Sujet Précédent Sujet Suivant

Spyware (avec scan Smit Fraud Fix)

Fermé
zerbina Messages postés 74 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 8 juillet 2011 - 3 juin 2008 à 20:13
zerbina Messages postés 74 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 8 juillet 2011 - 10 juin 2008 à 20:42
Salut tout le monde!!

J'ai encore un problème!!

Voila, j'ai un spyware qui ne veux pas s'en aller!! De plus il m'a enlevé l'accès au disque dur sur Poste de travail!! Ce qui est bien enbétant en plus, quand je démarre en mode normal, il me met un fond d'écrand rouge avec une inscription qui dit attention vous avez un spyware et il me met trois logiciels sur mon bureau (error cleaner,...) et me met en page d'accueil d'internet un site de, soit-disant, antispyware qui commence a me faire une détection sur mon pc...

Je ne sais pas comment m'en débarasser mais peut-étre que vous si^^ Je n'en doute pas^^ merci d'avance!!

Voici le rapport Smit Fraud Fix

SmitFraudFix v2.323

Rapport fait à 19:57:29,05, 03/06/2008
Executé à partir de C:\Documents and Settings\Admin\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ae1r.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger PRESENT !
C:\WINDOWS\xmpstean.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Admin\Favoris

C:\DOCUME~1\Admin\Favoris\Error Cleaner.url PRESENT !
C:\DOCUME~1\Admin\Favoris\Privacy Protector.url PRESENT !
C:\DOCUME~1\Admin\Favoris\Spyware?Malware Protection.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: boqnrwdmdev.dll
BHO: QXK Olive - {61B97503-AC8C-49D3-B549-34C0EC92128D}
TypeLib: {FECE7A73-FBBD-43D2-9C9D-30A749DD6A3F}
Interface: {85C8BC13-7522-472A-AEB1-0C40D41B117E}
Interface: {E53A126B-CF56-4B0F-9D3B-AFF0777FE7B5}

[!] Suspicious: atfxqogp.dll
Toolbar: atfxqogp - {910EF077-8B76-4A3C-B201-A5CAABA866F8}
TypeLib: {F25C07D1-1C0E-416F-8147-20AF5007A3F5}
Interface: {529F1E0D-E241-4642-A560-00BDA0DF44E6}
Classe: atfxqogp.bqva
Classe: atfxqogp.ToolBar.1

[!] Suspicious: vregfwlx.dll
SSODL: vregfwlx - {37F8C602-E3C1-4210-BCE0-7712FD577A9A}

[!] Suspicious: vltdfabw.dll
SSODL: vltdfabw - {5A802971-FFE1-4129-A4B4-A912C0439FC4}


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\secpol.exe,C:\\WINDOWS\\system32\\ntos.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS
A voir également:

29 réponses

  • 1
  • 2
Réponse 1 / 29
Utilisateur anonyme
3 juin 2008 à 20:21
Bonjour,

#Redémarre en mode sans échec
https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/
#Relance SmitfraudFix,
#Choisis 2, et appuie sur Entrée
#Tape O (oui) à la question : voulez-vous nettoyer le registre ?
#Tape O (oui) à la question : corriger le fichier infecté ?
#Un redémarrage sera peut être nécessaire pour terminer la procédure de nettoyage (SmitfraudFix te le dira si besoin).
#Un rapport sera à la racine de ton disque dur sous le nom de C:\rapport.txt



Ensuite,
# Télécharge HijackThis
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
#Installe le à la racine de ton disque dur
#Lance HijackThis en double-cliquant sur l'icône HijackThis
#Clique sur Do a system Scan only and Save a Logfile
#Un rapport sera généré dans le bloc-note (le rapport est également situé ici : C:\hijackthis.log)
#Copie/colle le rapport dans ton prochain message.
0
Réponse 2 / 29
zerbina Messages postés 74 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 8 juillet 2011 7
3 juin 2008 à 20:56
Salut^^

Merci j'ai fais l'étape 2 avec smit fraud fix et la page d'accueil internet est revenue comme avant mais le disque dur ne veut toujours pas se montrer!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45: VIRUS ALERT!, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\windows\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\cbabb.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - (no file)
O2 - BHO: QXK Olive - {61B97503-AC8C-49D3-B549-34C0EC92128D} - C:\WINDOWS\boqnrwdmdev.dll (file missing)
O2 - BHO: (no name) - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9B5E7ED3-51FA-4C35-B640-A7D86F7237E4} - C:\WINDOWS\system32\cbabb.dll (file missing)
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\iifgeca.dll (file missing)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O2 - BHO: 0 - {F30CE4A6-FBBF-4B16-36A1-8E43B18449CF} - C:\Program Files\microsoft frontpage\lavuhazo.dll (file missing)
O3 - Toolbar: atfxqogp - {910EF077-8B76-4A3C-B201-A5CAABA866F8} - C:\WINDOWS\atfxqogp.dll (file missing)
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Admin\cftmon.exe
O4 - HKLM\..\Run: [LimeWire] C:\WINDOWS\vmmreg32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - C:\Program Files\WinSysClean 2008 Trial\UDManager\UDManager.exe (file missing)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll
O20 - Winlogon Notify: iifgeca - iifgeca.dll (file missing)
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
O21 - SSODL: vregfwlx - {37F8C602-E3C1-4210-BCE0-7712FD577A9A} - C:\WINDOWS\vregfwlx.dll (file missing)
O21 - SSODL: vltdfabw - {5A802971-FFE1-4129-A4B4-A912C0439FC4} - C:\WINDOWS\vltdfabw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HTTP SSL HTTPFilterSCardSvr (HTTPFilterSCardSvr) - Unknown owner - C:\DOCUME~1\Admin\LOCALS~1\Temp\1.tmp.exe (file missing)
O23 - Service: LPTRDC server (LPTRDCsrv) - Unknown owner - C:\WINDOWS\ctfmon.exe
O23 - Service: Microsoft Security Center Extension (msscenter) - Unknown owner - C:\WINDOWS\system32\msscntr32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Schedule - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
0
Réponse 3 / 29
Utilisateur anonyme
3 juin 2008 à 20:59
Tu m'étonnes pas que tu galères, c'est truffé de virus, y'en a de partout, ça grouille.

En plus, t'as pas d'Antivirus ni de pare feu.
Donc installe un pare feu de ton choix
ET
#Installe Antivir
https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html
https://www.malekal.com/avira-free-security-antivirus-gratuit/
#Paramètre le
https://www.astucesinternet.com/modules/news/article.php?storyid=253
#Quand Antivir se met à jour, il affiche une popup. Voilà comment la supprimer :
https://forum.malekal.com/viewtopic.php?p=45326



Ensuite,
/!\ Déconnecte toi d'Internet, désactive toutes tes protections résidentes et ne touche à rien pendant le scan /!\

#Télécharge ComboFix (place-le dans un dossier où tu pourras le retrouver facilement !)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
#Exécute-le.
#Choisis l'option 1.
#Le bureau peut disparaître pendant le scan : c'est normal.
#À la fin, il va créer un rapport situé à la racine de ton disque dur. (C:\ComboFix.txt)
#Ouvre-le et colle-le ici.

PS : Si l'écran ne réapparaît pas :
Appuie simultanément sur CTRL + ALT + SUPPR.
Le Gestionnaire des tâches s'ouvre. Clique sur Fichier puis sur Exécuter. Tape explorer et valide. Le bureau s'affichera à nouveau.

/!\ Réactive toutes tes protections résidentes /!\
0
Réponse 4 / 29
zerbina Messages postés 74 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 8 juillet 2011 7
3 juin 2008 à 21:03
Et bien!! Je ne savais pas!! juste une question!! Comment on désactive les protections résidentes?? merci bien!!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 29
zerbina Messages postés 74 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 8 juillet 2011 7
3 juin 2008 à 21:18
J'ai essayé de télécharger combofix ou antivir mais ç chaque fois la fenétre de téléchargement disparait!!!

Comment faire??
0
Réponse 6 / 29
Utilisateur anonyme
3 juin 2008 à 21:55
Télécharge les via un autre PC si tu y arrives.


Dans ton cas, tu n'as pas de protections résidentes donc.. ;)
0
Réponse 7 / 29
zerbina Messages postés 74 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 8 juillet 2011 7
4 juin 2008 à 23:08
Salut^^

Alors la MERCI!! Combofix m'a enlever pas mal de virus!! Résultat : le lecteur C est réapparut, j'ai beaucoup plus de place sur mon disque dur!!!Et il est plus rapide!! Merci beaucoup!!! Bon je vous donne le résultat du scan :

ComboFix 08-06-03.1 - Admin 2008-06-04 22:09:49.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.131 [GMT 2:00]
Endroit: C:\Documents and Settings\Admin\Mes documents\Combo-Fix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\wsnpoem
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\wsnpoem
C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\wsnpoem\audio.dll
C:\WINDOWS\s32.txt
C:\WINDOWS\system32\csrssw.dll
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\WinNt32.dll . . . . Echec de suppression
C:\WINDOWS\system32\wsnpoem\audio.dll . . . . Echec de suppression
C:\WINDOWS\system32\wsnpoem\video.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))))))))
.

2008-06-04 22:31 . 2008-06-03 13:48 49,664 --a------ C:\WINDOWS\twain.exe
2008-06-04 22:29 . 2008-06-04 22:32 <REP> d--hs---- C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\wsnpoem
2008-06-04 22:28 . 2008-06-04 22:32 <REP> d--hs---- C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\wsnpoem
2008-06-04 20:51 . 2008-06-04 20:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 20:51 . 2008-06-04 20:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-04 12:34 . 2008-06-04 22:31 <REP> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-04 12:34 . 2008-06-04 12:34 <REP> d-------- C:\Documents and Settings\Admin\Application Data\PCToolsFirewallPlus
2008-06-04 12:29 . 2008-03-12 09:30 159,896 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-04 12:28 . 2008-06-04 12:29 <REP> d-------- C:\Program Files\PC Tools Firewall Plus
2008-06-04 12:28 . 2008-06-04 12:28 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools
2008-06-04 12:28 . 2008-02-25 16:38 93,440 --a------ C:\WINDOWS\system32\drivers\pctfw.sys
2008-06-04 12:28 . 2008-02-21 08:56 40,856 --a------ C:\WINDOWS\system32\drivers\pctmp.sys
2008-06-04 12:28 . 2008-02-21 08:56 18,328 --a------ C:\WINDOWS\system32\drivers\pctssipc.sys
2008-06-04 11:17 . 2008-06-04 12:04 <REP> d-------- C:\ComboFix
2008-06-03 20:29 . 2008-06-03 20:29 <REP> d-------- C:\Program Files\Trend Micro
2008-06-03 19:57 . 2008-06-03 19:57 48,585 --a------ C:\WINDOWS\system32\actmoviet.sys
2008-06-03 19:57 . 2008-06-03 19:57 23,040 --ahs---- C:\WINDOWS\system32\1041m.dll
2008-06-03 19:44 . 2008-06-03 19:44 37,888 -r-hs---- C:\WINDOWS\system32\ae1r.exe
2008-06-03 19:44 . 2008-06-03 19:57 169 --a-s---- C:\WINDOWS\system32\1390792187.dat
2008-06-03 18:37 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-03 18:37 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-03 18:37 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-03 18:37 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-03 18:37 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-03 18:37 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-03 18:37 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-03 18:37 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-03 14:51 . 2008-06-03 14:51 29 --a------ C:\WINDOWS\system32\iousfedw.tmp
2008-06-03 14:50 . 2008-06-03 14:50 130,048 --a------ C:\WINDOWS\system32\drivers\qandr.sys
2008-06-03 14:47 . 2008-06-03 14:47 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Search Settings
2008-06-03 13:51 . 2008-06-03 13:51 <REP> d-------- C:\WINDOWS\Torrents
2008-06-03 13:50 . 2008-06-03 11:26 94,208 --a------ C:\WINDOWS\esbq.exe
2008-06-03 13:50 . 2008-06-03 14:01 40,382 --a------ C:\WINDOWS\mahmud.config
2008-06-03 13:49 . 2008-06-03 13:49 140,800 --a------ C:\WINDOWS\mahmud.exe
2008-06-03 13:48 . 2008-06-03 13:48 49,664 --a------ C:\WINDOWS\vmmreg32.exe
2008-06-03 13:48 . 2008-06-04 10:57 28,672 --a------ C:\WINDOWS\system32\drivers\Yen38.sys
2008-06-03 13:48 . 2008-06-04 22:28 12,800 --------- C:\WINDOWS\system32\WinNt32.dll
2008-06-03 13:48 . 2008-06-04 10:57 12,800 --a------ C:\WINDOWS\system32\WinNt32.dl_
2008-06-03 12:07 . 2005-07-26 13:44 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-03 12:07 . 2005-07-26 13:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-03 12:07 . 2005-07-26 13:44 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-06-03 12:07 . 2005-07-26 13:43 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-03 11:59 . 2003-02-14 16:31 73,728 -ra------ C:\WINDOWS\system32\cnm14A.tmp
2008-06-03 11:52 . 2003-02-14 16:31 73,728 -ra------ C:\WINDOWS\system32\cnmA9.tmp
2008-06-03 11:08 . 2003-02-14 16:31 73,728 -ra------ C:\WINDOWS\system32\cnmA8.tmp
2008-06-03 10:16 . 2008-06-03 10:16 47,104 --a------ C:\WINDOWS\ldr.exe
2008-05-31 10:06 . 2008-05-31 10:06 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-31 10:06 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-31 10:06 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-31 10:06 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-05-31 10:06 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-31 10:06 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-31 10:06 . 2008-03-21 22:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-31 10:06 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-31 10:06 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-31 10:06 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-05-30 18:55 . 2008-05-30 18:55 <REP> d-------- C:\Program Files\Rockstar Games
2008-05-28 22:59 . 2008-05-28 22:59 <REP> d-------- C:\Plug
2008-05-28 22:27 . 2008-05-28 22:27 <REP> d-------- C:\Program Files\Lonely Cat Games
2008-05-27 11:14 . 2008-06-02 19:20 101,376 --a------ C:\WINDOWS\index.exe
2008-05-27 11:14 . 2008-05-27 16:55 96,256 --a------ C:\WINDOWS\gren.exe
2008-05-25 18:31 . 2008-05-25 18:31 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Games
2008-05-25 18:14 . 2008-06-03 12:14 28,672 --a------ C:\WINDOWS\system32\msscntr32.exe
2008-05-25 16:36 . 2006-09-12 13:46 227,328 -r-hs---- C:\WINDOWS\system32\ac3DX.ax
2008-05-25 16:36 . 2006-03-10 23:48 169,472 -r-hs---- C:\WINDOWS\system32\MatroskaDX.ax
2008-05-25 16:36 . 2006-05-03 12:06 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2008-05-25 16:36 . 2005-11-25 22:46 161,792 -r-hs---- C:\WINDOWS\system32\RealMediaDX.ax
2008-05-25 16:36 . 2006-01-13 01:23 123,904 -r-hs---- C:\WINDOWS\system32\AVCDX.ax
2008-05-25 16:36 . 2003-11-21 01:00 54,784 -r-hs---- C:\WINDOWS\system32\RLAPEDec.ax
2008-05-25 16:36 . 2004-04-27 01:00 37,888 -r-hs---- C:\WINDOWS\system32\RLMPCDec.ax
2008-05-25 16:36 . 2007-02-21 13:47 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2008-05-25 16:36 . 2007-12-17 15:43 27,648 ---hs---- C:\WINDOWS\system32\Smab0.dll
2008-05-24 18:35 . 2008-05-24 18:38 780 --a------ C:\WINDOWS\_delis32.ini
2008-05-24 18:24 . 2008-05-24 18:24 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-24 18:10 . 2008-05-24 18:10 <REP> d-------- C:\Documents and Settings\Admin\Application Data\DAEMON Tools
2008-05-23 14:01 . 2008-05-23 14:01 96,256 --a------ C:\WINDOWS\7ujkn.exe
2008-05-20 19:55 . 2008-05-20 19:55 <REP> d-------- C:\Program Files\Eidos Interactive
2008-05-19 17:47 . 2008-05-19 17:47 <REP> d-------- C:\Program Files\Bonjour
2008-05-19 16:09 . 47,616 C:\WINDOWS\system32\fsmgmt.dll.tmp
2008-05-19 16:09 . 47,616 C:\WINDOWS\system32\fsmgmt.dll
2008-05-18 19:29 . 2008-05-20 15:57 <REP> d-------- C:\Program Files\Jasc Software Inc
2008-05-15 22:32 . 2005-04-14 18:57 219,648 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-05-15 22:06 . 2008-05-15 22:06 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-05-14 20:57 . 2008-05-14 20:57 578,048 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-05-14 20:57 . 2008-05-14 20:57 54,784 --a------ C:\WINDOWS\system32\lght.ln
2008-05-14 20:57 . 2008-05-14 20:57 32,768 --a------ C:\WINDOWS\system32\pryx.ln
2008-05-05 23:18 . 2008-05-28 21:25 <REP> d-------- C:\DVDVideoSoft
2008-05-05 23:17 . 2008-05-05 23:17 <REP> d-------- C:\Program Files\Fichiers communs\DVDVideoSoft
2008-05-05 23:17 . 2008-05-05 23:17 <REP> d-------- C:\Program Files\DVDVideoSoft
2008-05-05 22:46 . 2008-05-05 22:47 <REP> d-------- C:\Program Files\FLVPlayer
2008-05-05 22:45 . 2008-05-05 22:45 <REP> d-------- C:\Program Files\YouTUBE (TM) movie downloader

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 08:56 47,616 ----a-w C:\WINDOWS\system32\ fsmgmt.dll
2008-06-03 19:51 47,616 ----a-w C:\WINDOWS\system32\ fsmgmt.dll.tmp
2008-06-03 18:39 2,774 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-30 16:53 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-29 21:32 --------- d-----w C:\Program Files\Internet Download Manager
2008-05-29 21:27 --------- d-----w C:\Documents and Settings\Admin\Application Data\DMCache
2008-05-25 07:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 16:10 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-20 14:32 --------- d-----w C:\Documents and Settings\Admin\Application Data\IDM
2008-05-19 15:45 --------- d-----w C:\Program Files\QuickTime
2008-05-19 15:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-05-14 18:57 578,048 ----a-w C:\WINDOWS\system32\user32.dll
2008-04-12 16:36 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-04-07 21:08 --------- d-----w C:\Program Files\MP3Gain
2008-04-04 09:21 --------- d-----w C:\Documents and Settings\Admin\Application Data\LimeWire
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2006-03-09 15:04 31,384 ----a-w C:\Documents and Settings\_seka\Application Data\GDIPFONTCACHEV1.DAT
2005-07-29 15:24 472 --sha-r C:\WINDOWS\QWRtaW4\kqlQuqb.vbs
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.
[code]<pre>
----a-w 40,048 2008-01-22 10:07:21 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 2,321,600 2008-01-21 21:58:30 C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater .exe
----a-w 286,720 2008-01-22 10:07:22 C:\Program Files\QuickTime\qttask .exe
</pre>[/code]

[color=red] C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below) [/color]
578,048 2008-05-14 18:57:26 C:\WINDOWS\system32\user32.dll
578,048 2008-05-14 18:57:26 C:\WINDOWS\system32\dllcache\user32.dll


------- Sigcheck -------

2008-05-14 20:57 578048 4d653435d5cd34eaf4e9dc498354cb50 C:\WINDOWS\system32\user32.dll
2008-05-14 20:57 578048 4d653435d5cd34eaf4e9dc498354cb50 C:\WINDOWS\system32\dllcache\user32.dll

2005-09-18 14:29 359936 56d8de1785d58df095beb31411e08840 C:\WINDOWS\system32\drivers\tcpip.sys

2005-10-12 12:33 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\system32\ntkrnlpa.exe

2005-07-26 17:01 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\system32\ntoskrnl.exe

2005-07-26 17:01 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\explorer.exe

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61B97503-AC8C-49D3-B549-34C0EC92128D}]
C:\WINDOWS\boqnrwdmdev.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B5E7ED3-51FA-4C35-B640-A7D86F7237E4}]
C:\WINDOWS\system32\cbabb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2008-02-06 18:47 1160544 --a------ C:\Program Files\Search Settings\kb126\SearchSettings.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F30CE4A6-FBBF-4B16-36A1-8E43B18449CF}]
C:\Program Files\microsoft frontpage\lavuhazo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{910EF077-8B76-4A3C-B201-A5CAABA866F8}"= "C:\WINDOWS\atfxqogp.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{910ef077-8b76-4a3c-b201-a5caaba866f8}]
[HKEY_CLASSES_ROOT\atfxqogp.1]
[HKEY_CLASSES_ROOT\TypeLib\{F25C07D1-1C0E-416F-8147-20AF5007A3F5}]
[HKEY_CLASSES_ROOT\atfxqogp]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [ ]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 15:12 222720]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-13 16:25 3309568]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-04-13 16:25 46080]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-02-06 18:47 1036640]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"LimeWire"="C:\WINDOWS\vmmreg32.exe" [2008-06-03 13:48 49664]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-03-28 14:37 2598808]
"CloneCD"="C:\WINDOWS\twain.exe" [2008-06-03 13:48 49664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]
"mahmud"="C:\WINDOWS\mahmud.exe" [2008-06-03 13:49 140800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Config"="C:\WINDOWS\system32\run.cmd" [2005-08-23 13:24 341]
"nlsf"="cmd.exe" [2004-08-19 18:09 400896 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 17:52 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\ntos.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgeca]
iifgeca.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"nhpInit_Dlls"=nvrsma

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.jpeg"= m3jpeg32.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.oggDS"= oggDS.dll
"vidc.ogg"= ogg.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Yen38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyGuardPro]
C:\Program Files\SpyGuardPro\pgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\mahmud.exe"=

R0 hpt366;hpt366;C:\WINDOWS\system32\DRIVERS\Hpt366.sys [2001-01-10 14:50]
R0 Yen38;Yen38;C:\WINDOWS\system32\Drivers\Yen38.sys [2008-06-04 10:57]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-03-12 09:30]
R2 msscenter;Microsoft Security Center Extension;C:\WINDOWS\system32\msscntr32.exe [2008-06-03 12:14]
R3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2005-07-26 15:43]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23]
S2 HTTPFilterSCardSvr;HTTP SSL HTTPFilterSCardSvr;C:\DOCUME~1\Admin\LOCALS~1\Temp\1.tmp []
S3 NtApm;Pilote d'interface NT APM/hérité;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2005-07-26 15:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3807441-74ad-11dc-90c3-0007cb0000ff}]
\Shell\Auto\command - G:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3807442-74ad-11dc-90c3-0007cb0000ff}]
\Shell\Auto\command - H:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-20 16:25:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 22:32:07
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\WINDOWS\system32\ntos.exe 154112 bytes executable
C:\WINDOWS\system32\wsnpoem

Scan termin‚ avec succŠs
Les fichiers cach‚s: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HTTPFilterSCardSvr]
"ImagePath"="C:\DOCUME~1\Admin\LOCALS~1\Temp\1.tmp srv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-04 22:41:47 - machine was rebooted [Admin]
ComboFix-quarantined-files.txt 2008-06-04 20:41:20

Pre-Run: 335,380,480 octets libres
Post-Run: 347,361,280 octets libres

287
0
Réponse 8 / 29
Utilisateur anonyme
5 juin 2008 à 10:27
#Crée un nouveau document texte : clique droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Folder::
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\wsnpoem
C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\wsnpoem

File::
C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\system32\1041m.dll
C:\WINDOWS\system32\ae1r.exe
C:\WINDOWS\system32\1390792187.dat
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\iousfedw.tmp
C:\WINDOWS\esbq.exe
C:\WINDOWS\system32\WinNt32.dl_
C:\WINDOWS\7ujkn.exe
C:\WINDOWS\QWRtaW4\kqlQuqb.vbs

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61B97503-AC8C-49D3-B549-34C0EC92128D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B5E7ED3-51FA-4C35-B640-A7D86F7237E4}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgeca]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{910EF077-8B76-4A3C-B201-A5CAABA866F8}"=-

#Enregistre ce fichier sous le nom CFScript.txt


#Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe


#Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
#Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
#Ne touche à rien tant que le scan n'est pas terminé.
#Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

#Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 9 / 29
zerbina Messages postés 74 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 8 juillet 2011 7
6 juin 2008 à 21:39
salut^^

Bon j'ai fais ce que tu m'as dis!! Je te file le scan (et en passant tout est redevenu normal à part mon internet où il faut réactualiser à chaque fois pour avoir la page!!)

ComboFix 08-06-03.1 - Admin 2008-06-06 17:50:53.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.47 [GMT 2:00]
Endroit: C:\Documents and Settings\Admin\Mes documents\ComboFix1.exe
Command switches used :: C:\Documents and Settings\Admin\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\7ujkn.exe
C:\WINDOWS\esbq.exe
C:\WINDOWS\QWRtaW4\kqlQuqb.vbs
C:\WINDOWS\system32\1041m.dll
C:\WINDOWS\system32\1390792187.dat
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\ae1r.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\iousfedw.tmp
C:\WINDOWS\system32\WinNt32.dl_
C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\wsnpoem
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\wsnpoem
C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\wsnpoem\audio.dll
C:\WINDOWS\7ujkn.exe
C:\WINDOWS\esbq.exe
C:\WINDOWS\QWRtaW4\kqlQuqb.vbs
C:\WINDOWS\s32.txt
C:\WINDOWS\system32\1041m.dll
C:\WINDOWS\system32\1390792187.dat
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\ae1r.exe
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\csrssw.dll
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\iousfedw.tmp
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\WinNt32.dl_
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\audio.dll.cla
C:\WINDOWS\twain.exe
C:\WINDOWS\system32\WinNt32.dll . . . . Echec de suppression
C:\WINDOWS\system32\wsnpoem\video.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-06 to 2008-06-06 ))))))))))))))))))))))))))))))))))))
.

2008-06-06 18:53 . 2008-06-06 18:56 <REP> d--hs---- C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\wsnpoem
2008-06-06 14:33 . 2008-06-06 14:34 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic
2008-06-06 11:20 . 2006-08-21 11:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-06-06 11:20 . 2006-08-21 11:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-06-06 11:20 . 2006-08-21 14:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-06-06 11:00 . 2008-06-06 11:00 <REP> d-------- C:\Program Files\MSXML 4.0
2008-06-05 12:52 . 2008-06-05 12:52 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\PCToolsFirewallPlus
2008-06-05 12:45 . 2004-08-19 18:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-05 12:38 . 2008-06-06 18:59 71,602 --a------ C:\WINDOWS\system32\hcnwg4u.sys
2008-06-05 12:38 . 2001-10-02 20:15 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-06-05 09:46 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-05 09:40 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-05 09:40 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-05 09:40 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-05 09:40 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-05 09:40 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-05 09:40 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-05 09:39 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-05 09:39 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-05 09:39 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-05 00:07 . 2008-06-05 00:07 <REP> d-------- C:\Program Files\Avira
2008-06-05 00:07 . 2008-06-05 00:07 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-06-04 22:42 . <REP> C:\Documents and Settings\Sa´d\Local Settings
2008-06-04 22:42 . 2008-06-04 22:42 <REP> d-------- C:\Documents and Settings\Saïd
2008-06-04 22:07 . 2008-06-04 22:42 <REP> d-------- C:\Combo-Fix
2008-06-04 20:51 . 2008-06-06 11:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 20:51 . 2008-06-04 20:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-04 12:34 . 2008-06-06 16:50 <REP> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-04 12:34 . 2008-06-04 12:34 <REP> d-------- C:\Documents and Settings\Admin\Application Data\PCToolsFirewallPlus
2008-06-04 12:28 . 2008-06-06 17:20 <REP> d-------- C:\Program Files\PC Tools Firewall Plus
2008-06-04 12:28 . 2008-06-04 12:28 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools
2008-06-04 12:28 . 2008-02-21 08:56 40,856 --a------ C:\WINDOWS\system32\drivers\pctmp.sys
2008-06-04 12:28 . 2008-02-21 08:56 18,328 --a------ C:\WINDOWS\system32\drivers\pctssipc.sys
2008-06-04 11:17 . 2008-06-04 12:04 <REP> d-------- C:\ComboFix
2008-06-03 20:29 . 2008-06-03 20:29 <REP> d-------- C:\Program Files\Trend Micro
2008-06-03 19:57 . 2008-06-03 19:57 48,585 --a------ C:\WINDOWS\system32\actmoviet.sys
2008-06-03 18:37 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-03 18:37 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-03 18:37 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-03 18:37 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-03 18:37 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-03 18:37 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-03 14:50 . 2008-06-03 14:50 130,048 --a------ C:\WINDOWS\system32\drivers\qandr.sys
2008-06-03 14:47 . 2008-06-03 14:47 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Search Settings
2008-06-03 13:51 . 2008-06-03 13:51 <REP> d-------- C:\WINDOWS\Torrents
2008-06-03 13:50 . 2008-06-05 12:54 40,382 --a------ C:\WINDOWS\mahmud.config
2008-06-03 13:49 . 2008-06-03 13:49 140,800 --a------ C:\WINDOWS\mahmud.exe
2008-06-03 13:48 . 2008-06-03 13:48 49,664 --a------ C:\WINDOWS\vmmreg32.exe
2008-06-03 13:48 . 2008-06-04 10:57 28,672 --a------ C:\WINDOWS\system32\drivers\Yen38.sys
2008-06-03 13:48 . 2008-06-06 18:52 12,800 --------- C:\WINDOWS\system32\WinNt32.dll
2008-06-03 12:07 . 2005-07-26 13:44 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-03 12:07 . 2005-07-26 13:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-03 12:07 . 2005-07-26 13:44 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-06-03 12:07 . 2005-07-26 13:43 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-03 11:59 . 2003-02-14 16:31 73,728 -ra------ C:\WINDOWS\system32\cnm14A.tmp
2008-06-03 11:52 . 2003-02-14 16:31 73,728 -ra------ C:\WINDOWS\system32\cnmA9.tmp
2008-06-03 11:08 . 2003-02-14 16:31 73,728 -ra------ C:\WINDOWS\system32\cnmA8.tmp
2008-06-03 10:16 . 2008-06-03 10:16 47,104 --a------ C:\WINDOWS\ldr.exe
2008-05-31 10:06 . 2008-05-31 10:06 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-31 10:06 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-31 10:06 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-31 10:06 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-05-31 10:06 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-31 10:06 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-31 10:06 . 2008-03-21 22:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-31 10:06 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-31 10:06 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-31 10:06 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-05-30 18:55 . 2008-05-30 18:55 <REP> d-------- C:\Program Files\Rockstar Games
2008-05-28 22:59 . 2008-05-28 22:59 <REP> d-------- C:\Plug
2008-05-27 11:14 . 2008-06-02 19:20 101,376 --a------ C:\WINDOWS\index.exe
2008-05-27 11:14 . 2008-05-27 16:55 96,256 --a------ C:\WINDOWS\gren.exe
2008-05-25 18:31 . 2008-05-25 18:31 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Games
2008-05-25 18:14 . 2008-06-03 12:14 28,672 --a------ C:\WINDOWS\system32\msscntr32.exe
2008-05-25 16:36 . 2006-09-12 13:46 227,328 -r-hs---- C:\WINDOWS\system32\ac3DX.ax
2008-05-25 16:36 . 2006-03-10 23:48 169,472 -r-hs---- C:\WINDOWS\system32\MatroskaDX.ax
2008-05-25 16:36 . 2006-05-03 12:06 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2008-05-25 16:36 . 2005-11-25 22:46 161,792 -r-hs---- C:\WINDOWS\system32\RealMediaDX.ax
2008-05-25 16:36 . 2006-01-13 01:23 123,904 -r-hs---- C:\WINDOWS\system32\AVCDX.ax
2008-05-25 16:36 . 2003-11-21 01:00 54,784 -r-hs---- C:\WINDOWS\system32\RLAPEDec.ax
2008-05-25 16:36 . 2004-04-27 01:00 37,888 -r-hs---- C:\WINDOWS\system32\RLMPCDec.ax
2008-05-25 16:36 . 2007-02-21 13:47 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2008-05-25 16:36 . 2007-12-17 15:43 27,648 ---hs---- C:\WINDOWS\system32\Smab0.dll
2008-05-25 16:07 . 2006-01-13 01:23 150,596 -r-hs---- C:\WINDOWS\system32\AVCDXile
2008-05-24 18:35 . 2008-05-24 18:38 780 --a------ C:\WINDOWS\_delis32.ini
2008-05-24 18:24 . 2008-05-24 18:24 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-24 18:10 . 2008-05-24 18:10 <REP> d-------- C:\Documents and Settings\Admin\Application Data\DAEMON Tools
2008-05-20 19:55 . 2008-05-20 19:55 <REP> d-------- C:\Program Files\Eidos Interactive
2008-05-19 17:47 . 2008-05-19 17:47 <REP> d-------- C:\Program Files\Bonjour
2008-05-19 16:09 . 47,616 C:\WINDOWS\system32\fsmgmt.dll.tmp
2008-05-19 16:09 . 47,616 C:\WINDOWS\system32\fsmgmt.dll
2008-05-18 19:29 . 2008-05-20 15:57 <REP> d-------- C:\Program Files\Jasc Software Inc
2008-05-15 22:32 . 2005-04-14 18:57 219,648 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-05-15 22:06 . 2008-06-06 11:31 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-05-14 20:57 . 2007-03-08 17:37 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-05-14 20:57 . 2008-05-14 20:57 54,784 --a------ C:\WINDOWS\system32\lght.ln
2008-05-14 20:57 . 2008-05-14 20:57 32,768 --a------ C:\WINDOWS\system32\pryx.ln

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 10:38 7,168 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-06-04 20:46 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-04 08:56 47,616 ----a-w C:\WINDOWS\system32\ fsmgmt.dll
2008-06-03 19:51 47,616 ----a-w C:\WINDOWS\system32\ fsmgmt.dll.tmp
2008-06-03 18:39 2,774 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-29 21:32 --------- d-----w C:\Program Files\Internet Download Manager
2008-05-29 21:27 --------- d-----w C:\Documents and Settings\Admin\Application Data\DMCache
2008-05-25 07:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 16:10 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-20 14:32 --------- d-----w C:\Documents and Settings\Admin\Application Data\IDM
2008-05-19 15:45 --------- d-----w C:\Program Files\QuickTime
2008-05-19 15:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-05-05 21:17 --------- d-----w C:\Program Files\Fichiers communs\DVDVideoSoft
2008-05-05 21:17 --------- d-----w C:\Program Files\DVDVideoSoft
2008-05-05 20:47 --------- d-----w C:\Program Files\FLVPlayer
2008-05-05 20:45 --------- d-----w C:\Program Files\YouTUBE (TM) movie downloader
2008-04-12 16:36 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-04-07 21:08 --------- d-----w C:\Program Files\MP3Gain
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2006-03-09 15:04 31,384 ----a-w C:\Documents and Settings\_seka\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.
[code]<pre>
----a-w 40,048 2008-01-22 10:07:21 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 2,321,600 2008-01-21 21:58:30 C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater .exe
----a-w 286,720 2008-01-22 10:07:22 C:\Program Files\QuickTime\qttask .exe
</pre>[/code]


------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-06-04_22.38.18.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-02-15 00:30:07 142,464 ----a-w C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB900485\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\updspapi.dll
+ 2006-03-17 04:49:25 8,510,976 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll
+ 2006-03-22 01:51:44 25,088 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\spru040c.dll
+ 2006-03-17 01:05:35 28,672 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB908531\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB908531\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\updspapi.dll
+ 2006-06-22 10:38:25 180,736 ----a-w C:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB911280\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\updspapi.dll
+ 2006-03-23 05:53:24 143,360 ----a-w C:\WINDOWS\$hf_mig$\KB911562\SP2QFE\msadco.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB911562\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB911562\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\updspapi.dll
+ 2006-01-04 04:19:19 68,096 ----a-w C:\WINDOWS\$hf_mig$\KB911927\SP2QFE\webclnt.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB911927\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\updspapi.dll
+ 2006-03-01 19:42:12 426,496 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcprx.dll
+ 2006-03-01 19:42:12 956,416 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtctm.dll
+ 2006-03-01 19:42:12 161,280 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll
+ 2006-03-01 19:42:12 66,560 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxclu.dll
+ 2006-03-01 19:42:12 91,136 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxoci.dll
+ 2006-03-01 19:42:12 11,776 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\xolehlp.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB913580\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB913580\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\updspapi.dll
+ 2006-05-19 14:16:50 112,640 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dhcpcsvc.dll
+ 2006-05-19 14:16:51 147,456 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dnsapi.dll
+ 2006-05-19 14:16:51 95,744 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\iphlpapi.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB914388\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB914388\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\updspapi.dll
+ 2006-03-17 01:08:10 262,656 ----a-w C:\WINDOWS\$hf_mig$\KB916595\SP2QFE\http.sys
+ 2005-10-12 23:18:45 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB916595\spmsg.dll
+ 2005-10-12 23:18:45 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB916595\spuninst.exe
+ 2005-10-12 23:18:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\spcustom.dll
+ 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
+ 2005-10-12 23:18:49 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\updspapi.dll
+ 2006-11-27 15:18:34 539,136 ----a-w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll
+ 2006-11-27 15:18:34 433,664 ----a-w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll
+ 2006-06-01 19:46:25 163,840 ----a-w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgdw400.dll
+ 2006-06-01 19:46:25 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgpl400.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB918439\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB918439\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\updspapi.dll
+ 2006-07-13 11:43:08 202,496 ----a-w C:\WINDOWS\$hf_mig$\KB919007\SP2QFE\rmcast.sys
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB919007\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB919007\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\updspapi.dll
+ 2006-10-12 13:55:58 42,496 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdp2.dll
+ 2006-10-12 13:55:58 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdpv.dll
+ 2006-10-12 11:54:07 256,512 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe
+ 2006-10-16 11:19:09 265,216 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\spru040c.dll
+ 2005-10-12 23:18:45 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB920213\spmsg.dll
+ 2005-10-12 23:18:45 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB920213\spuninst.exe
+ 2005-10-12 23:18:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\spcustom.dll
+ 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\update.exe
+ 2005-10-12 23:18:49 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\updspapi.dll
+ 2006-07-21 08:29:04 72,704 ----a-w C:\WINDOWS\$hf_mig$\KB920670\SP2QFE\hlink.dll
+ 2005-10-12 23:18:45 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB920670\spmsg.dll
+ 2005-10-12 23:18:45 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB920670\spuninst.exe
+ 2005-10-12 23:18:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\spcustom.dll
+ 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
+ 2005-10-12 23:18:49 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\updspapi.dll
+ 2006-06-22 05:22:11 69,120 ----a-w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\ciodm.dll
+ 2006-06-22 05:22:12 1,440,768 ----a-w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\query.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB920685\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB920685\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\updspapi.dll
+ 2006-06-14 08:50:19 172,416 ----a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\kmixer.sys
+ 2006-06-14 08:50:19 6,272 ----a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys
+ 2006-06-14 09:17:04 82,944 ----a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\wdmaud.sys
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB920872\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB920872\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\updspapi.dll
+ 2006-08-16 12:13:24 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\6to4svc.dll
+ 2006-08-16 10:13:39 225,664 ----a-w C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\tcpip6.sys
+ 2005-10-12 23:18:45 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB922819\spmsg.dll
+ 2005-10-12 23:18:45 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB922819\spuninst.exe
+ 2005-10-12 23:18:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\spcustom.dll
+ 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
+ 2005-10-12 23:18:49 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\updspapi.dll
+ 2006-08-14 12:00:42 332,928 ----a-w C:\WINDOWS\$hf_mig$\KB923414\SP2QFE\srv.sys
+ 2005-10-12 23:18:45 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB923414\spmsg.dll
+ 2005-10-12 23:18:45 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB923414\spuninst.exe
+ 2005-10-12 23:18:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\spcustom.dll
+ 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
+ 2005-10-12 23:18:49 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\updspapi.dll
+ 2006-10-13 12:43:07 64,000 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwapi32.dll
+ 2006-10-13 12:43:07 145,920 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
+ 2006-10-13 10:39:12 163,456 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwrdr.sys
+ 2006-10-13 12:43:07 65,536 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwwks.dll
+ 2005-10-12 23:18:45 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spmsg.dll
+ 2005-10-12 23:18:45 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spuninst.exe
+ 2005-10-12 23:18:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\spcustom.dll
+ 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
+ 2005-10-12 23:18:49 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\updspapi.dll
+ 2006-08-17 12:43:04 733,184 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll
+ 2006-08-17 12:43:04 337,408 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\netapi32.dll
+ 2006-08-17 12:43:04 132,096 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\wkssvc.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB924270\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB924270\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\updspapi.dll
+ 2007-03-08 15:50:30 282,112 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\gdi32.dll
+ 2007-03-08 15:50:30 40,960 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\mf3216.dll
+ 2007-03-08 15:50:30 579,072 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
+ 2007-03-08 15:45:59 1,844,096 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys
+ 2006-01-19 19:29:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB925902\spmsg.dll
+ 2006-01-19 19:29:25 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB925902\spuninst.exe
+ 2006-01-19 19:29:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\spcustom.dll
+ 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
+ 2006-01-19 19:29:26 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\updspapi.dll
+ 2006-10-20 01:40:33 716,800 ----a-w C:\WINDOWS\$hf_mig$\KB926255\SP2QFE\sxs.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB926255\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB926255\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\updspapi.dll
+ 2006-10-16 17:14:12 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB926436\SP2QFE\oledlg.dll
+ 2005-10-12 23:18:45 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB926436\spmsg.dll
+ 2005-10-12 23:18:45 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB926436\spuninst.exe
+ 2005-10-12 23:18:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\spcustom.dll
+ 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
+ 2005-10-12 23:18:49 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\updspapi.dll
+ 2006-12-26 13:20:21 536,576 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msado15.dll
+ 2006-12-26 13:20:21 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadomd.dll
+ 2006-12-26 13:20:21 200,704 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadox.dll
+ 2006-12-26 13:20:21 102,400 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msjro.dll
+ 2006-01-19 19:29:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB927779\spmsg.dll
+ 2006-01-19 19:29:25 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB927779\spuninst.exe
+ 2006-01-19 19:29:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\spcustom.dll
+ 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
+ 2006-01-19 19:29:26 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\updspapi.dll
+ 2006-12-19 18:48:57 334,336 ----a-w C:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB927802\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB927802\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB927802\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB927802\update\updspapi.dll
+ 2006-12-19 21:48:29 8,515,072 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll
+ 2006-12-19 21:48:29 135,680 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
+ 2006-12-19 16:29:57 265,216 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\spru040c.dll
+ 2006-01-19 19:29:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB928255\spmsg.dll
+ 2006-01-19 19:29:25 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB928255\spuninst.exe
+ 2006-01-19 19:29:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\spcustom.dll
+ 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
+ 2006-01-19 19:29:26 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\updspapi.dll
+ 2007-05-16 15:28:27 86,528 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\directdb.dll
+ 2007-05-16 15:28:28 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\inetcomm.dll
+ 2007-05-16 15:28:31 1,314,816 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\msoe.dll
+ 2007-05-16 15:28:32 510,976 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wab32.dll
+ 2007-05-16 15:28:33 85,504 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wabimp.dll
+ 2006-01-19 19:29:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spmsg.dll
+ 2006-01-19 19:29:25 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spuninst.exe
+ 2006-01-19 19:29:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\spcustom.dll
+ 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
+ 2006-01-19 19:29:26 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\updspapi.dll
+ 2007-03-17 13:47:04 293,376 ----a-w C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB930178\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB930178\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\updspapi.dll
+ 2007-02-09 11:23:36 574,976 ----a-w C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB930916\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB930916\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\updspapi.dll
+ 2007-02-05 20:20:56 185,344 ----a-w C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
+ 2006-01-19 19:29:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB931261\spmsg.dll
+ 2006-01-19 19:29:25 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe
+ 2006-01-19 19:29:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\spcustom.dll
+ 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
+ 2006-01-19 19:29:26 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\updspapi.dll
+ 2007-02-28 16:08:15 2,139,648 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlmp.exe
+ 2007-02-28 16:08:25 2,061,440 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
+ 2007-02-28 16:08:11 2,019,328 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrpamp.exe
+ 2007-02-28 16:08:21 2,184,192 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB931784\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB931784\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\updspapi.dll
+ 2007-03-09 14:00:38 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\agentdpv.dll
+ 2007-03-09 11:51:20 265,216 ----a-w C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\spru040c.dll
+ 2006-01-19 19:29:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB932168\spmsg.dll
+ 2006-01-19 19:29:25 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB932168\spuninst.exe
+ 2006-01-19 19:29:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\spcustom.dll
+ 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\update.exe
+ 2006-01-19 19:29:26 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\updspapi.dll
+ 2008-02-26 11:49:32 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2007-04-16 16:11:08 1,051,136 ----a-w C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\updspapi.dll
+ 2007-04-25 20:32:29 144,896 ----a-w C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll
+ 2006-01-19 19:29:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB935840\spmsg.dll
+ 2006-01-19 19:29:25 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe
+ 2006-01-19 19:29:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\spcustom.dll
+ 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
+ 2006-01-19 19:29:26 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\updspapi.dll
+ 2007-06-26 06:07:05 1,104,896 ----a-w C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
+ 2007-04-23 10:14:23 364,160 ----a-w C:\WINDOWS\$hf_mig$\KB936357\SP2QFE\update.sys
+ 2006-01-19 19:29:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB936357\spmsg.dll
+ 2006-01-19 19:29:25 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB936357\spuninst.exe
+ 2006-01-19 19:29:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\spcustom.dll
+ 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
+ 2006-01-19 19:29:26 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\updspapi.dll
+ 2007-07-06 09:52:38 72,960 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys
+ 2007-07-06 13:09:51 138,240 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqad.dll
+ 2007-07-06 13:09:51 47,104 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqdscli.dll
+ 2007-07-06 13:09:51 16,896 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqise.dll
+ 2007-07-06 13:09:51 660,992 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqqm.dll
+ 2007-07-06 13:09:51 177,152 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqrt.dll
+ 2007-07-06 13:09:51 95,744 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqsec.dll
+ 2007-07-06 13:09:51 48,640 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqupgrd.dll
+ 2007-07-06 13:09:51 527,360 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqutil.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\updspapi.dll
+ 2007-07-12 23:28:38 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
+ 2007-06-13 13:10:53 1,037,312 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
+ 2007-08-21 06:25:34 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2007-10-29 22:36:31 1,293,824 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2008-03-20 07:56:50 1,846,016 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-12-04 18:30:15 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-11-07 09:50:06 733,696 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2008-02-20 05:20:23 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:50:24 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2008-02-20 06:52:42 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-25 06:56:31 194,144 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-11-01 05:15:27 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
- 2007-10-29 21:03:53 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-06-06 09:07:35 8,192 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-10-29 21:03:47 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-06-06 09:07:52 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-10-29 21:03:28 716,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-06-06 09:09:10 720,896 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-10-29 21:03:28 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-06-06 09:07:55 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-10-29 21:03:53 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-06-06 09:08:39 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
- 2007-10-29 21:04:02 299,008 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-06-06 09:08:26 303,104 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-10-29 21:03:48 1,290,240 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-06-06 09:08:42 1,294,336 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
- 2007-10-29 21:03:48 1,699,840 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-06-06 09:07:41 1,703,936 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-10-29 21:03:49 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-06-06 09:09:07 90,112 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-10-29 21:03:50 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-06-06 09:08:23 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-10-29 21:03:49 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-06-06 09:08:05 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-10-29 21:03:49 64,000 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-06-06 09:08:05 66,560 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2007-10-29 21:03:50 368,640 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-06-06 09:08:36 372,736 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-10-29 21:03:50 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-06-06 09:09:15 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-10-29 21:03:50 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-06-06 09:08:30 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-10-29 21:03:50 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-06-06 09:08:09 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-10-29 21:03:50 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-06-06 09:08:18 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-10-29 21:03:50 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-06-06 09:08:48 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-10-29 21:03:55 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-06-06 09:07:29 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-10-29 21:03:51 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-06-06 09:08:00 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-10-29 21:03:51 569,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-06-06 09:07:49 573,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-10-29 21:03:51 1,245,184 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-06-06 09:08:57 1,257,472 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-10-29 21:03:52 2,039,808 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-06-06 09:08:12 2,052,096 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-10-29 21:03:53 1,335,296 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2008-06-06 09:08:33 1,339,392 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
- 2007-10-29 21:03:49 1,216,512 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-06-06 09:09:27 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-06-06 09:12:44 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_f8f78708\CustomMarshalers.dll
+ 2008-06-06 09:22:07 3,379,200 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b2cb3977\mscorlib.dll
+ 2008-06-06 09:20:02 1,470,464 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_78b76bcc\System.Design.dll
+ 2008-06-06 09:13:31 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_78c05aa9\System.Drawing.Design.dll
+ 2008-06-06 09:20:43 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_45a8143a\System.Drawing.dll
+ 2008-06-06 09:17:23 3,014,656 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_4f7dc60b\System.Windows.Forms.dll
+ 2008-06-06 09:18:53 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_1cecb917\System.Xml.dll
+ 2008-06-06 09:12:24 1,953,792 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_cf28bb76\System.dll
- 2008-06-04 20:28:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 16:52:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-02-15 00:22:26 142,464 ------w C:\WINDOWS\Driver Cache\i386\aec.sys
+ 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\Driver Cache\i386\http.sys
+ 2006-06-14 08:47:45 172,416 ------w C:\WINDOWS\Driver Cache\i386\kmixer.sys
+ 2006-05-05 09:41:45 453,120 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2007-02-28 16:02:21 2,138,112 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2007-02-28 16:02:36 2,059,648 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2007-02-28 16:02:21 2,017,792 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2007-02-28 16:02:36 2,182,400 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2006-06-14 08:47:46 6,400 ------w C:\WINDOWS\Driver Cache\i386\splitter.sys
+ 2006-06-14 09:00:45 82,944 ------w C:\WINDOWS\Driver Cache\i386\wdmaud.sys
- 2005-07-26 15:01:30 1,036,288 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 13:22:28 1,037,312 ----a-w C:\WINDOWS\explorer.exe
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 16:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 16:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-08-13 16:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-08-13 16:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-08-13 16:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-08-13 16:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-08-13 16:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-08-13 16:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-08-13 16:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-08-13 15:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-02-12 14:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat
+ 2007-07-11 10:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-08-13 16:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-08-13 16:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-08-13 16:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-08-13 16:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-08-13 16:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-08-13 16:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-08-13 16:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-08-13 16:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-08-13 16:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-08-13 16:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-08-13 16:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-08-13 16:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-08-13 16:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-08-13 16:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2007-08-13 16:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-08-13 16:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-08-13 16:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-08-13 16:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-08-13 16:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2008-06-06 09:00:16 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
- 2003-02-20 18:19:32 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2004-07-14 23:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2003-02-20 18:19:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-14 23:49:18 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- 2003-02-20 18:19:38 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-14 23:49:26 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2003-02-20 18:19:36 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-07-14 23:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-20 18:09:08 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2004-07-14 22:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 09:20:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 09:23:28 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
- 2003-02-21 09:21:00 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 09:23:44 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
- 2003-02-20 18:06:20 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2004-07-14 22:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 12:30:14 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
- 2003-02-21 06:24:38 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 12:31:00 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
- 2003-02-21 06:24:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2004-07-15 12:31:04 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
- 2003-02-20 18:09:40 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-14 22:35:30 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 06:26:36 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 12:28:58 720,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
- 2003-02-21 06:26:38 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 12:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
- 2003-02-21 06:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 12:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- 2003-02-21 06:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 12:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2003-02-20 18:09:12 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-14 22:32:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
- 2003-02-20 18:09:12 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-14 22:32:46 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
- 2003-02-20 18:06:32 311,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2004-07-14 22:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2003-02-20 18:09:16 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2004-07-14 22:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2003-02-21 06:26:34 2,088,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2004-07-15 12:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 18:09:18 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-14 22:33:22 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
- 2003-02-20 18:09:18 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2004-07-14 22:33:24 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
- 2003-02-20 18:07:34 2,494,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2004-07-14 22:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2003-02-20 18:08:32 2,482,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorw
0
Réponse 10 / 29
Utilisateur anonyme
6 juin 2008 à 21:42
Bon, on a bien avancé.

*Télécharge et installe MalwareByte's :
*Lance une analyse complète.
*A la fin du scan, clique sur "Supprimer la sélection" ou "Remove Selected"
*Copie/colle le rapport final.

*Télécharge OTMoveIt (d’Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

*Double-clique sur OTMoveIt.exe pour le lancer.
*Copie la liste qui se trouve ci-dessous et colle-la dans le cadre de gauche de OTMoveIt : Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\ldr.exe
C:\WINDOWS\index.exe
C:\WINDOWS\system32\Smab0.dll
C:\WINDOWS\system32\fsmgmt.dll
C:\WINDOWS\system32\Smab0.dll
C:\WINDOWS\system32\wsnpoem\video.dll

*Clique sur MoveIt! Pour lancer la suppression.
*Le résultat apparaitra dans le cadre Results.
*Clique sur Exit pour fermer.
*Poste le rapport situé dans C:\_OTMoveIt\MovedFiles. Exemple:(01282008_131348.log )

*Il te sera peut-être demander de redémarrer le PC pour achever la suppression.
Si c'est le cas accepte par Yes

Et Copie/Colle un nouveau rapport HijackThis ;)
0
Réponse 11 / 29
zerbina Messages postés 74 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 8 juillet 2011 7
6 juin 2008 à 23:14
Donc voila le rapport malarebyte's :

Malwarebytes' Anti-Malware 1.15
Version de la base de données: 830

22:53:28 06/06/2008
mbam-log-6-6-2008 (22-53-05).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 67045
Temps écoulé: 40 minute(s), 21 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 22

Processus mémoire infecté(s):
C:\WINDOWS\system32\msscntr32.exe (Backdoor.Bot) -> No action taken.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{529f1e0d-e241-4642-a560-00bda0df44e6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f25c07d1-1c0e-416f-8147-20af5007a3f5} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{85c8bc13-7522-472a-aeb1-0c40d41b117e} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e53a126b-cf56-4b0f-9d3b-aff0777fe7b5} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{fece7a73-fbbd-43d2-9c9d-30a749dd6a3f} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{ea7522f6-87cf-411e-8a55-19ee4344b676} (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\qandr (Rootkit.Qandr) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msscenter (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msscenter (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msscenter (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msscenter (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\Software\kernelexe (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\AppID\pblock.DLL (Rogue.PCSecureSystem) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> No action taken.
HKEY_CLASSES_ROOT\atfxqogp.bqva (Trojan.FakeAlert) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5af49a2-94f3-42bd-f434-2604812c897d} (Trojan.Agent) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mahmud (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> No action taken.

Dossier(s) infecté(s):
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\wsnpoem (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\twain.exe.vir (Trojan.Agent) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\1041m.dll.vir (Trojan.DownLoader) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\csrssw.dll.vir (csrssw.dll) -> No action taken.
C:\WINDOWS\vmmreg32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\rmbnddo.dll (Adware.PurityScan) -> No action taken.
C:\WINDOWS\system32\drivers\beep.sys (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\system32\drivers\qandr.sys (Rootkit.Qandr) -> No action taken.
C:\WINDOWS\system32\uwce9\renamd83122.exe (Adware.TTC) -> No action taken.
C:\WINDOWS\TEMP\7CF28762C38CA0D4.tmp (Trojan.Dropper) -> No action taken.
C:\WINDOWS\TEMP\AE8AB41F91F72503.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\Process.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\mahmud.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\msscntr32.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\WinNt32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\hcnwg4u.sys (Rootkit.Rustok) -> No action taken.
C:\WINDOWS\system32\WLCtrl32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\s32.txt (Malware.Trace) -> No action taken.


Et pour Move it!! :
DllUnregisterServer procedure not found in C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\WinNt32.dll NOT unregistered.
C:\WINDOWS\system32\WinNt32.dll moved successfully.
C:\WINDOWS\ldr.exe moved successfully.
C:\WINDOWS\index.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\Smab0.dll
C:\WINDOWS\system32\Smab0.dll NOT unregistered.
C:\WINDOWS\system32\Smab0.dll moved successfully.
File/Folder C:\WINDOWS\system32\fsmgmt.dll not found.
File/Folder C:\WINDOWS\system32\Smab0.dll not found.
LoadLibrary failed for C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\system32\wsnpoem\video.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\wsnpoem\video.dll scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06062008_225525

Files moved on Reboot...
LoadLibrary failed for C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\system32\wsnpoem\video.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\wsnpoem\video.dll scheduled to be moved on reboot.

HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:13, on 06/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msscntr32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\WINDOWS\TEMP\winlogan.exe
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [mahmud] C:\WINDOWS\mahmud.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [jdgf894jrghoiiskd] C:\WINDOWS\TEMP\winlogan.exe (User 'Default user')
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - C:\Program Files\WinSysClean 2008 Trial\UDManager\UDManager.exe (file missing)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O20 - Winlogon Notify: winctrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HTTP SSL HTTPFilterSCardSvr (HTTPFilterSCardSvr) - Unknown owner - C:\DOCUME~1\Admin\LOCALS~1\Temp\1.tmp.exe (file missing)
O23 - Service: Microsoft Security Center Extension (msscenter) - Unknown owner - C:\WINDOWS\system32\msscntr32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
Réponse 12 / 29
Utilisateur anonyme
7 juin 2008 à 12:14
Relance MalwareByte's
Onglet Quarantaine
Selectionne tout et clique sur Supprimer.


Ensuite, mets Antivir à jour
Redémarre en mode sans échec
*Paramètre le
https://www.astucesinternet.com/modules/news/article.php?storyid=253
Lance un scan complet et copie/colle moi le rapport.
0
Réponse 13 / 29
zerbina Messages postés 74 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 8 juillet 2011 7
7 juin 2008 à 15:38
Salut!!

Voila le scan antivir!!



Avira AntiVir Personal
Report file date: samedi 7 juin 2008 14:06

Scanning for 1313263 virus strains and unwanted programs.

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:42
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 11:48:13
ANTIVIR3.VDF : 7.0.4.156 144896 Bytes 06/06/2008 11:48:14
Engineversion : 8.1.0.55
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22
AESCRIPT.DLL : 8.1.0.40 266618 Bytes 07/06/2008 11:48:29
AESCN.DLL : 8.1.0.21 119156 Bytes 07/06/2008 11:48:28
AERDL.DLL : 8.1.0.20 418165 Bytes 07/06/2008 11:48:27
AEPACK.DLL : 8.1.1.5 364918 Bytes 07/06/2008 11:48:25
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 07/06/2008 11:48:24
AEHEUR.DLL : 8.1.0.30 1253750 Bytes 07/06/2008 11:48:23
AEHELP.DLL : 8.1.0.15 115063 Bytes 07/06/2008 11:48:19
AEGEN.DLL : 8.1.0.28 307572 Bytes 07/06/2008 11:48:19
AEEMU.DLL : 8.1.0.6 430451 Bytes 07/06/2008 11:48:17
AECORE.DLL : 8.1.0.31 168310 Bytes 07/06/2008 11:48:16
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:52
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:48
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:26
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:12

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 7 juin 2008 14:06

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '26' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AdSpyTTC2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '489d8023.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MaxSearch.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48c28028.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48c4802d.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48c48034.qua'!
C:\Program Files\microsoft frontpage\profsyvysa.html
[DETECTION] Is the Trojan horse TR/Click.HTML.IFrame.DN
[NOTE] The file was deleted!
C:\QooBox\Quarantine\catchme2008-06-04_222214.37.zip
[0] Archive type: ZIP
--> WinNt32.dll
[DETECTION] Is the Trojan horse TR/Dldr.Mutant.acm.15
[NOTE] The file was deleted!
C:\QooBox\Quarantine\catchme2008-06-06_184429,67.zip
[0] Archive type: ZIP
--> clbdriver.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> WinNt32.dll
[DETECTION] Is the Trojan horse TR/Dldr.Mutant.acm.15
--> WinNt32.dll.1
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\7ujkn.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\esbq.exe.vir
[DETECTION] Is the Trojan horse TR/Vapsup.gcc.15
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ae1r.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\clbdll.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\WinNt32.dl_.vir
[DETECTION] Is the Trojan horse TR/Dldr.Mutant.acm.15
[NOTE] The file was deleted!
C:\WINDOWS\gren.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\ fsmgmt.dll
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\ fsmgmt.dll.tmp
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\hcnwg4u.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\lght.ln
[DETECTION] Is the Trojan horse TR/Spy.Agent.cad.9
[NOTE] The file was deleted!
C:\WINDOWS\system32\pryx.ln
[DETECTION] Is the Trojan horse TR/Spy.Agent.cad.8
[NOTE] The file was deleted!
C:\WINDOWS\system32\secpol.exe
[DETECTION] Contains detection pattern of the worm WORM/Autorun.drr
[NOTE] The file was deleted!
C:\WINDOWS\system32\WinNt32.dll
[DETECTION] Is the Trojan horse TR/Dldr.Mutant.acm.15
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\Winwi34.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\Yen38.sys
[WARNING] The file could not be opened!
C:\_OTMoveIt\MovedFiles\06062008_225525\WINDOWS\ldr.exe
[DETECTION] Is the Trojan horse TR/Spy.ZBot.ced
[NOTE] The file was deleted!
C:\_OTMoveIt\MovedFiles\06062008_225525\WINDOWS\system32\WinNt32.dll
[DETECTION] Is the Trojan horse TR/Dldr.Mutant.acm.15
[WARNING] The file could not be deleted!


End of the scan: samedi 7 juin 2008 15:19
Used time: 1:12:33 min

The scan has been done completely.

4214 Scanning directories
83121 Files were scanned
20 viruses and/or unwanted programs were found
4 Files were classified as suspicious:
16 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
83101 Files not concerned
1263 Archives were scanned
6 Warnings
20 Notes
0
Réponse 14 / 29
Utilisateur anonyme
7 juin 2008 à 16:08
*Télécharge Killbox sur ton bureau
*Double-clique sur Killbox.exe
*Copie/colle C:\WINDOWS\system32\WinNt32.dll
dans Full path or File to delete
*Coche Delete on reboot
*Clique sur la croix rouge
*A la question proposée, réponds par Oui
* Poste le contenu du rapport qui se trouve ici C:\!KillBox\Logs.


Tu as bien supprimé la sélection dans MalwareByte's ?
Refais un scan stp et coche bien Supprimer la sélection à la fin
Copie/Colle le rapport.
0
Réponse 15 / 29
zerbina Messages postés 74 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 8 juillet 2011 7
7 juin 2008 à 16:58
Alors pour killbox :

Pocket Killbox version
Running on Windows XP as Admin(Administrator)
was started @ samedi, juin 07, 2008, 4:45 PM

# 1 [Files to Delete]
Path = C:\WINDOWS\system32\WinNt32.dll
*This File could not be Deleted

# 2 [Files to Delete]
Path = C:\WINDOWS\system32\WinNt32.dll
*This File could not be Deleted

# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\WinNt32.dll
*This File could not be Deleted

I Rebooted @ 4:47:39 PM
Killbox Closed(Exit) @ 4:47:43 PM

Et pour malware :

Malwarebytes' Anti-Malware 1.15
Version de la base de données: 830

13:22:50 07/06/2008
mbam-log-6-7-2008 (13-22-50).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 68614
Temps écoulé: 33 minute(s), 57 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 23

Processus mémoire infecté(s):
C:\WINDOWS\system32\msscntr32.exe (Backdoor.Bot) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{529f1e0d-e241-4642-a560-00bda0df44e6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f25c07d1-1c0e-416f-8147-20af5007a3f5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{85c8bc13-7522-472a-aeb1-0c40d41b117e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e53a126b-cf56-4b0f-9d3b-aff0777fe7b5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{fece7a73-fbbd-43d2-9c9d-30a749dd6a3f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ea7522f6-87cf-411e-8a55-19ee4344b676} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\qandr (Rootkit.Qandr) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msscenter (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msscenter (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msscenter (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msscenter (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\kernelexe (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\pblock.DLL (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\atfxqogp.bqva (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5af49a2-94f3-42bd-f434-2604812c897d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mahmud (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> Delete on reboot.

Dossier(s) infecté(s):
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\wsnpoem (Trojan.Agent) -> Delete on reboot.

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\twain.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\1041m.dll.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\csrssw.dll.vir (csrssw.dll) -> Quarantined and deleted successfully.
C:\WINDOWS\vmmreg32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rmbnddo.dll (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\qandr.sys (Rootkit.Qandr) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uwce9\renamd83122.exe (Adware.TTC) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\7CF28762C38CA0D4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\AE8AB41F91F72503.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Process.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mahmud.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msscntr32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinNt32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hcnwg4u.sys (Rootkit.Rustok) -> Delete on reboot.
C:\WINDOWS\system32\WLCtrl32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\s32.txt (Malware.Trace) -> Quarantined and deleted successfully.
0
Réponse 16 / 29
Utilisateur anonyme
7 juin 2008 à 17:11
Comment se comporte le PC ?


BitDefender
#Fais un scan en ligne Bitdefender
#Une fois sur le site clique sur le bouton BitDefender Scan Online
#Vois la démo de Balltrap34 ici si tu n'y arrives pas !
#Copie/colle le rapport final.

NB : Le scan est à faire avec Internet Explorer
0
Réponse 17 / 29
zerbina Messages postés 74 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 8 juillet 2011 7
7 juin 2008 à 18:58
Le pc va beaucoup mieux merci!! Il est plus rapide!! Mais bon y'a quand même 800 Mo qui sont partit je ne sais où et comme il me reste pas trop de place (j'ai 1.12 Go sur 6 Go au total!!) donc si tu sais comment les résupérer marci biien^^

Voila le scan Bitdefender :

BitDefender Online Scanner - Real Time Virus Report



Generated at: Sat, Jun 07, 2008 - 18:53:49


--------------------------------------------------------------------------------





Scan Info



Scanned Files
90258

Infected Files
4

Virus Detected

Adware.Isearch.D
1

Trojan.Loader.X
1

Trojan.Peed.JKH
1

Application.Memedia.B
1
0
Réponse 18 / 29
Utilisateur anonyme
7 juin 2008 à 19:10
Le rapport devrait se présenter sous cette forme :
http://www.commentcamarche.net/forum/affich 3767093 rapport bitdefender online scanner


Ensuite,
*Télécharge Ccleaner :
https://www.ccleaner.com/ccleaner/download
Clique sur le premier Download now > Choisis la version Slim
Installe Ccleaner.
Nettoie Windows et la base de registre en suivant ce tuto :
https://www.malekal.com/tutoriel-ccleaner/#mozTocId223895
0
Réponse 19 / 29
zerbina
7 juin 2008 à 19:31
Ah! J'ai eu que ce que je t'ai mis pourtant!!Bon j'ai fais un nettoage avec Ccleaner mais ça m'a pas mibérer énormément de place...(12Mo).
0
Réponse 20 / 29
Utilisateur anonyme
7 juin 2008 à 20:15
*Télécharge ATF-Cleaner
*Double clique sur le programme
*Coche "Select All" et clique sur le bouton "Empty Selected"
*Une fois terminé, ferme le programme.
0

Discussions similaires

scan comics
daraen -
dsyren -

1 réponse
comment lire des bd gratuitement en ligne sur internet ?
theodu13480 -
Ereka -

2 réponses
Problème lecture Scan manga
léa -
nagisa_hl -

14 réponses
télécharger router scan v2.6
naf_2019 -
brucine -

2 réponses