- le SITE - contribuer - le FORUM - liste évènements - livres sécurité info - @abcdelasecurite (twitter) - groupe Facebook - admin
Le portail dédié à la sécurité informatique et la protection des données, systèmes, réseaux, vie privée et usagers d'Internet.
Forum prévention, configuration, astuces, matériel, logiciel, informations ... hors warez crack serial
Vous n'êtes pas connecté.
- Accueil
- » Aide à l'analyse de rapports de log
- » de nouveau atteint
Poster une réponse
Résumé des sujets (les plus rècents en premier)
- mike49
- 31-10-2008 17:37:24
merci jokuhech, je vais tout de même réessayer d'installer antivir ou avg et faire un compte invité pour aller sur le net
@+ mike
- JokuHech
- 30-10-2008 18:41:13
Démarrer puis Exécuter. Taper
Code:
ComboFix /u
Ceci va enlever ComboFix du système. Poursuivre avec un nettoyage correct, puis défragmentation.
Vous pourrez mettre 30 antivirus, sans que ceux-ci arrivent à vous protéger de manière efficace.
Sans aucun conteste possible, Antivir me semble tout de même le meilleur parmi les gratuits.
La meilleure protection actuellement, vous pourrez la trouver avec une utilisation de compte limité en droits. Ceci n'affecte pas le confort d'utilisation du système d'exploitation. Dans ces conditions, l'antivirus en place importe nettement moins, si ce n'est qu'il faudra tout de même en faire les mises à jour.
AVG 8 free est meilleur aussi que Avast!
Pour en savoir plus, faites donc un clic sur le lien de ma signature, et lisez.
- mike49
- 30-10-2008 18:00:16
encore un grand merci pour toute l'aide apportée à mon soucis
@+ mike
- mike49
- 30-10-2008 17:59:08
bonsoir jokuhech
je viens de faire l'étape citée ci-dessus, voici le log, la machine à l'air de fonctionner normalement
ComboFix 08-10-26.01 - mic 2008-10-30 17:52:51.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1541 [GMT 1:00]
Commutateurs utilisés :: F:\Documents and Settings\mic\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\SDFix
F:\SDFix\Add_DBFix_RunOnce_key.inf
F:\SDFix\apps\assosfix.reg
F:\SDFix\apps\Cghtme.exe
F:\SDFix\apps\cliptext.exe
F:\SDFix\apps\CSweg.exe
F:\SDFix\apps\DBFix.inf
F:\SDFix\apps\download.exe
F:\SDFix\apps\dummy.sys
F:\SDFix\apps\Enable_Command_Prompt.inf
F:\SDFix\apps\Enable_Command_Prompt.reg
F:\SDFix\apps\ERDNT.E_E
F:\SDFix\apps\ERDNTDOS.LOC
F:\SDFix\apps\ERDNTWIN.LOC
F:\SDFix\apps\ERUNT.EXE
F:\SDFix\apps\ERUNT.LOC
F:\SDFix\apps\fix.reg
F:\SDFix\apps\FixBeep.reg
F:\SDFix\apps\FixBH.reg
F:\SDFix\apps\FixComponents.reg
F:\SDFix\apps\FIXCU.reg
F:\SDFix\apps\FIXLM.reg
F:\SDFix\apps\FixPath.exe
F:\SDFix\apps\FixRedir.reg
F:\SDFix\apps\FixSchedule.reg
F:\SDFix\apps\FixWebCheck.reg
F:\SDFix\apps\fixXP.reg
F:\SDFix\apps\FixXPsp2.reg
F:\SDFix\apps\grep.exe
F:\SDFix\apps\HaxdFix.reg
F:\SDFix\apps\HPFix.reg
F:\SDFix\apps\HPFix2.reg
F:\SDFix\apps\HPFix3.reg
F:\SDFix\apps\HPFix4.reg
F:\SDFix\apps\HPFix5.reg
F:\SDFix\apps\HPFix6.reg
F:\SDFix\apps\HPFix7.reg
F:\SDFix\apps\HPFix8.reg
F:\SDFix\apps\HPFix9.reg
F:\SDFix\apps\Installed.txt
F:\SDFix\apps\isadmin.exe
F:\SDFix\apps\leg2.txt
F:\SDFix\apps\legacy.txt
F:\SDFix\apps\legacybk.txt
F:\SDFix\apps\locate.com
F:\SDFix\apps\LS.exe
F:\SDFix\apps\MD5File.exe
F:\SDFix\apps\moveex.exe
F:\SDFix\apps\MyGcpvFix.reg
F:\SDFix\apps\MyGkFix2.reg
F:\SDFix\apps\Process.exe
F:\SDFix\apps\procs.exe
F:\SDFix\apps\psservice.exe
F:\SDFix\apps\Rem.txt
F:\SDFix\apps\Rem2.txt
F:\SDFix\apps\Replace\regedit.exe
F:\SDFix\apps\Replace\w2k\AUTOEXEC.NT
F:\SDFix\apps\Replace\w2k\beep.sys
F:\SDFix\apps\Replace\w2k\command.com
F:\SDFix\apps\Replace\w2k\command.PIF
F:\SDFix\apps\Replace\w2k\CONFIG.NT
F:\SDFix\apps\Replace\w2k\null.sys
F:\SDFix\apps\Replace\xp\AUTOEXEC.NT
F:\SDFix\apps\Replace\xp\beep.sys
F:\SDFix\apps\Replace\xp\command.com
F:\SDFix\apps\Replace\xp\command.PIF
F:\SDFix\apps\Replace\xp\CONFIG.NT
F:\SDFix\apps\Replace\xp\null.sys
F:\SDFix\apps\Reset_AppInit_DLLs.reg
F:\SDFix\apps\RestartIt!.exe
F:\SDFix\apps\Restore_SafeBoot_Windows2000.reg
F:\SDFix\apps\Restore_SafeBoot_WindowsXP.reg
F:\SDFix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
F:\SDFix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
F:\SDFix\apps\Restore_SecurityCenter.reg
F:\SDFix\apps\Restore_SharedAccess.reg
F:\SDFix\apps\sc.exe
F:\SDFix\apps\sed.exe
F:\SDFix\apps\SF.exe
F:\SDFix\apps\shutdown.exe
F:\SDFix\apps\srv2.txt
F:\SDFix\apps\srv2bk.txt
F:\SDFix\apps\svc.txt
F:\SDFix\apps\svcbk.txt
F:\SDFix\apps\Swreg.exe
F:\SDFix\apps\swsc.exe
F:\SDFix\apps\UnRAR.exe
F:\SDFix\apps\unzip.exe
F:\SDFix\apps\vfind.exe
F:\SDFix\apps\WINMSG.EXE
F:\SDFix\apps\winsec.reg
F:\SDFix\apps\zip.exe
F:\SDFix\catchme.exe
F:\SDFix\DBFix.bat
F:\SDFix\dummy.sys
F:\SDFix\RunThis.bat
F:\SDFix\SDFIX_ReadMe_Online.url
F:\SDFix\W2K_VirusAlert_Repair.inf
F:\SDFix\XP_VirusAlert_Repair.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
.
2008-10-27 15:35 . 2008-10-27 15:35 579,584 --a--c--- F:\WINDOWS\system32\dllcache\user32.dll
2008-10-27 15:33 . 2008-10-27 15:33 <REP> d-------- F:\WINDOWS\ERUNT
2008-10-26 15:07 . 2008-01-26 17:53 <REP> d--h----- F:\Documents and Settings\Administrateur\Voisinage réseau
2008-10-26 15:07 . 2008-01-26 17:53 <REP> d--h----- F:\Documents and Settings\Administrateur\Voisinage d'impression
2008-10-26 15:07 . 2008-01-26 17:56 <REP> d--h----- F:\Documents and Settings\Administrateur\Modèles
2008-10-26 15:07 . 2008-01-26 17:53 <REP> d-------- F:\Documents and Settings\Administrateur\Mes documents
2008-10-26 15:07 . 2008-01-26 17:53 <REP> dr------- F:\Documents and Settings\Administrateur\Menu Démarrer
2008-10-26 15:07 . 2008-01-26 17:53 <REP> d-------- F:\Documents and Settings\Administrateur\Favoris
2008-10-26 15:07 . 2008-01-26 17:53 <REP> d-------- F:\Documents and Settings\Administrateur\Bureau
2008-10-26 15:07 . 2008-10-26 15:07 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-26 15:07 . 2008-10-26 15:07 <REP> d-------- F:\Documents and Settings\Administrateur
2008-10-25 12:23 . 2008-10-15 17:35 337,408 -----c--- F:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-19 08:25 . 2008-10-19 08:25 268 --ah----- F:\sqmdata02.sqm
2008-10-19 08:25 . 2008-10-19 08:25 244 --ah----- F:\sqmnoopt02.sqm
2008-10-17 18:18 . 2008-10-17 18:18 <REP> d-------- F:\Program Files\SoftwarePassport
2008-10-17 18:18 . 2008-10-17 18:18 <REP> d-------- F:\Program Files\Mindscape
2008-10-16 10:32 . 2008-08-14 14:23 2,191,232 -----c--- F:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 10:32 . 2008-08-14 14:23 2,147,328 -----c--- F:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 10:32 . 2008-08-14 14:23 2,068,096 -----c--- F:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 10:32 . 2008-08-14 14:23 2,025,984 -----c--- F:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 10:32 . 2008-09-15 16:26 1,846,528 -----c--- F:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 10:32 . 2008-09-08 11:41 333,824 -----c--- F:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 15:33 . 2008-10-15 15:33 <REP> d-------- F:\Documents and Settings\mic\Saved Games
2008-10-15 15:33 . 2008-10-15 15:33 <REP> d-------- F:\Documents and Settings\mic\Application Data\Flood Light Games
2008-10-15 15:33 . 2008-10-15 15:33 <REP> d-------- F:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-10-15 15:32 . 2008-10-15 15:32 <REP> d-------- F:\Program Files\orange
2008-10-15 15:32 . 2008-10-15 15:32 <REP> d-------- F:\Program Files\Oberon Media
2008-10-15 15:32 . 2008-10-15 15:32 <REP> d-------- F:\Program Files\GamesBar
2008-10-15 15:32 . 2008-10-15 15:32 <REP> d-------- F:\Program Files\Fichiers communs\Oberon Media
2008-10-12 08:20 . 2008-10-27 16:45 <REP> d-a------ F:\Documents and Settings\All Users\Application Data\TEMP
2008-10-03 00:46 . 2008-10-03 00:46 81,920 --a------ F:\WINDOWS\system32\frapsvid.dll
2008-09-15 10:22 . 2008-09-15 10:22 276 --a------ F:\WINDOWS\HUITA.JEU
2008-09-10 14:32 . 2004-08-19 16:09 221,184 --a------ F:\WINDOWS\system32\wmpns.dll
2008-09-09 13:44 . 2008-09-09 13:44 <REP> d-------- F:\WINDOWS\system32\fr
2008-09-09 13:44 . 2008-09-09 13:44 <REP> d-------- F:\WINDOWS\system32\bits
2008-09-09 13:44 . 2008-09-09 13:44 <REP> d-------- F:\WINDOWS\l2schemas
2008-09-09 11:37 . 2008-04-14 03:33 651,264 --------- F:\WINDOWS\system32\dot3ui.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 16:41 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-10-29 16:41 --------- d-----w F:\Program Files\Ubisoft
2008-10-26 13:52 --------- d-----w F:\Documents and Settings\mic\Application Data\uTorrent
2008-10-21 11:55 --------- d-----w F:\Program Files\Lexmark X1100 Series
2008-09-15 15:26 1,846,528 ----a-w F:\WINDOWS\system32\win32k.sys
2008-09-15 09:15 --------- d-----w F:\Program Files\Micro Application
2008-09-08 10:41 333,824 ----a-w F:\WINDOWS\system32\drivers\srv.sys
2008-08-26 08:11 826,368 ----a-w F:\WINDOWS\system32\wininet.dll
2008-08-14 15:09 10,856 --sha-w F:\WINDOWS\system32\KGyGaAvL.sys
2008-08-14 13:23 2,147,328 ----a-w F:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w F:\WINDOWS\system32\ntkrnlpa.exe
2008-08-09 12:26 27,136 ----a-w F:\WINDOWS\~GLH0000.TMP
2008-07-18 20:10 94,920 ----a-w F:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w F:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w F:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w F:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w F:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w F:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w F:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w F:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w F:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w F:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w F:\WINDOWS\system32\es.dll
.
((((((((((((((((((((((((((((( snapshot_2008-10-27_18.03.03.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-27 14:48:14 71,086 ----a-w F:\WINDOWS\system32\perfc009.dat
+ 2008-10-30 16:48:19 71,086 ----a-w F:\WINDOWS\system32\perfc009.dat
- 2008-10-27 14:48:14 85,084 ----a-w F:\WINDOWS\system32\perfc00C.dat
+ 2008-10-30 16:48:19 85,084 ----a-w F:\WINDOWS\system32\perfc00C.dat
- 2008-10-27 14:48:14 423,718 ----a-w F:\WINDOWS\system32\perfh009.dat
+ 2008-10-30 16:48:19 423,718 ----a-w F:\WINDOWS\system32\perfh009.dat
- 2008-10-27 14:48:14 491,694 ----a-w F:\WINDOWS\system32\perfh00C.dat
+ 2008-10-30 16:48:19 491,694 ----a-w F:\WINDOWS\system32\perfh00C.dat
+ 2008-10-30 16:51:22 16,384 ----atw F:\WINDOWS\Temp\Perflib_Perfdata_1fc.dat
+ 2008-10-30 16:51:16 16,384 ----atw F:\WINDOWS\Temp\Perflib_Perfdata_5f4.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]
"avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=F:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=F:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-01-27 11:01 504320 F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 09:12 90112 F:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 03:33 15360 F:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 11:48 157592 F:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 15:48 57344 F:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 F:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 F:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-03 04:46 13529088 F:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-03 04:46 86016 F:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2004-03-11 00:26 406016 F:\WINDOWS\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-02 19:35 155648 F:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
--a------ 2004-12-10 11:49 139264 F:\Program Files\Multimedia Card Reader\shwicon2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-03-03 09:39 6144 F:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 F:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-03 04:46 1630208 F:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-11-14 10:21 16270848 F:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 F:\WINDOWS\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\uTorrent\\utorrent.exe"=
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"F:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"F:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"F:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"F:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"F:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Age Of Empires 2\\empires2.exe"=
"C:\\Age Of Empires 2\\age2_x1.exe"=
"F:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 usbscan;Pilote de scanneur USB;F:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Pilote de stockage de masse USB;F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys [ ]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;F:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6880a02-cc33-11dc-ae5a-0019dbb10b95}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'
2008-10-30 F:\WINDOWS\Tasks\MP Scheduled Scan.job
- F:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 17:54:11
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-30 17:54:50
ComboFix-quarantined-files.txt 2008-10-30 16:54:48
ComboFix2.txt 2008-10-27 17:03:20
ComboFix3.txt 2008-05-28 09:01:04
ComboFix4.txt 2008-05-28 06:01:10
Avant-CF: 51,063,447,552 octets libres
Après-CF: 51,048,079,360 octets libres
298 --- E O F --- 2008-10-29 15:23:17
- JokuHech
- 29-10-2008 22:22:33
Ouvrez Notepad (blocnotes) et copiez ceci dedans.
Code:
Driver:: TDSSserv TDSSSERV.SYS TDSSserv.sys Folder:: F:\SDFix
Sauvegarder le fichier sous le nom de ==> CFScript.txt
Fermer toutes les fenêtres puis glissez le fichier CFScript.txt sur ComboFix.exe
ComboFix doit se lancer tout seul, et faire le travail.
Comment se comporte la machine ?
- mike49
- 28-10-2008 16:43:51
bonjour jokuhech
pour ce qui s'est passé je ne sait pas j'ai lancé combofix, cela a commencé l'analyse puis à détecté un rootkit , combofix à decidé de redémarrer le pc puis à fait son analyse et j'ai finis par avoir le rapport au démarrage suivant, je ne peut rien dire de plus
donc oui mon système est sur F erreur de ma part lors de l'installation de windows, pour ce qui est des partitions C et D musique et photo, E rien pour l'instant
j'ai fait des partitions pour éviter de tous perdre si il y a reformatage du DD
quoi et que faire des 2 pilotes cités plus haut ?
Dans la bagarre avast à été dégagé du démarrage, je vais le réinstaller temporairement, une idée de votre part sur AVG antivirus et firewall ?
merci et @+
mike
- JokuHech
- 27-10-2008 21:41:12
ComboFix2.txt 2008-05-28 09:01:04
ComboFix3.txt 2008-05-28 06:01:10
Vous pouvez m'expliquer ce qui s'est passé ?
Avez-vous eu une récupération système ? Suite à plantage, au reboot, il arrive que windows informe l'utilisateur qu'il a récupéré d'une erreur sérieuse.
En dehors de 2 pilotes inscrits, je ne vois plus rien.
Votre système est installé sur une partition F:
puis-je savoir ce qui se trouve sur C: ; D: ; E: ?
- mike49
- 27-10-2008 18:56:46
ouf, bon courage pour la lecture
donc pour mon cas je suis en xp sp3, mon fai est alice avec une alicebox hitachi mais je ne pense pas qu'il y ai un pare-feu la box est relié à un hub car j'ai deux pc de connecté à internet
nier que je télécharge serais grotesque, j'utilise µtorrent mais pour etre honnete vraiment de façon très rare car je cherche des series que les chaines française ne diffusent plus (stargate par exemple)
merci et @+
- mike49
- 27-10-2008 18:50:33
+ 2006-12-01 20:40:12 113,152 ----a-w F:\WINDOWS\WinSxS\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_fdbc5a54\ATL80.dll
+ 2006-12-01 20:37:42 516,096 ----a-w F:\WINDOWS\WinSxS\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_9d1c6ce0\msvcm80.dll
+ 2006-12-01 20:39:00 1,061,376 ----a-w F:\WINDOWS\WinSxS\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_9d1c6ce0\msvcp80.dll
+ 2006-12-01 20:36:20 796,672 ----a-w F:\WINDOWS\WinSxS\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_9d1c6ce0\msvcr80.dll
+ 2006-12-01 21:13:02 1,656,320 ----a-w F:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6e02dfe5\mfc80.dll
+ 2006-12-01 21:14:52 1,652,736 ----a-w F:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6e02dfe5\mfc80u.dll
+ 2006-12-01 21:16:26 65,536 ----a-w F:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6e02dfe5\mfcm80.dll
+ 2006-12-01 21:16:42 64,000 ----a-w F:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6e02dfe5\mfcm80u.dll
+ 2006-12-01 21:15:16 33,280 ----a-w F:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_c351f8e3\mfc80CHS.dll
+ 2006-12-01 21:15:16 33,792 ----a-w F:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_c351f8e3\mfc80CHT.dll
+ 2006-12-01 21:15:16 54,272 ----a-w F:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_c351f8e3\mfc80DEU.dll
+ 2006-12-01 21:15:16 47,104 ----a-w F:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_c351f8e3\mfc80ENU.dll
+ 2006-12-01 21:15:16 51,712 ----a-w F:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_c351f8e3\mfc80ESP.dll
+ 2006-12-01 21:15:16 52,736 ----a-w F:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_c351f8e3\mfc80FRA.dll
+ 2006-12-01 21:15:16 52,224 ----a-w F:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_c351f8e3\mfc80ITA.dll
+ 2006-12-01 21:15:16 38,912 ----a-w F:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_c351f8e3\mfc80JPN.dll
+ 2006-12-01 21:15:16 38,400 ----a-w F:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_c351f8e3\mfc80KOR.dll
+ 2006-12-01 21:20:46 87,552 ----a-w F:\WINDOWS\WinSxS\amd64_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_9e223a7a\vcomp.dll
- 2007-01-19 12:51:03 74,802 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2008-04-14 02:30:54 74,802 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
- 2007-01-19 12:51:04 995,383 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
+ 2008-04-14 02:30:54 995,383 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
- 2007-01-19 12:51:04 1,011,774 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
+ 2008-04-14 02:30:54 1,011,774 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
- 2007-01-19 12:51:04 401,462 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
+ 2008-04-14 02:30:54 401,462 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
+ 2006-12-01 22:46:44 65,536 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2008-04-14 02:30:54 1,054,208 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
+ 2008-04-14 02:30:54 57,344 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
+ 2008-04-14 02:30:54 343,040 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
+ 2008-04-14 02:30:53 1,724,416 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll
+ 2008-04-15 17:49:31 1,724,416 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
- 2004-08-19 15:07:58 852,992 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
+ 2008-04-14 02:30:54 852,992 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
- 2004-08-19 15:07:58 994,816 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
+ 2008-04-14 02:30:54 994,816 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
- 2004-08-19 15:07:58 137,728 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d\rtcres.dll
+ 2008-04-14 02:05:53 137,728 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d\rtcres.dll
- 2000-08-31 06:00:00 68,096 ----a-w F:\WINDOWS\zip.exe
+ 2000-08-31 07:00:00 68,096 ----a-w F:\WINDOWS\zip.exe
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=F:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=F:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-01-27 11:01 504320 F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 09:12 90112 F:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 03:33 15360 F:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 11:48 157592 F:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 15:48 57344 F:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 F:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 F:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-03 04:46 13529088 F:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-03 04:46 86016 F:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2004-03-11 00:26 406016 F:\WINDOWS\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-02 19:35 155648 F:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
--a------ 2004-12-10 11:49 139264 F:\Program Files\Multimedia Card Reader\shwicon2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-03-03 09:39 6144 F:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 F:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-03 04:46 1630208 F:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-11-14 10:21 16270848 F:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 F:\WINDOWS\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\uTorrent\\utorrent.exe"=
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"F:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"F:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"F:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"F:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"F:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Age Of Empires 2\\empires2.exe"=
"C:\\Age Of Empires 2\\age2_x1.exe"=
"F:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 usbscan;Pilote de scanneur USB;F:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Pilote de stockage de masse USB;F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys [ ]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;F:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6880a02-cc33-11dc-ae5a-0019dbb10b95}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'
2008-10-27 F:\WINDOWS\Tasks\MP Scheduled Scan.job
- F:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - F:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
MSConfigStartUp-NBKeyScan - F:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-brastk - brastk.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - F:\Documents and Settings\mic\Application Data\Mozilla\Firefox\Profiles\fwv9zwua.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
FF -: plugin - F:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - F:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 18:00:31
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
F:\Program Files\Windows Defender\MsMpEng.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\LEXPPS.EXE
F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-10-27 18:03:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-27 17:03:16
ComboFix2.txt 2008-05-28 09:01:04
ComboFix3.txt 2008-05-28 06:01:10
Avant-CF: 47,988,404,224 octets libres
Après-CF: 48,038,801,408 octets libres
9401 --- E O F --- 2008-10-26 07:51:42
- mike49
- 27-10-2008 18:49:03
- 2004-08-19 15:09:42 13,824 ----a-w F:\WINDOWS\system32\sigtab.dll
+ 2008-04-14 02:33:41 13,824 ----a-w F:\WINDOWS\system32\sigtab.dll
- 2004-08-19 15:10:04 71,168 ----a-w F:\WINDOWS\system32\sigverif.exe
+ 2008-04-14 02:34:21 71,168 ----a-w F:\WINDOWS\system32\sigverif.exe
- 2004-08-19 15:10:04 26,112 ----a-w F:\WINDOWS\system32\skeys.exe
+ 2008-04-14 02:34:21 26,112 ----a-w F:\WINDOWS\system32\skeys.exe
- 2004-08-19 15:09:42 25,600 ----a-w F:\WINDOWS\system32\slayerxp.dll
+ 2008-04-14 02:33:41 25,600 ----a-w F:\WINDOWS\system32\slayerxp.dll
- 2004-08-19 15:09:42 98,304 ----a-w F:\WINDOWS\system32\slbiop.dll
+ 2008-04-14 02:33:41 98,304 ----a-w F:\WINDOWS\system32\slbiop.dll
- 2004-08-19 15:09:42 73,832 ------w F:\WINDOWS\system32\slcoinst.dll
+ 2008-04-14 02:33:41 73,832 ------w F:\WINDOWS\system32\slcoinst.dll
- 2004-08-19 15:09:42 286,792 ------w F:\WINDOWS\system32\slextspk.dll
+ 2008-04-14 02:33:41 286,792 ------w F:\WINDOWS\system32\slextspk.dll
- 2004-08-19 15:09:42 188,508 ------w F:\WINDOWS\system32\slgen.dll
+ 2008-04-14 02:33:41 188,508 ------w F:\WINDOWS\system32\slgen.dll
- 2004-08-19 15:10:04 32,866 ------w F:\WINDOWS\system32\slrundll.exe
+ 2008-04-14 02:34:22 32,866 ------w F:\WINDOWS\system32\slrundll.exe
- 2004-08-19 15:10:04 73,796 ------w F:\WINDOWS\system32\slserv.exe
+ 2008-04-14 02:34:22 73,796 ------w F:\WINDOWS\system32\slserv.exe
- 2004-08-19 15:10:04 8,192 ------w F:\WINDOWS\system32\smbinst.exe
+ 2008-04-14 02:34:22 8,192 ------w F:\WINDOWS\system32\smbinst.exe
- 2004-08-19 15:09:42 370,688 ----a-w F:\WINDOWS\system32\smlogcfg.dll
+ 2008-04-14 02:33:41 370,176 ----a-w F:\WINDOWS\system32\smlogcfg.dll
- 2004-08-19 15:10:04 93,184 ----a-w F:\WINDOWS\system32\smlogsvc.exe
+ 2008-04-14 02:34:22 93,184 ----a-w F:\WINDOWS\system32\smlogsvc.exe
- 2004-08-19 15:10:04 50,688 ----a-w F:\WINDOWS\system32\smss.exe
+ 2008-04-14 02:34:22 50,688 ----a-w F:\WINDOWS\system32\smss.exe
- 2004-08-19 15:10:04 133,120 ----a-w F:\WINDOWS\system32\sndrec32.exe
+ 2008-04-14 02:34:22 133,120 ----a-w F:\WINDOWS\system32\sndrec32.exe
- 2004-08-19 15:09:44 18,944 ----a-w F:\WINDOWS\system32\snmpapi.dll
+ 2008-04-14 02:33:41 18,944 ----a-w F:\WINDOWS\system32\snmpapi.dll
- 2004-08-19 15:09:44 184,320 ----a-w F:\WINDOWS\system32\snmpsnap.dll
+ 2008-04-14 02:33:41 184,320 ----a-w F:\WINDOWS\system32\snmpsnap.dll
+ 2008-07-18 20:10:20 36,552 ----a-w F:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 20:10:40 45,768 ----a-w F:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
- 2003-04-24 12:00:00 25,088 ----a-w F:\WINDOWS\system32\sort.exe
+ 2008-04-14 02:34:22 26,112 ----a-w F:\WINDOWS\system32\sort.exe
- 2004-08-19 15:10:04 8,192 ----a-w F:\WINDOWS\system32\spdwnwxp.exe
+ 2008-04-14 02:34:22 7,680 ----a-w F:\WINDOWS\system32\spdwnwxp.exe
- 2004-08-19 15:10:04 539,136 ----a-w F:\WINDOWS\system32\spider.exe
+ 2008-04-14 02:34:23 539,136 ----a-w F:\WINDOWS\system32\spider.exe
- 2006-09-25 15:58:48 14,640 ------w F:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w F:\WINDOWS\system32\spmsg.dll
- 2004-08-19 15:10:04 11,776 ------w F:\WINDOWS\system32\spnpinst.exe
+ 2008-04-13 17:34:24 11,264 ------w F:\WINDOWS\system32\spnpinst.exe
- 2003-06-19 00:31:44 758,784 ----a-w F:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2007-04-09 11:24:04 758,664 ----a-w F:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2003-06-19 00:31:46 35,328 ----a-w F:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2007-04-09 11:23:58 46,472 ----a-w F:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
- 2003-06-19 00:31:44 758,784 ----a-w F:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-04-09 11:24:04 758,664 ----a-w F:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
- 2003-06-19 00:31:46 35,328 ----a-w F:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-04-09 11:23:58 46,472 ----a-w F:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
- 2003-06-19 00:31:48 18,944 ----a-w F:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-04-09 11:23:54 28,552 ----a-w F:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
- 2004-08-19 15:09:44 74,752 ----a-w F:\WINDOWS\system32\spoolss.dll
+ 2008-04-14 02:33:41 75,264 ----a-w F:\WINDOWS\system32\spoolss.dll
- 2005-06-10 23:53:32 57,856 ----a-w F:\WINDOWS\system32\spoolsv.exe
+ 2008-04-14 02:34:23 57,856 ----a-w F:\WINDOWS\system32\spoolsv.exe
- 2006-09-25 15:58:48 23,856 ----a-w F:\WINDOWS\system32\spupdsvc.exe
+ 2007-08-10 06:18:14 26,488 ----a-w F:\WINDOWS\system32\spupdsvc.exe
- 2004-08-19 15:10:04 21,504 ------w F:\WINDOWS\system32\spupdwxp.exe
+ 2008-04-14 02:34:23 20,992 ------w F:\WINDOWS\system32\spupdwxp.exe
- 2004-08-19 15:09:46 442,368 ----a-w F:\WINDOWS\system32\sqlsrv32.dll
+ 2008-04-14 02:33:46 442,368 ----a-w F:\WINDOWS\system32\sqlsrv32.dll
- 2004-08-19 15:09:46 180,800 ----a-w F:\WINDOWS\system32\sqlunirl.dll
+ 2008-04-14 02:33:46 180,800 ----a-w F:\WINDOWS\system32\sqlunirl.dll
- 2004-08-19 15:09:46 67,584 ----a-w F:\WINDOWS\system32\srclient.dll
+ 2008-04-14 02:33:46 67,584 ----a-w F:\WINDOWS\system32\srclient.dll
- 2004-08-19 15:09:46 241,664 ----a-w F:\WINDOWS\system32\srrstr.dll
+ 2008-04-14 02:33:46 241,664 ----a-w F:\WINDOWS\system32\srrstr.dll
- 2004-08-19 15:09:46 171,008 ----a-w F:\WINDOWS\system32\srsvc.dll
+ 2008-04-14 02:33:46 171,520 ----a-w F:\WINDOWS\system32\srsvc.dll
- 2004-12-07 19:34:00 96,768 ----a-w F:\WINDOWS\system32\srvsvc.dll
+ 2008-04-14 02:33:46 96,768 ----a-w F:\WINDOWS\system32\srvsvc.dll
- 2004-08-19 15:10:08 708,608 ----a-w F:\WINDOWS\system32\ss3dfo.scr
+ 2008-04-14 02:34:32 708,608 ----a-w F:\WINDOWS\system32\ss3dfo.scr
- 2004-08-19 15:10:08 19,968 ----a-w F:\WINDOWS\system32\ssbezier.scr
+ 2008-04-14 02:34:32 19,968 ----a-w F:\WINDOWS\system32\ssbezier.scr
- 2004-08-19 15:09:46 34,816 ----a-w F:\WINDOWS\system32\ssdpapi.dll
+ 2008-04-14 02:33:46 34,816 ----a-w F:\WINDOWS\system32\ssdpapi.dll
- 2004-08-19 15:09:46 71,680 ----a-w F:\WINDOWS\system32\ssdpsrv.dll
+ 2008-04-14 02:33:46 71,680 ----a-w F:\WINDOWS\system32\ssdpsrv.dll
- 2004-08-19 15:10:08 393,216 ----a-w F:\WINDOWS\system32\ssflwbox.scr
+ 2008-04-14 02:34:32 393,216 ----a-w F:\WINDOWS\system32\ssflwbox.scr
- 2004-08-19 15:10:08 20,992 ----a-w F:\WINDOWS\system32\ssmarque.scr
+ 2008-04-14 02:34:33 20,992 ----a-w F:\WINDOWS\system32\ssmarque.scr
- 2004-08-19 15:10:08 47,104 ----a-w F:\WINDOWS\system32\ssmypics.scr
+ 2008-04-14 02:34:33 47,104 ----a-w F:\WINDOWS\system32\ssmypics.scr
- 2004-08-19 15:10:08 18,944 ----a-w F:\WINDOWS\system32\ssmyst.scr
+ 2008-04-14 02:34:33 18,944 ----a-w F:\WINDOWS\system32\ssmyst.scr
- 2004-08-19 15:10:08 610,304 ----a-w F:\WINDOWS\system32\sspipes.scr
+ 2008-04-14 02:34:33 610,304 ----a-w F:\WINDOWS\system32\sspipes.scr
- 2004-08-19 15:10:08 14,336 ----a-w F:\WINDOWS\system32\ssstars.scr
+ 2008-04-14 02:34:33 14,336 ----a-w F:\WINDOWS\system32\ssstars.scr
- 2004-08-19 15:10:08 684,032 ----a-w F:\WINDOWS\system32\sstext3d.scr
+ 2008-04-14 02:34:33 684,032 ----a-w F:\WINDOWS\system32\sstext3d.scr
- 2003-04-24 12:00:00 54,272 ----a-w F:\WINDOWS\system32\stclient.dll
+ 2008-04-14 02:33:46 59,392 ----a-w F:\WINDOWS\system32\stclient.dll
- 2004-08-19 15:09:46 68,096 ----a-w F:\WINDOWS\system32\sti.dll
+ 2008-04-14 02:33:46 68,608 ----a-w F:\WINDOWS\system32\sti.dll
- 2004-08-19 15:09:46 138,240 ----a-w F:\WINDOWS\system32\sti_ci.dll
+ 2008-04-14 02:33:46 138,240 ----a-w F:\WINDOWS\system32\sti_ci.dll
- 2004-08-19 15:10:04 14,848 ----a-w F:\WINDOWS\system32\stimon.exe
+ 2008-04-14 02:34:23 14,848 ----a-w F:\WINDOWS\system32\stimon.exe
- 2004-08-19 15:09:46 122,368 ----a-w F:\WINDOWS\system32\stobject.dll
+ 2008-04-14 02:33:46 122,368 ----a-w F:\WINDOWS\system32\stobject.dll
- 2004-08-19 15:09:46 76,800 ----a-w F:\WINDOWS\system32\storprop.dll
+ 2008-04-14 02:33:46 76,800 ----a-w F:\WINDOWS\system32\storprop.dll
+ 2005-08-18 13:53:56 57,344 ------w F:\WINDOWS\system32\StreamIO.dll
- 2006-08-24 12:19:40 246,814 ----a-w F:\WINDOWS\system32\strmdll.dll
+ 2008-04-14 02:33:46 246,814 ----a-w F:\WINDOWS\system32\strmdll.dll
- 2004-08-19 15:09:46 75,776 ------w F:\WINDOWS\system32\strmfilt.dll
+ 2008-04-14 02:33:46 75,776 ----a-w F:\WINDOWS\system32\strmfilt.dll
- 2004-08-19 15:10:04 14,336 ----a-w F:\WINDOWS\system32\svchost.exe
+ 2008-04-14 02:34:23 14,336 ----a-w F:\WINDOWS\system32\svchost.exe
- 2006-10-20 01:38:44 716,800 ----a-w F:\WINDOWS\system32\sxs.dll
+ 2008-04-14 02:33:46 716,800 ----a-w F:\WINDOWS\system32\sxs.dll
- 2004-08-19 15:09:46 57,856 ----a-w F:\WINDOWS\system32\synceng.dll
+ 2008-04-14 02:33:46 57,856 ----a-w F:\WINDOWS\system32\synceng.dll
- 2004-08-19 15:09:46 197,120 ----a-w F:\WINDOWS\system32\syncui.dll
+ 2008-04-14 02:33:46 197,120 ----a-w F:\WINDOWS\system32\syncui.dll
- 2004-08-19 15:10:04 107,520 ----a-w F:\WINDOWS\system32\sysocmgr.exe
+ 2008-04-14 02:34:24 107,520 ----a-w F:\WINDOWS\system32\sysocmgr.exe
- 2004-08-19 15:09:46 1,005,056 ----a-w F:\WINDOWS\system32\syssetup.dll
+ 2008-04-14 02:33:46 1,013,248 ----a-w F:\WINDOWS\system32\syssetup.dll
- 2005-10-17 21:21:08 118,272 ----a-w F:\WINDOWS\system32\t2embed.dll
+ 2008-04-14 02:33:46 117,760 ----a-w F:\WINDOWS\system32\t2embed.dll
- 2004-08-19 15:09:48 860,160 ----a-w F:\WINDOWS\system32\tapi3.dll
+ 2008-04-14 02:33:46 860,160 ----a-w F:\WINDOWS\system32\tapi3.dll
- 2004-08-19 15:09:48 181,760 ----a-w F:\WINDOWS\system32\tapi32.dll
+ 2008-04-14 02:33:46 181,760 ----a-w F:\WINDOWS\system32\tapi32.dll
- 2005-07-08 16:28:58 249,344 ----a-w F:\WINDOWS\system32\tapisrv.dll
+ 2008-04-14 02:33:46 249,856 ----a-w F:\WINDOWS\system32\tapisrv.dll
- 2004-08-19 15:10:04 143,360 ----a-w F:\WINDOWS\system32\taskmgr.exe
+ 2008-04-14 02:34:25 143,360 ----a-w F:\WINDOWS\system32\taskmgr.exe
- 2004-08-19 15:09:48 14,848 ----a-w F:\WINDOWS\system32\tcpmib.dll
+ 2008-04-14 02:33:46 14,848 ----a-w F:\WINDOWS\system32\tcpmib.dll
- 2004-08-19 15:09:48 46,592 ----a-w F:\WINDOWS\system32\tcpmon.dll
+ 2008-04-14 02:33:46 46,592 ----a-w F:\WINDOWS\system32\tcpmon.dll
- 2004-08-19 15:09:48 47,104 ----a-w F:\WINDOWS\system32\tcpmonui.dll
+ 2008-04-14 02:33:46 47,104 ----a-w F:\WINDOWS\system32\tcpmonui.dll
- 2005-05-11 02:30:03 78,336 ----a-w F:\WINDOWS\system32\telnet.exe
+ 2008-04-14 02:34:25 78,336 ----a-w F:\WINDOWS\system32\telnet.exe
- 2004-08-19 15:09:48 358,912 ----a-w F:\WINDOWS\system32\termmgr.dll
+ 2008-04-14 02:33:46 358,912 ----a-w F:\WINDOWS\system32\termmgr.dll
- 2004-08-19 15:09:48 297,984 ----a-w F:\WINDOWS\system32\termsrv.dll
+ 2008-04-14 02:33:46 297,984 ----a-w F:\WINDOWS\system32\termsrv.dll
- 2004-08-19 15:09:48 391,168 ----a-w F:\WINDOWS\system32\themeui.dll
+ 2008-04-14 02:33:46 391,168 ----a-w F:\WINDOWS\system32\themeui.dll
- 2004-08-19 15:10:04 347,136 ----a-w F:\WINDOWS\system32\tourstart.exe
+ 2008-04-14 02:34:25 347,136 ----a-w F:\WINDOWS\system32\tourstart.exe
- 2004-08-19 15:10:04 13,312 ----a-w F:\WINDOWS\system32\tracert.exe
+ 2008-04-14 02:34:25 13,312 ----a-w F:\WINDOWS\system32\tracert.exe
- 2003-04-24 12:00:00 11,264 ----a-w F:\WINDOWS\system32\tree.com
+ 2008-04-14 02:34:31 12,800 ----a-w F:\WINDOWS\system32\tree.com
- 2004-08-19 15:09:48 90,624 ----a-w F:\WINDOWS\system32\trkwks.dll
+ 2008-04-14 02:33:46 90,112 ----a-w F:\WINDOWS\system32\trkwks.dll
- 2004-08-19 15:09:48 94,208 ----a-w F:\WINDOWS\system32\tscfgwmi.dll
+ 2008-04-14 02:33:46 94,208 ----a-w F:\WINDOWS\system32\tscfgwmi.dll
- 2004-08-19 15:10:20 12,168 ----a-w F:\WINDOWS\system32\tsddd.dll
+ 2008-04-14 02:34:53 12,168 ----a-w F:\WINDOWS\system32\tsddd.dll
+ 2008-04-14 02:33:46 53,248 ------w F:\WINDOWS\system32\tsgqec.dll
+ 2008-04-14 02:33:46 50,688 ------w F:\WINDOWS\system32\tspkg.dll
- 2004-08-19 15:09:48 44,032 ------w F:\WINDOWS\system32\twext.dll
+ 2008-04-14 02:33:47 57,856 ------w F:\WINDOWS\system32\twext.dll
- 2005-07-26 04:40:00 101,376 ----a-w F:\WINDOWS\system32\txflog.dll
+ 2008-04-14 02:33:47 101,376 ----a-w F:\WINDOWS\system32\txflog.dll
- 2007-11-13 11:31:11 60,416 ------w F:\WINDOWS\system32\tzchange.exe
+ 2008-04-14 02:34:25 60,416 ------w F:\WINDOWS\system32\tzchange.exe
- 2004-08-19 15:09:48 25,600 ----a-w F:\WINDOWS\system32\udhisapi.dll
+ 2008-04-14 02:33:47 26,624 ----a-w F:\WINDOWS\system32\udhisapi.dll
- 2004-08-19 15:09:48 311,808 ----a-w F:\WINDOWS\system32\ulib.dll
+ 2008-04-14 02:33:47 311,808 ----a-w F:\WINDOWS\system32\ulib.dll
- 2004-08-19 15:09:48 36,864 ----a-w F:\WINDOWS\system32\umandlg.dll
+ 2008-04-14 02:33:47 36,864 ----a-w F:\WINDOWS\system32\umandlg.dll
- 2005-08-23 03:39:36 124,928 ----a-w F:\WINDOWS\system32\umpnpmgr.dll
+ 2008-04-14 02:33:47 124,928 ----a-w F:\WINDOWS\system32\umpnpmgr.dll
- 2004-08-19 15:09:48 78,848 ----a-w F:\WINDOWS\system32\unimdmat.dll
+ 2008-04-14 02:33:47 78,848 ----a-w F:\WINDOWS\system32\unimdmat.dll
- 2004-08-19 15:09:48 13,824 ----a-w F:\WINDOWS\system32\uniplat.dll
+ 2008-04-14 02:33:47 13,824 ----a-w F:\WINDOWS\system32\uniplat.dll
- 2004-08-19 15:09:48 316,416 ----a-w F:\WINDOWS\system32\untfs.dll
+ 2008-04-14 02:33:47 316,416 ----a-w F:\WINDOWS\system32\untfs.dll
- 2004-08-19 15:09:48 132,608 ----a-w F:\WINDOWS\system32\upnp.dll
+ 2008-04-14 02:33:47 133,632 ----a-w F:\WINDOWS\system32\upnp.dll
- 2004-08-19 15:10:04 16,896 ----a-w F:\WINDOWS\system32\upnpcont.exe
+ 2008-04-14 02:34:26 16,896 ----a-w F:\WINDOWS\system32\upnpcont.exe
- 2007-02-05 20:19:06 185,344 ----a-w F:\WINDOWS\system32\upnphost.dll
+ 2008-04-14 02:33:48 186,368 ----a-w F:\WINDOWS\system32\upnphost.dll
- 2004-08-19 15:09:48 240,128 ----a-w F:\WINDOWS\system32\upnpui.dll
+ 2008-04-14 02:33:48 240,128 ----a-w F:\WINDOWS\system32\upnpui.dll
- 2004-08-19 15:10:04 18,432 ----a-w F:\WINDOWS\system32\ups.exe
+ 2008-04-14 02:34:26 18,432 ----a-w F:\WINDOWS\system32\ups.exe
- 2008-03-01 12:58:10 105,984 ----a-w F:\WINDOWS\system32\url.dll
+ 2008-08-26 08:11:52 105,984 ----a-w F:\WINDOWS\system32\url.dll
- 2008-03-01 12:58:10 1,159,680 ----a-w F:\WINDOWS\system32\urlmon.dll
+ 2008-08-26 08:11:53 1,159,680 ----a-w F:\WINDOWS\system32\urlmon.dll
- 2004-08-19 15:09:48 16,896 ----a-w F:\WINDOWS\system32\usbmon.dll
+ 2008-04-14 02:33:48 16,896 ----a-w F:\WINDOWS\system32\usbmon.dll
- 2004-08-19 15:09:48 77,312 ----a-w F:\WINDOWS\system32\usbui.dll
+ 2008-04-14 02:33:48 77,312 ----a-w F:\WINDOWS\system32\usbui.dll
- 2007-03-08 15:37:50 578,560 ----a-w F:\WINDOWS\system32\user32.dll
+ 2008-04-14 02:33:48 579,584 ----a-w F:\WINDOWS\system32\user32.dll
- 2004-08-19 15:09:48 731,136 ----a-w F:\WINDOWS\system32\userenv.dll
+ 2008-04-14 02:33:48 734,720 ----a-w F:\WINDOWS\system32\userenv.dll
- 2004-08-19 15:10:04 25,088 ----a-w F:\WINDOWS\system32\userinit.exe
+ 2008-04-14 02:34:26 26,624 ----a-w F:\WINDOWS\system32\userinit.exe
+ 2008-04-13 16:44:16 17,920 ------w F:\WINDOWS\system32\usmt\cobramsg.dll
- 2004-08-19 15:09:28 125,440 ----a-w F:\WINDOWS\system32\usmt\guitrn.dll
+ 2008-04-14 02:33:26 134,656 ----a-w F:\WINDOWS\system32\usmt\guitrn.dll
+ 2008-04-14 02:33:26 115,712 ------w F:\WINDOWS\system32\usmt\guitrna.dll
- 2004-08-19 15:09:28 4,096 ----a-w F:\WINDOWS\system32\usmt\iconlib.dll
+ 2008-04-13 16:44:29 2,560 ----a-w F:\WINDOWS\system32\usmt\iconlib.dll
- 2004-08-19 15:09:32 19,968 ----a-w F:\WINDOWS\system32\usmt\log.dll
+ 2008-04-14 02:33:28 19,968 ----a-w F:\WINDOWS\system32\usmt\log.dll
- 2004-08-19 15:09:32 201,216 ----a-w F:\WINDOWS\system32\usmt\migism.dll
+ 2008-04-14 02:33:29 274,432 ----a-w F:\WINDOWS\system32\usmt\migism.dll
+ 2008-04-14 02:33:29 261,120 ------w F:\WINDOWS\system32\usmt\migisma.dll
- 2004-08-19 15:09:56 103,936 ----a-w F:\WINDOWS\system32\usmt\migload.exe
+ 2008-04-14 02:34:10 104,448 ----a-w F:\WINDOWS\system32\usmt\migload.exe
- 2004-08-19 15:09:56 246,784 ----a-w F:\WINDOWS\system32\usmt\migwiz.exe
+ 2008-04-14 02:34:11 251,904 ----a-w F:\WINDOWS\system32\usmt\migwiz.exe
+ 2008-04-14 02:34:11 247,808 ------w F:\WINDOWS\system32\usmt\migwiza.exe
- 2004-08-19 15:09:40 204,800 ----a-w F:\WINDOWS\system32\usmt\script.dll
+ 2008-04-14 02:33:40 217,600 ----a-w F:\WINDOWS\system32\usmt\script.dll
+ 2008-04-14 02:33:40 201,216 ------w F:\WINDOWS\system32\usmt\scripta.dll
- 2004-08-19 15:09:46 169,472 ----a-w F:\WINDOWS\system32\usmt\sysmod.dll
+ 2008-04-14 02:33:46 193,536 ----a-w F:\WINDOWS\system32\usmt\sysmod.dll
+ 2008-04-14 02:33:46 173,568 ------w F:\WINDOWS\system32\usmt\sysmoda.dll
- 2004-08-19 15:09:48 406,528 ----a-w F:\WINDOWS\system32\usp10.dll
+ 2008-04-14 02:33:48 406,016 ----a-w F:\WINDOWS\system32\usp10.dll
- 2004-08-19 15:10:04 50,176 ----a-w F:\WINDOWS\system32\utilman.exe
+ 2008-04-14 02:34:26 50,176 ----a-w F:\WINDOWS\system32\utilman.exe
- 2004-08-19 15:09:48 219,648 ----a-w F:\WINDOWS\system32\uxtheme.dll
+ 2008-04-14 02:33:48 219,648 ----a-w F:\WINDOWS\system32\uxtheme.dll
+ 1998-06-30 13:14:48 78,608 ----a-w F:\WINDOWS\system32\VB5DB.DLL
- 2004-08-19 15:09:48 30,749 ----a-w F:\WINDOWS\system32\vbajet32.dll
+ 2008-04-14 02:33:48 30,749 ----a-w F:\WINDOWS\system32\vbajet32.dll
+ 1998-06-30 14:13:12 368,912 ----a-w F:\WINDOWS\system32\vbar332.dll
- 2007-08-13 17:54:10 413,696 ----a-w F:\WINDOWS\system32\vbscript.dll
+ 2008-05-09 10:55:00 430,080 ----a-w F:\WINDOWS\system32\vbscript.dll
- 2004-08-19 15:09:48 26,112 ----a-w F:\WINDOWS\system32\vdmdbg.dll
+ 2008-04-14 02:33:48 26,112 ----a-w F:\WINDOWS\system32\vdmdbg.dll
- 2004-08-19 15:09:48 51,712 ----a-w F:\WINDOWS\system32\vdmredir.dll
+ 2008-04-14 02:33:48 51,712 ----a-w F:\WINDOWS\system32\vdmredir.dll
- 2006-03-17 00:38:01 28,672 ------w F:\WINDOWS\system32\verclsid.exe
+ 2008-04-14 02:34:26 28,672 ------w F:\WINDOWS\system32\verclsid.exe
- 2003-04-24 12:00:00 13,312 ----a-w F:\WINDOWS\system32\verifier.dll
+ 2008-04-14 02:33:48 26,624 ----a-w F:\WINDOWS\system32\verifier.dll
- 2004-08-19 15:09:48 18,944 ----a-w F:\WINDOWS\system32\version.dll
+ 2008-04-14 02:33:48 18,944 ----a-w F:\WINDOWS\system32\version.dll
- 2006-02-19 17:26:20 83,720 ----a-w F:\WINDOWS\system32\vsdata.dll
+ 2006-06-20 21:32:20 83,960 ----a-w F:\WINDOWS\system32\vsdata.dll
- 2006-02-19 17:26:24 372,816 ----a-w F:\WINDOWS\system32\vsdatant.sys
+ 2006-06-20 21:33:10 394,872 ----a-w F:\WINDOWS\system32\vsdatant.sys
- 2004-08-19 15:09:48 430,592 ----a-w F:\WINDOWS\system32\vssapi.dll
+ 2008-04-14 02:33:48 430,592 ----a-w F:\WINDOWS\system32\vssapi.dll
- 2004-08-19 15:10:04 295,424 ----a-w F:\WINDOWS\system32\vssvc.exe
+ 2008-04-14 02:34:26 295,424 ----a-w F:\WINDOWS\system32\vssvc.exe
- 2004-08-19 15:09:48 177,664 ----a-w F:\WINDOWS\system32\w32time.dll
+ 2008-04-14 02:33:48 178,176 ----a-w F:\WINDOWS\system32\w32time.dll
- 2004-08-19 15:09:48 15,872 ------w F:\WINDOWS\system32\w3ssl.dll
+ 2008-04-14 02:33:48 15,872 ----a-w F:\WINDOWS\system32\w3ssl.dll
- 2004-08-03 22:07:34 17,664 ----a-w F:\WINDOWS\system32\watchdog.sys
+ 2008-04-13 18:44:59 17,664 ----a-w F:\WINDOWS\system32\watchdog.sys
- 2003-04-24 12:00:00 208,896 ----a-w F:\WINDOWS\system32\wavemsp.dll
+ 2008-04-14 02:33:48 215,552 ----a-w F:\WINDOWS\system32\wavemsp.dll
- 2004-08-19 15:09:22 1,352,704 ----a-w F:\WINDOWS\system32\wbem\cimwin32.dll
+ 2008-04-14 02:33:20 1,359,360 ----a-w F:\WINDOWS\system32\wbem\cimwin32.dll
- 2004-08-19 15:09:26 247,808 ----a-w F:\WINDOWS\system32\wbem\esscli.dll
+ 2008-04-14 02:33:24 247,808 ----a-w F:\WINDOWS\system32\wbem\esscli.dll
- 2004-08-19 15:09:26 22,016 ----a-w F:\WINDOWS\system32\wbem\evntrprv.dll
+ 2008-04-14 02:33:24 21,504 ----a-w F:\WINDOWS\system32\wbem\evntrprv.dll
- 2004-08-19 15:09:26 472,064 ----a-w F:\WINDOWS\system32\wbem\fastprox.dll
+ 2008-04-14 02:33:24 472,064 ----a-w F:\WINDOWS\system32\wbem\fastprox.dll
- 2004-08-19 15:09:28 185,856 ----a-w F:\WINDOWS\system32\wbem\framedyn.dll
+ 2008-04-14 02:33:25 185,344 ----a-w F:\WINDOWS\system32\wbem\framedyn.dll
- 2004-08-19 15:09:32 24,576 ----a-w F:\WINDOWS\system32\wbem\krnlprov.dll
+ 2008-04-14 02:33:28 24,576 ----a-w F:\WINDOWS\system32\wbem\krnlprov.dll
- 2004-08-19 15:09:58 16,896 ----a-w F:\WINDOWS\system32\wbem\mofcomp.exe
+ 2008-04-14 02:34:11 16,896 ----a-w F:\WINDOWS\system32\wbem\mofcomp.exe
- 2004-08-19 15:09:32 124,928 ----a-w F:\WINDOWS\system32\wbem\mofd.dll
+ 2008-04-14 02:33:30 124,928 ----a-w F:\WINDOWS\system32\wbem\mofd.dll
- 2004-08-19 15:09:36 47,104 ----a-w F:\WINDOWS\system32\wbem\ncprov.dll
+ 2008-04-14 02:33:34 47,104 ----a-w F:\WINDOWS\system32\wbem\ncprov.dll
- 2004-08-19 15:09:38 212,992 ----a-w F:\WINDOWS\system32\wbem\ntevt.dll
+ 2008-04-14 02:33:36 212,992 ----a-w F:\WINDOWS\system32\wbem\ntevt.dll
- 2004-08-19 15:09:40 237,056 ----a-w F:\WINDOWS\system32\wbem\provthrd.dll
+ 2008-04-14 02:33:38 237,056 ----a-w F:\WINDOWS\system32\wbem\provthrd.dll
- 2004-08-19 15:09:40 177,152 ----a-w F:\WINDOWS\system32\wbem\repdrvfs.dll
+ 2008-04-14 02:33:39 178,176 ----a-w F:\WINDOWS\system32\wbem\repdrvfs.dll
- 2004-08-19 15:10:04 36,864 ----a-w F:\WINDOWS\system32\wbem\scrcons.exe
+ 2008-04-14 02:34:20 36,352 ----a-w F:\WINDOWS\system32\wbem\scrcons.exe
- 2004-08-19 15:09:46 86,528 ----a-w F:\WINDOWS\system32\wbem\stdprov.dll
+ 2008-04-14 02:33:46 86,528 ----a-w F:\WINDOWS\system32\wbem\stdprov.dll
- 2004-08-19 15:09:48 131,584 ----a-w F:\WINDOWS\system32\wbem\viewprov.dll
+ 2008-04-14 02:33:48 131,584 ----a-w F:\WINDOWS\system32\wbem\viewprov.dll
- 2004-08-19 15:09:48 201,216 ----a-w F:\WINDOWS\system32\wbem\wbemcntl.dll
+ 2008-04-14 02:33:48 201,216 ----a-w F:\WINDOWS\system32\wbem\wbemcntl.dll
- 2004-08-19 15:09:48 214,528 ----a-w F:\WINDOWS\system32\wbem\wbemcomn.dll
+ 2008-04-14 02:33:48 214,528 ----a-w F:\WINDOWS\system32\wbem\wbemcomn.dll
- 2004-08-19 15:09:48 71,680 ----a-w F:\WINDOWS\system32\wbem\wbemcons.dll
+ 2008-04-14 02:33:48 71,680 ----a-w F:\WINDOWS\system32\wbem\wbemcons.dll
- 2004-08-19 15:09:48 530,944 ----a-w F:\WINDOWS\system32\wbem\wbemcore.dll
+ 2008-04-14 02:33:48 531,456 ----a-w F:\WINDOWS\system32\wbem\wbemcore.dll
- 2004-08-19 15:09:48 178,176 ----a-w F:\WINDOWS\system32\wbem\wbemdisp.dll
+ 2008-04-14 02:33:48 178,176 ----a-w F:\WINDOWS\system32\wbem\wbemdisp.dll
- 2004-08-19 15:09:48 273,920 ----a-w F:\WINDOWS\system32\wbem\wbemess.dll
+ 2008-04-14 02:33:48 273,920 ----a-w F:\WINDOWS\system32\wbem\wbemess.dll
- 2004-08-19 15:09:48 44,544 ----a-w F:\WINDOWS\system32\wbem\wbemperf.dll
+ 2008-04-14 02:33:48 44,544 ----a-w F:\WINDOWS\system32\wbem\wbemperf.dll
- 2004-08-19 15:09:48 18,944 ----a-w F:\WINDOWS\system32\wbem\wbemprox.dll
+ 2008-04-14 02:33:48 18,944 ----a-w F:\WINDOWS\system32\wbem\wbemprox.dll
- 2004-08-19 15:09:48 43,520 ----a-w F:\WINDOWS\system32\wbem\wbemsvc.dll
+ 2008-04-14 02:33:48 43,520 ----a-w F:\WINDOWS\system32\wbem\wbemsvc.dll
- 2004-08-19 15:10:06 119,808 ----a-w F:\WINDOWS\system32\wbem\wbemtest.exe
+ 2008-04-14 02:34:26 119,808 ----a-w F:\WINDOWS\system32\wbem\wbemtest.exe
- 2004-08-19 15:09:48 197,120 ----a-w F:\WINDOWS\system32\wbem\wbemupgd.dll
+ 2008-04-14 02:33:48 197,120 ----a-w F:\WINDOWS\system32\wbem\wbemupgd.dll
- 2004-08-19 15:10:06 196,608 ----a-w F:\WINDOWS\system32\wbem\wmiadap.exe
+ 2008-04-14 02:34:28 196,608 ----a-w F:\WINDOWS\system32\wbem\wmiadap.exe
- 2004-08-19 15:09:08 7,680 ----a-w F:\WINDOWS\system32\wbem\wmiapres.dll
+ 2008-04-14 01:59:39 7,680 ----a-w F:\WINDOWS\system32\wbem\wmiapres.dll
- 2004-08-19 15:09:48 89,088 ----a-w F:\WINDOWS\system32\wbem\wmiaprpl.dll
+ 2008-04-14 02:33:48 88,576 ----a-w F:\WINDOWS\system32\wbem\wmiaprpl.dll
- 2004-08-19 15:10:06 126,464 ----a-w F:\WINDOWS\system32\wbem\wmiapsrv.exe
+ 2008-04-14 02:34:28 126,464 ----a-w F:\WINDOWS\system32\wbem\wmiapsrv.exe
- 2004-08-19 15:09:50 60,928 ----a-w F:\WINDOWS\system32\wbem\wmicookr.dll
+ 2008-04-14 02:33:48 60,928 ----a-w F:\WINDOWS\system32\wbem\wmicookr.dll
- 2004-08-19 15:09:50 140,800 ----a-w F:\WINDOWS\system32\wbem\wmidcprv.dll
+ 2008-04-14 02:33:48 140,800 ----a-w F:\WINDOWS\system32\wbem\wmidcprv.dll
- 2004-08-19 15:09:50 156,672 ----a-w F:\WINDOWS\system32\wbem\wmipcima.dll
+ 2008-04-14 02:33:48 156,672 ----a-w F:\WINDOWS\system32\wbem\wmipcima.dll
- 2004-08-19 15:09:50 132,096 ----a-w F:\WINDOWS\system32\wbem\wmipdskq.dll
+ 2008-04-14 02:33:48 132,096 ----a-w F:\WINDOWS\system32\wbem\wmipdskq.dll
- 2004-08-19 15:09:50 62,464 ----a-w F:\WINDOWS\system32\wbem\wmipiprt.dll
+ 2008-04-14 02:33:48 61,952 ----a-w F:\WINDOWS\system32\wbem\wmipiprt.dll
- 2004-08-19 15:09:50 62,976 ----a-w F:\WINDOWS\system32\wbem\wmipjobj.dll
+ 2008-04-14 02:33:48 62,464 ----a-w F:\WINDOWS\system32\wbem\wmipjobj.dll
- 2004-08-19 15:09:50 144,896 ----a-w F:\WINDOWS\system32\wbem\wmiprov.dll
+ 2008-04-14 02:33:48 144,896 ----a-w F:\WINDOWS\system32\wbem\wmiprov.dll
- 2004-08-19 15:09:50 437,248 ----a-w F:\WINDOWS\system32\wbem\wmiprvsd.dll
+ 2008-04-14 02:33:48 437,248 ----a-w F:\WINDOWS\system32\wbem\wmiprvsd.dll
- 2004-08-19 15:10:06 218,112 ----a-w F:\WINDOWS\system32\wbem\wmiprvse.exe
+ 2008-04-14 02:34:28 218,112 ----a-w F:\WINDOWS\system32\wbem\wmiprvse.exe
- 2004-08-19 15:09:50 41,472 ----a-w F:\WINDOWS\system32\wbem\wmipsess.dll
+ 2008-04-14 02:33:48 41,472 ----a-w F:\WINDOWS\system32\wbem\wmipsess.dll
- 2004-08-19 15:09:50 145,408 ----a-w F:\WINDOWS\system32\wbem\wmisvc.dll
+ 2008-04-14 02:33:48 145,408 ----a-w F:\WINDOWS\system32\wbem\wmisvc.dll
- 2004-08-19 15:09:50 99,328 ----a-w F:\WINDOWS\system32\wbem\wmiutils.dll
+ 2008-04-14 02:33:48 99,328 ----a-w F:\WINDOWS\system32\wbem\wmiutils.dll
- 2006-03-24 04:37:52 49,152 ----a-w F:\WINDOWS\system32\wdigest.dll
+ 2008-04-14 02:33:48 49,152 ----a-w F:\WINDOWS\system32\wdigest.dll
- 2004-08-19 15:10:10 23,552 ----a-w F:\WINDOWS\system32\wdmaud.drv
+ 2008-04-14 02:34:34 23,552 ----a-w F:\WINDOWS\system32\wdmaud.drv
- 2008-03-01 12:58:11 233,472 ----a-w F:\WINDOWS\system32\webcheck.dll
+ 2008-08-26 08:11:53 233,472 ----a-w F:\WINDOWS\system32\webcheck.dll
- 2006-01-04 03:35:11 68,096 ----a-w F:\WINDOWS\system32\webclnt.dll
+ 2008-04-14 02:33:48 68,096 ----a-w F:\WINDOWS\system32\webclnt.dll
- 2004-08-19 15:09:48 136,192 ----a-w F:\WINDOWS\system32\webvw.dll
+ 2008-04-14 02:33:48 136,192 ----a-w F:\WINDOWS\system32\webvw.dll
- 2004-08-19 15:10:06 66,560 ----a-w F:\WINDOWS\system32\wextract.exe
+ 2008-04-14 02:34:26 66,560 ----a-w F:\WINDOWS\system32\wextract.exe
- 2004-08-19 15:10:06 438,784 ----a-w F:\WINDOWS\system32\wiaacmgr.exe
+ 2008-04-14 02:34:27 438,784 ----a-w F:\WINDOWS\system32\wiaacmgr.exe
- 2004-08-19 15:09:48 465,920 ----a-w F:\WINDOWS\system32\wiadefui.dll
+ 2008-04-14 02:33:48 465,920 ----a-w F:\WINDOWS\system32\wiadefui.dll
- 2004-08-19 15:09:48 124,928 ----a-w F:\WINDOWS\system32\wiadss.dll
+ 2008-04-14 02:33:48 124,928 ----a-w F:\WINDOWS\system32\wiadss.dll
- 2004-08-19 15:09:48 75,776 ----a-w F:\WINDOWS\system32\wiascr.dll
+ 2008-04-14 02:33:48 75,776 ----a-w F:\WINDOWS\system32\wiascr.dll
- 2006-12-19 18:17:50 334,336 ----a-w F:\WINDOWS\system32\wiaservc.dll
+ 2008-04-14 02:33:48 334,336 ----a-w F:\WINDOWS\system32\wiaservc.dll
- 2004-08-19 15:09:48 594,432 ----a-w F:\WINDOWS\system32\wiashext.dll
+ 2008-04-14 02:33:48 594,432 ----a-w F:\WINDOWS\system32\wiashext.dll
- 2004-08-19 15:09:48 111,104 ----a-w F:\WINDOWS\system32\wiavideo.dll
+ 2008-04-14 02:33:48 111,104 ----a-w F:\WINDOWS\system32\wiavideo.dll
- 2008-03-20 08:09:22 1,845,376 ----a-w F:\WINDOWS\system32\win32k.sys
+ 2008-09-15 15:26:07 1,846,528 ----a-w F:\WINDOWS\system32\win32k.sys
- 2004-08-19 15:09:48 102,400 ----a-w F:\WINDOWS\system32\win32spl.dll
+ 2008-04-14 02:33:48 102,912 ----a-w F:\WINDOWS\system32\win32spl.dll
- 2004-08-19 15:09:08 938,496 ----a-w F:\WINDOWS\system32\winbrand.dll
+ 2008-04-14 01:58:13 1,647,616 ----a-w F:\WINDOWS\system32\winbrand.dll
+ 2008-04-14 02:33:48 712,704 ------w F:\WINDOWS\system32\windowscodecs.dll
+ 2008-04-14 02:33:48 346,112 ------w F:\WINDOWS\system32\windowscodecsext.dll
- 2004-08-19 15:09:48 351,232 ----a-w F:\WINDOWS\system32\winhttp.dll
+ 2008-04-14 02:33:48 354,304 ----a-w F:\WINDOWS\system32\winhttp.dll
- 2008-03-01 12:58:11 826,368 ----a-w F:\WINDOWS\system32\wininet.dll
+ 2008-08-26 08:11:54 826,368 ----a-w F:\WINDOWS\system32\wininet.dll
- 2004-08-19 15:09:48 32,768 ----a-w F:\WINDOWS\system32\winipsec.dll
+ 2008-04-14 02:33:48 32,256 ----a-w F:\WINDOWS\system32\winipsec.dll
- 2004-08-19 15:10:06 506,368 ----a-w F:\WINDOWS\system32\winlogon.exe
+ 2008-04-14 02:34:28 512,000 ----a-w F:\WINDOWS\system32\winlogon.exe
- 2004-08-19 15:09:48 180,736 ----a-w F:\WINDOWS\system32\winmm.dll
+ 2008-04-14 02:33:48 180,736 ----a-w F:\WINDOWS\system32\winmm.dll
- 2004-08-19 15:09:08 773,632 ----a-w F:\WINDOWS\system32\winntbbu.dll
+ 2008-04-14 02:32:53 764,416 ----a-w F:\WINDOWS\system32\winntbbu.dll
- 2004-08-19 15:09:48 16,896 ----a-w F:\WINDOWS\system32\winrnr.dll
+ 2008-04-14 02:33:48 16,896 ----a-w F:\WINDOWS\system32\winrnr.dll
- 2004-08-19 15:09:48 100,352 ----a-w F:\WINDOWS\system32\winscard.dll
+ 2008-04-14 02:33:48 100,352 ----a-w F:\WINDOWS\system32\winscard.dll
- 2004-08-19 15:09:48 17,408 ------w F:\WINDOWS\system32\winshfhc.dll
+ 2008-04-14 02:33:48 17,408 ------w F:\WINDOWS\system32\winshfhc.dll
- 2003-04-24 12:00:00 2,864 ----a-w F:\WINDOWS\system32\winsock.dll
+ 2008-06-06 16:01:44 2,864 ----a-w F:\WINDOWS\system32\winsock.dll
- 2004-08-19 15:10:10 146,944 ----a-w F:\WINDOWS\system32\winspool.drv
+ 2008-04-14 02:34:34 146,944 ----a-w F:\WINDOWS\system32\winspool.drv
- 2007-03-17 13:44:47 293,376 ----a-w F:\WINDOWS\system32\winsrv.dll
+ 2008-04-14 02:33:48 293,888 ----a-w F:\WINDOWS\system32\winsrv.dll
- 2004-08-19 15:09:48 53,760 ----a-w F:\WINDOWS\system32\winsta.dll
+ 2008-04-14 02:33:48 53,760 ----a-w F:\WINDOWS\system32\winsta.dll
- 2004-08-19 15:09:48 176,640 ----a-w F:\WINDOWS\system32\wintrust.dll
+ 2008-04-14 02:33:48 176,640 ----a-w F:\WINDOWS\system32\wintrust.dll
- 2004-08-19 15:10:06 5,632 ----a-w F:\WINDOWS\system32\winver.exe
+ 2008-04-14 02:34:28 5,632 ----a-w F:\WINDOWS\system32\winver.exe
- 2006-08-17 12:29:49 132,096 ----a-w F:\WINDOWS\system32\wkssvc.dll
+ 2008-04-14 02:33:48 132,096 ----a-w F:\WINDOWS\system32\wkssvc.dll
+ 2008-04-14 02:33:48 69,120 ------w F:\WINDOWS\system32\wlanapi.dll
- 2004-08-19 15:09:48 172,544 ----a-w F:\WINDOWS\system32\wldap32.dll
+ 2008-04-14 02:33:48 172,544 ----a-w F:\WINDOWS\system32\wldap32.dll
- 2004-08-19 15:09:48 94,208 ----a-w F:\WINDOWS\system32\wlnotify.dll
+ 2008-04-14 02:33:48 94,208 ----a-w F:\WINDOWS\system32\wlnotify.dll
- 2004-08-19 15:09:08 5,632 ----a-w F:\WINDOWS\system32\wmi.dll
+ 2008-04-14 02:32:55 5,632 ----a-w F:\WINDOWS\system32\wmi.dll
- 2006-10-18 19:47:20 10,834,432 ----a-w F:\WINDOWS\system32\wmp.dll
+ 2007-06-11 21:51:12 10,834,944 ----a-w F:\WINDOWS\system32\wmp.dll
- 2004-08-19 15:09:50 20,480 ----a-w F:\WINDOWS\system32\wmpcd.dll
+ 2008-04-14 02:33:48 20,480 ----a-w F:\WINDOWS\system32\wmpcd.dll
- 2004-08-19 15:09:50 20,480 ----a-w F:\WINDOWS\system32\wmpcore.dll
+ 2008-04-14 02:33:48 20,480 ----a-w F:\WINDOWS\system32\wmpcore.dll
- 2006-10-18 19:47:20 295,936 ------w F:\WINDOWS\system32\wmpeffects.dll
+ 2008-06-24 16:12:58 295,936 ------w F:\WINDOWS\system32\wmpeffects.dll
+ 2008-04-14 02:33:48 276,992 ------w F:\WINDOWS\system32\wmphoto.dll
+ 2004-08-19 15:09:50 221,184 ----a-w F:\WINDOWS\system32\wmpns.dll
- 2004-08-19 15:09:50 20,480 ----a-w F:\WINDOWS\system32\wmpui.dll
+ 2008-04-14 02:33:48 20,480 ----a-w F:\WINDOWS\system32\wmpui.dll
- 2004-08-19 15:09:50 115,200 ----a-w F:\WINDOWS\system32\wmsdmoe.dll
+ 2008-04-14 02:33:48 115,200 ----a-w F:\WINDOWS\system32\wmsdmoe.dll
- 2004-08-19 15:09:50 303,616 ----a-w F:\WINDOWS\system32\wmstream.dll
+ 2008-04-14 02:33:49 303,616 ----a-w F:\WINDOWS\system32\wmstream.dll
- 2004-08-19 15:09:50 265,216 ----a-w F:\WINDOWS\system32\wow32.dll
+ 2008-04-14 02:33:49 265,216 ----a-w F:\WINDOWS\system32\wow32.dll
- 2004-08-19 15:10:06 32,256 ----a-w F:\WINDOWS\system32\wpabaln.exe
+ 2008-04-14 02:34:29 32,256 ----a-w F:\WINDOWS\system32\wpabaln.exe
- 2004-08-19 15:10:06 32,768 ----a-w F:\WINDOWS\system32\wpnpinst.exe
+ 2008-04-14 02:34:29 11,776 ----a-w F:\WINDOWS\system32\wpnpinst.exe
- 2004-08-19 15:09:50 82,944 ----a-w F:\WINDOWS\system32\ws2_32.dll
+ 2008-04-14 02:33:49 82,432 ----a-w F:\WINDOWS\system32\ws2_32.dll
- 2004-08-19 15:09:50 19,968 ----a-w F:\WINDOWS\system32\ws2help.dll
+ 2008-04-14 02:33:49 19,968 ----a-w F:\WINDOWS\system32\ws2help.dll
- 2004-08-19 15:10:06 13,824 ------w F:\WINDOWS\system32\wscntfy.exe
+ 2008-04-14 02:34:29 13,824 ------w F:\WINDOWS\system32\wscntfy.exe
- 2004-08-19 15:10:06 114,688 ----a-w F:\WINDOWS\system32\wscript.exe
+ 2008-05-08 11:24:44 155,648 ----a-w F:\WINDOWS\system32\wscript.exe
- 2004-08-19 15:09:50 81,408 ------w F:\WINDOWS\system32\wscsvc.dll
+ 2008-04-14 02:33:50 80,896 ----a-w F:\WINDOWS\system32\wscsvc.dll
- 2004-08-19 15:09:50 108,032 ------w F:\WINDOWS\system32\wshbth.dll
+ 2008-04-14 02:33:50 108,032 ------w F:\WINDOWS\system32\wshbth.dll
- 2004-08-19 15:09:50 28,672 ----a-w F:\WINDOWS\system32\wshcon.dll
+ 2008-04-14 02:33:50 36,864 ----a-w F:\WINDOWS\system32\wshcon.dll
- 2004-08-19 15:09:50 65,536 ----a-w F:\WINDOWS\system32\wshext.dll
+ 2008-05-09 10:55:00 90,112 ----a-w F:\WINDOWS\system32\wshext.dll
- 2004-08-19 15:09:50 14,336 ----a-w F:\WINDOWS\system32\wship6.dll
+ 2008-04-14 02:33:50 14,336 ----a-w F:\WINDOWS\system32\wship6.dll
- 2004-08-19 15:09:50 11,776 ----a-w F:\WINDOWS\system32\wshrm.dll
+ 2008-04-14 02:33:50 11,264 ----a-w F:\WINDOWS\system32\wshrm.dll
- 2004-08-19 15:09:50 19,968 ----a-w F:\WINDOWS\system32\wshtcpip.dll
+ 2008-04-14 02:33:50 19,456 ----a-w F:\WINDOWS\system32\wshtcpip.dll
- 2004-08-19 15:09:50 42,496 ----a-w F:\WINDOWS\system32\wsnmp32.dll
+ 2008-04-14 02:33:50 41,984 ----a-w F:\WINDOWS\system32\wsnmp32.dll
- 2004-08-19 15:09:50 25,088 ----a-w F:\WINDOWS\system32\wsock32.dll
+ 2008-04-14 02:33:50 25,088 ----a-w F:\WINDOWS\system32\wsock32.dll
- 2004-08-19 15:09:50 51,200 ----a-w F:\WINDOWS\system32\wstdecod.dll
+ 2008-04-14 02:33:50 51,200 ----a-w F:\WINDOWS\system32\wstdecod.dll
- 2004-08-19 15:09:50 18,432 ----a-w F:\WINDOWS\system32\wtsapi32.dll
+ 2008-04-14 02:33:50 18,432 ----a-w F:\WINDOWS\system32\wtsapi32.dll
- 2007-07-30 18:19:36 549,720 ----a-w F:\WINDOWS\system32\wuapi.dll
+ 2008-07-18 20:09:44 563,912 ----a-w F:\WINDOWS\system32\wuapi.dll
- 2007-07-30 18:19:16 53,080 ----a-w F:\WINDOWS\system32\wuauclt.exe
+ 2008-07-18 20:10:42 53,448 ----a-w F:\WINDOWS\system32\wuauclt.exe
- 2004-08-19 15:10:06 168,960 ------w F:\WINDOWS\system32\wuauclt1.exe
+ 2008-04-14 02:34:29 168,960 ------w F:\WINDOWS\system32\wuauclt1.exe
- 2007-07-30 18:19:42 1,712,984 ----a-w F:\WINDOWS\system32\wuaueng.dll
+ 2008-07-18 20:09:42 1,811,656 ----a-w F:\WINDOWS\system32\wuaueng.dll
- 2004-08-19 15:09:50 184,320 ------w F:\WINDOWS\system32\wuaueng1.dll
+ 2008-04-14 02:33:50 184,320 ------w F:\WINDOWS\system32\wuaueng1.dll
- 2004-08-19 15:09:50 6,656 ----a-w F:\WINDOWS\system32\wuauserv.dll
+ 2008-04-14 02:33:50 6,656 ----a-w F:\WINDOWS\system32\wuauserv.dll
- 2007-07-30 18:19:32 325,976 ----a-w F:\WINDOWS\system32\wucltui.dll
+ 2008-07-18 20:09:46 325,832 ----a-w F:\WINDOWS\system32\wucltui.dll
- 2007-07-30 18:18:40 33,624 ----a-w F:\WINDOWS\system32\wups.dll
+ 2008-07-18 20:10:20 36,552 ----a-w F:\WINDOWS\system32\wups.dll
- 2007-07-30 18:19:12 43,352 ----a-w F:\WINDOWS\system32\wups2.dll
+ 2008-07-18 20:10:40 45,768 ----a-w F:\WINDOWS\system32\wups2.dll
- 2007-07-30 18:19:46 203,096 ----a-w F:\WINDOWS\system32\wuweb.dll
+ 2008-07-18 20:09:44 205,000 ----a-w F:\WINDOWS\system32\wuweb.dll
- 2004-08-19 15:09:50 378,880 ----a-w F:\WINDOWS\system32\wzcdlg.dll
+ 2008-04-14 02:33:51 384,000 ----a-w F:\WINDOWS\system32\wzcdlg.dll
- 2004-08-19 15:09:50 51,712 ----a-w F:\WINDOWS\system32\wzcsapi.dll
+ 2008-04-14 02:33:51 52,736 ----a-w F:\WINDOWS\system32\wzcsapi.dll
- 2004-08-19 15:09:50 359,936 ----a-w F:\WINDOWS\system32\wzcsvc.dll
+ 2008-04-14 02:33:52 483,840 ----a-w F:\WINDOWS\system32\wzcsvc.dll
- 2004-08-19 15:09:50 91,648 ----a-w F:\WINDOWS\system32\xactsrv.dll
+ 2008-04-14 02:33:52 91,648 ----a-w F:\WINDOWS\system32\xactsrv.dll
- 2004-08-19 15:10:06 30,720 ----a-w F:\WINDOWS\system32\xcopy.exe
+ 2008-04-14 02:34:29 30,720 ----a-w F:\WINDOWS\system32\xcopy.exe
- 2006-07-14 15:51:51 121,856 ------w F:\WINDOWS\system32\xmllite.dll
+ 2008-04-14 02:33:52 121,856 ------w F:\WINDOWS\system32\xmllite.dll
- 2004-08-19 15:09:50 129,536 ------w F:\WINDOWS\system32\xmlprov.dll
+ 2008-04-14 02:33:52 129,024 ------w F:\WINDOWS\system32\xmlprov.dll
- 2004-08-19 15:09:50 50,176 ------w F:\WINDOWS\system32\xmlprovi.dll
+ 2008-04-14 02:33:52 50,176 ------w F:\WINDOWS\system32\xmlprovi.dll
- 2006-03-01 19:43:51 11,776 ----a-w F:\WINDOWS\system32\xolehlp.dll
+ 2008-04-14 02:33:52 11,776 ----a-w F:\WINDOWS\system32\xolehlp.dll
- 2004-08-19 15:08:44 445,440 ------w F:\WINDOWS\system32\xpob2res.dll
+ 2008-04-13 18:40:32 445,440 ------w F:\WINDOWS\system32\xpob2res.dll
- 2004-08-19 15:08:56 197,632 ----a-w F:\WINDOWS\system32\xpsp1res.dll
+ 2008-04-13 18:35:20 197,632 ----a-w F:\WINDOWS\system32\xpsp1res.dll
- 2004-08-19 15:08:58 2,986,496 ------w F:\WINDOWS\system32\xpsp2res.dll
+ 2008-04-13 18:36:46 2,986,496 ----a-w F:\WINDOWS\system32\xpsp2res.dll
- 2007-10-29 15:07:16 369,152 ----a-w F:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-13 18:39:17 778,752 ----a-w F:\WINDOWS\system32\xpsp3res.dll
- 2004-08-19 15:09:50 340,480 ----a-w F:\WINDOWS\system32\zipfldr.dll
+ 2008-04-14 02:33:52 340,992 ----a-w F:\WINDOWS\system32\zipfldr.dll
- 2008-05-28 05:38:53 4,212 ---h--w F:\WINDOWS\system32\zllictbl.dat
+ 2008-05-28 10:09:22 4,212 ---h--w F:\WINDOWS\system32\zllictbl.dat
- 2008-05-28 05:58:50 49,152 ----a-w F:\WINDOWS\Temp\CompiledAdapter.dll
+ 2008-10-27 17:00:32 49,152 ----a-w F:\WINDOWS\Temp\CompiledAdapter.dll
+ 2008-10-27 17:00:18 16,384 ----atw F:\WINDOWS\Temp\Perflib_Perfdata_2fc.dat
+ 2008-10-27 17:00:10 16,384 ----atw F:\WINDOWS\Temp\Perflib_Perfdata_5e8.dat
- 2008-05-28 05:58:25 40,960 ----a-w F:\WINDOWS\Temp\rtdrvmon.exe
+ 2008-10-27 17:00:30 40,960 ----a-w F:\WINDOWS\Temp\rtdrvmon.exe
- 2004-08-19 15:09:48 50,688 ----a-w F:\WINDOWS\twain_32.dll
+ 2008-04-14 02:33:47 50,688 ----a-w F:\WINDOWS\twain_32.dll
- 2000-08-31 06:00:00 49,152 ----a-w F:\WINDOWS\VFind.exe
+ 2000-08-31 07:00:00 49,152 ----a-w F:\WINDOWS\VFIND.exe
- 2004-08-19 15:10:06 288,256 ----a-w F:\WINDOWS\winhlp32.exe
+ 2008-04-14 02:34:27 288,256 ----a-w F:\WINDOWS\winhlp32.exe