Trojan-gen (other)
vivou
-
sKe69 Messages postés 21955 Statut Contributeur sécurité -
sKe69 Messages postés 21955 Statut Contributeur sécurité -
Bonjour,
encore une victime du trojan-gen!
voila un log hijackthis
si vs pouvez m'aider c cool
Logfile of HijackThis v1.99.1
Scan saved at 11:51:01, on 28/02/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\ProgramData\ruzkfyhm\jcrgnyfi.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\lphc537j0e7ag.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\bobby.PC-de-gobby\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphc537j0e7ag] C:\Windows\system32\lphc537j0e7ag.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: aplsmart - {532C41DF-267F-1A1F-C527-034A43CF16B4} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
encore une victime du trojan-gen!
voila un log hijackthis
si vs pouvez m'aider c cool
Logfile of HijackThis v1.99.1
Scan saved at 11:51:01, on 28/02/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\ProgramData\ruzkfyhm\jcrgnyfi.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\lphc537j0e7ag.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\bobby.PC-de-gobby\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphc537j0e7ag] C:\Windows\system32\lphc537j0e7ag.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: aplsmart - {532C41DF-267F-1A1F-C527-034A43CF16B4} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
A voir également:
- Trojan-gen (other)
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Press esc in 1 seconds to skip startup.nsh any other key to continue ✓ - Forum Windows 10
- Trojan gen 2 ✓ - Forum Virus
- Oxy-gen - Télécharger - Généalogie
- Win32:malware-gen ✓ - Forum Virus
32 réponses
ComboFix 08-09-27.05 - bobby 2008-09-29 18:45:27.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1435 [GMT 2:00]
Lancé depuis: C:\Users\bobby.PC-de-gobby\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-29 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans ce laps de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 19:18 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-28 19:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-19 11:26 82,944 ----a-w C:\Windows\System32\o4Patch.exe
2008-09-19 11:26 82,944 ----a-w C:\Windows\System32\IEDFix.C.exe
2008-09-09 23:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-09 23:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-08 22:38 88,576 ----a-w C:\Windows\System32\AntiXPVSTFix.exe
2008-09-02 15:51 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-08-18 11:19 82,432 ----a-w C:\Windows\System32\404Fix.exe
2008-08-15 10:08 --------- d-----w C:\Program Files\VstPlugins
2008-08-15 10:08 --------- d-----w C:\Program Files\Image-Line
2008-08-14 23:16 --------- d-----w C:\Program Files\Rockstar Games
2008-08-14 23:08 --------- d-----w C:\ProgramData\NVIDIA
2008-08-14 22:55 --------- d-----w C:\Users\bobby.PC-de-gobby\AppData\Roaming\SoundSpectrum
2008-08-14 22:55 --------- d-----w C:\Program Files\SoundSpectrum
2008-08-14 01:29 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 19:07 --------- d-----w C:\Program Files\Windows Live
2008-08-13 19:06 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-13 19:04 --------- d-----w C:\ProgramData\WLInstaller
2008-08-12 07:55 167,424 ----a-w C:\Windows\System32\SpoonUninstall.exe
2008-08-11 18:08 --------- d-----w C:\Program Files\Illustrate
2008-08-11 08:25 615,424 ----a-w C:\Windows\System32\themeui.dll
2008-08-11 08:25 240,640 ----a-w C:\Windows\System32\uxtheme.dll
2008-08-10 22:26 --------- d-----w C:\Program Files\Electronic Arts
2008-08-10 19:34 --------- d-----w C:\Users\bobby.PC-de-gobby\AppData\Roaming\DivX
2008-08-10 19:33 --------- d-----w C:\Program Files\DivX
2008-08-10 16:31 --------- d-----w C:\ProgramData\eMule
2008-08-10 16:30 --------- d-----w C:\Program Files\eMule
2008-08-10 16:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-10 15:30 --------- d-----w C:\Program Files\UxTheme Multipatcher Fr
2008-08-10 15:26 174 --sha-w C:\Program Files\desktop.ini
2008-08-10 15:20 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-10 15:20 --------- d-----w C:\Program Files\Windows Defender
2008-08-10 15:20 --------- d-----w C:\Program Files\Windows Calendar
2008-08-10 15:17 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-08-10 15:17 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-08-10 15:17 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-08-10 15:16 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-08-10 15:16 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-08-10 15:16 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-08-10 15:16 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-08-10 15:16 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-08-10 15:16 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-08-10 15:16 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-08-10 15:16 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-08-10 15:16 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-08-10 15:16 2,923,520 ----a-w C:\Windows\explorer.exe
2008-08-10 15:16 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-08-10 15:16 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-08-10 15:15 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-08-10 15:15 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-08-10 15:12 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-08-10 15:12 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-08-10 15:12 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-08-10 15:11 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-08-10 15:11 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-08-10 15:11 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-08-10 15:11 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-08-10 15:11 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-08-10 15:10 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-08-10 15:10 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-08-10 15:10 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-08-10 15:10 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-08-10 15:10 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-08-10 15:10 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-08-10 15:10 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-08-10 15:10 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-08-10 15:10 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-08-10 15:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-08-10 15:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-08-10 15:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-08-10 15:09 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-08-10 15:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-08-10 15:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-08-10 15:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-08-10 15:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-08-10 15:08 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-08-10 15:08 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-08-10 15:08 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-08-10 15:08 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-08-10 15:08 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-08-10 15:08 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-08-10 15:08 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-08-10 15:08 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-08-10 15:08 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-08-10 15:08 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-08-10 15:08 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-08-10 15:07 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-08-10 15:07 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-08-10 15:07 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-08-10 15:07 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-08-10 15:07 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-08-10 15:02 944,184 ----a-w C:\Windows\System32\winload.exe
2008-08-10 15:00 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-08-10 14:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-10 14:58 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-08-10 14:58 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-08-10 14:58 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-08-10 14:57 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-08-10 14:57 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
.
((((((((((((((((((((((((((((( snapshot@2008-09-28_20.41.19.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-02 09:46:02 2,143,232 ----a-w C:\Windows\AppPatch\AcGenral.dll
+ 2008-07-31 03:34:58 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
- 2008-06-12 06:54:28 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
+ 2008-07-31 03:34:58 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
- 2008-06-12 01:21:33 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
+ 2008-07-30 23:32:41 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
- 2006-11-02 09:46:02 445,952 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
+ 2008-07-31 03:34:58 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
- 2008-06-12 06:54:28 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
+ 2008-07-31 03:34:58 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
- 2007-01-15 12:06:15 7,168 ----a-w C:\Windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-09-28 19:19:49 8,192 ----a-w C:\Windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-01-15 12:06:07 32,768 ----a-w C:\Windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-09-28 19:19:51 32,768 ----a-w C:\Windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-01-15 12:06:03 716,800 ----a-w C:\Windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-09-28 19:20:03 720,896 ----a-w C:\Windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-01-15 12:06:04 299,008 ----a-w C:\Windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-09-28 19:19:52 299,008 ----a-w C:\Windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-01-15 12:06:15 32,768 ----a-w C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-09-28 19:19:59 32,768 ----a-w C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
- 2007-01-15 12:06:17 299,008 ----a-w C:\Windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-09-28 19:19:57 303,104 ----a-w C:\Windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-01-15 12:06:08 1,290,240 ----a-w C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-09-28 19:20:00 1,294,336 ----a-w C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
- 2007-01-15 12:06:09 1,699,840 ----a-w C:\Windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-09-28 19:19:50 1,703,936 ----a-w C:\Windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-01-15 12:06:09 86,016 ----a-w C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-09-28 19:20:02 90,112 ----a-w C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-01-15 12:06:11 466,944 ----a-w C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-09-28 19:19:56 466,944 ----a-w C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-01-15 12:06:10 241,664 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-09-28 19:19:53 241,664 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-01-15 12:06:10 64,000 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-09-28 19:19:53 66,560 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2007-01-15 12:06:11 368,640 ----a-w C:\Windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-09-28 19:19:59 372,736 ----a-w C:\Windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-01-15 12:06:12 241,664 ----a-w C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-09-28 19:20:04 241,664 ----a-w C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-01-15 12:06:12 323,584 ----a-w C:\Windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-09-28 19:19:57 323,584 ----a-w C:\Windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-01-15 12:06:12 131,072 ----a-w C:\Windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-09-28 19:19:53 131,072 ----a-w C:\Windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-01-15 12:06:12 77,824 ----a-w C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-09-28 19:19:55 77,824 ----a-w C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-01-15 12:06:12 126,976 ----a-w C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-09-28 19:20:01 126,976 ----a-w C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-01-15 12:06:15 819,200 ----a-w C:\Windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-09-28 19:19:48 819,200 ----a-w C:\Windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-01-15 12:06:13 57,344 ----a-w C:\Windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-09-28 19:19:52 57,344 ----a-w C:\Windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-01-15 12:06:13 569,344 ----a-w C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-09-28 19:19:51 573,440 ----a-w C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-01-15 12:06:13 1,245,184 ----a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-09-28 19:20:01 1,257,472 ----a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-01-15 12:06:14 2,039,808 ----a-w C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-09-28 19:19:54 2,052,096 ----a-w C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-01-15 12:06:14 1,335,296 ----a-w C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2008-09-28 19:19:58 1,339,392 ----a-w C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
- 2007-01-15 12:06:11 1,216,512 ----a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-28 19:20:05 1,224,704 ----a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-28 19:20:44 118,784 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_5a752f12\CustomMarshalers.dll
+ 2008-09-28 19:20:21 61,440 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_ece95754\CustomMarshalers.dll
+ 2008-09-28 19:20:39 3,379,200 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3c9f848b\mscorlib.dll
+ 2008-09-28 19:20:57 8,880,128 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_fe2d2b02\mscorlib.dll
+ 2008-09-28 19:20:52 3,395,584 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7ddc32c8\System.Design.dll
+ 2008-09-28 19:20:35 1,470,464 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_fac7e304\System.Design.dll
+ 2008-09-28 19:20:44 192,512 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_0786acb1\System.Drawing.Design.dll
+ 2008-09-28 19:20:23 90,112 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_2de33db3\System.Drawing.Design.dll
+ 2008-09-28 19:20:54 2,244,608 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_4a0d6094\System.Drawing.dll
+ 2008-09-28 19:20:36 835,584 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_5d4d7ba2\System.Drawing.dll
+ 2008-09-28 19:20:27 3,014,656 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_398cb3a6\System.Windows.Forms.dll
+ 2008-09-28 19:20:47 7,880,704 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_50967c04\System.Windows.Forms.dll
+ 2008-09-28 19:20:50 5,505,024 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b40f3bd3\System.Xml.dll
+ 2008-09-28 19:20:31 2,088,960 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_eab869e3\System.Xml.dll
+ 2008-09-28 19:20:20 1,953,792 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_063b280f\System.dll
+ 2008-09-28 19:20:43 4,763,648 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_46e98e2f\System.dll
+ 2008-09-29 16:45:22 6,123,520 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
- 2003-02-20 18:19:32 253,952 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2004-07-14 23:49:16 258,048 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2003-02-20 18:19:34 20,480 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-14 23:49:18 20,480 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- 2003-02-20 18:19:38 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-14 23:49:26 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2003-02-20 18:19:36 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-07-14 23:49:22 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-20 18:09:08 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2004-07-14 22:32:22 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 09:20:44 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 09:23:28 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
- 2003-02-21 09:21:00 626,688 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 09:23:44 626,688 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
- 2003-02-20 18:06:20 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2004-07-14 22:24:30 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 12:30:14 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
- 2003-02-21 06:24:38 7,168 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 12:31:00 8,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
- 2003-02-21 06:24:40 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2004-07-15 12:31:04 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
- 2003-02-20 18:09:40 196,608 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-14 22:35:30 196,608 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 06:26:36 716,800 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 12:28:58 720,896 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
- 2003-02-21 06:26:38 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 12:28:56 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
- 2003-02-21 06:25:04 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 12:28:50 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- 2003-02-21 06:25:04 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 12:28:50 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2003-02-20 18:09:12 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-14 22:32:44 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
- 2003-02-20 18:09:12 233,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-14 22:32:46 233,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
- 2003-02-20 18:06:32 311,296 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2004-07-14 22:25:06 315,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2003-02-20 18:09:16 98,304 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2004-07-14 22:33:04 102,400 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2003-02-21 06:26:34 2,088,960 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2004-07-15 12:29:02 2,138,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 18:09:18 143,360 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-14 22:33:22 143,360 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
- 2003-02-20 18:09:18 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2004-07-14 22:33:24 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
- 2003-02-20 18:07:34 2,494,464 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2004-07-14 22:26:52 2,510,848 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2003-02-20 18:08:32 2,482,176 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-07-14 22:28:34 2,502,656 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-08-10 14:20:00 106,496 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-20 18:09:30 90,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2004-07-14 22:34:50 94,208 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
- 2003-02-21 06:26:46 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 12:28:48 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
- 2003-02-20 18:09:34 319,488 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2004-07-14 22:35:04 319,488 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
- 2003-02-21 06:26:38 1,290,240 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 12:32:00 1,294,336 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
- 2003-02-21 06:25:42 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 12:31:14 303,104 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
- 2003-02-21 06:26:42 1,699,840 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 12:29:02 1,703,936 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
- 2003-02-21 06:26:44 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2004-07-15 12:28:54 90,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
- 2003-02-21 06:26:46 1,216,512 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 12:31:16 1,224,704 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2003-02-21 06:26:50 466,944 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 12:28:58 466,944 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2003-02-21 06:26:50 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 12:28:56 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
- 2003-02-20 18:09:36 64,000 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-14 22:35:12 66,560 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
- 2003-02-21 06:26:52 368,640 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 12:31:58 372,736 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
- 2003-02-21 06:26:54 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 12:31:12 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
- 2003-02-21 06:26:56 323,584 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 12:28:58 323,584 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
- 2003-02-21 06:26:56 131,072 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 12:31:54 131,072 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-02-21 06:26:58 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 12:28:52 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2003-02-21 06:27:00 126,976 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 12:28:54 126,976 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
- 2003-02-21 06:27:02 1,245,184 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2004-07-15 12:29:00 1,257,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2003-02-21 06:27:06 819,200 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 12:28:58 819,200 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
- 2003-02-21 06:24:18 57,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 12:28:52 57,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
- 2003-02-21 06:27:06 569,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 12:31:16 573,440 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
- 2003-02-21 06:27:08 2,039,808 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 12:32:02 2,052,096 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
- 2003-02-21 06:27:10 1,335,296 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 12:29:00 1,339,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 11:51:38 53,248 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2003-02-21 09:20:38 737,280 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 09:23:20 737,280 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- 2003-02-21 04:04:18 1,032,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 06:15:14 1,032,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
- 2003-02-20 19:10:40 31,744 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-07-15 00:11:56 31,744 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2008-09-29 16:38:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-29 16:38:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-28 18:38:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-29 16:39:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-29 16:39:37 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-28 18:38:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-29 16:39:32 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-29 16:39:32 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-09-29 16:44:22 4,056 ----a-w C:\Windows\SoftwareDistribution\EventCache\{81CD1C07-3E2D-4CB5-B3B1-6F37B8223E53}.bin
- 2006-11-02 09:46:02 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
+ 2008-07-31 03:34:58 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
- 2007-02-28 18:40:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-29 16:40:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-02-28 18:40:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-29 16:40:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-02-28 18:40:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-29 16:40:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 12:34:42 1,686,528 ----a-w C:\Windows\System32\gameux.dll
+ 2008-07-31 03:34:59 1,686,528 ----a-w C:\Windows\System32\gameux.dll
- 2006-11-02 12:34:42 3,953,152 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
+ 2008-07-30 23:47:04 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
- 2008-08-05 18:11:02 15,888,504 ----a-w C:\Windows\System32\mrt.exe
+ 2008-08-26 20:28:12 16,208,504 ----a-w C:\Windows\System32\mrt.exe
- 2006-11-02 09:46:10 215,552 ----a-w C:\Windows\System32\msshsq.dll
+ 2006-12-20 06:03:44 229,888 ----a-w C:\Windows\System32\msshsq.dll
- 2007-02-21 19:18:30 107,416 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-29 16:45:17 107,416 ----a-w C:\Windows\System32\perfc009.dat
- 2007-02-21 19:18:30 121,814 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-09-29 16:45:17 121,814 ----a-w C:\Windows\System32\perfc00C.dat
- 2007-02-21 19:18:30 618,272 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-29 16:45:17 618,272 ----a-w C:\Windows\System32\perfh009.dat
- 2007-02-21 19:18:30 699,984 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-09-29 16:45:17 699,984 ----a-w C:\Windows\System32\perfh00C.dat
- 2007-01-30 00:16:50 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-09-29 16:39:42 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2007-02-28 18:41:58 5,994 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3231008829-2089630883-3644617952-1000_UserData.bin
+ 2008-09-29 16:40:58 6,296 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3231008829-2089630883-3644617952-1000_UserData.bin
- 2007-02-28 18:41:58 41,274 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-29 16:40:58 41,416 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-02-28 18:41:57 27,026 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-29 16:40:57 28,010 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:35:54 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
+ 2008-06-26 03:22:35 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
- 2007-02-28 10:36:37 115,016,352 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-09-28 18:57:08 116,157,530 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-07-31 03:34:58 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16721_none_8006fd7863ac1387\Apphlpdm.dll
+ 2008-07-30 03:11:12 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.20885_none_8053bbe37cf6c053\Apphlpdm.dll
+ 2008-07-31 03:32:38 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18112_none_81f90c5460c9a1de\Apphlpdm.dll
+ 2008-07-31 03:23:27 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22233_none_826e099179f692e1\Apphlpdm.dll
+ 2008-07-30 23:32:41 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16721_none_0a275bdbf535293c\AcRes.dll
+ 2008-07-29 23:16:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20885_none_0a741a470e7fd608\AcRes.dll
+ 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18112_none_0c196ab7f252b793\AcRes.dll
+ 2008-07-31 01:03:24 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22233_none_0c8e67f50b7fa896\AcRes.dll
+ 2008-07-31 03:34:58 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16721_none_0a295c6ff5335bea\AcGenral.dll
+ 2008-07-30 03:11:10 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20885_none_0a761adb0e7e08b6\AcGenral.dll
+ 2008-07-31 03:32:38 2,154,496 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18112_none_0c1b6b4bf250ea41\AcGenral.dll
+ 2008-07-31 03:23:20 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22233_none_0c9068890b7ddb44\AcGenral.dll
+ 2008-07-31 03:34:58 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16721_none_0a2a5cb9f5327541\AcSpecfc.dll
+ 2008-07-30 03:11:10 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20885_none_0a771b250e7d220d\AcSpecfc.dll
+ 2008-07-31 03:32:38 460,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18112_none_0c1c6b95f2500398\AcSpecfc.dll
+ 2008-07-31 03:23:21 459,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22233_none_0c9168d30b7cf49b\AcSpecfc.dll
+ 2008-07-31 03:34:58 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16721_none_0a2b5d03f5318e98\AcLayers.dll
+ 2008-07-31 03:34:58 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16721_none_0a2b5d03f5318e98\AcXtrnal.dll
+ 2008-07-30 03:11:10 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20885_none_0a781b6f0e7c3b64\AcLayers.dll
+ 2008-07-30 03:11:10 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20885_none_0a781b6f0e7c3b64\AcXtrnal.dll
+ 2008-06-12 05:28:53 541,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18112_none_0c1d6bdff24f1cef\AcLayers.dll
+ 2008-07-31 03:32:38 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18112_none_0c1d6bdff24f1cef\AcXtrnal.dll
+ 2008-07-31 03:23:21 541,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22233_none_0c92691d0b7c0df2\AcLayers.dll
+ 2008-07-31 03:23:22 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22233_none_0c92691d0b7c0df2\AcXtrnal.dll
+ 2008-07-31 03:34:59 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16721_none_400572c0c425beea\gameux.dll
+ 2008-07-30 23:47:04 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16721_none_400572c0c425beea\GameUXLegacyGDFs.dll
+ 2008-07-30 03:11:51 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20885_none_4052312bdd706bb6\gameux.dll
+ 2008-07-29 23:31:23 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20885_none_4052312bdd706bb6\GameUXLegacyGDFs.dll
+ 2008-03-08 04:21:55 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18112_none_41f7819cc1434d41\gameux.dll
+ 2008-07-31 01:13:15 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18112_none_41f7819cc1434d41\GameUXLegacyGDFs.dll
+ 2008-07-31 03:25:45 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22233_none_426c7ed9da703e44\gameux.dll
+ 2008-07-31 01:15:32 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22233_none_426c7ed9da703e44\GameUXLegacyGDFs.dll
+ 2008-06-26 03:22:35 303,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.0.6000.16710_none_f75cda9b92533b4f\wmpeffects.dll
+ 2008-06-26 03:20:37 303,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.0.6000.20867_none_f7b769d0ab93182f\wmpeffects.dll
+ 2008-06-26 03:29:09 303,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.0.6001.18098_none_f8f49a4b8fb37959\wmpeffects.dll
+ 2008-06-26 03:21:15 303,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.0.6001.22211_none_f9cdb656a8968561\wmpeffects.dll
+ 2008-06-30 23:00:26 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16730_none_f0816da06e6c1330\OESpamFilter.dat
+ 2008-06-30 23:00:26 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20895_none_f0cf2c5587b5d953\OESpamFilter.dat
+ 2008-06-30 23:00:26 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18121_none_f2737c7c6b89a187\OESpamFilter.dat
+ 2008-06-30 23:00:26 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22243_none_f2e97a0384b5abe1\OESpamFilter.dat
+ 2008-04-30 05:24:09 1,744,896 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\GdiPlus.dll
+ 2008-05-01 03:16:12 1,744,896 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.20826_none_87cd0392e31b3a67\GdiPlus.dll
+ 2008-04-30 05:27:35 1,748,992 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\GdiPlus.dll
+ 2008-05-01 03:22:16 1,748,992 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.22170_none_87ae89a0e3672b5a\GdiPlus.dll
+ 2008-04-30 05:24:10 1,823,232 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6000.16683_none_8df25f6f6273fede\GdiPlus.dll
+ 2008-05-01 03:16:13 1,823,232 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6000.20826_none_771e72777c21140e\GdiPlus.dll
+ 2008-04-30 05:27:40 1,823,232 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6001.18065_none_8dcc2d1362c70bc9\GdiPlus.dll
+ 2008-05-01 03:22:16 1,823,232 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6001.22170_none_76fff8857c6d0501\GdiPlus.dll
+ 2006-12-20 06:03:44 229,888 ----a-w C:\Windows\winsxs\x86_windowssearchengine-structuredquery_31bf3856ad364e35_6.0.6000.16404_none_a5026e9e71025fcb\msshsq.dll
+ 2006-12-20 07:11:39 229,888 ----a-w C:\Windows\winsxs\x86_windowssearchengine-structuredquery_31bf3856ad364e35_6.0.6000.20500_none_a5880a418a239a39\msshsq.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 92704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{657AAF3E-E356-4DF5-92FC-1FAAB1E1B53F}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{D1A163E3-1C3A-4891-B4EB-5EA9AA45544C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{CE78C7B8-FCD2-49FA-A2F9-2CBCFE60DB50}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DC892D53-CF22-4822-A708-924FB5B45D2A}"= UDP:C:\Users\bobby.PC-de-gobby\AppData\Local\Temp\.ttACE8.tmp:enable
"{0F31C959-65BC-4480-B41B-79C39CC5AC81}"= TCP:C:\Users\bobby.PC-de-gobby\AppData\Local\Temp\.ttACE8.tmp:enable
"{C3D25C3B-E11D-4360-84C0-DCD3CD9CCA78}"= UDP:C:\Windows\System32\sysrest32.exe:enable
"{479ECE61-7679-401D-9CE6-D3B2879EA0BD}"= TCP:C:\Windows\System32\sysrest32.exe:enable
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c30ad5e-66ca-11dd-afc5-00301b4522f2}]
\shell\AutoRun\command - E:\wd_windows_tools\setup.exe
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\bobby.PC-de-gobby\AppData\Roaming\Mozilla\Firefox\Profiles\3buryu3v.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-29 18:46:33
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-29 18:47:50
ComboFix-quarantined-files.txt 2008-09-29 16:47:47
ComboFix2.txt 2008-09-28 18:41:49
Avant-CF: Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 35,015,524,352 octets libres
453 --- E O F --- 2008-09-28 19:21:32
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1435 [GMT 2:00]
Lancé depuis: C:\Users\bobby.PC-de-gobby\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-29 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans ce laps de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 19:18 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-28 19:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-19 11:26 82,944 ----a-w C:\Windows\System32\o4Patch.exe
2008-09-19 11:26 82,944 ----a-w C:\Windows\System32\IEDFix.C.exe
2008-09-09 23:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-09 23:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-08 22:38 88,576 ----a-w C:\Windows\System32\AntiXPVSTFix.exe
2008-09-02 15:51 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-08-18 11:19 82,432 ----a-w C:\Windows\System32\404Fix.exe
2008-08-15 10:08 --------- d-----w C:\Program Files\VstPlugins
2008-08-15 10:08 --------- d-----w C:\Program Files\Image-Line
2008-08-14 23:16 --------- d-----w C:\Program Files\Rockstar Games
2008-08-14 23:08 --------- d-----w C:\ProgramData\NVIDIA
2008-08-14 22:55 --------- d-----w C:\Users\bobby.PC-de-gobby\AppData\Roaming\SoundSpectrum
2008-08-14 22:55 --------- d-----w C:\Program Files\SoundSpectrum
2008-08-14 01:29 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 19:07 --------- d-----w C:\Program Files\Windows Live
2008-08-13 19:06 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-13 19:04 --------- d-----w C:\ProgramData\WLInstaller
2008-08-12 07:55 167,424 ----a-w C:\Windows\System32\SpoonUninstall.exe
2008-08-11 18:08 --------- d-----w C:\Program Files\Illustrate
2008-08-11 08:25 615,424 ----a-w C:\Windows\System32\themeui.dll
2008-08-11 08:25 240,640 ----a-w C:\Windows\System32\uxtheme.dll
2008-08-10 22:26 --------- d-----w C:\Program Files\Electronic Arts
2008-08-10 19:34 --------- d-----w C:\Users\bobby.PC-de-gobby\AppData\Roaming\DivX
2008-08-10 19:33 --------- d-----w C:\Program Files\DivX
2008-08-10 16:31 --------- d-----w C:\ProgramData\eMule
2008-08-10 16:30 --------- d-----w C:\Program Files\eMule
2008-08-10 16:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-10 15:30 --------- d-----w C:\Program Files\UxTheme Multipatcher Fr
2008-08-10 15:26 174 --sha-w C:\Program Files\desktop.ini
2008-08-10 15:20 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-10 15:20 --------- d-----w C:\Program Files\Windows Defender
2008-08-10 15:20 --------- d-----w C:\Program Files\Windows Calendar
2008-08-10 15:17 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-08-10 15:17 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-08-10 15:17 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-08-10 15:16 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-08-10 15:16 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-08-10 15:16 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-08-10 15:16 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-08-10 15:16 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-08-10 15:16 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-08-10 15:16 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-08-10 15:16 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-08-10 15:16 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-08-10 15:16 2,923,520 ----a-w C:\Windows\explorer.exe
2008-08-10 15:16 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-08-10 15:16 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-08-10 15:15 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-08-10 15:15 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-08-10 15:12 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-08-10 15:12 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-08-10 15:12 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-08-10 15:11 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-08-10 15:11 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-08-10 15:11 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-08-10 15:11 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-08-10 15:11 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-08-10 15:10 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-08-10 15:10 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-08-10 15:10 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-08-10 15:10 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-08-10 15:10 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-08-10 15:10 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-08-10 15:10 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-08-10 15:10 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-08-10 15:10 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-08-10 15:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-08-10 15:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-08-10 15:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-08-10 15:09 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-08-10 15:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-08-10 15:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-08-10 15:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-08-10 15:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-08-10 15:08 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-08-10 15:08 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-08-10 15:08 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-08-10 15:08 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-08-10 15:08 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-08-10 15:08 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-08-10 15:08 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-08-10 15:08 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-08-10 15:08 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-08-10 15:08 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-08-10 15:08 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-08-10 15:07 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-08-10 15:07 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-08-10 15:07 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-08-10 15:07 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-08-10 15:07 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-08-10 15:02 944,184 ----a-w C:\Windows\System32\winload.exe
2008-08-10 15:00 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-08-10 14:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-10 14:58 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-08-10 14:58 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-08-10 14:58 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-08-10 14:57 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-08-10 14:57 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
.
((((((((((((((((((((((((((((( snapshot@2008-09-28_20.41.19.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-02 09:46:02 2,143,232 ----a-w C:\Windows\AppPatch\AcGenral.dll
+ 2008-07-31 03:34:58 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
- 2008-06-12 06:54:28 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
+ 2008-07-31 03:34:58 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
- 2008-06-12 01:21:33 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
+ 2008-07-30 23:32:41 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
- 2006-11-02 09:46:02 445,952 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
+ 2008-07-31 03:34:58 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
- 2008-06-12 06:54:28 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
+ 2008-07-31 03:34:58 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
- 2007-01-15 12:06:15 7,168 ----a-w C:\Windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-09-28 19:19:49 8,192 ----a-w C:\Windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-01-15 12:06:07 32,768 ----a-w C:\Windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-09-28 19:19:51 32,768 ----a-w C:\Windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-01-15 12:06:03 716,800 ----a-w C:\Windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-09-28 19:20:03 720,896 ----a-w C:\Windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-01-15 12:06:04 299,008 ----a-w C:\Windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-09-28 19:19:52 299,008 ----a-w C:\Windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-01-15 12:06:15 32,768 ----a-w C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-09-28 19:19:59 32,768 ----a-w C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
- 2007-01-15 12:06:17 299,008 ----a-w C:\Windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-09-28 19:19:57 303,104 ----a-w C:\Windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-01-15 12:06:08 1,290,240 ----a-w C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-09-28 19:20:00 1,294,336 ----a-w C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
- 2007-01-15 12:06:09 1,699,840 ----a-w C:\Windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-09-28 19:19:50 1,703,936 ----a-w C:\Windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-01-15 12:06:09 86,016 ----a-w C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-09-28 19:20:02 90,112 ----a-w C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-01-15 12:06:11 466,944 ----a-w C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-09-28 19:19:56 466,944 ----a-w C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-01-15 12:06:10 241,664 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-09-28 19:19:53 241,664 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-01-15 12:06:10 64,000 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-09-28 19:19:53 66,560 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2007-01-15 12:06:11 368,640 ----a-w C:\Windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-09-28 19:19:59 372,736 ----a-w C:\Windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-01-15 12:06:12 241,664 ----a-w C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-09-28 19:20:04 241,664 ----a-w C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-01-15 12:06:12 323,584 ----a-w C:\Windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-09-28 19:19:57 323,584 ----a-w C:\Windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-01-15 12:06:12 131,072 ----a-w C:\Windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-09-28 19:19:53 131,072 ----a-w C:\Windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-01-15 12:06:12 77,824 ----a-w C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-09-28 19:19:55 77,824 ----a-w C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-01-15 12:06:12 126,976 ----a-w C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-09-28 19:20:01 126,976 ----a-w C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-01-15 12:06:15 819,200 ----a-w C:\Windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-09-28 19:19:48 819,200 ----a-w C:\Windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-01-15 12:06:13 57,344 ----a-w C:\Windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-09-28 19:19:52 57,344 ----a-w C:\Windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-01-15 12:06:13 569,344 ----a-w C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-09-28 19:19:51 573,440 ----a-w C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-01-15 12:06:13 1,245,184 ----a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-09-28 19:20:01 1,257,472 ----a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-01-15 12:06:14 2,039,808 ----a-w C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-09-28 19:19:54 2,052,096 ----a-w C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-01-15 12:06:14 1,335,296 ----a-w C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2008-09-28 19:19:58 1,339,392 ----a-w C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
- 2007-01-15 12:06:11 1,216,512 ----a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-28 19:20:05 1,224,704 ----a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-28 19:20:44 118,784 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_5a752f12\CustomMarshalers.dll
+ 2008-09-28 19:20:21 61,440 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_ece95754\CustomMarshalers.dll
+ 2008-09-28 19:20:39 3,379,200 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3c9f848b\mscorlib.dll
+ 2008-09-28 19:20:57 8,880,128 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_fe2d2b02\mscorlib.dll
+ 2008-09-28 19:20:52 3,395,584 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7ddc32c8\System.Design.dll
+ 2008-09-28 19:20:35 1,470,464 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_fac7e304\System.Design.dll
+ 2008-09-28 19:20:44 192,512 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_0786acb1\System.Drawing.Design.dll
+ 2008-09-28 19:20:23 90,112 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_2de33db3\System.Drawing.Design.dll
+ 2008-09-28 19:20:54 2,244,608 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_4a0d6094\System.Drawing.dll
+ 2008-09-28 19:20:36 835,584 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_5d4d7ba2\System.Drawing.dll
+ 2008-09-28 19:20:27 3,014,656 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_398cb3a6\System.Windows.Forms.dll
+ 2008-09-28 19:20:47 7,880,704 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_50967c04\System.Windows.Forms.dll
+ 2008-09-28 19:20:50 5,505,024 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b40f3bd3\System.Xml.dll
+ 2008-09-28 19:20:31 2,088,960 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_eab869e3\System.Xml.dll
+ 2008-09-28 19:20:20 1,953,792 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_063b280f\System.dll
+ 2008-09-28 19:20:43 4,763,648 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_46e98e2f\System.dll
+ 2008-09-29 16:45:22 6,123,520 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
- 2003-02-20 18:19:32 253,952 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2004-07-14 23:49:16 258,048 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2003-02-20 18:19:34 20,480 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-14 23:49:18 20,480 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- 2003-02-20 18:19:38 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-14 23:49:26 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2003-02-20 18:19:36 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-07-14 23:49:22 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-20 18:09:08 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2004-07-14 22:32:22 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 09:20:44 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 09:23:28 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
- 2003-02-21 09:21:00 626,688 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 09:23:44 626,688 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
- 2003-02-20 18:06:20 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2004-07-14 22:24:30 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 12:30:14 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
- 2003-02-21 06:24:38 7,168 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 12:31:00 8,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
- 2003-02-21 06:24:40 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2004-07-15 12:31:04 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
- 2003-02-20 18:09:40 196,608 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-14 22:35:30 196,608 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 06:26:36 716,800 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 12:28:58 720,896 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
- 2003-02-21 06:26:38 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 12:28:56 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
- 2003-02-21 06:25:04 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 12:28:50 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- 2003-02-21 06:25:04 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 12:28:50 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2003-02-20 18:09:12 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-14 22:32:44 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
- 2003-02-20 18:09:12 233,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-14 22:32:46 233,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
- 2003-02-20 18:06:32 311,296 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2004-07-14 22:25:06 315,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2003-02-20 18:09:16 98,304 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2004-07-14 22:33:04 102,400 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2003-02-21 06:26:34 2,088,960 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2004-07-15 12:29:02 2,138,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 18:09:18 143,360 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-14 22:33:22 143,360 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
- 2003-02-20 18:09:18 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2004-07-14 22:33:24 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
- 2003-02-20 18:07:34 2,494,464 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2004-07-14 22:26:52 2,510,848 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2003-02-20 18:08:32 2,482,176 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-07-14 22:28:34 2,502,656 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-08-10 14:20:00 106,496 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-20 18:09:30 90,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2004-07-14 22:34:50 94,208 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
- 2003-02-21 06:26:46 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 12:28:48 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
- 2003-02-20 18:09:34 319,488 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2004-07-14 22:35:04 319,488 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
- 2003-02-21 06:26:38 1,290,240 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 12:32:00 1,294,336 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
- 2003-02-21 06:25:42 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 12:31:14 303,104 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
- 2003-02-21 06:26:42 1,699,840 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 12:29:02 1,703,936 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
- 2003-02-21 06:26:44 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2004-07-15 12:28:54 90,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
- 2003-02-21 06:26:46 1,216,512 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 12:31:16 1,224,704 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2003-02-21 06:26:50 466,944 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 12:28:58 466,944 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2003-02-21 06:26:50 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 12:28:56 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
- 2003-02-20 18:09:36 64,000 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-14 22:35:12 66,560 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
- 2003-02-21 06:26:52 368,640 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 12:31:58 372,736 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
- 2003-02-21 06:26:54 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 12:31:12 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
- 2003-02-21 06:26:56 323,584 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 12:28:58 323,584 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
- 2003-02-21 06:26:56 131,072 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 12:31:54 131,072 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-02-21 06:26:58 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 12:28:52 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2003-02-21 06:27:00 126,976 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 12:28:54 126,976 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
- 2003-02-21 06:27:02 1,245,184 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2004-07-15 12:29:00 1,257,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2003-02-21 06:27:06 819,200 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 12:28:58 819,200 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
- 2003-02-21 06:24:18 57,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 12:28:52 57,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
- 2003-02-21 06:27:06 569,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 12:31:16 573,440 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
- 2003-02-21 06:27:08 2,039,808 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 12:32:02 2,052,096 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
- 2003-02-21 06:27:10 1,335,296 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 12:29:00 1,339,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 11:51:38 53,248 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2003-02-21 09:20:38 737,280 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 09:23:20 737,280 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- 2003-02-21 04:04:18 1,032,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 06:15:14 1,032,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
- 2003-02-20 19:10:40 31,744 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-07-15 00:11:56 31,744 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2008-09-29 16:38:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-29 16:38:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-28 18:38:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-29 16:39:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-29 16:39:37 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-28 18:38:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-29 16:39:32 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-29 16:39:32 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-09-29 16:44:22 4,056 ----a-w C:\Windows\SoftwareDistribution\EventCache\{81CD1C07-3E2D-4CB5-B3B1-6F37B8223E53}.bin
- 2006-11-02 09:46:02 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
+ 2008-07-31 03:34:58 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
- 2007-02-28 18:40:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-29 16:40:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-02-28 18:40:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-29 16:40:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-02-28 18:40:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-29 16:40:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 12:34:42 1,686,528 ----a-w C:\Windows\System32\gameux.dll
+ 2008-07-31 03:34:59 1,686,528 ----a-w C:\Windows\System32\gameux.dll
- 2006-11-02 12:34:42 3,953,152 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
+ 2008-07-30 23:47:04 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
- 2008-08-05 18:11:02 15,888,504 ----a-w C:\Windows\System32\mrt.exe
+ 2008-08-26 20:28:12 16,208,504 ----a-w C:\Windows\System32\mrt.exe
- 2006-11-02 09:46:10 215,552 ----a-w C:\Windows\System32\msshsq.dll
+ 2006-12-20 06:03:44 229,888 ----a-w C:\Windows\System32\msshsq.dll
- 2007-02-21 19:18:30 107,416 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-29 16:45:17 107,416 ----a-w C:\Windows\System32\perfc009.dat
- 2007-02-21 19:18:30 121,814 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-09-29 16:45:17 121,814 ----a-w C:\Windows\System32\perfc00C.dat
- 2007-02-21 19:18:30 618,272 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-29 16:45:17 618,272 ----a-w C:\Windows\System32\perfh009.dat
- 2007-02-21 19:18:30 699,984 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-09-29 16:45:17 699,984 ----a-w C:\Windows\System32\perfh00C.dat
- 2007-01-30 00:16:50 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-09-29 16:39:42 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2007-02-28 18:41:58 5,994 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3231008829-2089630883-3644617952-1000_UserData.bin
+ 2008-09-29 16:40:58 6,296 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3231008829-2089630883-3644617952-1000_UserData.bin
- 2007-02-28 18:41:58 41,274 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-29 16:40:58 41,416 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-02-28 18:41:57 27,026 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-29 16:40:57 28,010 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:35:54 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
+ 2008-06-26 03:22:35 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
- 2007-02-28 10:36:37 115,016,352 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-09-28 18:57:08 116,157,530 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-07-31 03:34:58 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16721_none_8006fd7863ac1387\Apphlpdm.dll
+ 2008-07-30 03:11:12 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.20885_none_8053bbe37cf6c053\Apphlpdm.dll
+ 2008-07-31 03:32:38 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18112_none_81f90c5460c9a1de\Apphlpdm.dll
+ 2008-07-31 03:23:27 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22233_none_826e099179f692e1\Apphlpdm.dll
+ 2008-07-30 23:32:41 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16721_none_0a275bdbf535293c\AcRes.dll
+ 2008-07-29 23:16:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20885_none_0a741a470e7fd608\AcRes.dll
+ 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18112_none_0c196ab7f252b793\AcRes.dll
+ 2008-07-31 01:03:24 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22233_none_0c8e67f50b7fa896\AcRes.dll
+ 2008-07-31 03:34:58 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16721_none_0a295c6ff5335bea\AcGenral.dll
+ 2008-07-30 03:11:10 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20885_none_0a761adb0e7e08b6\AcGenral.dll
+ 2008-07-31 03:32:38 2,154,496 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18112_none_0c1b6b4bf250ea41\AcGenral.dll
+ 2008-07-31 03:23:20 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22233_none_0c9068890b7ddb44\AcGenral.dll
+ 2008-07-31 03:34:58 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16721_none_0a2a5cb9f5327541\AcSpecfc.dll
+ 2008-07-30 03:11:10 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20885_none_0a771b250e7d220d\AcSpecfc.dll
+ 2008-07-31 03:32:38 460,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18112_none_0c1c6b95f2500398\AcSpecfc.dll
+ 2008-07-31 03:23:21 459,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22233_none_0c9168d30b7cf49b\AcSpecfc.dll
+ 2008-07-31 03:34:58 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16721_none_0a2b5d03f5318e98\AcLayers.dll
+ 2008-07-31 03:34:58 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16721_none_0a2b5d03f5318e98\AcXtrnal.dll
+ 2008-07-30 03:11:10 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20885_none_0a781b6f0e7c3b64\AcLayers.dll
+ 2008-07-30 03:11:10 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20885_none_0a781b6f0e7c3b64\AcXtrnal.dll
+ 2008-06-12 05:28:53 541,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18112_none_0c1d6bdff24f1cef\AcLayers.dll
+ 2008-07-31 03:32:38 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18112_none_0c1d6bdff24f1cef\AcXtrnal.dll
+ 2008-07-31 03:23:21 541,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22233_none_0c92691d0b7c0df2\AcLayers.dll
+ 2008-07-31 03:23:22 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22233_none_0c92691d0b7c0df2\AcXtrnal.dll
+ 2008-07-31 03:34:59 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16721_none_400572c0c425beea\gameux.dll
+ 2008-07-30 23:47:04 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16721_none_400572c0c425beea\GameUXLegacyGDFs.dll
+ 2008-07-30 03:11:51 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20885_none_4052312bdd706bb6\gameux.dll
+ 2008-07-29 23:31:23 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20885_none_4052312bdd706bb6\GameUXLegacyGDFs.dll
+ 2008-03-08 04:21:55 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18112_none_41f7819cc1434d41\gameux.dll
+ 2008-07-31 01:13:15 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18112_none_41f7819cc1434d41\GameUXLegacyGDFs.dll
+ 2008-07-31 03:25:45 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22233_none_426c7ed9da703e44\gameux.dll
+ 2008-07-31 01:15:32 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22233_none_426c7ed9da703e44\GameUXLegacyGDFs.dll
+ 2008-06-26 03:22:35 303,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.0.6000.16710_none_f75cda9b92533b4f\wmpeffects.dll
+ 2008-06-26 03:20:37 303,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.0.6000.20867_none_f7b769d0ab93182f\wmpeffects.dll
+ 2008-06-26 03:29:09 303,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.0.6001.18098_none_f8f49a4b8fb37959\wmpeffects.dll
+ 2008-06-26 03:21:15 303,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.0.6001.22211_none_f9cdb656a8968561\wmpeffects.dll
+ 2008-06-30 23:00:26 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16730_none_f0816da06e6c1330\OESpamFilter.dat
+ 2008-06-30 23:00:26 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20895_none_f0cf2c5587b5d953\OESpamFilter.dat
+ 2008-06-30 23:00:26 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18121_none_f2737c7c6b89a187\OESpamFilter.dat
+ 2008-06-30 23:00:26 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22243_none_f2e97a0384b5abe1\OESpamFilter.dat
+ 2008-04-30 05:24:09 1,744,896 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\GdiPlus.dll
+ 2008-05-01 03:16:12 1,744,896 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.20826_none_87cd0392e31b3a67\GdiPlus.dll
+ 2008-04-30 05:27:35 1,748,992 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\GdiPlus.dll
+ 2008-05-01 03:22:16 1,748,992 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.22170_none_87ae89a0e3672b5a\GdiPlus.dll
+ 2008-04-30 05:24:10 1,823,232 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6000.16683_none_8df25f6f6273fede\GdiPlus.dll
+ 2008-05-01 03:16:13 1,823,232 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6000.20826_none_771e72777c21140e\GdiPlus.dll
+ 2008-04-30 05:27:40 1,823,232 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6001.18065_none_8dcc2d1362c70bc9\GdiPlus.dll
+ 2008-05-01 03:22:16 1,823,232 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6001.22170_none_76fff8857c6d0501\GdiPlus.dll
+ 2006-12-20 06:03:44 229,888 ----a-w C:\Windows\winsxs\x86_windowssearchengine-structuredquery_31bf3856ad364e35_6.0.6000.16404_none_a5026e9e71025fcb\msshsq.dll
+ 2006-12-20 07:11:39 229,888 ----a-w C:\Windows\winsxs\x86_windowssearchengine-structuredquery_31bf3856ad364e35_6.0.6000.20500_none_a5880a418a239a39\msshsq.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 92704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{657AAF3E-E356-4DF5-92FC-1FAAB1E1B53F}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{D1A163E3-1C3A-4891-B4EB-5EA9AA45544C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{CE78C7B8-FCD2-49FA-A2F9-2CBCFE60DB50}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DC892D53-CF22-4822-A708-924FB5B45D2A}"= UDP:C:\Users\bobby.PC-de-gobby\AppData\Local\Temp\.ttACE8.tmp:enable
"{0F31C959-65BC-4480-B41B-79C39CC5AC81}"= TCP:C:\Users\bobby.PC-de-gobby\AppData\Local\Temp\.ttACE8.tmp:enable
"{C3D25C3B-E11D-4360-84C0-DCD3CD9CCA78}"= UDP:C:\Windows\System32\sysrest32.exe:enable
"{479ECE61-7679-401D-9CE6-D3B2879EA0BD}"= TCP:C:\Windows\System32\sysrest32.exe:enable
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c30ad5e-66ca-11dd-afc5-00301b4522f2}]
\shell\AutoRun\command - E:\wd_windows_tools\setup.exe
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\bobby.PC-de-gobby\AppData\Roaming\Mozilla\Firefox\Profiles\3buryu3v.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-29 18:46:33
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-29 18:47:50
ComboFix-quarantined-files.txt 2008-09-29 16:47:47
ComboFix2.txt 2008-09-28 18:41:49
Avant-CF: Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 35,015,524,352 octets libres
453 --- E O F --- 2008-09-28 19:21:32
ComboFix 08-09-27.05 - bobby 2008-09-29 18:45:27.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1435 [GMT 2:00]
Lancé depuis: C:\Users\bobby.PC-de-gobby\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-29 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans ce laps de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 19:18 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-28 19:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-19 11:26 82,944 ----a-w C:\Windows\System32\o4Patch.exe
2008-09-19 11:26 82,944 ----a-w C:\Windows\System32\IEDFix.C.exe
2008-09-09 23:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-09 23:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-08 22:38 88,576 ----a-w C:\Windows\System32\AntiXPVSTFix.exe
2008-09-02 15:51 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-08-18 11:19 82,432 ----a-w C:\Windows\System32\404Fix.exe
2008-08-15 10:08 --------- d-----w C:\Program Files\VstPlugins
2008-08-15 10:08 --------- d-----w C:\Program Files\Image-Line
2008-08-14 23:16 --------- d-----w C:\Program Files\Rockstar Games
2008-08-14 23:08 --------- d-----w C:\ProgramData\NVIDIA
2008-08-14 22:55 --------- d-----w C:\Users\bobby.PC-de-gobby\AppData\Roaming\SoundSpectrum
2008-08-14 22:55 --------- d-----w C:\Program Files\SoundSpectrum
2008-08-14 01:29 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 19:07 --------- d-----w C:\Program Files\Windows Live
2008-08-13 19:06 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-13 19:04 --------- d-----w C:\ProgramData\WLInstaller
2008-08-12 07:55 167,424 ----a-w C:\Windows\System32\SpoonUninstall.exe
2008-08-11 18:08 --------- d-----w C:\Program Files\Illustrate
2008-08-11 08:25 615,424 ----a-w C:\Windows\System32\themeui.dll
2008-08-11 08:25 240,640 ----a-w C:\Windows\System32\uxtheme.dll
2008-08-10 22:26 --------- d-----w C:\Program Files\Electronic Arts
2008-08-10 19:34 --------- d-----w C:\Users\bobby.PC-de-gobby\AppData\Roaming\DivX
2008-08-10 19:33 --------- d-----w C:\Program Files\DivX
2008-08-10 16:31 --------- d-----w C:\ProgramData\eMule
2008-08-10 16:30 --------- d-----w C:\Program Files\eMule
2008-08-10 16:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-10 15:30 --------- d-----w C:\Program Files\UxTheme Multipatcher Fr
2008-08-10 15:26 174 --sha-w C:\Program Files\desktop.ini
2008-08-10 15:20 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-10 15:20 --------- d-----w C:\Program Files\Windows Defender
2008-08-10 15:20 --------- d-----w C:\Program Files\Windows Calendar
2008-08-10 15:17 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-08-10 15:17 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-08-10 15:17 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-08-10 15:16 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-08-10 15:16 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-08-10 15:16 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-08-10 15:16 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-08-10 15:16 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-08-10 15:16 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-08-10 15:16 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-08-10 15:16 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-08-10 15:16 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-08-10 15:16 2,923,520 ----a-w C:\Windows\explorer.exe
2008-08-10 15:16 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-08-10 15:16 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-08-10 15:15 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-08-10 15:15 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-08-10 15:12 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-08-10 15:12 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-08-10 15:12 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-08-10 15:11 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-08-10 15:11 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-08-10 15:11 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-08-10 15:11 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-08-10 15:11 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-08-10 15:10 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-08-10 15:10 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-08-10 15:10 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-08-10 15:10 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-08-10 15:10 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-08-10 15:10 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-08-10 15:10 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-08-10 15:10 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-08-10 15:10 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-08-10 15:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-08-10 15:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-08-10 15:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-08-10 15:09 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-08-10 15:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-08-10 15:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-08-10 15:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-08-10 15:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-08-10 15:08 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-08-10 15:08 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-08-10 15:08 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-08-10 15:08 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-08-10 15:08 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-08-10 15:08 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-08-10 15:08 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-08-10 15:08 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-08-10 15:08 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-08-10 15:08 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-08-10 15:08 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-08-10 15:07 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-08-10 15:07 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-08-10 15:07 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-08-10 15:07 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-08-10 15:07 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-08-10 15:02 944,184 ----a-w C:\Windows\System32\winload.exe
2008-08-10 15:00 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-08-10 14:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-10 14:58 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-08-10 14:58 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-08-10 14:58 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-08-10 14:57 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-08-10 14:57 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
.
((((((((((((((((((((((((((((( snapshot@2008-09-28_20.41.19.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-02 09:46:02 2,143,232 ----a-w C:\Windows\AppPatch\AcGenral.dll
+ 2008-07-31 03:34:58 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
- 2008-06-12 06:54:28 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
+ 2008-07-31 03:34:58 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
- 2008-06-12 01:21:33 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
+ 2008-07-30 23:32:41 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
- 2006-11-02 09:46:02 445,952 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
+ 2008-07-31 03:34:58 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
- 2008-06-12 06:54:28 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
+ 2008-07-31 03:34:58 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
- 2007-01-15 12:06:15 7,168 ----a-w C:\Windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-09-28 19:19:49 8,192 ----a-w C:\Windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-01-15 12:06:07 32,768 ----a-w C:\Windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-09-28 19:19:51 32,768 ----a-w C:\Windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-01-15 12:06:03 716,800 ----a-w C:\Windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-09-28 19:20:03 720,896 ----a-w C:\Windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-01-15 12:06:04 299,008 ----a-w C:\Windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-09-28 19:19:52 299,008 ----a-w C:\Windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-01-15 12:06:15 32,768 ----a-w C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-09-28 19:19:59 32,768 ----a-w C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
- 2007-01-15 12:06:17 299,008 ----a-w C:\Windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-09-28 19:19:57 303,104 ----a-w C:\Windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-01-15 12:06:08 1,290,240 ----a-w C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-09-28 19:20:00 1,294,336 ----a-w C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
- 2007-01-15 12:06:09 1,699,840 ----a-w C:\Windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-09-28 19:19:50 1,703,936 ----a-w C:\Windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-01-15 12:06:09 86,016 ----a-w C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-09-28 19:20:02 90,112 ----a-w C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-01-15 12:06:11 466,944 ----a-w C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-09-28 19:19:56 466,944 ----a-w C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-01-15 12:06:10 241,664 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-09-28 19:19:53 241,664 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-01-15 12:06:10 64,000 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-09-28 19:19:53 66,560 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2007-01-15 12:06:11 368,640 ----a-w C:\Windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-09-28 19:19:59 372,736 ----a-w C:\Windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-01-15 12:06:12 241,664 ----a-w C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-09-28 19:20:04 241,664 ----a-w C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-01-15 12:06:12 323,584 ----a-w C:\Windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-09-28 19:19:57 323,584 ----a-w C:\Windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-01-15 12:06:12 131,072 ----a-w C:\Windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-09-28 19:19:53 131,072 ----a-w C:\Windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-01-15 12:06:12 77,824 ----a-w C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-09-28 19:19:55 77,824 ----a-w C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-01-15 12:06:12 126,976 ----a-w C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-09-28 19:20:01 126,976 ----a-w C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-01-15 12:06:15 819,200 ----a-w C:\Windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-09-28 19:19:48 819,200 ----a-w C:\Windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-01-15 12:06:13 57,344 ----a-w C:\Windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-09-28 19:19:52 57,344 ----a-w C:\Windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-01-15 12:06:13 569,344 ----a-w C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-09-28 19:19:51 573,440 ----a-w C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-01-15 12:06:13 1,245,184 ----a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-09-28 19:20:01 1,257,472 ----a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-01-15 12:06:14 2,039,808 ----a-w C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-09-28 19:19:54 2,052,096 ----a-w C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-01-15 12:06:14 1,335,296 ----a-w C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2008-09-28 19:19:58 1,339,392 ----a-w C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
- 2007-01-15 12:06:11 1,216,512 ----a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-28 19:20:05 1,224,704 ----a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-28 19:20:44 118,784 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_5a752f12\CustomMarshalers.dll
+ 2008-09-28 19:20:21 61,440 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_ece95754\CustomMarshalers.dll
+ 2008-09-28 19:20:39 3,379,200 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3c9f848b\mscorlib.dll
+ 2008-09-28 19:20:57 8,880,128 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_fe2d2b02\mscorlib.dll
+ 2008-09-28 19:20:52 3,395,584 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7ddc32c8\System.Design.dll
+ 2008-09-28 19:20:35 1,470,464 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_fac7e304\System.Design.dll
+ 2008-09-28 19:20:44 192,512 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_0786acb1\System.Drawing.Design.dll
+ 2008-09-28 19:20:23 90,112 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_2de33db3\System.Drawing.Design.dll
+ 2008-09-28 19:20:54 2,244,608 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_4a0d6094\System.Drawing.dll
+ 2008-09-28 19:20:36 835,584 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_5d4d7ba2\System.Drawing.dll
+ 2008-09-28 19:20:27 3,014,656 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_398cb3a6\System.Windows.Forms.dll
+ 2008-09-28 19:20:47 7,880,704 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_50967c04\System.Windows.Forms.dll
+ 2008-09-28 19:20:50 5,505,024 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b40f3bd3\System.Xml.dll
+ 2008-09-28 19:20:31 2,088,960 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_eab869e3\System.Xml.dll
+ 2008-09-28 19:20:20 1,953,792 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_063b280f\System.dll
+ 2008-09-28 19:20:43 4,763,648 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_46e98e2f\System.dll
+ 2008-09-29 16:45:22 6,123,520 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
- 2003-02-20 18:19:32 253,952 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2004-07-14 23:49:16 258,048 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2003-02-20 18:19:34 20,480 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-14 23:49:18 20,480 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- 2003-02-20 18:19:38 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-14 23:49:26 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2003-02-20 18:19:36 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-07-14 23:49:22 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-20 18:09:08 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2004-07-14 22:32:22 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 09:20:44 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 09:23:28 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
- 2003-02-21 09:21:00 626,688 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 09:23:44 626,688 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
- 2003-02-20 18:06:20 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2004-07-14 22:24:30 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 12:30:14 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
- 2003-02-21 06:24:38 7,168 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 12:31:00 8,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
- 2003-02-21 06:24:40 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2004-07-15 12:31:04 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
- 2003-02-20 18:09:40 196,608 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-14 22:35:30 196,608 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 06:26:36 716,800 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 12:28:58 720,896 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
- 2003-02-21 06:26:38 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 12:28:56 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
- 2003-02-21 06:25:04 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 12:28:50 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- 2003-02-21 06:25:04 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 12:28:50 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2003-02-20 18:09:12 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-14 22:32:44 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
- 2003-02-20 18:09:12 233,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-14 22:32:46 233,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
- 2003-02-20 18:06:32 311,296 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2004-07-14 22:25:06 315,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2003-02-20 18:09:16 98,304 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2004-07-14 22:33:04 102,400 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2003-02-21 06:26:34 2,088,960 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2004-07-15 12:29:02 2,138,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 18:09:18 143,360 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-14 22:33:22 143,360 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
- 2003-02-20 18:09:18 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2004-07-14 22:33:24 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
- 2003-02-20 18:07:34 2,494,464 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2004-07-14 22:26:52 2,510,848 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2003-02-20 18:08:32 2,482,176 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-07-14 22:28:34 2,502,656 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-08-10 14:20:00 106,496 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-20 18:09:30 90,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2004-07-14 22:34:50 94,208 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
- 2003-02-21 06:26:46 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 12:28:48 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
- 2003-02-20 18:09:34 319,488 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2004-07-14 22:35:04 319,488 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
- 2003-02-21 06:26:38 1,290,240 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 12:32:00 1,294,336 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
- 2003-02-21 06:25:42 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 12:31:14 303,104 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
- 2003-02-21 06:26:42 1,699,840 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 12:29:02 1,703,936 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
- 2003-02-21 06:26:44 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2004-07-15 12:28:54 90,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
- 2003-02-21 06:26:46 1,216,512 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 12:31:16 1,224,704 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2003-02-21 06:26:50 466,944 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 12:28:58 466,944 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2003-02-21 06:26:50 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 12:28:56 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
- 2003-02-20 18:09:36 64,000 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-14 22:35:12 66,560 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
- 2003-02-21 06:26:52 368,640 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 12:31:58 372,736 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
- 2003-02-21 06:26:54 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 12:31:12 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
- 2003-02-21 06:26:56 323,584 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 12:28:58 323,584 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
- 2003-02-21 06:26:56 131,072 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 12:31:54 131,072 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-02-21 06:26:58 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 12:28:52 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2003-02-21 06:27:00 126,976 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 12:28:54 126,976 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
- 2003-02-21 06:27:02 1,245,184 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2004-07-15 12:29:00 1,257,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2003-02-21 06:27:06 819,200 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 12:28:58 819,200 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
- 2003-02-21 06:24:18 57,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 12:28:52 57,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
- 2003-02-21 06:27:06 569,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 12:31:16 573,440 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
- 2003-02-21 06:27:08 2,039,808 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 12:32:02 2,052,096 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
- 2003-02-21 06:27:10 1,335,296 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 12:29:00 1,339,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 11:51:38 53,248 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2003-02-21 09:20:38 737,280 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 09:23:20 737,280 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- 2003-02-21 04:04:18 1,032,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 06:15:14 1,032,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
- 2003-02-20 19:10:40 31,744 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-07-15 00:11:56 31,744 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2008-09-29 16:38:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-29 16:38:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-28 18:38:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-29 16:39:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-29 16:39:37 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-28 18:38:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-29 16:39:32 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-29 16:39:32 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-09-29 16:44:22 4,056 ----a-w C:\Windows\SoftwareDistribution\EventCache\{81CD1C07-3E2D-4CB5-B3B1-6F37B8223E53}.bin
- 2006-11-02 09:46:02 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
+ 2008-07-31 03:34:58 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
- 2007-02-28 18:40:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-29 16:40:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-02-28 18:40:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-29 16:40:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-02-28 18:40:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-29 16:40:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 12:34:42 1,686,528 ----a-w C:\Windows\System32\gameux.dll
+ 2008-07-31 03:34:59 1,686,528 ----a-w C:\Windows\System32\gameux.dll
- 2006-11-02 12:34:42 3,953,152 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
+ 2008-07-30 23:47:04 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
- 2008-08-05 18:11:02 15,888,504 ----a-w C:\Windows\System32\mrt.exe
+ 2008-08-26 20:28:12 16,208,504 ----a-w C:\Windows\System32\mrt.exe
- 2006-11-02 09:46:10 215,552 ----a-w C:\Windows\System32\msshsq.dll
+ 2006-12-20 06:03:44 229,888 ----a-w C:\Windows\System32\msshsq.dll
- 2007-02-21 19:18:30 107,416 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-29 16:45:17 107,416 ----a-w C:\Windows\System32\perfc009.dat
- 2007-02-21 19:18:30 121,814 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-09-29 16:45:17 121,814 ----a-w C:\Windows\System32\perfc00C.dat
- 2007-02-21 19:18:30 618,272 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-29 16:45:17 618,272 ----a-w C:\Windows\System32\perfh009.dat
- 2007-02-21 19:18:30 699,984 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-09-29 16:45:17 699,984 ----a-w C:\Windows\System32\perfh00C.dat
- 2007-01-30 00:16:50 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-09-29 16:39:42 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2007-02-28 18:41:58 5,994 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3231008829-2089630883-3644617952-1000_UserData.bin
+ 2008-09-29 16:40:58 6,296 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3231008829-2089630883-3644617952-1000_UserData.bin
- 2007-02-28 18:41:58 41,274 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-29 16:40:58 41,416 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-02-28 18:41:57 27,026 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-29 16:40:57 28,010 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:35:54 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
+ 2008-06-26 03:22:35 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
- 2007-02-28 10:36:37 115,016,352 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-09-28 18:57:08 116,157,530 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-07-31 03:34:58 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16721_none_8006fd7863ac1387\Apphlpdm.dll
+ 2008-07-30 03:11:12 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.20885_none_8053bbe37cf6c053\Apphlpdm.dll
+ 2008-07-31 03:32:38 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18112_none_81f90c5460c9a1de\Apphlpdm.dll
+ 2008-07-31 03:23:27 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22233_none_826e099179f692e1\Apphlpdm.dll
+ 2008-07-30 23:32:41 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16721_none_0a275bdbf535293c\AcRes.dll
+ 2008-07-29 23:16:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20885_none_0a741a470e7fd608\AcRes.dll
+ 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18112_none_0c196ab7f252b793\AcRes.dll
+ 2008-07-31 01:03:24 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22233_none_0c8e67f50b7fa896\AcRes.dll
+ 2008-07-31 03:34:58 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16721_none_0a295c6ff5335bea\AcGenral.dll
+ 2008-07-30 03:11:10 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20885_none_0a761adb0e7e08b6\AcGenral.dll
+ 2008-07-31 03:32:38 2,154,496 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18112_none_0c1b6b4bf250ea41\AcGenral.dll
+ 2008-07-31 03:23:20 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22233_none_0c9068890b7ddb44\AcGenral.dll
+ 2008-07-31 03:34:58 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16721_none_0a2a5cb9f5327541\AcSpecfc.dll
+ 2008-07-30 03:11:10 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20885_none_0a771b250e7d220d\AcSpecfc.dll
+ 2008-07-31 03:32:38 460,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18112_none_0c1c6b95f2500398\AcSpecfc.dll
+ 2008-07-31 03:23:21 459,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22233_none_0c9168d30b7cf49b\AcSpecfc.dll
+ 2008-07-31 03:34:58 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16721_none_0a2b5d03f5318e98\AcLayers.dll
+ 2008-07-31 03:34:58 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16721_none_0a2b5d03f5318e98\AcXtrnal.dll
+ 2008-07-30 03:11:10 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20885_none_0a781b6f0e7c3b64\AcLayers.dll
+ 2008-07-30 03:11:10 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20885_none_0a781b6f0e7c3b64\AcXtrnal.dll
+ 2008-06-12 05:28:53 541,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18112_none_0c1d6bdff24f1cef\AcLayers.dll
+ 2008-07-31 03:32:38 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18112_none_0c1d6bdff24f1cef\AcXtrnal.dll
+ 2008-07-31 03:23:21 541,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22233_none_0c92691d0b7c0df2\AcLayers.dll
+ 2008-07-31 03:23:22 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22233_none_0c92691d0b7c0df2\AcXtrnal.dll
+ 2008-07-31 03:34:59 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16721_none_400572c0c425beea\gameux.dll
+ 2008-07-30 23:47:04 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16721_none_400572c0c425beea\GameUXLegacyGDFs.dll
+ 2008-07-30 03:11:51 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20885_none_4052312bdd706bb6\gameux.dll
+ 2008-07-29 23:31:23 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20885_none_4052312bdd706bb6\GameUXLegacyGDFs.dll
+ 2008-03-08 04:21:55 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18112_none_41f7819cc1434d41\gameux.dll
+ 2008-07-31 01:13:15 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18112_none_41f7819cc1434d41\GameUXLegacyGDFs.dll
+ 2008-07-31 03:25:45 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22233_none_426c7ed9da703e44\gameux.dll
+ 2008-07-31 01:15:32 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22233_none_426c7ed9da703e44\GameUXLegacyGDFs.dll
+ 2008-06-26 03:22:35 303,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.0.6000.16710_none_f75cda9b92533b4f\wmpeffects.dll
+ 2008-06-26 03:20:37 303,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.0.6000.20867_none_f7b769d0ab93182f\wmpeffects.dll
+ 2008-06-26 03:29:09 303,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.0.6001.18098_none_f8f49a4b8fb37959\wmpeffects.dll
+ 2008-06-26 03:21:15 303,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.0.6001.22211_none_f9cdb656a8968561\wmpeffects.dll
+ 2008-06-30 23:00:26 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16730_none_f0816da06e6c1330\OESpamFilter.dat
+ 2008-06-30 23:00:26 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20895_none_f0cf2c5587b5d953\OESpamFilter.dat
+ 2008-06-30 23:00:26 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18121_none_f2737c7c6b89a187\OESpamFilter.dat
+ 2008-06-30 23:00:26 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22243_none_f2e97a0384b5abe1\OESpamFilter.dat
+ 2008-04-30 05:24:09 1,744,896 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\GdiPlus.dll
+ 2008-05-01 03:16:12 1,744,896 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.20826_none_87cd0392e31b3a67\GdiPlus.dll
+ 2008-04-30 05:27:35 1,748,992 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\GdiPlus.dll
+ 2008-05-01 03:22:16 1,748,992 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.22170_none_87ae89a0e3672b5a\GdiPlus.dll
+ 2008-04-30 05:24:10 1,823,232 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6000.16683_none_8df25f6f6273fede\GdiPlus.dll
+ 2008-05-01 03:16:13 1,823,232 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6000.20826_none_771e72777c21140e\GdiPlus.dll
+ 2008-04-30 05:27:40 1,823,232 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6001.18065_none_8dcc2d1362c70bc9\GdiPlus.dll
+ 2008-05-01 03:22:16 1,823,232 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6001.22170_none_76fff8857c6d0501\GdiPlus.dll
+ 2006-12-20 06:03:44 229,888 ----a-w C:\Windows\winsxs\x86_windowssearchengine-structuredquery_31bf3856ad364e35_6.0.6000.16404_none_a5026e9e71025fcb\msshsq.dll
+ 2006-12-20 07:11:39 229,888 ----a-w C:\Windows\winsxs\x86_windowssearchengine-structuredquery_31bf3856ad364e35_6.0.6000.20500_none_a5880a418a239a39\msshsq.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 92704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{657AAF3E-E356-4DF5-92FC-1FAAB1E1B53F}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{D1A163E3-1C3A-4891-B4EB-5EA9AA45544C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{CE78C7B8-FCD2-49FA-A2F9-2CBCFE60DB50}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DC892D53-CF22-4822-A708-924FB5B45D2A}"= UDP:C:\Users\bobby.PC-de-gobby\AppData\Local\Temp\.ttACE8.tmp:enable
"{0F31C959-65BC-4480-B41B-79C39CC5AC81}"= TCP:C:\Users\bobby.PC-de-gobby\AppData\Local\Temp\.ttACE8.tmp:enable
"{C3D25C3B-E11D-4360-84C0-DCD3CD9CCA78}"= UDP:C:\Windows\System32\sysrest32.exe:enable
"{479ECE61-7679-401D-9CE6-D3B2879EA0BD}"= TCP:C:\Windows\System32\sysrest32.exe:enable
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c30ad5e-66ca-11dd-afc5-00301b4522f2}]
\shell\AutoRun\command - E:\wd_windows_tools\setup.exe
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\bobby.PC-de-gobby\AppData\Roaming\Mozilla\Firefox\Profiles\3buryu3v.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-29 18:46:33
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-29 18:47:50
ComboFix-quarantined-files.txt 2008-09-29 16:47:47
ComboFix2.txt 2008-09-28 18:41:49
Avant-CF: Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 35,015,524,352 octets libres
453 --- E O F --- 2008-09-28 19:21:32
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1435 [GMT 2:00]
Lancé depuis: C:\Users\bobby.PC-de-gobby\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-29 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans ce laps de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 19:18 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-28 19:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-19 11:26 82,944 ----a-w C:\Windows\System32\o4Patch.exe
2008-09-19 11:26 82,944 ----a-w C:\Windows\System32\IEDFix.C.exe
2008-09-09 23:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-09 23:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-08 22:38 88,576 ----a-w C:\Windows\System32\AntiXPVSTFix.exe
2008-09-02 15:51 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-08-18 11:19 82,432 ----a-w C:\Windows\System32\404Fix.exe
2008-08-15 10:08 --------- d-----w C:\Program Files\VstPlugins
2008-08-15 10:08 --------- d-----w C:\Program Files\Image-Line
2008-08-14 23:16 --------- d-----w C:\Program Files\Rockstar Games
2008-08-14 23:08 --------- d-----w C:\ProgramData\NVIDIA
2008-08-14 22:55 --------- d-----w C:\Users\bobby.PC-de-gobby\AppData\Roaming\SoundSpectrum
2008-08-14 22:55 --------- d-----w C:\Program Files\SoundSpectrum
2008-08-14 01:29 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 19:07 --------- d-----w C:\Program Files\Windows Live
2008-08-13 19:06 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-13 19:04 --------- d-----w C:\ProgramData\WLInstaller
2008-08-12 07:55 167,424 ----a-w C:\Windows\System32\SpoonUninstall.exe
2008-08-11 18:08 --------- d-----w C:\Program Files\Illustrate
2008-08-11 08:25 615,424 ----a-w C:\Windows\System32\themeui.dll
2008-08-11 08:25 240,640 ----a-w C:\Windows\System32\uxtheme.dll
2008-08-10 22:26 --------- d-----w C:\Program Files\Electronic Arts
2008-08-10 19:34 --------- d-----w C:\Users\bobby.PC-de-gobby\AppData\Roaming\DivX
2008-08-10 19:33 --------- d-----w C:\Program Files\DivX
2008-08-10 16:31 --------- d-----w C:\ProgramData\eMule
2008-08-10 16:30 --------- d-----w C:\Program Files\eMule
2008-08-10 16:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-10 15:30 --------- d-----w C:\Program Files\UxTheme Multipatcher Fr
2008-08-10 15:26 174 --sha-w C:\Program Files\desktop.ini
2008-08-10 15:20 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-10 15:20 --------- d-----w C:\Program Files\Windows Defender
2008-08-10 15:20 --------- d-----w C:\Program Files\Windows Calendar
2008-08-10 15:17 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-08-10 15:17 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-08-10 15:17 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-08-10 15:16 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-08-10 15:16 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-08-10 15:16 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-08-10 15:16 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-08-10 15:16 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-08-10 15:16 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-08-10 15:16 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-08-10 15:16 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-08-10 15:16 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-08-10 15:16 2,923,520 ----a-w C:\Windows\explorer.exe
2008-08-10 15:16 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-08-10 15:16 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-08-10 15:15 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-08-10 15:15 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-08-10 15:12 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-08-10 15:12 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-08-10 15:12 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-08-10 15:11 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-08-10 15:11 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-08-10 15:11 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-08-10 15:11 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-08-10 15:11 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-08-10 15:10 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-08-10 15:10 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-08-10 15:10 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-08-10 15:10 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-08-10 15:10 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-08-10 15:10 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-08-10 15:10 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-08-10 15:10 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-08-10 15:10 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-08-10 15:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-08-10 15:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-08-10 15:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-08-10 15:09 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-08-10 15:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-08-10 15:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-08-10 15:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-08-10 15:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-08-10 15:08 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-08-10 15:08 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-08-10 15:08 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-08-10 15:08 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-08-10 15:08 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-08-10 15:08 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-08-10 15:08 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-08-10 15:08 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-08-10 15:08 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-08-10 15:08 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-08-10 15:08 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-08-10 15:07 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-08-10 15:07 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-08-10 15:07 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-08-10 15:07 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-08-10 15:07 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-08-10 15:02 944,184 ----a-w C:\Windows\System32\winload.exe
2008-08-10 15:00 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-08-10 14:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-10 14:58 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-08-10 14:58 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-08-10 14:58 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-08-10 14:57 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-08-10 14:57 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
.
((((((((((((((((((((((((((((( snapshot@2008-09-28_20.41.19.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-02 09:46:02 2,143,232 ----a-w C:\Windows\AppPatch\AcGenral.dll
+ 2008-07-31 03:34:58 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
- 2008-06-12 06:54:28 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
+ 2008-07-31 03:34:58 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
- 2008-06-12 01:21:33 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
+ 2008-07-30 23:32:41 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
- 2006-11-02 09:46:02 445,952 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
+ 2008-07-31 03:34:58 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
- 2008-06-12 06:54:28 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
+ 2008-07-31 03:34:58 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
- 2007-01-15 12:06:15 7,168 ----a-w C:\Windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-09-28 19:19:49 8,192 ----a-w C:\Windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-01-15 12:06:07 32,768 ----a-w C:\Windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-09-28 19:19:51 32,768 ----a-w C:\Windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-01-15 12:06:03 716,800 ----a-w C:\Windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-09-28 19:20:03 720,896 ----a-w C:\Windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-01-15 12:06:04 299,008 ----a-w C:\Windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-09-28 19:19:52 299,008 ----a-w C:\Windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-01-15 12:06:15 32,768 ----a-w C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-09-28 19:19:59 32,768 ----a-w C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
- 2007-01-15 12:06:17 299,008 ----a-w C:\Windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-09-28 19:19:57 303,104 ----a-w C:\Windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-01-15 12:06:08 1,290,240 ----a-w C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-09-28 19:20:00 1,294,336 ----a-w C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
- 2007-01-15 12:06:09 1,699,840 ----a-w C:\Windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-09-28 19:19:50 1,703,936 ----a-w C:\Windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-01-15 12:06:09 86,016 ----a-w C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-09-28 19:20:02 90,112 ----a-w C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-01-15 12:06:11 466,944 ----a-w C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-09-28 19:19:56 466,944 ----a-w C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-01-15 12:06:10 241,664 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-09-28 19:19:53 241,664 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-01-15 12:06:10 64,000 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-09-28 19:19:53 66,560 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2007-01-15 12:06:11 368,640 ----a-w C:\Windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-09-28 19:19:59 372,736 ----a-w C:\Windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-01-15 12:06:12 241,664 ----a-w C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-09-28 19:20:04 241,664 ----a-w C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-01-15 12:06:12 323,584 ----a-w C:\Windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-09-28 19:19:57 323,584 ----a-w C:\Windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-01-15 12:06:12 131,072 ----a-w C:\Windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-09-28 19:19:53 131,072 ----a-w C:\Windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-01-15 12:06:12 77,824 ----a-w C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-09-28 19:19:55 77,824 ----a-w C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-01-15 12:06:12 126,976 ----a-w C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-09-28 19:20:01 126,976 ----a-w C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-01-15 12:06:15 819,200 ----a-w C:\Windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-09-28 19:19:48 819,200 ----a-w C:\Windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-01-15 12:06:13 57,344 ----a-w C:\Windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-09-28 19:19:52 57,344 ----a-w C:\Windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-01-15 12:06:13 569,344 ----a-w C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-09-28 19:19:51 573,440 ----a-w C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-01-15 12:06:13 1,245,184 ----a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-09-28 19:20:01 1,257,472 ----a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-01-15 12:06:14 2,039,808 ----a-w C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-09-28 19:19:54 2,052,096 ----a-w C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-01-15 12:06:14 1,335,296 ----a-w C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2008-09-28 19:19:58 1,339,392 ----a-w C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
- 2007-01-15 12:06:11 1,216,512 ----a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-28 19:20:05 1,224,704 ----a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-28 19:20:44 118,784 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_5a752f12\CustomMarshalers.dll
+ 2008-09-28 19:20:21 61,440 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_ece95754\CustomMarshalers.dll
+ 2008-09-28 19:20:39 3,379,200 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3c9f848b\mscorlib.dll
+ 2008-09-28 19:20:57 8,880,128 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_fe2d2b02\mscorlib.dll
+ 2008-09-28 19:20:52 3,395,584 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7ddc32c8\System.Design.dll
+ 2008-09-28 19:20:35 1,470,464 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_fac7e304\System.Design.dll
+ 2008-09-28 19:20:44 192,512 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_0786acb1\System.Drawing.Design.dll
+ 2008-09-28 19:20:23 90,112 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_2de33db3\System.Drawing.Design.dll
+ 2008-09-28 19:20:54 2,244,608 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_4a0d6094\System.Drawing.dll
+ 2008-09-28 19:20:36 835,584 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_5d4d7ba2\System.Drawing.dll
+ 2008-09-28 19:20:27 3,014,656 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_398cb3a6\System.Windows.Forms.dll
+ 2008-09-28 19:20:47 7,880,704 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_50967c04\System.Windows.Forms.dll
+ 2008-09-28 19:20:50 5,505,024 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b40f3bd3\System.Xml.dll
+ 2008-09-28 19:20:31 2,088,960 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_eab869e3\System.Xml.dll
+ 2008-09-28 19:20:20 1,953,792 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_063b280f\System.dll
+ 2008-09-28 19:20:43 4,763,648 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_46e98e2f\System.dll
+ 2008-09-29 16:45:22 6,123,520 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
- 2003-02-20 18:19:32 253,952 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2004-07-14 23:49:16 258,048 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2003-02-20 18:19:34 20,480 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-14 23:49:18 20,480 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- 2003-02-20 18:19:38 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-14 23:49:26 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2003-02-20 18:19:36 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-07-14 23:49:22 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-20 18:09:08 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2004-07-14 22:32:22 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 09:20:44 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 09:23:28 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
- 2003-02-21 09:21:00 626,688 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 09:23:44 626,688 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
- 2003-02-20 18:06:20 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2004-07-14 22:24:30 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 12:30:14 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
- 2003-02-21 06:24:38 7,168 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 12:31:00 8,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
- 2003-02-21 06:24:40 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2004-07-15 12:31:04 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
- 2003-02-20 18:09:40 196,608 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-14 22:35:30 196,608 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 06:26:36 716,800 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 12:28:58 720,896 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
- 2003-02-21 06:26:38 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 12:28:56 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
- 2003-02-21 06:25:04 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 12:28:50 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- 2003-02-21 06:25:04 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 12:28:50 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2003-02-20 18:09:12 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-14 22:32:44 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
- 2003-02-20 18:09:12 233,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-14 22:32:46 233,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
- 2003-02-20 18:06:32 311,296 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2004-07-14 22:25:06 315,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2003-02-20 18:09:16 98,304 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2004-07-14 22:33:04 102,400 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2003-02-21 06:26:34 2,088,960 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2004-07-15 12:29:02 2,138,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 18:09:18 143,360 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-14 22:33:22 143,360 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
- 2003-02-20 18:09:18 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2004-07-14 22:33:24 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
- 2003-02-20 18:07:34 2,494,464 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2004-07-14 22:26:52 2,510,848 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2003-02-20 18:08:32 2,482,176 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-07-14 22:28:34 2,502,656 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-08-10 14:20:00 106,496 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-20 18:09:30 90,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2004-07-14 22:34:50 94,208 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
- 2003-02-21 06:26:46 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 12:28:48 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
- 2003-02-20 18:09:34 319,488 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2004-07-14 22:35:04 319,488 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
- 2003-02-21 06:26:38 1,290,240 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 12:32:00 1,294,336 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
- 2003-02-21 06:25:42 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 12:31:14 303,104 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
- 2003-02-21 06:26:42 1,699,840 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 12:29:02 1,703,936 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
- 2003-02-21 06:26:44 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2004-07-15 12:28:54 90,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
- 2003-02-21 06:26:46 1,216,512 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 12:31:16 1,224,704 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2003-02-21 06:26:50 466,944 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 12:28:58 466,944 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2003-02-21 06:26:50 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 12:28:56 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
- 2003-02-20 18:09:36 64,000 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-14 22:35:12 66,560 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
- 2003-02-21 06:26:52 368,640 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 12:31:58 372,736 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
- 2003-02-21 06:26:54 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 12:31:12 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
- 2003-02-21 06:26:56 323,584 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 12:28:58 323,584 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
- 2003-02-21 06:26:56 131,072 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 12:31:54 131,072 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-02-21 06:26:58 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 12:28:52 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2003-02-21 06:27:00 126,976 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 12:28:54 126,976 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
- 2003-02-21 06:27:02 1,245,184 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2004-07-15 12:29:00 1,257,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2003-02-21 06:27:06 819,200 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 12:28:58 819,200 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
- 2003-02-21 06:24:18 57,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 12:28:52 57,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
- 2003-02-21 06:27:06 569,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 12:31:16 573,440 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
- 2003-02-21 06:27:08 2,039,808 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 12:32:02 2,052,096 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
- 2003-02-21 06:27:10 1,335,296 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 12:29:00 1,339,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 11:51:38 53,248 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2003-02-21 09:20:38 737,280 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 09:23:20 737,280 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- 2003-02-21 04:04:18 1,032,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 06:15:14 1,032,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
- 2003-02-20 19:10:40 31,744 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-07-15 00:11:56 31,744 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2008-09-29 16:38:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-29 16:38:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-28 18:38:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-29 16:39:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-29 16:39:37 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-28 18:38:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-29 16:39:32 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-29 16:39:32 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-09-29 16:44:22 4,056 ----a-w C:\Windows\SoftwareDistribution\EventCache\{81CD1C07-3E2D-4CB5-B3B1-6F37B8223E53}.bin
- 2006-11-02 09:46:02 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
+ 2008-07-31 03:34:58 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
- 2007-02-28 18:40:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-29 16:40:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-02-28 18:40:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-29 16:40:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-02-28 18:40:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-29 16:40:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 12:34:42 1,686,528 ----a-w C:\Windows\System32\gameux.dll
+ 2008-07-31 03:34:59 1,686,528 ----a-w C:\Windows\System32\gameux.dll
- 2006-11-02 12:34:42 3,953,152 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
+ 2008-07-30 23:47:04 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
- 2008-08-05 18:11:02 15,888,504 ----a-w C:\Windows\System32\mrt.exe
+ 2008-08-26 20:28:12 16,208,504 ----a-w C:\Windows\System32\mrt.exe
- 2006-11-02 09:46:10 215,552 ----a-w C:\Windows\System32\msshsq.dll
+ 2006-12-20 06:03:44 229,888 ----a-w C:\Windows\System32\msshsq.dll
- 2007-02-21 19:18:30 107,416 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-29 16:45:17 107,416 ----a-w C:\Windows\System32\perfc009.dat
- 2007-02-21 19:18:30 121,814 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-09-29 16:45:17 121,814 ----a-w C:\Windows\System32\perfc00C.dat
- 2007-02-21 19:18:30 618,272 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-29 16:45:17 618,272 ----a-w C:\Windows\System32\perfh009.dat
- 2007-02-21 19:18:30 699,984 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-09-29 16:45:17 699,984 ----a-w C:\Windows\System32\perfh00C.dat
- 2007-01-30 00:16:50 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-09-29 16:39:42 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2007-02-28 18:41:58 5,994 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3231008829-2089630883-3644617952-1000_UserData.bin
+ 2008-09-29 16:40:58 6,296 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3231008829-2089630883-3644617952-1000_UserData.bin
- 2007-02-28 18:41:58 41,274 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-29 16:40:58 41,416 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-02-28 18:41:57 27,026 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-29 16:40:57 28,010 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:35:54 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
+ 2008-06-26 03:22:35 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
- 2007-02-28 10:36:37 115,016,352 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-09-28 18:57:08 116,157,530 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-07-31 03:34:58 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16721_none_8006fd7863ac1387\Apphlpdm.dll
+ 2008-07-30 03:11:12 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.20885_none_8053bbe37cf6c053\Apphlpdm.dll
+ 2008-07-31 03:32:38 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18112_none_81f90c5460c9a1de\Apphlpdm.dll
+ 2008-07-31 03:23:27 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22233_none_826e099179f692e1\Apphlpdm.dll
+ 2008-07-30 23:32:41 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16721_none_0a275bdbf535293c\AcRes.dll
+ 2008-07-29 23:16:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20885_none_0a741a470e7fd608\AcRes.dll
+ 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18112_none_0c196ab7f252b793\AcRes.dll
+ 2008-07-31 01:03:24 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22233_none_0c8e67f50b7fa896\AcRes.dll
+ 2008-07-31 03:34:58 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16721_none_0a295c6ff5335bea\AcGenral.dll
+ 2008-07-30 03:11:10 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20885_none_0a761adb0e7e08b6\AcGenral.dll
+ 2008-07-31 03:32:38 2,154,496 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18112_none_0c1b6b4bf250ea41\AcGenral.dll
+ 2008-07-31 03:23:20 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22233_none_0c9068890b7ddb44\AcGenral.dll
+ 2008-07-31 03:34:58 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16721_none_0a2a5cb9f5327541\AcSpecfc.dll
+ 2008-07-30 03:11:10 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20885_none_0a771b250e7d220d\AcSpecfc.dll
+ 2008-07-31 03:32:38 460,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18112_none_0c1c6b95f2500398\AcSpecfc.dll
+ 2008-07-31 03:23:21 459,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22233_none_0c9168d30b7cf49b\AcSpecfc.dll
+ 2008-07-31 03:34:58 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16721_none_0a2b5d03f5318e98\AcLayers.dll
+ 2008-07-31 03:34:58 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16721_none_0a2b5d03f5318e98\AcXtrnal.dll
+ 2008-07-30 03:11:10 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20885_none_0a781b6f0e7c3b64\AcLayers.dll
+ 2008-07-30 03:11:10 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20885_none_0a781b6f0e7c3b64\AcXtrnal.dll
+ 2008-06-12 05:28:53 541,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18112_none_0c1d6bdff24f1cef\AcLayers.dll
+ 2008-07-31 03:32:38 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18112_none_0c1d6bdff24f1cef\AcXtrnal.dll
+ 2008-07-31 03:23:21 541,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22233_none_0c92691d0b7c0df2\AcLayers.dll
+ 2008-07-31 03:23:22 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22233_none_0c92691d0b7c0df2\AcXtrnal.dll
+ 2008-07-31 03:34:59 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16721_none_400572c0c425beea\gameux.dll
+ 2008-07-30 23:47:04 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16721_none_400572c0c425beea\GameUXLegacyGDFs.dll
+ 2008-07-30 03:11:51 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20885_none_4052312bdd706bb6\gameux.dll
+ 2008-07-29 23:31:23 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20885_none_4052312bdd706bb6\GameUXLegacyGDFs.dll
+ 2008-03-08 04:21:55 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18112_none_41f7819cc1434d41\gameux.dll
+ 2008-07-31 01:13:15 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18112_none_41f7819cc1434d41\GameUXLegacyGDFs.dll
+ 2008-07-31 03:25:45 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22233_none_426c7ed9da703e44\gameux.dll
+ 2008-07-31 01:15:32 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22233_none_426c7ed9da703e44\GameUXLegacyGDFs.dll
+ 2008-06-26 03:22:35 303,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.0.6000.16710_none_f75cda9b92533b4f\wmpeffects.dll
+ 2008-06-26 03:20:37 303,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.0.6000.20867_none_f7b769d0ab93182f\wmpeffects.dll
+ 2008-06-26 03:29:09 303,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.0.6001.18098_none_f8f49a4b8fb37959\wmpeffects.dll
+ 2008-06-26 03:21:15 303,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_6.0.6001.22211_none_f9cdb656a8968561\wmpeffects.dll
+ 2008-06-30 23:00:26 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16730_none_f0816da06e6c1330\OESpamFilter.dat
+ 2008-06-30 23:00:26 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20895_none_f0cf2c5587b5d953\OESpamFilter.dat
+ 2008-06-30 23:00:26 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18121_none_f2737c7c6b89a187\OESpamFilter.dat
+ 2008-06-30 23:00:26 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22243_none_f2e97a0384b5abe1\OESpamFilter.dat
+ 2008-04-30 05:24:09 1,744,896 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\GdiPlus.dll
+ 2008-05-01 03:16:12 1,744,896 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.20826_none_87cd0392e31b3a67\GdiPlus.dll
+ 2008-04-30 05:27:35 1,748,992 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\GdiPlus.dll
+ 2008-05-01 03:22:16 1,748,992 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.22170_none_87ae89a0e3672b5a\GdiPlus.dll
+ 2008-04-30 05:24:10 1,823,232 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6000.16683_none_8df25f6f6273fede\GdiPlus.dll
+ 2008-05-01 03:16:13 1,823,232 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6000.20826_none_771e72777c21140e\GdiPlus.dll
+ 2008-04-30 05:27:40 1,823,232 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6001.18065_none_8dcc2d1362c70bc9\GdiPlus.dll
+ 2008-05-01 03:22:16 1,823,232 ----a-w C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6001.22170_none_76fff8857c6d0501\GdiPlus.dll
+ 2006-12-20 06:03:44 229,888 ----a-w C:\Windows\winsxs\x86_windowssearchengine-structuredquery_31bf3856ad364e35_6.0.6000.16404_none_a5026e9e71025fcb\msshsq.dll
+ 2006-12-20 07:11:39 229,888 ----a-w C:\Windows\winsxs\x86_windowssearchengine-structuredquery_31bf3856ad364e35_6.0.6000.20500_none_a5880a418a239a39\msshsq.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 92704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{657AAF3E-E356-4DF5-92FC-1FAAB1E1B53F}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{D1A163E3-1C3A-4891-B4EB-5EA9AA45544C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{CE78C7B8-FCD2-49FA-A2F9-2CBCFE60DB50}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DC892D53-CF22-4822-A708-924FB5B45D2A}"= UDP:C:\Users\bobby.PC-de-gobby\AppData\Local\Temp\.ttACE8.tmp:enable
"{0F31C959-65BC-4480-B41B-79C39CC5AC81}"= TCP:C:\Users\bobby.PC-de-gobby\AppData\Local\Temp\.ttACE8.tmp:enable
"{C3D25C3B-E11D-4360-84C0-DCD3CD9CCA78}"= UDP:C:\Windows\System32\sysrest32.exe:enable
"{479ECE61-7679-401D-9CE6-D3B2879EA0BD}"= TCP:C:\Windows\System32\sysrest32.exe:enable
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c30ad5e-66ca-11dd-afc5-00301b4522f2}]
\shell\AutoRun\command - E:\wd_windows_tools\setup.exe
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\bobby.PC-de-gobby\AppData\Roaming\Mozilla\Firefox\Profiles\3buryu3v.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-29 18:46:33
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-29 18:47:50
ComboFix-quarantined-files.txt 2008-09-29 16:47:47
ComboFix2.txt 2008-09-28 18:41:49
Avant-CF: Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 35,015,524,352 octets libres
453 --- E O F --- 2008-09-28 19:21:32
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:33, on 29/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
Scan saved at 18:53:33, on 29/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
Salut,
1-Crées un doc texte sur ton bureau :
pointes ta souris sur ton bureau , cliques droit : vas dans "nouveau" et choisis "document texte" .
Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C3D25C3B-E11D-4360-84C0-DCD3CD9CCA78}"=-
"{479ECE61-7679-401D-9CE6-D3B2879EA0BD}"=-
File::
C:\Windows\System32\sysrest32.exe
Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valides ...
2-Nettoyage :
!! Déconnectes toi, fermes toutes tes applications et désactives TOUTES TES DEFENSES ( tu les réactiveras après ) !!
--->Sur ton bureau, fais un glissé avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .
(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )
Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tapes 1 puis valide.
Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)
!! Ne touches à rien tant que le scan n'est pas terminé !!
Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.
Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport HijackThis pour analyse ...
( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )
1-Crées un doc texte sur ton bureau :
pointes ta souris sur ton bureau , cliques droit : vas dans "nouveau" et choisis "document texte" .
Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C3D25C3B-E11D-4360-84C0-DCD3CD9CCA78}"=-
"{479ECE61-7679-401D-9CE6-D3B2879EA0BD}"=-
File::
C:\Windows\System32\sysrest32.exe
Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valides ...
2-Nettoyage :
!! Déconnectes toi, fermes toutes tes applications et désactives TOUTES TES DEFENSES ( tu les réactiveras après ) !!
--->Sur ton bureau, fais un glissé avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .
(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )
Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tapes 1 puis valide.
Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)
!! Ne touches à rien tant que le scan n'est pas terminé !!
Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.
Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport HijackThis pour analyse ...
( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
rapport combofix
ComboFix 08-09-27.05 - bobby 2008-09-30 19:36:10.3 - NTFSx86
Lancé depuis: C:\Users\bobby.PC-de-gobby\Desktop\ComboFix.exe
Commutateurs utilisés :: C:\Users\bobby.PC-de-gobby\Desktop\CFScript.txt
FILE ::
C:\Windows\System32\sysrest32.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans ce laps de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 17:51 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-28 19:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-19 11:26 82,944 ----a-w C:\Windows\System32\o4Patch.exe
2008-09-19 11:26 82,944 ----a-w C:\Windows\System32\IEDFix.C.exe
2008-09-09 23:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-09 23:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-08 22:38 88,576 ----a-w C:\Windows\System32\AntiXPVSTFix.exe
2008-09-02 15:51 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-08-18 11:19 82,432 ----a-w C:\Windows\System32\404Fix.exe
2008-08-15 10:08 --------- d-----w C:\Program Files\VstPlugins
2008-08-15 10:08 --------- d-----w C:\Program Files\Image-Line
2008-08-14 23:16 --------- d-----w C:\Program Files\Rockstar Games
2008-08-14 23:08 --------- d-----w C:\ProgramData\NVIDIA
2008-08-14 22:55 --------- d-----w C:\Users\bobby.PC-de-gobby\AppData\Roaming\SoundSpectrum
2008-08-14 22:55 --------- d-----w C:\Program Files\SoundSpectrum
2008-08-14 01:29 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 19:07 --------- d-----w C:\Program Files\Windows Live
2008-08-13 19:06 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-13 19:04 --------- d-----w C:\ProgramData\WLInstaller
2008-08-12 07:55 167,424 ----a-w C:\Windows\System32\SpoonUninstall.exe
2008-08-11 18:08 --------- d-----w C:\Program Files\Illustrate
2008-08-11 08:25 615,424 ----a-w C:\Windows\System32\themeui.dll
2008-08-11 08:25 240,640 ----a-w C:\Windows\System32\uxtheme.dll
2008-08-10 22:26 --------- d-----w C:\Program Files\Electronic Arts
2008-08-10 19:34 --------- d-----w C:\Users\bobby.PC-de-gobby\AppData\Roaming\DivX
2008-08-10 19:33 --------- d-----w C:\Program Files\DivX
2008-08-10 16:31 --------- d-----w C:\ProgramData\eMule
2008-08-10 16:30 --------- d-----w C:\Program Files\eMule
2008-08-10 16:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-10 15:30 --------- d-----w C:\Program Files\UxTheme Multipatcher Fr
2008-08-10 15:26 174 --sha-w C:\Program Files\desktop.ini
2008-08-10 15:20 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-10 15:20 --------- d-----w C:\Program Files\Windows Defender
2008-08-10 15:20 --------- d-----w C:\Program Files\Windows Calendar
2008-08-10 15:17 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-08-10 15:17 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-08-10 15:17 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-08-10 15:16 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-08-10 15:16 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-08-10 15:16 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-08-10 15:16 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-08-10 15:16 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-08-10 15:16 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-08-10 15:16 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-08-10 15:16 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-08-10 15:16 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-08-10 15:16 2,923,520 ----a-w C:\Windows\explorer.exe
2008-08-10 15:16 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-08-10 15:16 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-08-10 15:15 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-08-10 15:15 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-08-10 15:12 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-08-10 15:12 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-08-10 15:12 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-08-10 15:11 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-08-10 15:11 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-08-10 15:11 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-08-10 15:11 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-08-10 15:11 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-08-10 15:10 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-08-10 15:10 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-08-10 15:10 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-08-10 15:10 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-08-10 15:10 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-08-10 15:10 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-08-10 15:10 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-08-10 15:10 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-08-10 15:10 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-08-10 15:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-08-10 15:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-08-10 15:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-08-10 15:09 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-08-10 15:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-08-10 15:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-08-10 15:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-08-10 15:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-08-10 15:08 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-08-10 15:08 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-08-10 15:08 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-08-10 15:08 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-08-10 15:08 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-08-10 15:08 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-08-10 15:08 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-08-10 15:08 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-08-10 15:08 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-08-10 15:08 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-08-10 15:08 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-08-10 15:07 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-08-10 15:07 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-08-10 15:07 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-08-10 15:07 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-08-10 15:07 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-08-10 15:02 944,184 ----a-w C:\Windows\System32\winload.exe
2008-08-10 15:00 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-08-10 14:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-10 14:58 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-08-10 14:58 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-08-10 14:58 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-08-10 14:57 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-08-10 14:57 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
.
((((((((((((((((((((((((((((( snapshot_2008-09-29_18.47.06.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-28 19:20:01 1,257,472 ----a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-09-30 17:26:09 1,265,664 ----a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-09-28 19:20:05 1,224,704 ----a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-30 17:26:10 1,232,896 ----a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-30 17:26:20 61,440 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_cb652a3f\CustomMarshalers.dll
+ 2008-09-30 17:26:41 118,784 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_f5fc7709\CustomMarshalers.dll
+ 2008-09-30 17:26:54 8,908,800 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6c92f9ee\mscorlib.dll
+ 2008-09-30 17:26:37 3,391,488 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f744a8d6\mscorlib.dll
+ 2008-09-30 17:26:50 3,395,584 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_4a57a7da\System.Design.dll
+ 2008-09-30 17:26:32 1,470,464 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a0733e11\System.Design.dll
+ 2008-09-30 17:26:42 192,512 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b4d72df6\System.Drawing.Design.dll
+ 2008-09-30 17:26:21 90,112 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_d7414fb2\System.Drawing.Design.dll
+ 2008-09-30 17:26:52 2,244,608 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_4ef7e80d\System.Drawing.dll
+ 2008-09-30 17:26:34 835,584 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_90912f86\System.Drawing.dll
+ 2008-09-30 17:26:26 3,018,752 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_4d8aff99\System.Windows.Forms.dll
+ 2008-09-30 17:26:45 7,884,800 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_79508402\System.Windows.Forms.dll
+ 2008-09-30 17:26:47 5,513,216 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_6d93f561\System.Xml.dll
+ 2008-09-30 17:26:29 2,088,960 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_c9f827fb\System.Xml.dll
+ 2008-09-30 17:26:41 4,788,224 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_0dbe07d2\System.dll
+ 2008-09-30 17:26:19 1,966,080 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_4d29b4b7\System.dll
- 2004-07-14 23:49:16 258,048 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-13 19:30:52 258,048 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-14 23:49:22 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-13 19:30:52 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-14 22:32:22 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-13 18:57:52 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-20 18:09:14 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-13 18:57:58 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-14 22:25:06 315,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-13 18:56:30 315,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-14 22:33:04 102,400 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-13 18:58:00 102,400 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 12:29:02 2,138,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-13 18:50:46 2,142,208 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 18:09:18 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-13 18:58:02 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-14 22:26:52 2,510,848 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-13 18:57:00 2,523,136 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-14 22:28:34 2,502,656 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-13 18:57:28 2,514,944 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-08-10 14:20:00 106,496 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-15 14:11:26 73,728 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-14 23:49:16 258,048 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_aspnet_isapi.dll
+ 2004-07-14 22:32:22 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_CORPerfMonExt.dll
+ 2004-07-14 22:24:30 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_fusion.dll
+ 2004-07-14 22:25:06 315,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_mscorjit.dll
+ 2004-07-15 12:29:02 2,138,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_mscorlib.dll
+ 2003-02-20 18:09:18 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_mscorsn.dll
+ 2004-07-14 22:26:52 2,510,848 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_mscorsvr.dll
+ 2004-07-14 22:28:34 2,502,656 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_mscorwks.dll
+ 2003-02-21 03:42:22 348,160 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_msvcr71.dll
+ 2004-07-14 22:34:50 94,208 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_PerfCounter.dll
- 2004-07-15 12:31:16 1,224,704 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-13 19:35:38 1,232,896 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-07-15 12:29:00 1,257,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-13 19:35:46 1,265,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-09-29 16:38:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-30 17:19:51 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-29 16:38:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-09-30 17:19:51 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-29 16:39:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-30 17:22:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-30 17:22:01 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-29 16:39:32 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-30 17:21:56 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-30 17:21:56 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-09-29 16:40:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-30 17:25:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-29 16:40:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-30 17:25:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-29 16:40:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-30 17:25:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-29 16:45:17 107,416 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-30 17:27:09 107,416 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-29 16:45:17 121,814 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-09-30 17:27:09 121,814 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-09-29 16:45:17 618,272 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-30 17:27:09 618,272 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-29 16:45:17 699,984 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-09-30 17:27:09 699,984 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-09-29 16:39:42 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-09-29 17:51:50 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-09-29 16:40:58 6,296 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3231008829-2089630883-3644617952-1000_UserData.bin
+ 2008-09-30 17:22:20 6,336 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3231008829-2089630883-3644617952-1000_UserData.bin
- 2008-09-29 16:40:58 41,416 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-30 17:22:20 41,448 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-29 16:40:57 28,010 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-30 17:22:19 28,026 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-09-28 18:57:08 116,157,530 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-09-30 17:37:33 117,896,162 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 92704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{657AAF3E-E356-4DF5-92FC-1FAAB1E1B53F}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{D1A163E3-1C3A-4891-B4EB-5EA9AA45544C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{CE78C7B8-FCD2-49FA-A2F9-2CBCFE60DB50}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DC892D53-CF22-4822-A708-924FB5B45D2A}"= UDP:C:\Users\bobby.PC-de-gobby\AppData\Local\Temp\.ttACE8.tmp:enable
"{0F31C959-65BC-4480-B41B-79C39CC5AC81}"= TCP:C:\Users\bobby.PC-de-gobby\AppData\Local\Temp\.ttACE8.tmp:enable
"{C3D25C3B-E11D-4360-84C0-DCD3CD9CCA78}"= UDP:C:\Windows\System32\sysrest32.exe:enable
"{479ECE61-7679-401D-9CE6-D3B2879EA0BD}"= TCP:C:\Windows\System32\sysrest32.exe:enable
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
S3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c30ad5e-66ca-11dd-afc5-00301b4522f2}]
\shell\AutoRun\command - E:\wd_windows_tools\setup.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 19:38:20
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-30 19:39:25
ComboFix-quarantined-files.txt 2008-09-30 17:39:22
ComboFix2.txt 2008-09-29 16:47:51
ComboFix3.txt 2008-09-28 18:41:49
Avant-CF: Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 35,793,420,288 octets libres
265 --- E O F --- 2008-09-30 17:26:32
ComboFix 08-09-27.05 - bobby 2008-09-30 19:36:10.3 - NTFSx86
Lancé depuis: C:\Users\bobby.PC-de-gobby\Desktop\ComboFix.exe
Commutateurs utilisés :: C:\Users\bobby.PC-de-gobby\Desktop\CFScript.txt
FILE ::
C:\Windows\System32\sysrest32.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans ce laps de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 17:51 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-28 19:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-19 11:26 82,944 ----a-w C:\Windows\System32\o4Patch.exe
2008-09-19 11:26 82,944 ----a-w C:\Windows\System32\IEDFix.C.exe
2008-09-09 23:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-09 23:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-08 22:38 88,576 ----a-w C:\Windows\System32\AntiXPVSTFix.exe
2008-09-02 15:51 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-08-18 11:19 82,432 ----a-w C:\Windows\System32\404Fix.exe
2008-08-15 10:08 --------- d-----w C:\Program Files\VstPlugins
2008-08-15 10:08 --------- d-----w C:\Program Files\Image-Line
2008-08-14 23:16 --------- d-----w C:\Program Files\Rockstar Games
2008-08-14 23:08 --------- d-----w C:\ProgramData\NVIDIA
2008-08-14 22:55 --------- d-----w C:\Users\bobby.PC-de-gobby\AppData\Roaming\SoundSpectrum
2008-08-14 22:55 --------- d-----w C:\Program Files\SoundSpectrum
2008-08-14 01:29 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 19:07 --------- d-----w C:\Program Files\Windows Live
2008-08-13 19:06 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-13 19:04 --------- d-----w C:\ProgramData\WLInstaller
2008-08-12 07:55 167,424 ----a-w C:\Windows\System32\SpoonUninstall.exe
2008-08-11 18:08 --------- d-----w C:\Program Files\Illustrate
2008-08-11 08:25 615,424 ----a-w C:\Windows\System32\themeui.dll
2008-08-11 08:25 240,640 ----a-w C:\Windows\System32\uxtheme.dll
2008-08-10 22:26 --------- d-----w C:\Program Files\Electronic Arts
2008-08-10 19:34 --------- d-----w C:\Users\bobby.PC-de-gobby\AppData\Roaming\DivX
2008-08-10 19:33 --------- d-----w C:\Program Files\DivX
2008-08-10 16:31 --------- d-----w C:\ProgramData\eMule
2008-08-10 16:30 --------- d-----w C:\Program Files\eMule
2008-08-10 16:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-10 15:30 --------- d-----w C:\Program Files\UxTheme Multipatcher Fr
2008-08-10 15:26 174 --sha-w C:\Program Files\desktop.ini
2008-08-10 15:20 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-10 15:20 --------- d-----w C:\Program Files\Windows Defender
2008-08-10 15:20 --------- d-----w C:\Program Files\Windows Calendar
2008-08-10 15:17 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-08-10 15:17 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-08-10 15:17 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-08-10 15:16 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-08-10 15:16 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-08-10 15:16 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-08-10 15:16 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-08-10 15:16 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-08-10 15:16 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-08-10 15:16 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-08-10 15:16 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-08-10 15:16 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-08-10 15:16 2,923,520 ----a-w C:\Windows\explorer.exe
2008-08-10 15:16 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-08-10 15:16 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-08-10 15:15 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-08-10 15:15 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-08-10 15:12 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-08-10 15:12 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-08-10 15:12 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-08-10 15:11 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-08-10 15:11 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-08-10 15:11 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-08-10 15:11 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-08-10 15:11 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-08-10 15:10 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-08-10 15:10 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-08-10 15:10 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-08-10 15:10 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-08-10 15:10 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-08-10 15:10 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-08-10 15:10 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-08-10 15:10 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-08-10 15:10 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-08-10 15:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-08-10 15:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-08-10 15:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-08-10 15:09 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-08-10 15:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-08-10 15:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-08-10 15:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-08-10 15:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-08-10 15:08 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-08-10 15:08 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-08-10 15:08 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-08-10 15:08 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-08-10 15:08 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-08-10 15:08 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-08-10 15:08 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-08-10 15:08 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-08-10 15:08 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-08-10 15:08 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-08-10 15:08 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-08-10 15:07 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-08-10 15:07 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-08-10 15:07 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-08-10 15:07 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-08-10 15:07 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-08-10 15:02 944,184 ----a-w C:\Windows\System32\winload.exe
2008-08-10 15:00 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-08-10 14:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-10 14:58 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-08-10 14:58 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-08-10 14:58 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-08-10 14:57 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-08-10 14:57 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
.
((((((((((((((((((((((((((((( snapshot_2008-09-29_18.47.06.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-28 19:20:01 1,257,472 ----a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-09-30 17:26:09 1,265,664 ----a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-09-28 19:20:05 1,224,704 ----a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-30 17:26:10 1,232,896 ----a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-30 17:26:20 61,440 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_cb652a3f\CustomMarshalers.dll
+ 2008-09-30 17:26:41 118,784 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_f5fc7709\CustomMarshalers.dll
+ 2008-09-30 17:26:54 8,908,800 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6c92f9ee\mscorlib.dll
+ 2008-09-30 17:26:37 3,391,488 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f744a8d6\mscorlib.dll
+ 2008-09-30 17:26:50 3,395,584 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_4a57a7da\System.Design.dll
+ 2008-09-30 17:26:32 1,470,464 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a0733e11\System.Design.dll
+ 2008-09-30 17:26:42 192,512 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b4d72df6\System.Drawing.Design.dll
+ 2008-09-30 17:26:21 90,112 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_d7414fb2\System.Drawing.Design.dll
+ 2008-09-30 17:26:52 2,244,608 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_4ef7e80d\System.Drawing.dll
+ 2008-09-30 17:26:34 835,584 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_90912f86\System.Drawing.dll
+ 2008-09-30 17:26:26 3,018,752 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_4d8aff99\System.Windows.Forms.dll
+ 2008-09-30 17:26:45 7,884,800 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_79508402\System.Windows.Forms.dll
+ 2008-09-30 17:26:47 5,513,216 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_6d93f561\System.Xml.dll
+ 2008-09-30 17:26:29 2,088,960 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_c9f827fb\System.Xml.dll
+ 2008-09-30 17:26:41 4,788,224 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_0dbe07d2\System.dll
+ 2008-09-30 17:26:19 1,966,080 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_4d29b4b7\System.dll
- 2004-07-14 23:49:16 258,048 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-13 19:30:52 258,048 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-14 23:49:22 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-13 19:30:52 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-14 22:32:22 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-13 18:57:52 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-20 18:09:14 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-13 18:57:58 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-14 22:25:06 315,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-13 18:56:30 315,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-14 22:33:04 102,400 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-13 18:58:00 102,400 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 12:29:02 2,138,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-13 18:50:46 2,142,208 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 18:09:18 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-13 18:58:02 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-14 22:26:52 2,510,848 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-13 18:57:00 2,523,136 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-14 22:28:34 2,502,656 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-13 18:57:28 2,514,944 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-08-10 14:20:00 106,496 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-15 14:11:26 73,728 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-14 23:49:16 258,048 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_aspnet_isapi.dll
+ 2004-07-14 22:32:22 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_CORPerfMonExt.dll
+ 2004-07-14 22:24:30 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_fusion.dll
+ 2004-07-14 22:25:06 315,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_mscorjit.dll
+ 2004-07-15 12:29:02 2,138,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_mscorlib.dll
+ 2003-02-20 18:09:18 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_mscorsn.dll
+ 2004-07-14 22:26:52 2,510,848 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_mscorsvr.dll
+ 2004-07-14 22:28:34 2,502,656 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_mscorwks.dll
+ 2003-02-21 03:42:22 348,160 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_msvcr71.dll
+ 2004-07-14 22:34:50 94,208 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2976\_PerfCounter.dll
- 2004-07-15 12:31:16 1,224,704 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-13 19:35:38 1,232,896 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-07-15 12:29:00 1,257,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-13 19:35:46 1,265,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-09-29 16:38:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-30 17:19:51 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-29 16:38:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-09-30 17:19:51 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-29 16:39:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-30 17:22:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-30 17:22:01 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-29 16:39:32 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-30 17:21:56 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-30 17:21:56 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-09-29 16:40:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-30 17:25:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-29 16:40:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-30 17:25:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-29 16:40:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-30 17:25:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-29 16:45:17 107,416 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-30 17:27:09 107,416 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-29 16:45:17 121,814 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-09-30 17:27:09 121,814 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-09-29 16:45:17 618,272 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-30 17:27:09 618,272 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-29 16:45:17 699,984 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-09-30 17:27:09 699,984 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-09-29 16:39:42 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-09-29 17:51:50 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-09-29 16:40:58 6,296 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3231008829-2089630883-3644617952-1000_UserData.bin
+ 2008-09-30 17:22:20 6,336 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3231008829-2089630883-3644617952-1000_UserData.bin
- 2008-09-29 16:40:58 41,416 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-30 17:22:20 41,448 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-29 16:40:57 28,010 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-30 17:22:19 28,026 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-09-28 18:57:08 116,157,530 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-09-30 17:37:33 117,896,162 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 92704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{657AAF3E-E356-4DF5-92FC-1FAAB1E1B53F}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{D1A163E3-1C3A-4891-B4EB-5EA9AA45544C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{CE78C7B8-FCD2-49FA-A2F9-2CBCFE60DB50}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DC892D53-CF22-4822-A708-924FB5B45D2A}"= UDP:C:\Users\bobby.PC-de-gobby\AppData\Local\Temp\.ttACE8.tmp:enable
"{0F31C959-65BC-4480-B41B-79C39CC5AC81}"= TCP:C:\Users\bobby.PC-de-gobby\AppData\Local\Temp\.ttACE8.tmp:enable
"{C3D25C3B-E11D-4360-84C0-DCD3CD9CCA78}"= UDP:C:\Windows\System32\sysrest32.exe:enable
"{479ECE61-7679-401D-9CE6-D3B2879EA0BD}"= TCP:C:\Windows\System32\sysrest32.exe:enable
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
S3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c30ad5e-66ca-11dd-afc5-00301b4522f2}]
\shell\AutoRun\command - E:\wd_windows_tools\setup.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 19:38:20
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-30 19:39:25
ComboFix-quarantined-files.txt 2008-09-30 17:39:22
ComboFix2.txt 2008-09-29 16:47:51
ComboFix3.txt 2008-09-28 18:41:49
Avant-CF: Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 35,793,420,288 octets libres
265 --- E O F --- 2008-09-30 17:26:32
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:23, on 30/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
Scan saved at 19:44:23, on 30/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
Salut,
Dans l'ordre :
1- Vas dans panneau de config./ pare-feu windows :
Dans l'onglet " exception " , supprimes toute autorisation qui concerneraient ce fichier "sysrest32.exe" ...
2-Télécharges Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
-> http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et fermes toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer .
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 3 months
* cliques ensuite sur " Continue " pour lancer l'analyse ...
( Note : Si la dernière version de HijackThis n'est pas détectée sur ton PC, RSIT le téléchargera et te demandera d'accepter la licence.)
-> laisses faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Postes le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
Dans l'ordre :
1- Vas dans panneau de config./ pare-feu windows :
Dans l'onglet " exception " , supprimes toute autorisation qui concerneraient ce fichier "sysrest32.exe" ...
2-Télécharges Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
-> http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et fermes toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer .
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 3 months
* cliques ensuite sur " Continue " pour lancer l'analyse ...
( Note : Si la dernière version de HijackThis n'est pas détectée sur ton PC, RSIT le téléchargera et te demandera d'accepter la licence.)
-> laisses faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Postes le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
Logfile of random's system information tool 1.04 (written by random/random)
Run by bobby at 2008-09-30 20:13:06
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 32 GB (43%) free of 76 GB
Total RAM: 2046 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:10, on 30/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\bobby.PC-de-gobby\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bobby.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
Run by bobby at 2008-09-30 20:13:06
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 32 GB (43%) free of 76 GB
Total RAM: 2046 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:10, on 30/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\bobby.PC-de-gobby\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bobby.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
info.txt logfile of random's system information tool 1.04 2008-09-30 20:13:12
======Uninstall list======
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
dBpowerAMP Monkeys Audio Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.dat
dBpowerAMP mp3PRO Input Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP mp3PRO Input Codec.dat
dBpowerAMP Musepack Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP Musepack Codec.dat
dBpowerAMP Music Converter-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
dBpowerAMP Ogg Vorbis Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat
dBpowerAMP WMA V9 Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
dMC mp3PRO (CLI) Encoder-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dMC mp3PRO (CLI) Encoder.dat
eMule-->"C:\Program Files\eMule\Uninstall.exe"
FL Studio 7-->C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCP60-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-MSVCP60.dat
Need for Speed™ ProStreet-->MsiExec.exe /X{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
======Security center information======
AV: avast! antivirus 4.8.1229 [VPS 080930-0]
AS: Spyware Doctor (disabled)
AS: Windows Defender (disabled)
AS: avast! antivirus 4.8.1229 [VPS 080930-0]
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"XPCDrive"=D:\
-----------------EOF-----------------
======Uninstall list======
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
dBpowerAMP Monkeys Audio Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.dat
dBpowerAMP mp3PRO Input Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP mp3PRO Input Codec.dat
dBpowerAMP Musepack Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP Musepack Codec.dat
dBpowerAMP Music Converter-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
dBpowerAMP Ogg Vorbis Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat
dBpowerAMP WMA V9 Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
dMC mp3PRO (CLI) Encoder-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dMC mp3PRO (CLI) Encoder.dat
eMule-->"C:\Program Files\eMule\Uninstall.exe"
FL Studio 7-->C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCP60-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-MSVCP60.dat
Need for Speed™ ProStreet-->MsiExec.exe /X{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
======Security center information======
AV: avast! antivirus 4.8.1229 [VPS 080930-0]
AS: Spyware Doctor (disabled)
AS: Windows Defender (disabled)
AS: avast! antivirus 4.8.1229 [VPS 080930-0]
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"XPCDrive"=D:\
-----------------EOF-----------------
bon ... rien de spécial sur ce log ...
Encore des soucis ? ... Si oui, précises ( au max. ) de quoi il s'agit ...
Fait ceci :
Télécharges GenProc (de Jean-Chretien1 et Narco4) sur ton bureau (et pas ailleur !) :
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
!!Déconnectes toi et fermes tes application en cours !!
Dézippes (=extraire tout) le contenu de ce que tu viens de télécharger sur ton bureau .
Ouvres le dossier Genproc :
-> cliques droit / " executer entant qu'admin..." sur GenProc.bat et laisses faire...
Une fois terminé, postes le contenu du rapport qui s'ouvre ...
Aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
IMPORTANT : postes le rapport et ne fait rien d'autre pour l'instant ( souvant il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement ) .
Encore des soucis ? ... Si oui, précises ( au max. ) de quoi il s'agit ...
Fait ceci :
Télécharges GenProc (de Jean-Chretien1 et Narco4) sur ton bureau (et pas ailleur !) :
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
!!Déconnectes toi et fermes tes application en cours !!
Dézippes (=extraire tout) le contenu de ce que tu viens de télécharger sur ton bureau .
Ouvres le dossier Genproc :
-> cliques droit / " executer entant qu'admin..." sur GenProc.bat et laisses faire...
Une fois terminé, postes le contenu du rapport qui s'ouvre ...
Aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
IMPORTANT : postes le rapport et ne fait rien d'autre pour l'instant ( souvant il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement ) .
Re,
on as pas finis !!! Si tu n'as plus de soucis , fais ce qui suit dans l'ordre :
1- Télécharges ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://pc-system.fr/
Déconnectes toi et fermes bien toutes tes applications en cours .
Cliques droit sur le prg et choisis "éxécuter en tant que Administrateur"
*Cliques sur Recherche et laisses le scan se terminer (cela peut être long).
*Cliques sur Suppression pour finaliser.
(Tu peux, si tu le souhaites, te servir des Options facultatives)
*Cliques sur "quitter" pour générer un rapport ( et pas sur la croix rouge !) :
---> Postes ce rapport : il se trouve à la racine de ton disque dur -> C:\TCleaner.txt .
Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection ( tu n'en as plus besion ! ) .
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolsclaener2 n'a pas supprimé .
Puis enfin supprimes Toolscleaner2 ...
2- Supprimes combofix ainsi :
-->Cliques sur " Démarrer "( ou combine la touche Windows + R ) -> " Executer " -> copie/colles cette ligne :
ComboFix /u
( laisses l'espace entre Combofix et /u )
-->Valides .
3- Refais un coup de CCleaner ( registre compris ) .
4- Purge de la restauration système
--->Désactives ta restauration :
Dans démarrer, cliques droit sur ordinateur/propriétés/protection du système : décoches la case devant ton disk dur maitre ( pour toi -> C ) , valides, appliques et OK
Redémarres ton PC
--->Réactives ta restauration :
Cliques droit sur ordinateur/propriétés/protection du système : coches la case devant ton disk dur maitre , valides, appliques et OK
Redémarres ton PC
( tuto : http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista )
5- tu peux réactivé l'UAC ....
--> une fois terminé, dis moi ce que cela a donné ... =)
on as pas finis !!! Si tu n'as plus de soucis , fais ce qui suit dans l'ordre :
1- Télécharges ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://pc-system.fr/
Déconnectes toi et fermes bien toutes tes applications en cours .
Cliques droit sur le prg et choisis "éxécuter en tant que Administrateur"
*Cliques sur Recherche et laisses le scan se terminer (cela peut être long).
*Cliques sur Suppression pour finaliser.
(Tu peux, si tu le souhaites, te servir des Options facultatives)
*Cliques sur "quitter" pour générer un rapport ( et pas sur la croix rouge !) :
---> Postes ce rapport : il se trouve à la racine de ton disque dur -> C:\TCleaner.txt .
Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection ( tu n'en as plus besion ! ) .
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolsclaener2 n'a pas supprimé .
Puis enfin supprimes Toolscleaner2 ...
2- Supprimes combofix ainsi :
-->Cliques sur " Démarrer "( ou combine la touche Windows + R ) -> " Executer " -> copie/colles cette ligne :
ComboFix /u
( laisses l'espace entre Combofix et /u )
-->Valides .
3- Refais un coup de CCleaner ( registre compris ) .
4- Purge de la restauration système
--->Désactives ta restauration :
Dans démarrer, cliques droit sur ordinateur/propriétés/protection du système : décoches la case devant ton disk dur maitre ( pour toi -> C ) , valides, appliques et OK
Redémarres ton PC
--->Réactives ta restauration :
Cliques droit sur ordinateur/propriétés/protection du système : coches la case devant ton disk dur maitre , valides, appliques et OK
Redémarres ton PC
( tuto : http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista )
5- tu peux réactivé l'UAC ....
--> une fois terminé, dis moi ce que cela a donné ... =)
