:59:59 48,256 ----a-w C:\WINDOWS\LastGood\system32\dllcache\w32.dll
+ 2002-09-06 19:59:59 4,608 ----a-w C:\WINDOWS\LastGood\system32\dllcache\w3ctrs51.dll
+ 2002-09-06 19:59:59 74,240 ----a-w C:\WINDOWS\LastGood\system32\dllcache\w3ext.dll
+ 2002-09-06 19:59:59 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\w3svapi.dll
+ 2004-08-19 16:09:47 366,592 ----a-w C:\WINDOWS\LastGood\system32\dllcache\w3svc.dll
+ 2004-08-19 16:09:47 77,824 ----a-w C:\WINDOWS\LastGood\system32\dllcache\wam51.dll
+ 2002-09-06 19:59:59 9,216 ----a-w C:\WINDOWS\LastGood\system32\dllcache\wamps51.dll
+ 2004-08-19 16:09:47 53,248 ----a-w C:\WINDOWS\LastGood\system32\dllcache\wamreg51.dll
+ 2002-09-06 19:59:59 7,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\wamregps.dll
+ 2002-09-06 19:59:59 41,600 ----a-w C:\WINDOWS\LastGood\system32\dllcache\weitekp9.dll
+ 2002-09-06 19:59:59 31,360 ----a-w C:\WINDOWS\LastGood\system32\dllcache\weitekp9.sys
+ 2006-11-18 22:46:47 404,992 ----a-w C:\WINDOWS\LastGood\system32\fontext.dll
+ 2006-09-28 10:56:48 50,176 ----a-w C:\WINDOWS\LastGood\system32\iexpress.exe
+ 2006-11-18 22:54:10 281,600 ----a-w C:\WINDOWS\LastGood\system32\mstask.dll
+ 2006-11-18 22:58:56 91,648 ----a-w C:\WINDOWS\LastGood\system32\mydocs.dll
+ 2006-07-05 20:52:10 577,536 ----a-w C:\WINDOWS\LastGood\system32\notepad.exe
+ 2006-11-18 22:50:51 112,640 ----a-w C:\WINDOWS\LastGood\system32\occache.dll
+ 2006-12-07 18:16:50 142,336 ----a-w C:\WINDOWS\LastGood\system32\sfc_os.dll
+ 2006-11-19 11:47:29 9,131,520 ----a-w C:\WINDOWS\LastGood\system32\shell32.dll
+ 2006-07-05 20:52:10 219,648 ----a-w C:\WINDOWS\LastGood\system32\uxtheme.dll
+ 2006-12-15 17:53:44 1,264,128 ----a-w C:\WINDOWS\LastGood\system32\winntbbu.dll
+ 2006-11-18 22:59:16 370,688 ----a-w C:\WINDOWS\LastGood\system32\zipfldr.dll
+ 2004-08-03 21:10:08 53,248 -c--a-w C:\WINDOWS\system32\dllcache\1394bus.sys
+ 2001-08-17 20:06:48 11,264 -c--a-w C:\WINDOWS\system32\dllcache\1394vdbg.sys
+ 2001-08-23 15:46:44 689,216 -c--a-w C:\WINDOWS\system32\dllcache\3dfxvs.dll
+ 2001-08-17 18:48:32 148,352 -c--a-w C:\WINDOWS\system32\dllcache\3dfxvsm.sys
+ 2004-08-03 21:00:04 12,288 -c--a-w C:\WINDOWS\system32\dllcache\4mmdat.sys
+ 2004-08-03 21:10:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\61883.sys
+ 2001-08-23 15:46:44 38,400 -c--a-w C:\WINDOWS\system32\dllcache\8514a.dll
+ 2001-08-23 15:46:58 98,304 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
+ 2001-08-23 15:46:58 462,848 -c--a-w C:\WINDOWS\system32\dllcache\a3dapi.dll
+ 2001-08-17 19:52:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\abp480n5.sys
+ 2004-08-03 20:32:22 231,552 -c--a-w C:\WINDOWS\system32\dllcache\ac97ali.sys
+ 2001-08-17 18:20:04 96,256 -c--a-w C:\WINDOWS\system32\dllcache\ac97intc.sys
+ 2001-08-17 18:20:16 297,728 -c--a-w C:\WINDOWS\system32\dllcache\ac97sis.sys
+ 2004-08-03 20:32:32 84,480 -c--a-w C:\WINDOWS\system32\dllcache\ac97via.sys
+ 2001-08-23 15:46:58 61,952 -c--a-w C:\WINDOWS\system32\dllcache\acerscad.dll
+ 2004-08-19 15:51:55 188,672 -c--a-w C:\WINDOWS\system32\dllcache\acpi.sys
+ 2002-09-06 19:59:59 12,032 -c--a-w C:\WINDOWS\system32\dllcache\acpiec.sys
+ 2001-08-17 19:53:02 7,424 -c--a-w C:\WINDOWS\system32\dllcache\adicvls.sys
+ 2001-08-17 18:11:18 20,160 -c--a-w C:\WINDOWS\system32\dllcache\adm8511.sys
+ 2001-08-17 18:19:10 584,448 -c--a-w C:\WINDOWS\system32\dllcache\adm8810.sys
+ 2001-08-17 18:19:14 553,984 -c--a-w C:\WINDOWS\system32\dllcache\adm8820.sys
+ 2001-08-17 18:19:14 747,392 -c--a-w C:\WINDOWS\system32\dllcache\adm8830.sys
+ 2004-08-03 20:32:24 10,880 -c--a-w C:\WINDOWS\system32\dllcache\admjoy.sys
+ 2001-08-17 18:11:16 46,112 -c--a-w C:\WINDOWS\system32\dllcache\adptsf50.sys
+ 2001-08-17 20:07:32 101,888 -c--a-w C:\WINDOWS\system32\dllcache\adpu160m.sys
+ 2004-08-19 14:09:20 4,255 -c--a-w C:\WINDOWS\system32\dllcache\adv01nt5.dll
+ 2004-08-19 14:09:20 3,967 -c--a-w C:\WINDOWS\system32\dllcache\adv02nt5.dll
+ 2004-08-19 14:09:20 3,615 -c--a-w C:\WINDOWS\system32\dllcache\adv05nt5.dll
+ 2004-08-19 14:09:20 3,647 -c--a-w C:\WINDOWS\system32\dllcache\adv07nt5.dll
+ 2004-08-19 14:09:20 3,135 -c--a-w C:\WINDOWS\system32\dllcache\adv08nt5.dll
+ 2004-08-19 14:09:20 3,711 -c--a-w C:\WINDOWS\system32\dllcache\adv09nt5.dll
+ 2004-08-19 14:09:20 3,775 -c--a-w C:\WINDOWS\system32\dllcache\adv11nt5.dll
+ 2006-02-15 00:22:26 142,464 -c--a-w C:\WINDOWS\system32\dllcache\aec.sys
+ 2004-08-03 21:07:42 42,368 -c--a-w C:\WINDOWS\system32\dllcache\agp440.sys
+ 2004-08-03 21:07:44 44,928 -c--a-w C:\WINDOWS\system32\dllcache\agpcpq.sys
+ 2001-08-17 19:52:02 12,800 -c--a-w C:\WINDOWS\system32\dllcache\aha154x.sys
+ 2001-08-17 20:07:36 55,168 -c--a-w C:\WINDOWS\system32\dllcache\aic78u2.sys
+ 2001-08-17 20:07:38 56,960 -c--a-w C:\WINDOWS\system32\dllcache\aic78xx.sys
+ 2001-08-17 18:11:18 27,678 -c--a-w C:\WINDOWS\system32\dllcache\ali5261.sys
+ 2001-08-17 19:49:02 26,624 -c--a-w C:\WINDOWS\system32\dllcache\alifir.sys
+ 2001-08-17 19:51:56 5,248 -c--a-w C:\WINDOWS\system32\dllcache\aliide.sys
+ 2004-08-03 21:07:42 42,752 -c--a-w C:\WINDOWS\system32\dllcache\alim1541.sys
+ 2001-08-17 18:11:20 16,969 -c--a-w C:\WINDOWS\system32\dllcache\amb8002.sys
+ 2004-08-03 21:07:44 43,008 -c--a-w C:\WINDOWS\system32\dllcache\amdagp.sys
+ 2006-12-13 12:05:59 41,216 -c--a-w C:\WINDOWS\system32\dllcache\amdk6.sys
+ 2006-12-13 12:05:59 41,600 -c--a-w C:\WINDOWS\system32\dllcache\amdk7.sys
+ 2001-08-17 19:52:04 12,032 -c--a-w C:\WINDOWS\system32\dllcache\amsint.sys
+ 2004-08-03 20:31:20 36,224 -c--a-w C:\WINDOWS\system32\dllcache\an983.sys
+ 2001-08-17 19:47:22 6,272 -c--a-w C:\WINDOWS\system32\dllcache\apmbatt.sys
+ 2006-12-13 12:05:59 60,800 -c--a-w C:\WINDOWS\system32\dllcache\arp1394.sys
+ 2001-08-17 19:52:00 26,496 -c--a-w C:\WINDOWS\system32\dllcache\asc.sys
+ 2001-08-17 19:52:04 22,400 -c--a-w C:\WINDOWS\system32\dllcache\asc3350p.sys
+ 2001-08-17 19:51:58 14,848 -c--a-w C:\WINDOWS\system32\dllcache\asc3550.sys
+ 2001-08-17 18:12:34 97,354 -c--a-w C:\WINDOWS\system32\dllcache\aspndis3.sys
+ 2004-08-03 21:59:44 95,360 -c--a-w C:\WINDOWS\system32\dllcache\atapi.sys
+ 2001-08-23 15:46:44 96,128 -c--a-w C:\WINDOWS\system32\dllcache\ati.dll
+ 2001-08-23 14:59:32 77,824 -c--a-w C:\WINDOWS\system32\dllcache\ati.sys
+ 2004-08-03 20:29:30 56,623 -c--a-w C:\WINDOWS\system32\dllcache\ati1btxx.sys
+ 2004-08-03 20:29:30 11,615 -c--a-w C:\WINDOWS\system32\dllcache\ati1mdxx.sys
+ 2004-08-03 20:29:30 12,047 -c--a-w C:\WINDOWS\system32\dllcache\ati1pdxx.sys
+ 2004-08-03 20:29:32 30,671 -c--a-w C:\WINDOWS\system32\dllcache\ati1raxx.sys
+ 2004-08-03 20:29:32 63,663 -c--a-w C:\WINDOWS\system32\dllcache\ati1rvxx.sys
+ 2004-08-03 20:29:32 26,367 -c--a-w C:\WINDOWS\system32\dllcache\ati1snxx.sys
+ 2004-08-03 20:29:32 21,343 -c--a-w C:\WINDOWS\system32\dllcache\ati1ttxx.sys
+ 2004-08-03 20:29:32 36,463 -c--a-w C:\WINDOWS\system32\dllcache\ati1tuxx.sys
+ 2004-08-03 20:29:32 29,455 -c--a-w C:\WINDOWS\system32\dllcache\ati1xbxx.sys
+ 2004-08-03 20:29:32 34,735 -c--a-w C:\WINDOWS\system32\dllcache\ati1xsxx.sys
+ 2004-08-19 14:09:20 229,376 -c--a-w C:\WINDOWS\system32\dllcache\ati2cqag.dll
+ 2004-08-19 14:09:20 377,984 -c--a-w C:\WINDOWS\system32\dllcache\ati2dvaa.dll
+ 2004-08-19 14:09:20 201,728 -c--a-w C:\WINDOWS\system32\dllcache\ati2dvag.dll
+ 2004-08-19 13:53:40 327,168 -c--a-w C:\WINDOWS\system32\dllcache\ati2mtaa.sys
+ 2004-08-19 13:53:42 701,440 -c--a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
+ 2004-08-19 14:09:20 870,784 -c--a-w C:\WINDOWS\system32\dllcache\ati3d1ag.dll
+ 2001-08-17 18:49:04 46,464 -c--a-w C:\WINDOWS\system32\dllcache\atibt829.sys
+ 2001-08-23 15:46:44 382,592 -c--a-w C:\WINDOWS\system32\dllcache\atidrab.dll
+ 2001-08-23 15:46:44 137,216 -c--a-w C:\WINDOWS\system32\dllcache\atidrae.dll
+ 2001-08-23 15:46:44 268,160 -c--a-w C:\WINDOWS\system32\dllcache\atidvai.dll
+ 2001-08-23 15:47:26 37,376 -c--a-w C:\WINDOWS\system32\dllcache\atievxx.exe
+ 2001-08-23 14:59:36 289,920 -c--a-w C:\WINDOWS\system32\dllcache\atimpab.sys
+ 2001-08-23 14:59:36 75,392 -c--a-w C:\WINDOWS\system32\dllcache\atimpae.sys
+ 2001-08-23 14:59:38 281,728 -c--a-w C:\WINDOWS\system32\dllcache\atimtai.sys
+ 2004-08-03 20:29:28 57,856 -c--a-w C:\WINDOWS\system32\dllcache\atinbtxx.sys
+ 2004-08-03 20:29:30 13,824 -c--a-w C:\WINDOWS\system32\dllcache\atinmdxx.sys
+ 2004-08-03 20:29:30 14,336 -c--a-w C:\WINDOWS\system32\dllcache\atinpdxx.sys
+ 2004-08-03 20:29:30 52,224 -c--a-w C:\WINDOWS\system32\dllcache\atinraxx.sys
+ 2004-08-03 20:29:32 104,960 -c--a-w C:\WINDOWS\system32\dllcache\atinrvxx.sys
+ 2004-08-03 20:29:32 28,672 -c--a-w C:\WINDOWS\system32\dllcache\atinsnxx.sys
+ 2004-08-03 20:29:32 13,824 -c--a-w C:\WINDOWS\system32\dllcache\atinttxx.sys
+ 2004-08-03 20:29:32 73,216 -c--a-w C:\WINDOWS\system32\dllcache\atintuxx.sys
+ 2004-08-03 20:29:32 31,744 -c--a-w C:\WINDOWS\system32\dllcache\atinxbxx.sys
+ 2004-08-03 20:29:32 63,488 -c--a-w C:\WINDOWS\system32\dllcache\atinxsxx.sys
+ 2001-08-17 18:49:36 10,240 -c--a-w C:\WINDOWS\system32\dllcache\atipcxxx.sys
+ 2001-08-23 15:46:44 104,832 -c--a-w C:\WINDOWS\system32\dllcache\atiraged.dll
+ 2001-08-23 14:59:40 70,784 -c--a-w C:\WINDOWS\system32\dllcache\atiragem.sys
+ 2001-08-17 18:49:12 49,920 -c--a-w C:\WINDOWS\system32\dllcache\atirtcap.sys
+ 2001-08-17 18:49:18 26,880 -c--a-w C:\WINDOWS\system32\dllcache\atirtsnd.sys
+ 2001-08-17 18:49:22 17,152 -c--a-w C:\WINDOWS\system32\dllcache\atitunep.sys
+ 2001-08-17 18:49:28 17,152 -c--a-w C:\WINDOWS\system32\dllcache\atitvsnd.sys
+ 2001-08-17 18:49:38 9,472 -c--a-w C:\WINDOWS\system32\dllcache\ativmdcd.sys
+ 2004-08-19 14:09:20 32,768 -c--a-w C:\WINDOWS\system32\dllcache\ativtmxx.dll
+ 2001-08-17 18:49:44 19,456 -c--a-w C:\WINDOWS\system32\dllcache\ativttxx.sys
+ 2004-08-19 14:09:20 516,768 -c--a-w C:\WINDOWS\system32\dllcache\ativvaxx.dll
+ 2001-08-17 18:49:48 26,624 -c--a-w C:\WINDOWS\system32\dllcache\ativxbar.sys
+ 2001-08-17 18:49:34 23,552 -c--a-w C:\WINDOWS\system32\dllcache\atixbar.sys
+ 2004-08-19 14:09:22 21,183 -c--a-w C:\WINDOWS\system32\dllcache\atv01nt5.dll
+ 2004-08-19 14:09:22 11,359 -c--a-w C:\WINDOWS\system32\dllcache\atv02nt5.dll
+ 2004-08-19 14:09:22 25,471 -c--a-w C:\WINDOWS\system32\dllcache\atv04nt5.dll
+ 2004-08-19 14:09:22 14,143 -c--a-w C:\WINDOWS\system32\dllcache\atv06nt5.dll
+ 2004-08-19 14:09:22 17,279 -c--a-w C:\WINDOWS\system32\dllcache\atv10nt5.dll
+ 2001-08-17 21:59:44 3,072 -c--a-w C:\WINDOWS\system32\dllcache\audstub.sys
- 2003-03-24 14:52:04 20,540 -c--a-w C:\WINDOWS\system32\dllcache\author.dll
+ 2003-03-24 13:52:04 20,540 -c--a-w C:\WINDOWS\system32\dllcache\author.dll
- 2003-03-24 14:52:04 16,439 -c--a-w C:\WINDOWS\system32\dllcache\author.exe
+ 2003-03-24 13:52:04 16,439 -c--a-w C:\WINDOWS\system32\dllcache\author.exe
+ 2004-08-03 21:10:12 38,912 -c--a-w C:\WINDOWS\system32\dllcache\avc.sys
+ 2001-08-17 20:01:12 36,096 -c--a-w C:\WINDOWS\system32\dllcache\avcaudio.sys
+ 2004-08-03 21:10:00 13,696 -c--a-w C:\WINDOWS\system32\dllcache\avcstrm.sys
+ 2001-08-23 15:46:58 87,552 -c--a-w C:\WINDOWS\system32\dllcache\avmcoxp.dll
+ 2001-08-23 15:46:58 144,384 -c--a-w C:\WINDOWS\system32\dllcache\avmenum.dll
+ 2001-08-17 18:13:48 37,568 -c--a-w C:\WINDOWS\system32\dllcache\avmwan.sys
+ 2001-08-17 18:19:16 36,992 -c--a-w C:\WINDOWS\system32\dllcache\aztw2320.sys
+ 2001-08-17 18:13:56 89,952 -c--a-w C:\WINDOWS\system32\dllcache\b1cbase.sys
+ 2001-08-23 15:00:08 97,248 -c--a-w C:\WINDOWS\system32\dllcache\b57xp32.sys
+ 2001-08-23 15:46:44 342,336 -c--a-w C:\WINDOWS\system32\dllcache\banshee.dll
+ 2001-08-17 18:48:28 36,128 -c--a-w C:\WINDOWS\system32\dllcache\banshee.sys
+ 2001-08-17 21:57:54 14,080 -c--a-w C:\WINDOWS\system32\dllcache\battc.sys
+ 2001-08-17 18:11:28 66,557 -c--a-w C:\WINDOWS\system32\dllcache\bcm42u.sys
+ 2001-08-17 18:11:26 54,271 -c--a-w C:\WINDOWS\system32\dllcache\bcm42xx5.sys
+ 2001-08-17 18:11:30 26,568 -c--a-w C:\WINDOWS\system32\dllcache\bcm4e5.sys
+ 2004-08-03 21:10:14 11,776 -c--a-w C:\WINDOWS\system32\dllcache\bdasup.sys
+ 2001-08-23 15:46:58 105,472 -c--a-w C:\WINDOWS\system32\dllcache\binlsvc.dll
+ 2001-08-23 15:46:58 19,456 -c--a-w C:\WINDOWS\system32\dllcache\brbidiif.dll
+ 2001-08-23 15:46:58 9,728 -c--a-w C:\WINDOWS\system32\dllcache\brcoinst.dll
+ 2001-08-23 15:46:58 12,800 -c--a-w C:\WINDOWS\system32\dllcache\brevif.dll
+ 2001-08-17 19:12:12 2,944 -c--a-w C:\WINDOWS\system32\dllcache\brfilt.sys
+ 2001-08-17 19:12:22 12,160 -c--a-w C:\WINDOWS\system32\dllcache\brfiltlo.sys
+ 2001-08-17 19:12:24 3,968 -c--a-w C:\WINDOWS\system32\dllcache\brfiltup.sys
+ 2001-08-23 15:46:58 15,360 -c--a-w C:\WINDOWS\system32\dllcache\brmfbidi.dll
+ 2001-08-23 15:46:58 81,920 -c--a-w C:\WINDOWS\system32\dllcache\brmfcwia.dll
+ 2001-08-23 15:46:58 29,696 -c--a-w C:\WINDOWS\system32\dllcache\brmflpt.dll
+ 2001-08-23 15:47:30 32,256 -c--a-w C:\WINDOWS\system32\dllcache\brmfrsmg.exe
+ 2001-08-23 15:46:58 41,472 -c--a-w C:\WINDOWS\system32\dllcache\brmfusb.dll
+ 2001-08-17 19:12:24 3,168 -c--a-w C:\WINDOWS\system32\dllcache\brparimg.sys
+ 2001-08-23 15:01:54 39,808 -c--a-w C:\WINDOWS\system32\dllcache\brparwdm.sys
+ 2001-08-23 15:46:58 5,120 -c--a-w C:\WINDOWS\system32\dllcache\brscnrsm.dll
+ 2001-08-23 15:46:58 9,728 -c--a-w C:\WINDOWS\system32\dllcache\brserif.dll
+ 2001-08-17 19:12:20 60,416 -c--a-w C:\WINDOWS\system32\dllcache\brserwdm.sys
+ 2001-08-17 19:12:20 11,008 -c--a-w C:\WINDOWS\system32\dllcache\brusbmdm.sys
+ 2001-08-17 19:12:22 10,368 -c--a-w C:\WINDOWS\system32\dllcache\brusbscn.sys
+ 2001-08-17 18:11:24 31,529 -c--a-w C:\WINDOWS\system32\dllcache\brzwlan.sys
+ 2004-08-19 16:09:22 20,992 -c--a-w C:\WINDOWS\system32\dllcache\bthci.dll
+ 2004-08-03 21:10:40 17,024 -c--a-w C:\WINDOWS\system32\dllcache\bthenum.sys
+ 2004-08-03 21:10:40 38,016 -c--a-w C:\WINDOWS\system32\dllcache\bthmodem.sys
+ 2004-08-03 20:58:40 100,992 -c--a-w C:\WINDOWS\system32\dllcache\bthpan.sys
+ 2004-08-03 21:10:38 35,456 -c--a-w C:\WINDOWS\system32\dllcache\bthprint.sys
+ 2004-08-19 16:09:22 30,208 -c--a-w C:\WINDOWS\system32\dllcache\bthserv.dll
+ 2004-08-03 21:10:36 18,944 -c--a-w C:\WINDOWS\system32\dllcache\bthusb.sys
+ 2001-08-23 15:02:02 14,080 -c--a-w C:\WINDOWS\system32\dllcache\bulltlp3.sys
+ 2001-08-17 20:05:48 314,752 -c--a-w C:\WINDOWS\system32\dllcache\camdro21.sys
+ 2001-08-17 20:04:46 223,232 -c--a-w C:\WINDOWS\system32\dllcache\camdrv21.sys
+ 2001-08-17 20:04:48 171,264 -c--a-w C:\WINDOWS\system32\dllcache\camdrv30.sys
+ 2001-08-23 15:47:00 74,240 -c--a-w C:\WINDOWS\system32\dllcache\camexo20.dll
+ 2001-08-23 15:47:00 236,032 -c--a-w C:\WINDOWS\system32\dllcache\camext20.dll
+ 2001-08-23 15:47:00 119,296 -c--a-w C:\WINDOWS\system32\dllcache\camext30.dll
+ 2001-08-17 18:12:16 37,916 -c--a-w C:\WINDOWS\system32\dllcache\cb102.sys
+ 2001-08-17 18:12:42 39,680 -c--a-w C:\WINDOWS\system32\dllcache\cb325.sys
+ 2001-08-17 18:13:14 46,108 -c--a-w C:\WINDOWS\system32\dllcache\cben5.sys
+ 2002-09-06 19:59:59 13,952 -c--a-w C:\WINDOWS\system32\dllcache\cbidf2k.sys
+ 2001-08-23 15:03:10 715,466 -c--a-w C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
+ 2004-08-03 21:10:18 17,024 -c--a-w C:\WINDOWS\system32\dllcache\ccdecode.sys
+ 2001-08-17 19:52:06 7,680 -c--a-w C:\WINDOWS\system32\dllcache\cd20xrnt.sys
+ 2006-12-13 12:04:13 18,688 -c--a-w C:\WINDOWS\system32\dllcache\cdaudio.sys
- 2006-10-29 18:28:52 75,736 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-30 18:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2004-08-03 22:59:53 49,536 -c--a-w C:\WINDOWS\system32\dllcache\cdrom.sys
+ 2001-08-23 15:03:18 21,530 -c--a-w C:\WINDOWS\system32\dllcache\ce2n5.sys
+ 2001-08-23 15:03:18 27,164 -c--a-w C:\WINDOWS\system32\dllcache\ce3n5.sys
+ 2001-08-23 15:03:18 22,556 -c--a-w C:\WINDOWS\system32\dllcache\cem28n5.sys
+ 2001-08-23 15:03:20 22,556 -c--a-w C:\WINDOWS\system32\dllcache\cem33n5.sys
+ 2001-08-23 15:03:20 49,182 -c--a-w C:\WINDOWS\system32\dllcache\cem56n5.sys
- 2003-03-24 14:52:04 188,480 -c--a-w C:\WINDOWS\system32\dllcache\cfgwiz.exe
+ 2003-03-24 13:52:04 188,480 -c--a-w C:\WINDOWS\system32\dllcache\cfgwiz.exe
+ 2004-08-19 14:09:22 15,423 -c--a-w C:\WINDOWS\system32\dllcache\ch7xxnt5.dll
+ 2004-08-03 21:00:14 8,192 -c--a-w C:\WINDOWS\system32\dllcache\changer.sys
+ 2001-08-23 15:04:00 980,034 -c--a-w C:\WINDOWS\system32\dllcache\cicap.sys
+ 2001-08-23 15:04:06 272,640 -c--a-w C:\WINDOWS\system32\dllcache\cinemclc.sys
+ 2006-12-13 12:04:13 262,528 -c--a-w C:\WINDOWS\system32\dllcache\cinemst2.sys
+ 2001-08-23 15:46:44 91,264 -c--a-w C:\WINDOWS\system32\dllcache\cirrus.dll
+ 2001-08-17 19:57:16 45,696 -c--a-w C:\WINDOWS\system32\dllcache\cirrus.sys
+ 2001-08-23 15:46:44 111,232 -c--a-w C:\WINDOWS\system32\dllcache\cl5465.dll
+ 2001-08-23 15:46:44 170,880 -c--a-w C:\WINDOWS\system32\dllcache\cl546x.dll
+ 2001-08-17 19:57:36 248,064 -c--a-w C:\WINDOWS\system32\dllcache\cl546xm.sys
+ 2004-08-03 23:07:40 14,080 -c--a-w C:\WINDOWS\system32\dllcache\cmbatt.sys
+ 2001-08-23 15:04:40 20,864 -c--a-w C:\WINDOWS\system32\dllcache\cmbp0wdm.sys
+ 2001-08-23 15:04:44 6,656 -c--a-w C:\WINDOWS\system32\dllcache\cmdide.sys
+ 2006-12-13 12:05:59 50,688 -c--a-w C:\WINDOWS\system32\dllcache\cnbjmon.dll
+ 2001-08-23 15:47:00 44,544 -c--a-w C:\WINDOWS\system32\dllcache\cnusd.dll
+ 2001-08-17 18:11:42 39,936 -c--a-w C:\WINDOWS\system32\dllcache\cnxt1803.sys
+ 2001-08-17 21:58:00 9,344 -c--a-w C:\WINDOWS\system32\dllcache\compbatt.sys
+ 2001-08-17 19:52:06 14,976 -c--a-w C:\WINDOWS\system32\dllcache\cpqarray.sys
+ 2006-12-13 12:04:13 11,776 -c--a-w C:\WINDOWS\system32\dllcache\cpqdap01.sys
+ 2001-08-23 15:07:28 21,533 -c--a-w C:\WINDOWS\system32\dllcache\cpqndis5.sys
+ 2001-08-23 15:07:28 61,194 -c--a-w C:\WINDOWS\system32\dllcache\cpqtrnd5.sys
+ 2001-08-23 15:47:00 216,576 -c--a-w C:\WINDOWS\system32\dllcache\cpscan.dll
+ 2001-08-17 18:19:18 42,112 -c--a-w C:\WINDOWS\system32\dllcache\crtaud.sys
+ 2006-12-13 12:05:59 40,704 -c--a-w C:\WINDOWS\system32\dllcache\crusoe.sys
+ 2001-08-23 15:47:00 175,104 -c--a-w C:\WINDOWS\system32\dllcache\csamsp.dll
+ 2001-08-17 18:19:28 6,912 -c--a-w C:\WINDOWS\system32\dllcache\ctlfacem.sys
+ 2001-08-17 18:19:20 3,712 -c--a-w C:\WINDOWS\system32\dllcache\ctljystk.sys
+ 2001-08-17 18:19:20 96,256 -c--a-w C:\WINDOWS\system32\dllcache\ctlsb16.sys
+ 2004-08-19 14:09:22 252,416 -c--a-w C:\WINDOWS\system32\dllcache\ctmasetp.dll
+ 2001-08-23 15:47:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\ctwdm32.dll
+ 2001-08-17 18:19:24 3,072 -c--a-w C:\WINDOWS\system32\dllcache\cwbase.sys
+ 2001-08-17 18:19:26 3,072 -c--a-w C:\WINDOWS\system32\dllcache\cwbmidi.sys
+ 2001-08-17 18:19:28 72,832 -c--a-w C:\WINDOWS\system32\dllcache\cwbwdm.sys
+ 2001-08-17 18:19:30 3,584 -c--a-w C:\WINDOWS\system32\dllcache\cwcosnt5.sys
+ 2001-08-17 18:19:36 111,872 -c--a-w C:\WINDOWS\system32\dllcache\cwcspud.sys
+ 2001-08-17 18:19:48 93,952 -c--a-w C:\WINDOWS\system32\dllcache\cwcwdm.sys
+ 2004-08-03 20:32:26 48,640 -c--a-w C:\WINDOWS\system32\dllcache\cwrwdm.sys
+ 2001-08-23 15:08:38 17,536 -c--a-w C:\WINDOWS\system32\dllcache\cyclad-z.sys
+ 2001-08-23 15:08:38 15,104 -c--a-w C:\WINDOWS\system32\dllcache\cyclom-y.sys
+ 2001-08-23 15:47:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\cyycoins.dll
+ 2001-08-23 15:08:40 50,944 -c--a-w C:\WINDOWS\system32\dllcache\cyyport.sys
+ 2001-08-23 15:47:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\cyyports.dll
+ 2001-08-23 15:47:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\cyzcoins.dll
+ 2001-08-23 15:08:42 50,688 -c--a-w C:\WINDOWS\system32\dllcache\cyzport.sys
+ 2001-08-23 15:47:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\cyzports.dll
+ 2001-08-23 15:08:44 117,760 -c--a-w C:\WINDOWS\system32\dllcache\d100ib5.sys
+ 2001-08-17 19:52:16 179,584 -c--a-w C:\WINDOWS\system32\dllcache\dac2w2k.sys
+ 2001-08-17 19:52:16 14,720 -c--a-w C:\WINDOWS\system32\dllcache\dac960nt.sys
+ 2001-08-23 15:47:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\dc210_32.dll
+ 2001-08-23 15:47:00 82,432 -c--a-w C:\WINDOWS\system32\dllcache\dc210usd.dll
+ 2001-08-17 18:12:02 63,208 -c--a-w C:\WINDOWS\system32\dllcache\dc21x4.sys
+ 2001-08-23 15:47:00 87,552 -c--a-w C:\WINDOWS\system32\dllcache\dc240usd.dll
+ 2001-08-23 15:47:00 112,128 -c--a-w C:\WINDOWS\system32\dllcache\dc260usd.dll
+ 2001-08-17 19:52:58 7,424 -c--a-w C:\WINDOWS\system32\dllcache\ddsmc.sys
+ 2001-08-17 18:11:44 20,928 -c--a-w C:\WINDOWS\system32\dllcache\defpa.sys
+ 2001-08-23 15:47:00 256,512 -c--a-w C:\WINDOWS\system32\dllcache\devcon32.dll
+ 2001-08-23 15:47:34 24,064 -c--a-w C:\WINDOWS\system32\dllcache\devldr32.exe
+ 2001-08-17 18:11:48 24,648 -c--a-w C:\WINDOWS\system32\dllcache\dfe650.sys
+ 2001-08-17 18:11:48 24,649 -c--a-w C:\WINDOWS\system32\dllcache\dfe650d.sys
+ 2001-08-23 15:09:48 29,691 -c--a-w C:\WINDOWS\system32\dllcache\dgapci.sys
+ 2001-08-23 15:47:00 422,429 -c--a-w C:\WINDOWS\system32\dllcache\dgconfig.dll
+ 2001-08-17 18:13:48 164,923 -c--a-w C:\WINDOWS\system32\dllcache\diapi2.sys
+ 2001-08-23 15:47:02 32,256 -c--a-w C:\WINDOWS\system32\dllcache\diapi2NT.dll
+ 2001-08-23 15:47:02 65,622 -c--a-w C:\WINDOWS\system32\dllcache\digiasyn.dll
+ 2001-08-23 15:10:10 37,927 -c--a-w C:\WINDOWS\system32\dllcache\digiasyn.sys
+ 2001-08-23 15:47:02 135,252 -c--a-w C:\WINDOWS\system32\dllcache\digidbp.dll
+ 2001-08-23 15:10:10 103,492 -c--a-w C:\WINDOWS\system32\dllcache\digidxb.sys
+ 2001-08-23 15:10:12 90,685 -c--a-w C:\WINDOWS\system32\dllcache\digifep5.sys
+ 2001-08-23 15:47:02 229,462 -c--a-w C:\WINDOWS\system32\dllcache\digifwrk.dll
+ 2001-08-23 15:47:02 159,828 -c--a-w C:\WINDOWS\system32\dllcache\digihlc.dll
+ 2001-08-23 15:47:02 102,484 -c--a-w C:\WINDOWS\system32\dllcache\digiinf.dll
+ 2001-08-23 15:47:02 41,046 -c--a-w C:\WINDOWS\system32\dllcache\digiisdn.dll
+ 2001-08-17 18:14:44 21,606 -c--a-w C:\WINDOWS\system32\dllcache\digiisdn.sys
+ 2001-08-23 15:47:02 110,621 -c--a-w C:\WINDOWS\system32\dllcache\digirlpt.dll
+ 2001-08-23 15:10:16 42,656 -c--a-w C:\WINDOWS\system32\dllcache\digirlpt.sys
+ 2001-08-17 18:13:52 91,305 -c--a-w C:\WINDOWS\system32\dllcache\dimaint.sys
+ 2004-08-03 22:59:55 36,352 -c--a-w C:\WINDOWS\system32\dllcache\disk.sys
+ 2001-08-23 15:47:02 6,729 -c--a-w C:\WINDOWS\system32\dllcache\disrvci.dll
+ 2001-08-23 15:47:02 31,817 -c--a-w C:\WINDOWS\system32\dllcache\disrvpp.dll
+ 2001-08-23 15:47:02 38,985 -c--a-w C:\WINDOWS\system32\dllcache\disrvsu.dll
+ 2001-08-23 15:47:34 236,060 -c--a-w C:\WINDOWS\system32\dllcache\ditrace.exe
+ 2001-08-23 15:47:02 6,216 -c--a-w C:\WINDOWS\system32\dllcache\divaci.dll
+ 2001-08-23 15:47:02 37,962 -c--a-w C:\WINDOWS\system32\dllcache\divaprop.dll
+ 2001-08-23 15:47:02 29,768 -c--a-w C:\WINDOWS\system32\dllcache\divasu.dll
+ 2001-08-17 18:11:44 26,698 -c--a-w C:\WINDOWS\system32\dllcache\dlh5xnd5.sys
+ 2004-08-03 21:00:06 8,320 -c--a-w C:\WINDOWS\system32\dllcache\dlttape.sys
+ 2001-08-17 18:11:42 29,696 -c--a-w C:\WINDOWS\system32\dllcache\dm9pci5.sys
+ 2004-08-03 22:07:40 52,864 -c--a-w C:\WINDOWS\system32\dllcache\dmusic.sys
+ 2006-12-13 12:05:59 58,880 -c--a-w C:\WINDOWS\system32\dllcache\dmutil.dll
+ 2004-08-03 20:58:30 207,360 -c--a-w C:\WINDOWS\system32\dllcache\dot4.sys
+ 2001-08-17 19:47:32 12,928 -c--a-w C:\WINDOWS\system32\dllcache\dot4prt.sys
+ 2001-08-17 19:47:32 8,704 -c--a-w C:\WINDOWS\system32\dllcache\dot4scan.sys
+ 2001-08-23 15:11:02 24,064 -c--a-w C:\WINDOWS\system32\dllcache\dot4usb.sys
+ 2001-08-17 18:12:32 28,062 -c--a-w C:\WINDOWS\system32\dllcache\dp83820.sys
+ 2001-08-17 20:07:44 20,192 -c--a-w C:\WINDOWS\system32\dllcache\dpti2o.sys
+ 2004-08-03 22:08:00 60,288 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2004-08-03 22:07:58 2,944 -c--a-w C:\WINDOWS\system32\dllcache\drmkaud.sys
+ 2001-08-17 18:20:18 334,208 -c--a-w C:\WINDOWS\system32\dllcache\ds1wdm.sys
+ 2006-12-13 12:04:13 59,392 -c--a-w C:\WINDOWS\system32\dllcache\dvdplay.exe
+ 2004-08-03 23:00:55 71,040 -c--a-w C:\WINDOWS\system32\dllcache\dxg.sys
+ 2001-08-23 15:12:50 51,743 -c--a-w C:\WINDOWS\system32\dllcache\e1000nt5.sys
+ 2001-08-23 15:12:50 117,760 -c--a-w C:\WINDOWS\system32\dllcache\e100b325.sys
+ 2001-08-17 18:12:12 19,594 -c--a-w C:\WINDOWS\system32\dllcache\e100isa4.sys
+ 2001-08-23 15:13:26 44,615 -c--a-w C:\WINDOWS\system32\dllcache\el515.sys
+ 2001-08-17 18:10:56 55,999 -c--a-w C:\WINDOWS\system32\dllcache\el556nd5.sys
+ 2001-08-17 18:10:56 24,653 -c--a-w C:\WINDOWS\system32\dllcache\el574nd4.sys
+ 2001-08-17 18:10:58 69,692 -c--a-w C:\WINDOWS\system32\dllcache\el575nd5.sys
+ 2001-08-17 18:10:52 26,141 -c--a-w C:\WINDOWS\system32\dllcache\el589nd5.sys
+ 2001-08-17 18:11:00 69,194 -c--a-w C:\WINDOWS\system32\dllcache\el656cd5.sys
+ 2001-08-23 15:13:28 634,166 -c--a-w C:\WINDOWS\system32\dllcache\el656ct5.sys
+ 2001-08-17 18:11:00 77,386 -c--a-w C:\WINDOWS\system32\dllcache\el656nd5.sys
+ 2001-08-23 15:13:30 241,238 -c--a-w C:\WINDOWS\system32\dllcache\el656se5.sys
+ 2001-08-17 18:11:06 66,591 -c--a-w C:\WINDOWS\system32\dllcache\el90xbc5.sys
+ 2001-08-23 15:13:30 153,631 -c--a-w C:\WINDOWS\system32\dllcache\el90xnd5.sys
+ 2001-08-23 15:13:30 455,711 -c--a-w C:\WINDOWS\system32\dllcache\el985n51.sys
+ 2001-08-17 18:11:04 70,174 -c--a-w C:\WINDOWS\system32\dllcache\el98xn5.sys
+ 2001-08-23 15:13:32 175,104 -c--a-w C:\WINDOWS\system32\dllcache\el99xn51.sys
+ 2001-08-17 19:53:02 7,296 -c--a-w C:\WINDOWS\system32\dllcache\elmsmc.sys
+ 2001-08-17 18:10:52 25,159 -c--a-w C:\WINDOWS\system32\dllcache\elnk3.sys
+ 2001-08-17 18:10:54 19,996 -c--a-w C:\WINDOWS\system32\dllcache\em556n4.sys
+ 2001-08-17 18:19:26 283,904 -c--a-w C:\WINDOWS\system32\dllcache\emu10k1m.sys
+ 2001-08-17 19:46:40 6,400 -c--a-w C:\WINDOWS\system32\dllcache\enum1394.sys
+ 2001-08-17 19:50:20 144,896 -c--a-w C:\WINDOWS\system32\dllcache\epcfw2k.sys
+ 2001-08-17 18:12:08 18,503 -c--a-w C:\WINDOWS\system32\dllcache\epro4.sys
+ 2001-08-17 19:50:20 114,944 -c--a-w C:\WINDOWS\system32\dllcache\epstw2k.sys
+ 2001-08-23 15:16:00 63
0
Réponse 17 / 24
Anncekwe Messages postés 17 Date d'inscription mercredi 11 juin 2008 Statut Membre Dernière intervention 12 juin 2008
11 juin 2008 à 23:46
suite rapport combofix :

+ 2001-08-23 15:16:00 630,016 -c--a-w C:\WINDOWS\system32\dllcache\eqn.sys
+ 2001-08-23 15:47:34 53,760 -c--a-w C:\WINDOWS\system32\dllcache\eqndiag.exe
+ 2001-08-23 15:47:34 51,712 -c--a-w C:\WINDOWS\system32\dllcache\eqnlogr.exe
+ 2001-08-23 15:47:34 62,464 -c--a-w C:\WINDOWS\system32\dllcache\eqnloop.exe
+ 2001-08-17 18:19:38 37,120 -c--a-w C:\WINDOWS\system32\dllcache\es1370mp.sys
+ 2001-08-17 18:19:34 40,704 -c--a-w C:\WINDOWS\system32\dllcache\es1371mp.sys
+ 2001-08-17 18:19:58 72,192 -c--a-w C:\WINDOWS\system32\dllcache\es1969.sys
+ 2001-08-17 18:19:48 174,464 -c--a-w C:\WINDOWS\system32\dllcache\es198x.sys
+ 2001-08-23 15:16:04 596,319 -c--a-w C:\WINDOWS\system32\dllcache\es56cvmp.sys
+ 2001-08-23 15:16:06 594,910 -c--a-w C:\WINDOWS\system32\dllcache\es56hpi.sys
+ 2001-08-23 15:16:06 348,222 -c--a-w C:\WINDOWS\system32\dllcache\es56tpi.sys
+ 2001-08-17 18:19:56 63,360 -c--a-w C:\WINDOWS\system32\dllcache\ess.sys
+ 2004-08-03 20:32:28 137,088 -c--a-w C:\WINDOWS\system32\dllcache\essm2e.sys
+ 2001-08-23 15:47:04 43,008 -c--a-w C:\WINDOWS\system32\dllcache\esucm.dll
+ 2001-08-23 15:47:04 34,816 -c--a-w C:\WINDOWS\system32\dllcache\esuimg.dll
+ 2001-08-23 15:47:04 46,080 -c--a-w C:\WINDOWS\system32\dllcache\esuni.dll
+ 2001-08-23 15:47:04 46,080 -c--a-w C:\WINDOWS\system32\dllcache\esunib.dll
+ 2001-08-17 18:12:08 16,998 -c--a-w C:\WINDOWS\system32\dllcache\ex10.sys
+ 2001-08-17 19:52:48 7,040 -c--a-w C:\WINDOWS\system32\dllcache\exabyte2.sys
- 2001-08-23 16:46:58 5,632 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll
+ 2001-08-23 15:46:58 5,632 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll
- 2001-08-23 16:46:58 45,056 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll
+ 2001-08-23 15:46:58 45,056 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll
- 2001-08-23 16:47:04 43,520 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_fcachdll.dll
+ 2001-08-23 15:47:04 43,520 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_fcachdll.dll
- 2001-08-23 16:47:06 65,536 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
+ 2001-08-23 15:47:06 65,536 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
- 2001-08-23 16:47:16 38,912 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
+ 2001-08-23 15:47:16 38,912 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
- 2001-08-23 16:47:44 23,040 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
+ 2001-08-23 15:47:44 23,040 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
- 2001-08-23 16:47:16 57,856 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
+ 2001-08-23 15:47:16 57,856 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
- 2001-08-23 16:47:18 26,112 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_seos.dll
+ 2001-08-23 15:47:18 26,112 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_seos.dll
- 2001-08-23 16:47:18 12,800 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_smtpctrs.dll
+ 2001-08-23 15:47:18 12,800 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_smtpctrs.dll
- 2001-08-23 16:47:18 7,168 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll
+ 2001-08-23 15:47:18 7,168 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll
+ 2001-08-17 18:11:54 12,362 -c--a-w C:\WINDOWS\system32\dllcache\f3ab18xi.sys
+ 2001-08-17 18:11:56 11,850 -c--a-w C:\WINDOWS\system32\dllcache\f3ab18xj.sys
+ 2001-08-17 18:12:32 16,074 -c--a-w C:\WINDOWS\system32\dllcache\fa312nd5.sys
+ 2001-08-17 18:12:32 24,618 -c--a-w C:\WINDOWS\system32\dllcache\fa410nd5.sys
+ 2004-08-03 22:59:27 27,392 -c--a-w C:\WINDOWS\system32\dllcache\fdc.sys
+ 2001-08-17 18:10:54 22,090 -c--a-w C:\WINDOWS\system32\dllcache\fem556n5.sys
+ 2001-08-17 18:13:08 27,165 -c--a-w C:\WINDOWS\system32\dllcache\fetnd5.sys
+ 2004-08-03 22:59:27 20,480 -c--a-w C:\WINDOWS\system32\dllcache\flpydisk.sys
+ 2001-08-23 15:47:04 72,192 -c--a-w C:\WINDOWS\system32\dllcache\fnfilter.dll
+ 2004-08-03 20:31:24 34,173 -c--a-w C:\WINDOWS\system32\dllcache\forehe.sys
- 2004-05-12 23:39:48 184,435 -c--a-w C:\WINDOWS\system32\dllcache\fp4amsft.dll
+ 2004-05-12 22:39:48 184,435 -c--a-w C:\WINDOWS\system32\dllcache\fp4amsft.dll
- 2003-03-24 14:52:04 82,035 -c--a-w C:\WINDOWS\system32\dllcache\fp4anscp.dll
+ 2003-03-24 13:52:04 82,035 -c--a-w C:\WINDOWS\system32\dllcache\fp4anscp.dll
- 2003-03-24 14:52:04 147,513 -c--a-w C:\WINDOWS\system32\dllcache\fp4apws.dll
+ 2003-03-24 13:52:04 147,513 -c--a-w C:\WINDOWS\system32\dllcache\fp4apws.dll
- 2003-03-24 14:52:04 49,210 -c--a-w C:\WINDOWS\system32\dllcache\fp4areg.dll
+ 2003-03-24 13:52:04 49,210 -c--a-w C:\WINDOWS\system32\dllcache\fp4areg.dll
- 2003-03-24 14:52:04 102,509 -c--a-w C:\WINDOWS\system32\dllcache\fp4atxt.dll
+ 2003-03-24 13:52:04 102,509 -c--a-w C:\WINDOWS\system32\dllcache\fp4atxt.dll
- 2003-03-24 14:52:04 41,020 -c--a-w C:\WINDOWS\system32\dllcache\fp4avnb.dll
+ 2003-03-24 13:52:04 41,020 -c--a-w C:\WINDOWS\system32\dllcache\fp4avnb.dll
- 2003-03-24 14:52:04 32,826 -c--a-w C:\WINDOWS\system32\dllcache\fp4avss.dll
+ 2003-03-24 13:52:04 32,826 -c--a-w C:\WINDOWS\system32\dllcache\fp4avss.dll
- 2003-03-24 14:52:04 49,212 -c--a-w C:\WINDOWS\system32\dllcache\fp4awebs.dll
+ 2003-03-24 13:52:04 49,212 -c--a-w C:\WINDOWS\system32\dllcache\fp4awebs.dll
- 2004-05-12 23:39:48 876,653 -c--a-w C:\WINDOWS\system32\dllcache\fp4awel.dll
+ 2004-05-12 22:39:48 876,653 -c--a-w C:\WINDOWS\system32\dllcache\fp4awel.dll
- 2002-05-14 12:08:54 14,608 -c--a-w C:\WINDOWS\system32\dllcache\fp98sadm.exe
+ 2002-05-14 11:08:54 14,608 -c--a-w C:\WINDOWS\system32\dllcache\fp98sadm.exe
- 2002-05-14 12:08:54 109,328 -c--a-w C:\WINDOWS\system32\dllcache\fp98swin.exe
+ 2002-05-14 11:08:54 109,328 -c--a-w C:\WINDOWS\system32\dllcache\fp98swin.exe
- 2003-03-24 14:52:04 24,632 -c--a-w C:\WINDOWS\system32\dllcache\fpadmcgi.exe
+ 2003-03-24 13:52:04 24,632 -c--a-w C:\WINDOWS\system32\dllcache\fpadmcgi.exe
- 2003-03-24 14:52:04 20,541 -c--a-w C:\WINDOWS\system32\dllcache\fpadmdll.dll
+ 2003-03-24 13:52:04 20,541 -c--a-w C:\WINDOWS\system32\dllcache\fpadmdll.dll
+ 2001-08-17 18:14:24 444,416 -c--a-w C:\WINDOWS\system32\dllcache\fpcibase.sys
+ 2001-08-17 18:14:44 441,728 -c--a-w C:\WINDOWS\system32\dllcache\fpcmbase.sys
- 2003-03-24 14:52:04 188,494 -c--a-w C:\WINDOWS\system32\dllcache\fpcount.exe
+ 2003-03-24 13:52:04 188,494 -c--a-w C:\WINDOWS\system32\dllcache\fpcount.exe
- 2002-05-14 12:08:54 94,208 -c--a-w C:\WINDOWS\system32\dllcache\fpencode.dll
+ 2002-05-14 11:08:54 94,208 -c--a-w C:\WINDOWS\system32\dllcache\fpencode.dll
- 2003-03-24 14:52:04 20,541 -c--a-w C:\WINDOWS\system32\dllcache\fpexedll.dll
+ 2003-03-24 13:52:04 20,541 -c--a-w C:\WINDOWS\system32\dllcache\fpexedll.dll
- 2004-05-12 23:39:48 598,071 -c--a-w C:\WINDOWS\system32\dllcache\fpmmc.dll
+ 2004-05-12 22:39:48 598,071 -c--a-w C:\WINDOWS\system32\dllcache\fpmmc.dll
- 2003-04-14 19:29:34 217,088 -c--a-w C:\WINDOWS\system32\dllcache\fpmmcsat.dll
+ 2003-04-14 18:29:34 217,088 -c--a-w C:\WINDOWS\system32\dllcache\fpmmcsat.dll
+ 2001-08-17 18:15:02 442,240 -c--a-w C:\WINDOWS\system32\dllcache\fpnpbase.sys
- 2003-03-24 14:52:04 20,538 -c--a-w C:\WINDOWS\system32\dllcache\fpremadm.exe
+ 2003-03-24 13:52:04 20,538 -c--a-w C:\WINDOWS\system32\dllcache\fpremadm.exe
+ 2004-08-19 16:09:55 193,024 -c--a-w C:\WINDOWS\system32\dllcache\fsquirt.exe
+ 2006-12-13 12:04:13 12,416 -c--a-w C:\WINDOWS\system32\dllcache\fsvga.sys
+ 2002-09-06 19:59:59 126,080 -c--a-w C:\WINDOWS\system32\dllcache\ftdisk.sys
+ 2001-08-17 18:15:22 455,680 -c--a-w C:\WINDOWS\system32\dllcache\fus2base.sys
+ 2001-08-17 18:15:38 455,296 -c--a-w C:\WINDOWS\system32\dllcache\fusbbase.sys
+ 2001-08-23 15:47:04 92,672 -c--a-w C:\WINDOWS\system32\dllcache\fuusd.dll
+ 2001-08-17 18:15:56 454,912 -c--a-w C:\WINDOWS\system32\dllcache\fxusbase.sys
+ 2001-08-23 15:46:44 470,144 -c--a-w C:\WINDOWS\system32\dllcache\g200d.dll
+ 2001-08-23 15:18:04 320,512 -c--a-w C:\WINDOWS\system32\dllcache\g200m.sys
+ 2001-08-23 15:18:06 322,560 -c--a-w C:\WINDOWS\system32\dllcache\g400m.sys
+ 2004-08-03 21:07:44 46,464 -c--a-w C:\WINDOWS\system32\dllcache\gagp30kx.sys
+ 2004-08-03 21:08:22 10,624 -c--a-w C:\WINDOWS\system32\dllcache\gameenum.sys
+ 2004-08-03 21:08:30 59,136 -c--a-w C:\WINDOWS\system32\dllcache\gckernel.sys
+ 2001-08-23 15:18:36 17,664 -c--a-w C:\WINDOWS\system32\dllcache\gpr400.sys
+ 2001-08-23 15:18:40 82,560 -c--a-w C:\WINDOWS\system32\dllcache\grclass.sys
+ 2004-08-19 13:55:22 28,672 -c--a-w C:\WINDOWS\system32\dllcache\grserial.sys
+ 2004-08-19 16:09:27 7,168 -c--a-w C:\WINDOWS\system32\dllcache\hccoin.dll
+ 2001-08-23 15:19:04 908,000 -c--a-w C:\WINDOWS\system32\dllcache\hcf_msft.sys
+ 2006-12-13 12:05:59 20,992 -c--a-w C:\WINDOWS\system32\dllcache\hid.dll
+ 2001-08-17 19:58:00 19,200 -c--a-w C:\WINDOWS\system32\dllcache\hidbatt.sys
+ 2004-08-19 13:55:52 25,856 -c--a-w C:\WINDOWS\system32\dllcache\hidbth.sys
+ 2004-08-03 23:08:19 36,224 -c--a-w C:\WINDOWS\system32\dllcache\hidclass.sys
+ 2001-08-17 20:02:32 8,576 -c--a-w C:\WINDOWS\system32\dllcache\hidgame.sys
+ 2004-08-03 21:08:20 15,104 -c--a-w C:\WINDOWS\system32\dllcache\hidir.sys
+ 2004-08-03 23:08:17 24,960 -c--a-w C:\WINDOWS\system32\dllcache\hidparse.sys
+ 2004-08-19 14:09:28 21,504 -c--a-w C:\WINDOWS\system32\dllcache\hidserv.dll
+ 2001-08-17 20:02:50 2,688 -c--a-w C:\WINDOWS\system32\dllcache\hidswvd.sys
+ 2001-08-17 20:02:20 9,600 -c--a-w C:\WINDOWS\system32\dllcache\hidusb.sys
+ 2001-08-23 15:47:04 119,296 -c--a-w C:\WINDOWS\system32\dllcache\hpdigwia.dll
+ 2001-08-23 15:47:04 83,968 -c--a-w C:\WINDOWS\system32\dllcache\hpgt21.dll
+ 2001-08-23 15:47:04 123,392 -c--a-w C:\WINDOWS\system32\dllcache\hpgt21tk.dll
+ 2001-08-23 15:47:04 89,088 -c--a-w C:\WINDOWS\system32\dllcache\hpgt33.dll
+ 2001-08-23 15:47:04 48,128 -c--a-w C:\WINDOWS\system32\dllcache\hpgt33tk.dll
+ 2001-08-23 15:47:04 101,376 -c--a-w C:\WINDOWS\system32\dllcache\hpgt34.dll
+ 2001-08-23 15:47:04 126,976 -c--a-w C:\WINDOWS\system32\dllcache\hpgt34tk.dll
+ 2001-08-23 15:47:04 93,696 -c--a-w C:\WINDOWS\system32\dllcache\hpgt42.dll
+ 2001-08-23 15:47:04 31,232 -c--a-w C:\WINDOWS\system32\dllcache\hpgt42tk.dll
+ 2001-08-23 15:47:04 165,888 -c--a-w C:\WINDOWS\system32\dllcache\hpgt53.dll
+ 2001-08-23 15:47:04 68,608 -c--a-w C:\WINDOWS\system32\dllcache\hpgt53tk.dll
+ 2001-08-23 15:47:04 32,768 -c--a-w C:\WINDOWS\system32\dllcache\hpgtmcro.dll
+ 2001-08-17 20:07:44 25,952 -c--a-w C:\WINDOWS\system32\dllcache\hpn.sys
+ 2001-08-23 15:47:04 324,608 -c--a-w C:\WINDOWS\system32\dllcache\hpojwia.dll
+ 2001-08-23 15:47:04 13,312 -c--a-w C:\WINDOWS\system32\dllcache\hpsjmcro.dll
+ 2001-08-17 19:52:50 5,760 -c--a-w C:\WINDOWS\system32\dllcache\hpt4qic.sys
+ 2001-08-23 15:47:04 19,456 -c--a-w C:\WINDOWS\system32\dllcache\hr1w.dll
+ 2001-08-17 19:28:04 150,239 -c--a-w C:\WINDOWS\system32\dllcache\hsf_amos.sys
+ 2001-08-17 19:28:04 67,167 -c--a-w C:\WINDOWS\system32\dllcache\hsf_bsc2.sys
+ 2001-08-17 19:28:06 289,887 -c--a-w C:\WINDOWS\system32\dllcache\hsf_fall.sys
+ 2001-08-17 19:28:06 199,711 -c--a-w C:\WINDOWS\system32\dllcache\hsf_faxx.sys
+ 2001-08-17 19:28:06 115,807 -c--a-w C:\WINDOWS\system32\dllcache\hsf_fsks.sys
+ 2001-08-23 15:47:04 9,759 -c--a-w C:\WINDOWS\system32\dllcache\hsf_inst.dll
+ 2001-08-17 19:28:08 391,199 -c--a-w C:\WINDOWS\system32\dllcache\hsf_k56k.sys
+ 2001-08-17 19:28:10 542,879 -c--a-w C:\WINDOWS\system32\dllcache\hsf_msft.sys
+ 2001-08-17 19:28:10 57,471 -c--a-w C:\WINDOWS\system32\dllcache\hsf_samp.sys
+ 2001-08-17 19:28:10 44,863 -c--a-w C:\WINDOWS\system32\dllcache\hsf_soar.sys
+ 2001-08-17 19:28:10 73,279 -c--a-w C:\WINDOWS\system32\dllcache\hsf_spkp.sys
+ 2001-08-17 19:28:12 50,751 -c--a-w C:\WINDOWS\system32\dllcache\hsf_tone.sys
+ 2001-08-17 19:28:12 488,383 -c--a-w C:\WINDOWS\system32\dllcache\hsf_v124.sys
+ 2004-08-03 20:41:48 220,032 -c--a-w C:\WINDOWS\system32\dllcache\hsfbs2s2.sys
+ 2004-08-19 14:09:28 32,285 -c--a-w C:\WINDOWS\system32\dllcache\hsfcisp2.dll
+ 2004-08-03 20:41:50 685,056 -c--a-w C:\WINDOWS\system32\dllcache\hsfcxts2.sys
+ 2004-08-03 20:41:56 1,041,536 -c--a-w C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
+ 2006-12-13 11:52:32 262,656 -c--a-w C:\WINDOWS\system32\dllcache\http.sys
+ 2004-08-03 21:00:52 8,192 -c--a-w C:\WINDOWS\system32\dllcache\i2omgmt.sys
+ 2004-08-03 21:00:52 18,560 -c--a-w C:\WINDOWS\system32\dllcache\i2omp.sys
+ 2001-08-23 15:46:46 353,184 -c--a-w C:\WINDOWS\system32\dllcache\i740dnt5.dll
+ 2001-08-17 18:49:06 58,592 -c--a-w C:\WINDOWS\system32\dllcache\i740nt5.sys
+ 2004-08-19 15:56:39 54,400 -c--a-w C:\WINDOWS\system32\dllcache\i8042prt.sys
+ 2004-08-19 14:09:28 702,845 -c--a-w C:\WINDOWS\system32\dllcache\i81xdnt5.dll
+ 2004-08-03 20:29:38 161,020 -c--a-w C:\WINDOWS\system32\dllcache\i81xnt5.sys
+ 2001-08-17 18:11:58 28,700 -c--a-w C:\WINDOWS\system32\dllcache\ibmexmp.sys
+ 2001-08-23 15:45:26 10,240 -c--a-w C:\WINDOWS\system32\dllcache\ibmsgnet.dll
+ 2001-08-17 18:12:00 100,936 -c--a-w C:\WINDOWS\system32\dllcache\ibmtok.sys
+ 2001-08-17 18:12:02 109,085 -c--a-w C:\WINDOWS\system32\dllcache\ibmtrp.sys
+ 2001-08-17 20:06:46 38,528 -c--a-w C:\WINDOWS\system32\dllcache\ibmvcap.sys
+ 2001-08-17 20:05:44 141,056 -c--a-w C:\WINDOWS\system32\dllcache\icam3.sys
+ 2001-08-23 15:47:04 27,136 -c--a-w C:\WINDOWS\system32\dllcache\icam3ext.dll
+ 2001-08-23 15:47:04 92,160 -c--a-w C:\WINDOWS\system32\dllcache\icam4com.dll
+ 2001-08-23 15:47:04 63,488 -c--a-w C:\WINDOWS\system32\dllcache\icam4ext.dll
+ 2001-08-17 20:06:02 154,496 -c--a-w C:\WINDOWS\system32\dllcache\icam4usb.sys
+ 2001-08-23 15:47:04 45,056 -c--a-w C:\WINDOWS\system32\dllcache\icam5com.dll
+ 2001-08-23 15:47:04 20,992 -c--a-w C:\WINDOWS\system32\dllcache\icam5ext.dll
+ 2001-08-17 20:06:20 100,992 -c--a-w C:\WINDOWS\system32\dllcache\icam5usb.sys
+ 2001-08-23 15:47:04 372,824 -c--a-w C:\WINDOWS\system32\dllcache\iconf32.dll
+ 2004-08-03 23:00:15 41,856 -c--a-w C:\WINDOWS\system32\dllcache\imapi.sys
+ 2001-08-17 19:52:08 16,000 -c--a-w C:\WINDOWS\system32\dllcache\ini910u.sys
+ 2001-08-23 14:57:12 13,824 -c--a-w C:\WINDOWS\system32\dllcache\inport.sys
+ 2004-08-19 13:59:08 5,504 -c--a-w C:\WINDOWS\system32\dllcache\intelide.sys
+ 2004-08-19 15:59:09 40,320 -c--a-w C:\WINDOWS\system32\dllcache\intelppm.sys
+ 2001-08-17 19:50:56 38,784 -c--a-w C:\WINDOWS\system32\dllcache\io8.sys
+ 2001-08-23 15:47:04 90,200 -c--a-w C:\WINDOWS\system32\dllcache\io8ports.dll
+ 2001-08-17 18:12:12 45,632 -c--a-w C:\WINDOWS\system32\dllcache\ip5515.sys
+ 2004-08-03 21:08:34 40,832 -c--a-w C:\WINDOWS\system32\dllcache\irbus.sys
+ 2004-08-03 21:00:54 87,424 -c--a-w C:\WINDOWS\system32\dllcache\irda.sys
+ 2004-08-19 14:09:56 154,112 -c--a-w C:\WINDOWS\system32\dllcache\irftp.exe
+ 2001-08-17 19:49:04 23,552 -c--a-w C:\WINDOWS\system32\dllcache\irmk7.sys
+ 2004-08-19 14:09:32 28,160 -c--a-w C:\WINDOWS\system32\dllcache\irmon.dll
+ 2001-08-17 19:51:32 18,688 -c--a-w C:\WINDOWS\system32\dllcache\irsir.sys
+ 2001-08-17 19:49:10 26,624 -c--a-w C:\WINDOWS\system32\dllcache\irstusb.sys
+ 2001-08-23 15:58:06 36,224 -c--a-w C:\WINDOWS\system32\dllcache\isapnp.sys
+ 2006-12-13 12:05:59 47,616 -c--a-w C:\WINDOWS\system32\dllcache\iyuv_32.dll
+ 2001-08-17 20:55:56 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101b.dll
+ 2001-08-17 20:55:56 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101c.dll
+ 2001-08-17 20:55:56 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbd103.dll
+ 2001-08-17 20:55:56 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd106.dll
+ 2004-08-19 16:00:33 25,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
+ 2004-08-19 14:00:36 14,848 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys
+ 2001-08-23 15:47:06 8,704 -c--a-w C:\WINDOWS\system32\dllcache\kbdjpn.dll
+ 2001-08-23 15:47:06 8,192 -c--a-w C:\WINDOWS\system32\dllcache\kbdkor.dll
+ 2001-08-23 15:47:06 46,080 -c--a-w C:\WINDOWS\system32\dllcache\kdsui.dll
+ 2001-08-23 15:47:06 242,688 -c--a-w C:\WINDOWS\system32\dllcache\kdsusd.dll
+ 2006-06-14 08:50:20 172,416 -c--a-w C:\WINDOWS\system32\dllcache\kmixer.sys
+ 2001-08-23 15:47:06 37,888 -c--a-w C:\WINDOWS\system32\dllcache\kousd.dll
+ 2004-08-03 22:15:22 140,928 -c--a-w C:\WINDOWS\system32\dllcache\ks.sys
+ 2004-08-19 15:09:32 4,096 -c--a-w C:\WINDOWS\system32\dllcache\ksuser.dll
+ 2001-08-17 18:12:14 19,016 -c--a-w C:\WINDOWS\system32\dllcache\ktc111.sys
+ 2001-08-23 14:59:46 26,922 -c--a-w C:\WINDOWS\system32\dllcache\lanepic5.sys
+ 2004-08-03 20:59:34 34,688 -c--a-w C:\WINDOWS\system32\dllcache\lbrtfdc.sys
+ 2001-08-23 15:00:10 16,384 -c--a-w C:\WINDOWS\system32\dllcache\lit220p.sys
+ 2001-08-17 18:11:52 25,065 -c--a-w C:\WINDOWS\system32\dllcache\lmndis3.sys
+ 2001-08-17 18:12:20 20,573 -c--a-w C:\WINDOWS\system32\dllcache\lne100.sys
+ 2001-08-17 18:12:24 70,730 -c--a-w C:\WINDOWS\system32\dllcache\lne100tx.sys
+ 2001-08-17 19:53:42 4,992 -c--a-w C:\WINDOWS\system32\dllcache\loop.sys
+ 2001-08-23 15:00:48 728,554 -c--a-w C:\WINDOWS\system32\dllcache\ltck000c.sys
+ 2004-08-19 14:02:02 607,452 -c--a-w C:\WINDOWS\system32\dllcache\ltmdmnt.sys
+ 2001-08-23 15:00:50 577,514 -c--a-w C:\WINDOWS\system32\dllcache\ltmdmntl.sys
+ 2004-08-19 14:02:06 422,528 -c--a-w C:\WINDOWS\system32\dllcache\ltmdmntt.sys
+ 2004-08-03 21:00:08 7,040 -c--a-w C:\WINDOWS\system32\dllcache\ltotape.sys
+ 2001-08-17 19:28:12 797,500 -c--a-w C:\WINDOWS\system32\dllcache\ltsmt.sys
+ 2004-08-03 20:39:32 20,864 -c--a-w C:\WINDOWS\system32\dllcache\lwadihid.sys
+ 2001-08-17 18:49:20 22,848 -c--a-w C:\WINDOWS\system32\dllcache\lwusbhid.sys
+ 2001-08-23 15:47:06 58,880 -c--a-w C:\WINDOWS\system32\dllcache\m3091dc.dll
+ 2001-08-23 15:47:06 59,392 -c--a-w C:\WINDOWS\system32\dllcache\m3092dc.dll
+ 2001-08-17 18:19:58 48,768 -c--a-w C:\WINDOWS\system32\dllcache\maestro.sys
+ 2001-08-17 19:52:50 7,424 -c--a-w C:\WINDOWS\system32\dllcache\mammoth.sys
+ 2001-08-23 15:02:28 165,066 -c--a-w C:\WINDOWS\system32\dllcache\mdgndis5.sys
+ 2006-12-13 12:04:13 147,968 -c--a-w C:\WINDOWS\system32\dllcache\mdwmdmsp.dll
+ 2001-08-17 19:58:04 8,320 -c--a-w C:\WINDOWS\system32\dllcache\memcard.sys
+ 2001-08-23 15:47:06 47,616 -c--a-w C:\WINDOWS\system32\dllcache\memgrp.dll
+ 2004-08-03 21:00:50 26,112 -c--a-w C:\WINDOWS\system32\dllcache\memstpci.sys
+ 2006-12-13 12:05:59 63,744 -c--a-w C:\WINDOWS\system32\dllcache\mf.sys
+ 2001-08-23 15:46:46 235,648 -c--a-w C:\WINDOWS\system32\dllcache\mgaud.dll
+ 2001-08-23 15:03:46 320,384 -c--a-w C:\WINDOWS\system32\dllcache\mgaum.sys
+ 2001-08-17 19:52:50 6,528 -c--a-w C:\WINDOWS\system32\dllcache\miniqic.sys
+ 2006-12-13 12:05:59 30,336 -c--a-w C:\WINDOWS\system32\dllcache\modem.sys
+ 2001-08-17 19:57:38 16,128 -c--a-w C:\WINDOWS\system32\dllcache\modemcsa.sys
+ 2006-12-13 12:05:59 23,680 -c--a-w C:\WINDOWS\system32\dllcache\mouclass.sys
+ 2001-08-23 15:04:42 12,288 -c--a-w C:\WINDOWS\system32\dllcache\mouhid.sys
+ 2004-08-03 21:10:14 15,360 -c--a-w C:\WINDOWS\system32\dllcache\mpe.sys
+ 2001-08-17 19:52:12 17,280 -c--a-w C:\WINDOWS\system32\dllcache\mraid35x.sys
+ 2006-12-13 11:52:35 454,656 -c--a-w C:\WINDOWS\system32\dllcache\mrxsmb.sys
+ 2004-08-03 21:10:00 51,328 -c--a-w C:\WINDOWS\system32\dllcache\msdv.sys
+ 2001-08-17 19:48:36 6,016 -c--a-w C:\WINDOWS\system32\dllcache\msfsio.sys
+ 2001-08-17 20:02:40 35,200 -c--a-w C:\WINDOWS\system32\dllcache\msgame.sys
+ 2004-08-03 21:00:48 22,016 -c--a-w C:\WINDOWS\system32\dllcache\msircomm.sys
+ 2004-08-03 21:58:42 7,552 -c--a-w C:\WINDOWS\system32\dllcache\mskssrv.sys
+ 2001-08-17 20:00:04 2,944 -c--a-w C:\WINDOWS\system32\dllcache\msmpu401.sys
+ 2004-08-03 21:58:40 5,376 -c--a-w C:\WINDOWS\system32\dllcache\mspclock.sys
+ 2004-08-03 21:58:42 4,992 -c--a-w C:\WINDOWS\system32\dllcache\mspqm.sys
+ 2001-08-17 19:48:50 12,416 -c--a-w C:\WINDOWS\system32\dllcache\msriffwv.sys
+ 2006-12-13 12:05:59 15,488 -c--a-w C:\WINDOWS\system32\dllcache\mssmbios.sys
+ 2004-08-03 21:10:00 49,024 -c--a-w C:\WINDOWS\system32\dllcache\mstape.sys
+ 2004-08-03 20:58:40 5,504 -c--a-w C:\WINDOWS\system32\dllcache\mstee.sys
+ 2006-12-13 12:05:59 17,408 -c--a-w C:\WINDOWS\system32\dllcache\msyuv.dll
+ 2004-08-03 20:41:40 126,686 -c--a-w C:\WINDOWS\system32\dllcache\mtlmnt5.sys
+ 2004-08-03 20:41:38 1,309,184 -c--a-w C:\WINDOWS\system32\dllcache\mtlstrm.sys
+ 2004-08-19 14:09:36 1,737,856 -c--a-w C:\WINDOWS\system32\dllcache\mtxparhd.dll
+ 2004-08-03 20:29:38 452,736 -c--a-w C:\WINDOWS\system32\dllcache\mtxparhm.sys
+ 2001-08-17 18:50:04 103,296 -c--a-w C:\WINDOWS\system32\dllcache\mtxvideo.sys
+ 2004-08-03 21:04:52 12,672 -c--a-w C:\WINDOWS\system32\dllcache\mutohpen.sys
+ 2001-08-23 15:08:58 22,144 -c--a-w C:\WINDOWS\system32\dllcache\mxcard.sys
+ 2001-08-23 15:47:14 19,968 -c--a-w C:\WINDOWS\system32\dllcache\mxicfg.dll
+ 2001-08-17 19:49:32 19,968 -c--a-w C:\WINDOWS\system32\dllcache\mxnic.sys
+ 2001-08-23 15:47:14 7,168 -c--a-w C:\WINDOWS\system32\dllcache\mxport.dll
+ 2001-08-23 15:09:00 76,928 -c--a-w C:\WINDOWS\system32\dllcache\mxport.sys
+ 2001-08-23 15:09:02 53,791 -c--a-w C:\WINDOWS\system32\dllcache\n1000nt5.sys
+ 2001-08-23 15:09:02 131,072 -c--a-w C:\WINDOWS\system32\dllcache\n100325.sys
+ 2001-08-23 15:46:46 35,392 -c--a-w C:\WINDOWS\system32\dllcache\n9i128.dll
+ 2001-08-17 18:50:06 13,664 -c--a-w C:\WINDOWS\system32\dllcache\n9i128.sys
+ 2001-08-23 15:46:46 59,104 -c--a-w C:\WINDOWS\system32\dllcache\n9i128v2.dll
+ 2001-08-17 18:50:08 33,088 -c--a-w C:\WINDOWS\system32\dllcache\n9i128v2.sys
+ 2001-08-17 18:50:10 27,936 -c--a-w C:\WINDOWS\system32\dllcache\n9i3d.sys
+ 2001-08-23 15:46:46 91,488 -c--a-w C:\WINDOWS\system32\dllcache\n9i3disp.dll
+ 2004-08-03 21:10:30 85,376 -c--a-w C:\WINDOWS\system32\dllcache\nabtsfec.sys
+ 2004-08-03 21:10:14 10,880 -c--a-w C:\WINDOWS\system32\dllcache\ndisip.sys
+ 2005-04-19 23:54:04 14,592 -c--a-w C:\WINDOWS\system32\dllcache\ndisuio.sys
+ 2001-08-17 19:49:14 15,872 -c--a-w C:\WINDOWS\system32\dllcache\ne2000.sys
+ 2001-08-23 15:46:46 60,480 -c--a-w C:\WINDOWS\system32\dllcache\neo20xx.dll
+ 2001-08-17 18:50:04 39,264 -c--a-w C:\WINDOWS\system32\dllcache\neo20xx.sys
+ 2001-08-23 15:10:08 66,302 -c--a-w C:\WINDOWS\system32\dllcache\netflx3.sys
+ 2004-08-19 14:03:26 132,695 -c--a-w C:\WINDOWS\system32\dllcache\netwlan5.sys
+ 2001-08-17 18:12:20 32,840 -c--a-w C:\WINDOWS\system32\dllcache\ngrpci.sys
+ 2006-12-13 12:05:59 61,824 -c--a-w C:\WINDOWS\system32\dllcache\nic1394.sys
+ 2006-12-13 12:04:13 12,032 -c--a-w C:\WINDOWS\system32\dllcache\nikedrv.sys
+ 2001-08-17 18:20:08 126,080 -c--a-w C:\WINDOWS\system32\dllcache\nm5a2wdm.sys
+ 2001-08-17 18:20:08 87,040 -c--a-w C:\WINDOWS\system32\dllcache\nm6wdm.sys
+ 2004-08-03 21:00:52 28,672 -c--a-w C:\WINDOWS\system32\dllcache\nscirda.sys
+ 2001-08-17 19:53:02 7,552 -c--a-w C:\WINDOWS\system32\dllcache\nsmmc.sys
+ 2001-08-23 15:11:48 9,472 -c--a-w C:\WINDOWS\system32\dllcache\ntapm.sys
+ 2001-08-17 18:49:04 51,552 -c--a-w C:\WINDOWS\system32\dllcache\ntgrip.sys
+ 2005-09-29 18:28:35 2,138,112 -c--a-w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2005-09-29 18:28:42 2,059,520 -c--a-w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2005-09-29 18:28:57 2,017,792 -c--a-w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2004-08-03 20:41:40 180,360 -c--a-w C:\WINDOWS\system32\dllcache\ntmtlfax.sys
+ 2005-09-29 18:29:05 2,182,272 -c--a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2001-08-23 15:46:46 123,776 -c--a-w C:\WINDOWS\system32\dllcache\nv3.dll
+ 2001-08-17 18:50:18 198,144 -c--a-w C:\WINDOWS\system32\dllcache\nv3.sys
+ 2004-08-03 20:29:56 1,897,408 -c--a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
+ 2005-08-12 23:11:00 61,312 -c--a-w C:\WINDOWS\system32\dllcache\ohci1394.sys
+ 2001-08-17 18:20:16 54,528 -c--a-w C:\WINDOWS\system32\dllcache\opl3sax.sys
+ 2002-09-06 19:59:59 3,456 -c--a-w C:\WINDOWS\system32\dllcache\oprghdlr.sys
+ 2001-08-17 18:12:36 27,209 -c--a-w C:\WINDOWS\system32\dllcache\otc06x5.sys
+ 2001-08-23 15:15:04 44,297 -c--a-w C:\WINDOWS\system32\dllcache\otceth5.sys
+ 2001-08-23 15:15:04 54,954 -c--a-w C:\WINDOWS\system32\dllcache\otcsercb.sys
+ 2001-08-17 20:05:04 25,088 -c--a-w C:\WINDOWS\system32\dllcache\ovca.sys
+ 2001-08-17 20:05:12 48,000 -c--a-w C:\WINDOWS\system32\dllcache\ovcam2.sys
+ 2001-08-17 20:05:16 28,032 -c--a-w C:\WINDOWS\system32\dllcache\ovcd.sys
+ 2001-08-17 20:05:20 31,872 -c--a-w C:\WINDOWS\system32\dllcache\ovce.sys
+ 2001-08-23 15:47:16 116,736 -c--a-w C:\WINDOWS\system32\dllcache\ovcodec2.dll
+ 2001-08-17 20:05:12 351,616 -c--a-w C:\WINDOWS\system32\dllcache\ovcodek2.sys
+ 2001-08-23 15:47:16 20,480 -c--a-w C:\WINDOWS\system32\dllcache\ovcomc.dll
+ 2001-08-23 15:47:42 39,424 -c--a-w C:\WINDOWS\system32\dllcache\ovcoms.exe
+ 2001-08-17 20:05:06 25,216 -c--a-w C:\WINDOWS\system32\dllcache\ovsound2.sys
+ 2001-08-23 15:47:16 44,544 -c--a-w C:\WINDOWS\system32\dllcache\ovui2.dll
+ 2001-08-23 15:47:16 42,496 -c--a-w C:\WINDOWS\system32\dllcache\ovui2rc.dll
+ 2006-12-13 12:05:59 46,720 -c--a-w C:\WINDOWS\system32\dllcache\p3.sys
+ 2006-12-13 12:04:13 157,696 -c--a-w C:\WINDOWS\system32\dllcache\paqsp.dll
+ 2006-12-13 12:05:59 80,384 -c--a-w C:\WINDOWS\system32\dllcache\parport.sys
+ 2001-08-17 18:12:18 30,495 -c--a-w C:\WINDOWS\system32\dllcache\pc100nds.sys
+ 2004-08-03 20:31:24 29,502 -c--a-w C:\WINDOWS\system32\dllcache\pca200e.sys
+ 2004-08-19 14:52:04 68,608 -c--a-w C:\WINDOWS\system32\dllcache\pci.sys
+ 2001-08-23 16:15:46 3,328 -c--a-w C:\WINDOWS\system32\dllcache\pciide.sys
+ 2004-08-03 21:59:42 25,088 -c--a-w C:\WINDOWS\system32\dllcache\pciidex.sys
+ 2004-08-19 14:52:10 120,320 -c--a-w C:\WINDOWS\system32\dllcache\pcmcia.sys
+ 2001-08-17 18:12:18 26,153 -c--a-w C:\WINDOWS\system32\dllcache\pcmlm56.sys
+ 2001-08-17 18:11:22 30,282 -c--a-w C:\WINDOWS\system32\dllcache\pcntn5hl.sys
+ 2001-08-17 18:11:20 29,769 -c--a-w C:\WINDOWS\system32\dllcache\pcntn5m.sys
+ 2001-08-17 18:11:22 35,328 -c--a-w C:\WINDOWS\system32\dllcache\pcntpci5.sys
+ 2001-08-23 15:47:42 86,016 -c--a-w C:\WINDOWS\system32\dllcache\pctspk.exe
+ 2004-08-03 20:06:18 169,984 -c--a-w C:\WINDOWS\system32\dllcache\pcx500.sys
+ 2001-08-17 20:07:40 27,296 -c--a-w C:\WINDOWS\system32\dllcache\perc2.sys
+ 2001-08-17 20:07:42 5,504 -c--a-w C:\WINDOWS\system32\dllcache\perc2hib.sys
+ 2004-08-03 21:06:56 27,904 -c--a-w C:\WINDOWS\system32\dllcache\perm2.sys
+ 2004-08-19 14:08:46 211,712 -c--a-w C:\WINDOWS\system32\dllcache\perm2dll.dll
+ 2004-08-03 21:06:58 28,032 -c--a-w C:\WINDOWS\system32\dllcache\perm3.sys
+ 2004-08-19 14:08:46 259,328 -c--a-w C:\WINDOWS\system32\dllcache\perm3dd.dll
+ 2001-08-23 15:47:16 16,896 -c--a-w C:\WINDOWS\system32\dllcache\philcam1.dll
+ 2001-08-17 20:04:50 75,776 -c--a-w C:\WINDOWS\system32\dllcache\philcam1.sys
+ 2001-08-17 20:04:08 173,696 -c--a-w C:\WINDOWS\system32\dllcache\philcam2.sys
+ 2001-08-17 20:04:04 92,416 -c--a-w C:\WINDOWS\system32\dllcache\phildec.sys
+ 2001-08-17 20:07:20 19,840 -c--a-w C:\WINDOWS\system32\dllcache\philtune.sys
+ 2001-08-23 15:47:16 121,344 -c--a-w C:\WINDOWS\system32\dllcache\phvfwext.dll
+ 2006-12-13 12:05:59 35,328 -c--a-w C:\WINDOWS\system32\dllcache\pid.dll
+ 2006-12-13 12:05:59 15,360 -c--a-w C:\WINDOWS\system32\dllcache\pjlmon.dll
+ 2001-08-17 19:53:04 7,168 -c--a-w C:\WINDOWS\system32\dllcache\pnrmc.sys
+ 2004-03-16 09:58:20 136,960 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys
+ 2001-08-17 19:53:14 7,552 -c--a-w C:\WINDOWS\system32\dllcache\powerfil.sys
+ 2001-08-17 19:53:22 17,792 -c--a-w C:\WINDOWS\system32\dllcache\ppa.sys
+ 2004-08-03 21:00:18 17,664 -c--a-w C:\WINDOWS\system32\dllcache\ppa3.sys
+ 2006-12-13 12:05:59 39,552 -c--a-w C:\WINDOWS\system32\dllcache\processr.sys
+ 2001-08-23 15:17:32 16,512 -c--a-w C:\WINDOWS\system32\dllcache\pscr.sys
+ 2005-03-25 20:43:50 363,520 -c--a-w C:\WINDOWS\system32\dllcache\psisdecd.dll
+ 2001-08-23 15:47:16 35,328 -c--a-w C:\WINDOWS\system32\dllcache\psisload.dll
+ 2001-08-23 15:47:16 5,632 -c--a-w C:\WINDOWS\system32\dllcache\ptpusb.dll
+ 2004-08-19 14:09:40 159,232 -c--a-w C:\WINDOWS\system32\dllcache\ptpusd.dll
+ 2001-08-17 19:28:12 128,286 -c--a-w C:\WINDOWS\system32\dllcache\ptserli.sys
+ 2001-08-17 19:28:14 112,574 -c--a-w C:\WINDOWS\system32\dllcache\ptserlp.sys
+ 2001-08-17 19:28:14 130,942 -c--a-w C:\WINDOWS\system32\dllcache\ptserlv.sys
+ 2004-08-03 21:00:06 6,016 -c--a-w C:\WINDOWS\system32\dllcache\qic157.sys
+ 2001-08-17 19:52:20 40,320 -c--a-w C:\WINDOWS\system32\dllcache\ql1080.sys
+ 2001-08-17 19:52:16 33,152 -c--a-w C:\WINDOWS\system32\dllcache\ql10wnt.sys
+ 2001-08-17 19:52:20 45,312 -c--a-w C:\WINDOWS\system32\dllcache\ql12160.sys
+ 2001-08-17 19:52:16 40,448 -c--a-w C:\WINDOWS\system32\dllcache\ql1240.sys
+ 2001-08-17 19:52:18 49,024 -c--a-w C:\WINDOWS\system32\dllcache\ql1280.sys
+ 2001-08-17 19:53:32 3,328 -c--a-w C:\WINDOWS\system32\dllcache\qv2kux.sys
+ 2001-08-23 15:47:16 41,984 -c--a-w C:\WINDOWS\system32\dllcache\qvusd.dll
+ 2001-08-23 15:18:16 715,530 -c--a-w C:\WINDOWS\system32\dllcache\r2mdmkxx.sys
+ 2001-08-17 19:51:32 19,584 -c--a-w C:\WINDOWS\system32\dllcache\rasirda.sys
+ 2004-08-03 22:01:16 196,864 -c--a-w C:\WINDOWS\system32\dllcache\rdpdr.sys
+ 2004-08-03 20:41:40 13,776 -c--a-w C:\WINDOWS\system32\dllcache\recagent.sys
+ 2004-08-19 15:54:52 58,496 -c--a-w C:\WINDOWS\system32\dllcache\redbook.sys
+ 2001-08-23 15:47:16 86,097 -c--a-w C:\WINDOWS\system32\dllcache\reslog32.dll
+ 2004-08-03 21:10:40 59,648 -c--a-w C:\WINDOWS\system32\dllcache\rfcomm.sys
+ 2006-12-13 12:04:13 12,032 -c--a-w C:\WINDOWS\system32\dllcache\rio8drv.sys
+ 2006-12-13 12:04:13 12,032 -c--a-w C:\WINDOWS\system32\dllcache\riodrv.sys
+ 2001-08-17 18:12:36 37,563 -c--a-w C:\WINDOWS\system32\dllcache\rlnet5.sys
+ 2004-08-03 21:04:32 30,080 -c--a-w C:\WINDOWS\system32\dllcache\rndismpx.sys
+ 2004-08-19 13:55:34 79,360 -c--a-w C:\WINDOWS\system32\dllcache\rocket.sys
+ 2001-08-17 18:19:20 3,840 -c--a-w C:\WINDOWS\system32\dllcache\rpfun.sys
+ 2001-08-23 15:47:16 10,240 -c--a-w C:\WINDOWS\system32\dllcache\rsmgrstr.dll
+ 2001-08-17 18:19:22 30,720 -c--a-w C:\WINDOWS\system32\dllcache\rthwcls.sys
+ 2001-08-17 18:12:40 19,017 -c--a-w C:\WINDOWS\system32\dllcache\rtl8029.sys
+ 2004-08-03 20:31:34 20,992 -c--a-w C:\WINDOWS\system32\dllcache\rtl8139.sys
+ 2001-08-23 15:47:16 25,088 -c--a-w C:\WINDOWS\system32\dllcache\rw430ext.dll
+ 2001-08-23 15:47:16 26,624 -c--a-w C:\WINDOWS\system32\dllcache\rw450ext.dll
+ 2001-08-23 15:47:16 81,408 -c--a-w C:\WINDOWS\system32\dllcache\rwia430.dll
+ 2001-08-23 15:47:16 83,968 -c--a-w C:\WINDOWS\system32\dllcache\rwia450.dll
+ 2004-08-19 14:09:40 397,056 -c--a-w C:\WINDOWS\system32\dllcache\s3gnb.dll
+ 2004-08-03 20:29:52 166,912 -c--a-w C:\WINDOWS\system32\dllcache\s3gnbm.sys
+ 2001-08-23 15:46:46 66,048 -c--a-w C:\WINDOWS\system32\dllcache\s3legacy.dll
+ 2001-08-17 19:57:46 65,664 -c--a-w C:\WINDOWS\system32\dllcache\s3legacy.sys
+ 2001-08-17 18:50:34 166,720 -c--a-w C:\WINDOWS\system32\dllcache\s3m.sys
+ 2001-08-23 15:46:46 182,272 -c--a-w C:\WINDOWS\system32\dllcache\s3mt3d.dll
+ 2001-08-17 18:50:40 41,216 -c--a-w C:\WINDOWS\system32\dllcache\s3mt3d.sys
+ 2001-08-23 15:46:46 62,496 -c--a-w C:\WINDOWS\system32\dllcache\s3mtrio.dll
+ 2001-08-23 15:46:46 210,496 -c--a-w C:\WINDOWS\system32\dllcache\s3mvirge.dll
+ 2001-08-23 15:46:48 179,264 -c--a-w C:\WINDOWS\system32\dllcache\s3sav3d.dll
+ 2001-08-17 18:50:22 61,504 -c--a-w C:\WINDOWS\system32\dllcache\s3sav3dm.sys
+ 2001-08-23 15:46:48 198,400 -c--a-w C:\WINDOWS\system32\dllcache\s3sav4.dll
+ 2001-08-17 18:50:28 77,824 -c--a-w C:\WINDOWS\system32\dllcache\s3sav4m.sys
+ 2001-08-23 15:46:48 245,632 -c--a-w C:\WINDOWS\system32\dllcache\s3savmx.dll
+ 2001-08-17 18:50:34 75,392 -c--a-w C:\WINDOWS\system32\dllcache\s3savmxm.sys
+ 2004-08-03 20:59:58 43,136 -c--a-w C:\WINDOWS\system32\dllcache\sbp2port.sys
+ 2001-08-23 15:20:20 24,064 -c--a-w C:\WINDOWS\system32\dllcache\sccmn50m.sys
+ 2001-08-17 19:51:14 23,936 -c--a-w C:\WINDOWS\system32\dllcache\sccmusbm.sys
+ 2001-08-23 15:20:30 16,768 -c--a-w C:\WINDOWS\system32\dllcache\scmstcs.sys
+ 2001-08-23 15:20:32 17,536 -c--a-w C:\WINDOWS\system32\dllcache\scr111.sys
+ 2004-08-03 22:59:41 96,256 -c--a-w C:\WINDOWS\system32\dllcache\scsiport.sys
+ 2001-08-17 19:52:34 11,648 -c--a-w C:\WINDOWS\system32\dllcache\scsiprnt.sys
+ 2001-08-17 19:53:26 10,880 -c--a-w C:\WINDOWS\system32\dllcache\scsiscan.sys
+ 2004-08-03 23:07:47 67,584 -c--a-w C:\WINDOWS\system32\dllcache\sdbus.sys
+ 2004-08-19 16:09:40 29,184 -c--a-w C:\WINDOWS\system32\dllcache\sdhcinst.dll
+ 2001-08-17 19:53:10 6,912 -c--a-w C:\WINDOWS\system32\dllcache\seaddsmc.sys
+ 2004-08-03 22:59:07 15,488 -c--a-w C:\WINDOWS\system32\dllcache\serenum.sys
+ 2004-08-19 15:56:39 66,560 -c--a-w C:\WINDOWS\system32\dllcache\serial.sys
+ 2001-08-23 15:20:50 18,432 -c--a-w C:\WINDOWS\system32\dllcache\sermouse.sys
+ 2001-08-23 15:20:50 6,912 -c--a-w C:\WINDOWS\system32\dllcache\serscan.sys
+ 2004-08-03 22:59:55 11,136 -c--a-w C:\WINDOWS\system32\dllcache\sffdisk.sys
+ 2004-08-03 22:59:55 10,240 -c--a-w C:\WINDOWS\system32\dllcache\sffp_sd.sys
+ 2004-08-03 22:59:55 11,392 -c--a-w C:\WINDOWS\system32\dllcache\sfloppy.sys
+ 2001-08-17 18:19:34 36,480 -c--a-w C:\WINDOWS\system32\dllcache\sfmanm.sys
+ 2001-08-23 15:46:48 386,560 -c--a-w C:\WINDOWS\system32\dllcache\sgiul50.dll
+ 2001-08-17 18:51:04 98,080 -c--a-w C:\WINDOWS\system32\dllcache\sgiulnt5.sys
+ 2001-07-21 20:29:20 18,400 -c--a-w C:\WINDOWS\system32\dllcache\sgsmld.sys
+ 2001-08-23 15:21:04 161,664 -c--a-w C:\WINDOWS\system32\dllcache\sgsmusb.sys
- 2003-03-24 14:52:04 20,536 -c--a-w C:\WINDOWS\system32\dllcache\shtml.dll
+ 2003-03-24 13:52:04 20,536 -c--a-w C:\WINDOWS\system32\dllcache\shtml.dll
- 2003-03-24 14:52:04 16,437 -c--a-w C:\WINDOWS\system32\dllcache\shtml.exe
+ 2003-03-24 13:52:04 16,437 -c--a-w C:\WINDOWS\system32\dllcache\shtml.exe
+ 2004-08-19 14:09:42 3,901 -c--a-w C:\WINDOWS\system32\dllcache\siint5.dll
+ 2001-08-17 18:50:46 101,760 -c--a-w C:\WINDOWS\system32\dllcache\sis300ip.sys
+ 2001-08-23 15:46:48 252,032 -c--a-w C:\WINDOWS\system32\dllcache\sis300iv.dll
+ 2001-08-17 18:50:56 68,608 -c--a-w C:\WINDOWS\system32\dllcache\sis6306p.sys
+ 2001-08-23 15:46:48 150,144 -c--a-w C:\WINDOWS\system32\dllcache\sis6306v.dll
+ 2004-08-03 21:07:44 41,088 -c--a-w C:\WINDOWS\system32\dllcache\sisagp.sys
+ 2001-08-17 18:50:48 104,064 -c--a-w C:\WINDOWS\system32\dllcache\sisgrp.sys
+ 2001-08-23 15:47:18 238,592 -c--a-w C:\WINDOWS\system32\dllcache\sisgrv.dll
+ 2004-08-03 20:31:36 32,768 -c--a-w C:\WINDOWS\system32\dllcache\sisnic.sys
+ 2001-08-17 18:50:56 50,432 -c--a-w C:\WINDOWS\system32\dllcache\sisv.sys
+ 2001-08-23 15:46:48 157,696 -c--a-w C:\WINDOWS\system32\dllcache\sisv256.dll
+ 2001-08-23 15:21:34 95,114 -c--a-w C:\WINDOWS\system32\dllcache\sk98xwin.sys
+ 2001-08-17 18:12:52 91,294 -c--a-w C:\WINDOWS\system32\dllcache\skfpwin.sys
+ 2004-08-03 20:31:42 63,547 -c--a-w C:\WINDOWS\system32\dllcache\sla30nd5.sys
+ 2004-08-19 14:09:42 73,832 -c--a-w C:\WINDOWS\system32\dllcache\slcoinst.dll
+ 2004-08-19 14:09:42 286,792 -c--a-w C:\WINDOWS\system32\dllcache\slextspk.dll
+ 2004-08-19 14:09:42 188,508 -c--a-w C:\WINDOWS\system32\dllcache\slgen.dll
+ 2004-08-03 21:10:18 11,136 -c--a-w C:\WINDOWS\system32\dllcache\slip.sys
+ 2004-08-03 20:41:42 129,535 -c--a-w C:\WINDOWS\system32\dllcache\slnt7554.sys
+ 2004-08-03 20:41:46 95,424 -c--a-w C:\WINDOWS\system32\dllcache\slnthal.sys
+ 2004-08-19 14:10:04 32,866 -c--a-w C:\WINDOWS\system32\dllcache\slrundll.exe
+ 2004-08-19 14:10:04 73,796 -c--a-w C:\WINDOWS\system32\dllcache\slserv.exe
+ 2004-08-03 20:41:46 13,240 -c--a-w C:\WINDOWS\system32\dllcache\slwdmsup.sys
+ 2001-08-23 15:47:18 28,160 -c--a-w C:\WINDOWS\system32\dllcache\sm91w.dll
+ 2001-08-23 15:47:18 28,672 -c--a-w C:\WINDOWS\system32\dllcache\sma0w.dll
+ 2001-08-23 15:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\smb0w.dll
+ 2001-08-23 15:47:18 45,568 -c--a-w C:\WINDOWS\system32\dllcache\smb3w.dll
+ 2004-08-03 21:07:38 6,016 -c--a-w C:\WINDOWS\system32\dllcache\smbali.sys
+ 2004-08-03 21:07:36 16,128 -c--a-w C:\WINDOWS\system32\dllcache\smbbatt.sys
+ 2004-08-03 21:07:36 6,912 -c--a-w C:\WINDOWS\system32\dllcache\smbclass.sys
+ 2001-08-17 19:57:56 6,784 -c--a-w C:\WINDOWS\system32\dllcache\smbhc.sys
+ 2001-08-17 18:12:46 24,576 -c--a-w C:\WINDOWS\system32\dllcache\smc8000n.sys
+ 2001-08-23 15:21:42 36,937 -c--a-w C:\WINDOWS\system32\dllcache\smcirda.sys
+ 2001-08-17 18:12:48 25,034 -c--a-w C:\WINDOWS\system32\dllcache\smcpwr2n.sys
+ 2001-08-23 15:46:48 147,200 -c--a-w C:\WINDOWS\system32\dllcache\smidispb.dll
+ 2001-08-17 18:51:00 58,368 -c--a-w C:\WINDOWS\system32\dllcache\smiminib.sys
+ 2001-08-17 19:53:14 7,040 -c--a-w C:\WINDOWS\system32\dllcache\snyaitmc.sys
+ 2004-08-03 21:00:06 7,552 -c--a-w C:\WINDOWS\system32\dllcache\sonyait.sys
+ 2006-12-13 12:05:59 25,472 -c--a-w C:\WINDOWS\system32\dllcache\sonydcam.sys
+ 2001-08-17 19:53:04 9,600 -c--a-w C:\WINDOWS\system32\dllcache\sonymc.sys
+ 2001-08-17 18:51:20 20,752 -c--a-w C:\WINDOWS\system32\dllcache\sonync.sys
+ 2001-08-23 15:47:18 114,688 -c--a-w C:\WINDOWS\system32\dllcache\sonypi.dll
+ 2001-08-17 18:51:22 37,040 -c--a-w C:\WINDOWS\system32\dllcache\sonypi.sys
+ 2001-08-17 19:56:16 7,552 -c--a-w C:\WINDOWS\system32\dllcache\sonypvu1.sys
+ 2001-08-17 20:07:44 19,072 -c--a-w C:\WINDOWS\system32\dllcache\sparrow.sys
+ 2001-08-23 15:47:18 106,584 -c--a-w C:\WINDOWS\system32\dllcache\spdports.dll
+ 2001-08-17 19:51:00 61,824 -c--a-w C:\WINDOWS\system32\dllcache\speed.sys
+ 2006-06-14 08:50:20 6,272 -c--a-w C:\WINDOWS\system32\dllcache\splitter.sys
+ 2006-12-13 12:04:13 69,632 -c--a-w C:\WINDOWS\system32\dllcache\spnike.dll
+ 2006-12-13 12:04:13 70,656 -c--a-w C:\WINDOWS\system32\dllcache\sprio600.dll
+ 2006-12-13 12:04:13 72,192 -c--a-w C:\WINDOWS\system32\dllcache\sprio800.dll
+ 2001-08-23 15:47:18 24,660 -c--a-w C:\WINDOWS\system32\dllcache\spxupchk.dll
+ 2001-08-23 15:47:20 99,840 -c--a-w C:\WINDOWS\system32\dllcache\srusd.dll
+ 2001-08-17 18:11:08 48,736 -c--a-w C:\WINDOWS\system32\dllcache\srwlnd5.sys
+ 2001-08-23 14:57:46 17,024 -c--a-w C:\WINDOWS\system32\dllcache\stcusb.sys
+ 2001-08-23 14:57:58 286,848 -c--a-w C:\WINDOWS\system32\dllcache\stlnata.sys
+ 2001-08-23 15:47:20 53,248 -c--a-w C:\WINDOWS\system32\dllcache\stlncoin.dll
+ 2001-08-23 15:47:20 155,648 -c--a-w C:\WINDOWS\system32\dllcache\stlnprop.dll
+ 2004-08-19 16:09:46 76,800 -c--a-w C:\WINDOWS\system32\dllcache\storprop.dll
+ 2004-08-03 22:08:04 48,640 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys
+ 2006-12-13 12:04:13 8,192 -c--a-w C:\WINDOWS\system32\dllcache\streamci.dll
+ 2004-08-03 21:10:14 15,360 -c--a-w C:\WINDOWS\system32\dllcache\streamip.sys
+ 2001-08-23 15:47:20 41,472 -c--a-w C:\WINDOWS\system32\dllcache\sw_effct.dll
+ 2001-08-23 15:47:20 53,760 -c--a-w C:\WINDOWS\system32\dllcache\sw_wheel.dll
+ 2006-12-13 12:05:59 4,352 -c--a-w C:\WINDOWS\system32\dllcache\swenum.sys
+ 2001-08-17 21:00:52 54,272 -c--a-w C:\WINDOWS\system32\dllcache\swmidi.sys
+ 2001-08-23 15:47:20 10,240 -c--a-w C:\WINDOWS\system32\dllcache\swpdflt2.dll
+ 2001-08-23 15:47:20 10,240 -c--a-w C:\WINDOWS\system32\dllcache\swpidflt.dll
+ 2001-08-17 20:02:56 3,968 -c--a-w C:\WINDOWS\system32\dllcache\swusbflt.sys
+ 2001-08-17 19:50:58 103,936 -c--a-w C:\WINDOWS\system32\dllcache\sx.sys
+ 2001-08-23 15:47:20 94,293 -c--a-w C:\WINDOWS\system32\dllcache\sxports.dll
+ 2001-08-17 20:07:40 28,384 -c--a-w C:\WINDOWS\system32\dllcache\sym_hi.sys
+ 2001-08-17 20:07:42 30,688 -c--a-w C:\WINDOWS\system32\dllcache\sym_u3.sys
+ 2001-08-17 20:07:34 16,256 -c--a-w C:\WINDOWS\system32\dllcache\symc810.sys
+ 2001-08-17 20:07:36 32,640 -c--a-w C:\WINDOWS\system32\dllcache\symc8xx.sys
+ 2004-08-03 22:15:56 60,800 -c--a-w C:\WINDOWS\system32\dllcache\sysaudio.sys
+ 2001-08-23 15:46:48 172,768 -c--a-w C:\WINDOWS\system32\dllcache\t2r4disp.dll
+ 2001-08-17 18:50:12 36,640 -c--a-w C:\WINDOWS\system32\dllcache\t2r4mini.sys
+ 2001-08-17 19:52:54 7,040 -c--a-w C:\WINDOWS\system32\dllcache\tandqic.sys
+ 2001-08-17 19:49:46 30,464 -c--a-w C:\WINDOWS\system32\dllcache\tbatm155.sys
- 2003-03-24 14:52:04 32,827 -c--a-w C:\WINDOWS\system32\dllcache\tcptest.exe
+ 2003-03-24 13:52:04 32,827 -c--a-w C:\WINDOWS\system32\dllcache\tcptest.exe
- 2003-04-14 19:29:34 16,384 -c--a-w C:\WINDOWS\system32\dllcache\tcptsat.dll
+ 2003-04-14 18:29:34 16,384 -c--a-w C:\WINDOWS\system32\dllcache\tcptsat.dll
+ 2001-08-17 18:13:00 37,961 -c--a-w C:\WINDOWS\system32\dllcache\tdk100b.sys
+ 2001-08-17 18:13:00 17,129 -c--a-w C:\WINDOWS\system32\dllcache\tdkcd31.sys
+ 2004-08-19 15:10:18 40,840 -c--a-w C:\WINDOWS\system32\dllcache\termdd.sys
+ 2004-08-03 21:00:06 149,376 -c--a-w C:\WINDOWS\system32\dllcache\tffsport.sys
+ 2001-08-23 15:46:48 81,408 -c--a-w C:\WINDOWS\system32\dllcache\tgiul50.dll
+ 2001-08-17 18:51:10 138,528 -c--a-w C:\WINDOWS\system32\dllcache\tgiulnt5.sys
+ 2001-08-17 18:14:26 123,995 -c--a-w C:\WINDOWS\system32\dllcache\tjisdn.sys
+ 2001-08-17 18:10:26 28,232 -c--a-w C:\WINDOWS\system32\dllcache\tos4mo.sys
+ 2006-12-13 12:04:13 51,712 -c--a-w C:\WINDOWS\system32\dllcache\tosdvd.sys
+ 2001-08-17 20:01:52 241,664 -c--a-w C:\WINDOWS\system32\dllcache\tosdvd02.sys
+ 2001-08-17 20:02:00 230,912 -c--a-w C:\WINDOWS\system32\dllcache\tosdvd03.sys
+ 2001-08-23 15:00:46 4,992 -c--a-w C:\WINDOWS\system32\dllcache\toside.sys
+ 2001-08-23 15:47:20 31,744 -c--a-w C:\WINDOWS\system32\dllcache\tp4.dll
+ 2004-08-19 14:10:04 82,432 -c--a-w C:\WINDOWS\system32\dllcache\tp4mon.exe
+ 2001-08-23 15:46:22 43,520 -c--a-w C:\WINDOWS\system32\dllcache\tp4res.dll
+ 2001-08-17 18:12:12 34,375 -c--a-w C:\WINDOWS\system32\dllcache\tpro4.sys
+ 2001-08-23 15:46:48 315,520 -c--a-w C:\WINDOWS\system32\dllcache\trid3d.dll
+ 2001-08-17 18:51:16 222,336 -c--a-w C:\WINDOWS\system32\dllcache\trid3dm.sys
+ 2001-08-23 15:46:48 440,576 -c--a-w C:\WINDOWS\system32\dllcache\tridkb.dll
+ 2001-08-17 18:51:16 159,232 -c--a-w C:\WINDOWS\system32\dllcache\tridkbm.sys
+ 2001-08-23 15:47:20 525,568 -c--a-w C:\WINDOWS\system32\dllcache\tridxp.dll
+ 2001-08-17 18:51:22 166,784 -c--a-w C:\WINDOWS\system32\dllcache\tridxpm.sys
+ 2006-12-13 12:04:13 21,376 -c--a-w C:\WINDOWS\system32\dllcache\tsbvcap.sys
+ 2006-12-13 12:04:13 8,192 -c--a-w C:\WINDOWS\system32\dllcache\tsbyuv.dll
+ 2006-12-13 12:05:59 12,416 -c--a-w C:\WINDOWS\system32\dllcache\tunmp.sys
+ 2001-08-17 19:48:14 11,520 -c--a-w C:\WINDOWS\system32\dllcache\twotrack.sys
+ 2004-08-03 21:07:44 44,672 -c--a-w C:\WINDOWS\system32\dllcache\uagp35.sys
+ 2001-08-17 19:52:22 36,736 -c--a-w C:\WINDOWS\system32\dllcache\ultra.sys
+ 2001-08-23 15:47:20 216,576 -c--a-w C:\WINDOWS\system32\dllcache\um34scan.dll
+ 2001-08-23 15:47:20 212,480 -c--a-w C:\WINDOWS\system32\dllcache\um54scan.dll
+ 2001-08-23 15:47:20 47,616 -c--a-w C:\WINDOWS\system32\dllcache\umaxcam.dll
+ 2001-08-23 15:47:20 50,688 -c--a-w C:\WINDOWS\system32\dllcache\umaxp60.dll
+ 2001-08-17 19:58:12 22,912 -c--a-w C:\WINDOWS\system32\dllcache\umaxpcls.sys
+ 2001-08-23 15:47:20 50,688 -c--a-w C:\WINDOWS\system32\dllcache\umaxscan.dll
+ 2001-08-23 15:47:20 70,144 -c--a-w C:\WINDOWS\system32\dllcache\umaxu12.dll
+ 2001-08-23 15:47:20 27,136 -c--a-w C:\WINDOWS\system32\dllcache\umaxu22.dll
+ 2001-08-23 15:47:20 28,672 -c--a-w C:\WINDOWS\system32\dllcache\umaxu40.dll
+ 2001-08-23 15:47:20 94,720 -c--a-w C:\WINDOWS\system32\dllcache\umaxud32.dll
+ 2004-08-19 13:58:16 32,384 -c--a-w C:\WINDOWS\system32\dllcache\usb101et.sys
+ 2004-08-03 21:04:34 12,672 -c--a-w C:\WINDOWS\system32\dllcache\usb8023x.sys
+ 2004-08-03 21:07:56 59,264 -c--a-w C:\WINDOWS\system32\dllcache\usbaudio.sys
+ 2006-12-13 12:04:13 23,808 -c--a-w C:\WINDOWS\system32\dllcache\usbcamd.sys
+ 2006-12-13 12:04:13 23,936 -c--a-w C:\WINDOWS\system32\dllcache\usbcamd2.sys
+ 2004-08-03 22:08:48 31,616 -c--a-w C:\WINDOWS\system32\dllcache\usbccgp.sys
+ 2002-09-06 19:59:59 4,736 -c--a-w C:\WINDOWS\system32\dllcache\usbd.sys
+ 2004-08-03 22:08:38 26,624 -c--a-w C:\WINDOWS\system32\dllcache\usbehci.sys
+ 2004-08-03 22:08:44 57,600 -c--a-w C:\WINDOWS\system32\dllcache\usbhub.sys
+ 2006-12-13 12:05:59 16,000 -c--a-w C:\WINDOWS\system32\dllcache\usbintel.sys
+ 2004-08-03 21:08:38 17,024 -c--a-w C:\WINDOWS\system32\dllcache\usbohci.sys
+ 2004-08-03 22:08:44 142,976 -c--a-w C:\WINDOWS\system32\dllcache\usbport.sys
+ 2004-08-03 22:01:26 25,856 -c--a-w C:\WINDOWS\system32\dllcache\usbprint.sys
+ 2004-08-03 21:58:46 15,104 -c--a-w C:\WINDOWS\system32\dllcache\usbscan.sys
+ 2004-08-03 21:08:44 25,600 -c--a-w C:\WINDOWS\system32\dllcache\usbser.sys
+ 2004-08-03 22:08:48 26,496 -c--a-w C:\WINDOWS\system32\dllcache\usbstor.sys
+ 2004-08-03 22:08:38 20,480 -c--a-w C:\WINDOWS\system32\dllcache\usbuhci.sys
+ 2004-08-19 15:09:48 77,312 -c--a-w C:\WINDOWS\system32\dllcache\usbui.dll
+ 2005-07-29 23:01:14 121,856 -c--a-w C:\WINDOWS\system32\dllcache\usbvideo.sys
+ 2001-08-17 19:28:16 793,598 -c--a-w C:\WINDOWS\system32\dllcache\usr1806.sys
+ 2001-08-17 19:28:18 794,399 -c--a-w C:\WINDOWS\system32\dllcache\usr1806v.sys
+ 2001-08-17 19:28:24 224,802 -c--a-w C:\WINDOWS\system32\dllcache\usr1807a.sys
+ 2006-12-13 12:04:13 61,500 -c--a-w C:\WINDOWS\system32\dllcache\usrcntra.dll
+ 2006-12-13 12:04:13 69,699 -c--a-w C:\WINDOWS\system32\dllcache\usrcoina.dll
+ 2006-12-13 12:04:13 77,890 -c--a-w C:\WINDOWS\system32\dllcache\usrdpa.dll
+ 2006-12-13 12:04:13 323,641 -c--a-w C:\WINDOWS\system32\dllcache\usrdtea.dll
+ 2006-12-13 12:04:13 86,073 -c--a-w C:\WINDOWS\system32\dllcache\usrfaxa.dll
+ 2006-12-13 12:04:13 53,305 -c--a-w C:\WINDOWS\system32\dllcache\usrlbva.dll
+ 2006-12-13 12:04:13 77,891 -c--a-w C:\WINDOWS\system32\dllcache\usrmlnka.exe
+ 2001-08-17 19:28:24 7,556 -c--a-w C:\WINDOWS\system32\dllcache\usroslba.sys
+ 2001-08-17 19:28:26 113,762 -c--a-w C:\WINDOWS\system32\dllcache\usrpda.sys
+ 2006-12-13 12:04:13 61,508 -c--a-w C:\WINDOWS\system32\dllcache\usrprbda.exe
+ 2006-12-13 12:04:13 77,883 -c--a-w C:\WINDOWS\system32\dllcache\usrrtosa.dll
+ 2006-12-13 12:04:13 49,211 -c--a-w C:\WINDOWS\system32\dllcache\usrsdpia.dll
+ 2006-12-13 12:04:13 69,700 -c--a-w C:\WINDOWS\system32\dllcache\usrshuta.exe
+ 2006-12-13 12:04:13 41,019 -c--a-w C:\WINDOWS\system32\dllcache\usrsvpia.dll
+ 2001-08-17 19:28:14 765,884 -c--a-w C:\WINDOWS\system32\dllcache\usrti.sys
+ 2006-12-13 12:04:13 102,457 -c--a-w C:\WINDOWS\system32\dllcache\usrv42a.dll
+ 2006-12-13 12:04:13 49,209 -c--a-w C:\WINDOWS\system32\dllcache\usrv80a.dll
+ 2006-12-13 12:04:13 45,116 -c--a-w C:\WINDOWS\system32\dllcache\usrvoica.dll
+ 2006-12-13 12:04:13 49,211 -c--a-w C:\WINDOWS\system32\dllcache\usrvpa.dll
+ 2001-08-17 19:28:26 687,999 -c--a-w C:\WINDOWS\system32\dllcache\usrwdxjs.sys
+ 2004-08-19 14:09:48 11,325 -c--a-w C:\WINDOWS\system32\dllcache\vchnt5.dll
+ 2006-12-13 12:04:13 58,112 -c--a-w C:\WINDOWS\system32\dllcache\vdmindvd.sys
+ 2004-08-19 14:09:48 54,784 -c--a-w C:\WINDOWS\system32\dllcache\vfwwdm32.dll
+ 2004-08-03 21:07:44 42,240 -c--a-w C:\WINDOWS\system32\dllcache\viaagp.sys
+ 2004-08-03 20:59:44 5,376 -c--a-w C:\WINDOWS\system32\dllcache\viaide.sys
+ 2001-08-17 19:49:04 24,576 -c--a-w C:\WINDOWS\system32\dllcache\viairda.sys
+ 2001-08-17 18:14:12 249,402 -c--a-w C:\WINDOWS\system32\dllcache\vinwm.sys
+ 2001-08-17 19:28:14 604,253 -c--a-w C:\WINDOWS\system32\dllcache\vmodem.sys
+ 2001-08-17 19:28:16 397,502 -c--a-w C:\WINDOWS\system32\dllcache\vpctcom.sys
+ 2001-08-17 19:28:16 64,605 -c--a-w C:\WINDOWS\system32\dllcache\vvoice.sys
+ 2001-08-17 18:13:08 19,528 -c--a-w C:\WINDOWS\system32\dllcache\w840nd.sys
+ 2001-08-17 18:13:08 19,016 -c--a-w C:\WINDOWS\system32\dllcache\w926nd.sys
+ 2001-08-17 18:13:12 16,925 -c--a-w C:\WINDOWS\system32\dllcache\w940nd.sys
+ 2004-08-03 21:04:54 13,568 -c--a-w C:\WINDOWS\system32\dllcache\wacompen.sys
+ 2004-08-03 20:29:38 12,415 -c--a-w C:\WINDOWS\system32\dllcache\wadv01nt.sys
+ 2004-08-03 20:29:38 12,127 -c--a-w C:\WINDOWS\system32\dllcache\wadv02nt.sys
+ 2004-08-03 20:29:38 11,775 -c--a-w C:\WINDOWS\system32\dllcache\wadv05nt.sys
+ 2004-08-03 20:29:40 11,807 -c--a-w C:\WINDOWS\system32\dllcache\wadv07nt.sys
+ 2004-08-03 20:29:40 11,295 -c--a-w C:\WINDOWS\system32\dllcache\wadv08nt.sys
+ 2004-08-03 20:29:42 11,871 -c--a-w C:\WINDOWS\system32\dllcache\wadv09nt.sys
+ 2004-08-03 20:29:42 11,935 -c--a-w C:\WINDOWS\system32\dllcache\wadv11nt.sys
+ 2004-08-03 20:29:42 29,311 -c--a-w C:\WINDOWS\system32\dllcache\watv01nt.sys
+ 2004-08-03 20:29:44 19,551 -c--a-w C:\WINDOWS\system32\dllcache\watv02nt.sys
+ 2004-08-03 20:29:44 33,599 -c--a-w C:\WINDOWS\system32\dllcache\watv04nt.sys
+ 2004-08-03 20:29:46 22,271 -c--a-w C:\WINDOWS\system32\dllcache\watv06nt.sys
+ 2004-08-03 20:29:46 25,471 -c--a-w C:\WINDOWS\system32\dllcache\watv10nt.sys
+ 2001-08-17 18:10:30 35,871 -c--a-w C:\WINDOWS\system32\dllcache\wbfirdma.sys
+ 2004-08-19 14:00:04 32,128 -c--a-w C:\WINDOWS\system32\dllcache\wceusbsh.sys
+ 2004-08-03 20:29:46 23,615 -c--a-w C:\WINDOWS\system32\dllcache\wch7xxnt.sys
+ 2001-08-17 19:28:02 701,386 -c--a-w C:\WINDOWS\system32\dllcache\wdhaalba.sys
+ 2004-08-19 15:10:10 23,552 -c--a-w C:\WINDOWS\system32\dllcache\wdmaud.drv
+ 2006-06-14 09:17:04 82,944 -c--a-w C:\WINDOWS\system32\dllcache\wdmaud.sys
+ 2001-08-23 15:47:22 87,040 -c--a-w C:\WINDOWS\system32\dllcache\wiafbdrv.dll
+ 2001-08-23 15:47:22 54,272 -c--a-w C:\WINDOWS\system32\dllcache\wiamsmud.dll
+ 2001-08-23 15:05:46 35,402 -c--a-w C:\WINDOWS\system32\dllcache\wlandrv2.sys
+ 2004-08-03 20:31:28 154,624 -c--a-w C:\WINDOWS\system32\dllcache\wlluc48.sys
+ 2004-08-03 23:07:42 8,832 -c--a-w C:\WINDOWS\system32\dllcache\wmiacpi.sys
+ 2006-12-13 12:04:13 3,200 -c--a-w C:\WINDOWS\system32\dllcache\wowfax.dll
+ 2006-12-13 12:04:13 14,336 -c--a-w C:\WINDOWS\system32\dllcache\wowfaxui.dll
+ 2004-08-19 16:09:49 108,032 -c--a-w C:\WINDOWS\system32\dllcache\wshbth.dll
+ 2004-08-19 14:09:50 8,192 -c--a-w C:\WINDOWS\system32\dllcache\wshirda.dll
+ 2004-08-03 20:29:48 12,063 -c--a-w C:\WINDOWS\system32\dllcache\wsiintxx.sys
+ 2004-08-03 21:10:22 19,328 -c--a-w C:\WINDOWS\system32\dllcache\wstcodec.sys
- 2006-10-29 18:28:54 467,416 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2007-07-30 18:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2006-10-29 18:28:54 125,912 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-30 18:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2006-10-29 18:28:52 1,353,688 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-30 18:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2006-10-29 18:28:54 128,984 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2007-07-30 18:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2004-08-19 16:09:49 36,864 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-30 18:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2006-10-29 18:28:52 174,040 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-30 18:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2004-08-03 20:29:50 19,455 -c--a-w C:\WINDOWS\system32\dllcache\wvchntxx.sys
+ 2005-04-20 19:31:04 52,736 -c--a-w C:\WINDOWS\system32\dllcache\wzcsapi.dll
+ 2005-04-20 19:31:04 474,624 -c--a-w C:\WINDOWS\system32\dllcache\wzcsvc.dll
+ 2001-08-17 18:11:14 16,970 -c--a-w C:\WINDOWS\system32\dllcache\xem336n5.sys
+ 2001-08-23 15:47:50 99,865 -c--a-w C:\WINDOWS\system32\dllcache\xlog.exe
+ 2001-08-23 15:47:50 4,608 -c--a-w C:\WINDOWS\system32\dllcache\xrxflnch.exe
+ 2001-08-23 15:47:50 27,648 -c--a-w C:\WINDOWS\system32\dllcache\xrxftplt.exe
+ 2001-08-23 15:47:24 17,408 -c--a-w C:\WINDOWS\system32\dllcache\xrxscnui.dll
+ 2001-08-23 15:47:24 23,040 -c--a-w C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
+ 2004-08-19 14:09:50 116,736 -c--a-w C:\WINDOWS\system32\dllcache\xrxwiadr.dll
- 2008-06-11 20:35:27 63,464 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-11 20:48:00 63,464 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-11 20:35:27 77,012 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-06-11 20:48:00 77,012 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-06-11 20:35:27 403,862 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-11 20:48:00 403,862 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-11 20:35:27 471,032 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-06-11 20:48:00 471,032 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 13:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 13:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 13:17 118784]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-11-11 21:40 1236992]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 12:23 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-08-16 12:21 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 12:20 53248]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 12:51 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 12:52 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 12:56 569413]
"CaAvTray"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" [2007-12-23 10:51 230512]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2007-12-23 10:51 185456]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24 620152]
"Adobe_ID0EYTHM"="C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"RegistryMechanic"="" []

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 19:21:38 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 19:11:12 28672]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-23 17:49:52 278528]
Lancement rapide d'Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-12-23 12:03:01 295606]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"MaxRecentDocs"= 15 (0xf)
"NoInstrumentation"= 0 (0x0)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 PSI_SVC_2;Protexis Licensing V2;"C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]
R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 20:09]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-13 15:01:05 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1198425630.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-06-03 12:09:17 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1212494904.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 23:37:56
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************
.
Temps d'accomplissement: 2008-06-11 23:39:58
ComboFix-quarantined-files.txt 2008-06-11 21:38:42
ComboFix2.txt 2008-06-11 20:50:13

Pre-Run: 13,088,337,920 octets libres
Post-Run: 13,187,325,952 octets libres

1504
0
Réponse 18 / 24
Anncekwe Messages postés 17 Date d'inscription mercredi 11 juin 2008 Statut Membre Dernière intervention 12 juin 2008
11 juin 2008 à 23:48
rapport hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:25, on 11/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Pierre Etienne\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
0
Réponse 19 / 24
Utilisateur anonyme
11 juin 2008 à 23:49
OK comment va le pc ?? post un rapport hijackthis stp
0
Anncekwe Messages postés 17 Date d'inscription mercredi 11 juin 2008 Statut Membre Dernière intervention 12 juin 2008
11 juin 2008 à 23:50
j'dirais qu'il va bien le pc ... grace à toi Chiquitine !

edit : rapport hijack au-dessus ..
0
Réponse 20 / 24
Utilisateur anonyme
11 juin 2008 à 23:53
ok

telecharge Ccleaner :

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

instal le sans la barre yahoo

fais lancer le nettoyage

repete l opération jusqu a ce qu il trouve rien

ensuite fais registre

fais chercher les erreures

ensuite fais corriger les erreures

repete l opération jusqu a ce qu il trouve rien


ensuite :

Telecharge reg cleaner pour nettoyer le registre:


http://manuelsdaide.com/RegCleaner/RegCleaner.htm
________________

ouvre le et clic sur TOOL

Choisi registry cleanup

clic sur automatic registry cleaner

laisse scanner et supprime tout


ensuite :


* pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
0

Discussions similaires

TI college plus (calculatrice probleme)
help39 -
Utilisateur anonyme -

3 réponses
Message "Un bloqueur de publicité empêche la lecture..."
pistouri -
pistouri -

0 réponse
comment desactiver un bloqueur de pub
amour10 -
MPMP10 -

4 réponses
Problème promotion Instagram
Seeysoon -
Ben -

22 réponses
retrouver les factures des posts sponsorisés
Carotte -
MathildeSpprn -

12 réponses