Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit ??? : autochk.exe infected again after clean sweep, format and reinstall XP !


  • This topic is locked This topic is locked
33 replies to this topic

#1 Guillaume75

Guillaume75

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 01 May 2010 - 02:28 PM

Hello,

Some time ago I've been infected with some rootkits. I mainly fix them with MBAM but it remains one in ADS in c:\windows\system32\autochk.exe... Combofix detect a rootkit inside (not in the ADS but in the main stream), delete the file and restore it from dllcache BUT, when I run Combofix again It find autochk infected... and so on... (I delete all autochk from HD and restore it from CD, but it turn into infected again...)
I noticed that a few times when I CLEAN reboot, the scandisk run and fix some files descriptors for some files... Generally It doesn't run scandisk when I CLEAN boot...
I didn't find any suspicious process using GMER and IceSword (and a lot of others rootkit revealers...)
I deactivate autochk.exe/scandisk (doing this with a key in registry)
I though rootkit took place into the autochk code and did a detour to the original code it puts away into the ADS...
I haven't any dissasembler in place so I didn't retro enginering the autochk code to find out the rootkit.

I tried many times with different tools to restore the MBR and Boot partition code... without success...

So finally I did 3 clean sweep with two different tools from two different CD and reinstall XP...

I install minimum stuff, Microsoft updated and KIS 2010... and run Combofix again...
It find out that autochk is infected !

IMPORTANT : My installation CD of XP is done from nLite (because Microsoft is not able to put ICH8 Intel controler into native XP SP2 CD !

PS. the MD5 of autochk is different each time Combofix move it in quarantine...
After the re-install, I don't find anymore ADS in it but I still have the oldest autochk.exe with ADS for your attention.

Please help me !

Guillaume

Attached Files

  • Attached File  log.txt   14.4KB   11 downloads


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:50 PM

Posted 04 May 2010 - 12:03 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Guillaume75

Guillaume75
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 06 May 2010 - 03:34 AM

Hello Elise,

Happy to hear you smile.gif
I'm currently at work, this evening I'm going to do all the things and send you the logs...

Thank you for your help,

Guillaume

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:50 PM

Posted 06 May 2010 - 04:18 AM

Okay, take your time smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Guillaume75

Guillaume75
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 06 May 2010 - 01:44 PM

Hello,

Here are the logs you asked...

Best regards,

Guillaume

OTL logfile created on: 06/05/2010 20:06:57 - Run 4
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Gigi\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 221,23 Gb Free Space | 95,00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADAM
Current User Name: Gigi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/06 19:23:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gigi\Bureau\OTL.exe
PRC - [2010/04/15 08:25:20 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/05/06 16:03:08 | 000,221,239 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\GatewayXPV_12\WDM\stacsv.exe
PRC - [2008/05/06 16:01:48 | 000,442,433 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/09/27 16:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
PRC - [2007/09/13 14:09:44 | 000,638,976 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
PRC - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe


========== Modules (SafeList) ==========

MOD - [2010/05/06 19:23:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gigi\Bureau\OTL.exe
MOD - [2008/04/14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/15 08:25:20 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2008/05/06 16:03:08 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\GatewayXPV_12\WDM\stacsv.exe -- (STacSV)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2010/05/05 23:56:37 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/01 22:46:08 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/05/01 18:39:41 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/04 23:33:14 | 000,115,312 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/10/02 18:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 13:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/10/15 07:51:20 | 000,985,856 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/10/15 07:50:42 | 000,210,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/10/15 07:50:38 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/09/11 10:52:48 | 006,047,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/06/26 06:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/05/06 16:04:32 | 001,293,448 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/04/14 14:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/09/11 10:02:12 | 000,011,264 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/02/07 00:43:26 | 000,090,880 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/11/17 14:22:02 | 000,181,176 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank






IE - HKU\S-1-5-21-789336058-57989841-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-789336058-57989841-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.6.0.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/01 20:17:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/06 00:56:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/05/01 18:40:10 | 000,000,000 | ---D | M]

[2010/05/01 20:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gigi\Application Data\Mozilla\Extensions
[2010/05/02 21:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\extensions
[2010/05/01 21:34:44 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/05/01 23:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\extensions\keyscrambler@qfx.software.corporation
[2010/05/02 21:16:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 20:22:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/04/01 19:07:29 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/01 19:07:29 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/01 19:07:29 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/01 19:07:29 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/01 19:07:29 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/05/06 18:57:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USB-Set] File not found
O4 - HKU\S-1-5-21-789336058-57989841-1177238915-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-789336058-57989841-1177238915-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-57989841-1177238915-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-57989841-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-57989841-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-57989841-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9 - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Gigi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gigi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/01 18:22:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/01 18:32:57 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/06 19:32:07 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gigi\Bureau\OTL.exe
[2010/05/06 19:21:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/06 19:00:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/05/06 00:55:41 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/05/06 00:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Mes documents\New
[2010/05/06 00:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Application Data\ImgBurn
[2010/05/06 00:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/05/05 23:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/05/05 23:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Application Data\DAEMON Tools Lite
[2010/05/05 23:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/05/02 22:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared HiJackFree
[2010/05/02 21:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2010/05/02 21:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Mes documents\a-squared Free
[2010/05/02 18:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Mes documents\Autochk
[2010/05/02 15:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Local Settings\Application Data\Adobe
[2010/05/02 15:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/05/02 15:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe
[2010/05/02 15:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/02 15:51:11 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2010/05/02 15:51:11 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2010/05/02 15:51:11 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2010/05/02 15:51:08 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2010/05/02 15:51:08 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2010/05/02 15:51:08 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCC2FR.DLL
[2010/05/02 15:51:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL
[2010/05/02 15:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2010/05/02 15:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Bureau\Infected
[2010/05/02 15:23:28 | 000,000,000 | ---D | C] -- C:\cabs
[2010/05/02 15:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Mes documents\avril 2010
[2010/05/02 14:56:53 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71u.dll
[2010/05/02 14:56:53 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010/05/02 14:56:53 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010/05/02 14:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinMerge
[2010/05/01 23:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/01 23:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/01 22:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Mes documents\Sony Ericsson K600 [356830009560566]
[2010/05/01 22:55:25 | 000,000,000 | ---D | C] -- C:\Soft
[2010/05/01 22:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Mes documents\Contacts
[2010/05/01 22:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Mes documents\CV
[2010/05/01 22:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Application Data\TrueCrypt
[2010/05/01 22:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt
[2010/05/01 22:46:08 | 000,223,440 | ---- | C] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys
[2010/05/01 22:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2010/05/01 21:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Application Data\Macromedia
[2010/05/01 21:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Application Data\Adobe
[2010/05/01 20:28:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/01 20:26:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/01 20:26:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/01 20:26:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/01 20:26:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/01 20:26:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/01 20:26:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/01 20:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/05/01 20:20:34 | 000,115,312 | ---- | C] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2010/05/01 20:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2010/05/01 20:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Mes documents\Téléchargements
[2010/05/01 20:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Local Settings\Application Data\Mozilla
[2010/05/01 20:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Application Data\Mozilla
[2010/05/01 20:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/01 20:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/05/01 20:15:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/05/01 20:14:52 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2010/05/01 20:14:52 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2010/05/01 20:14:52 | 000,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2010/05/01 20:14:52 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/05/01 20:14:52 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/05/01 20:14:52 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/05/01 20:14:52 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/05/01 20:14:52 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/05/01 20:14:52 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/05/01 20:14:52 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/05/01 20:14:52 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/05/01 20:14:52 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/05/01 20:14:52 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2010/05/01 20:14:52 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2010/05/01 20:14:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2010/05/01 20:14:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2010/05/01 20:14:17 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2010/05/01 20:14:17 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbui.dll
[2010/05/01 20:14:04 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2010/05/01 20:13:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/05/01 20:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\ODBC
[2010/05/01 20:13:19 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2010/05/01 20:13:19 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2010/05/01 20:13:18 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2010/05/01 20:13:17 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.dll
[2010/05/01 20:13:17 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl
[2010/05/01 20:13:17 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2010/05/01 20:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\SpeechEngines
[2010/05/01 20:13:16 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/05/01 20:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Microsoft Shared
[2010/05/01 20:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs
[2010/05/01 20:13:12 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2010/05/01 20:13:12 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2010/05/01 20:13:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2010/05/01 20:13:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2010/05/01 20:13:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2010/05/01 20:13:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2010/05/01 20:13:10 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2010/05/01 20:13:10 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2010/05/01 20:13:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2010/05/01 20:13:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2010/05/01 20:13:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2010/05/01 20:13:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2010/05/01 20:13:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2010/05/01 20:13:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2010/05/01 20:13:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2010/05/01 20:13:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2010/05/01 20:13:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2010/05/01 20:13:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2010/05/01 20:13:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2010/05/01 20:13:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2010/05/01 20:13:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2010/05/01 20:13:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2010/05/01 20:13:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2010/05/01 20:13:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2010/05/01 20:13:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2010/05/01 20:13:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2010/05/01 20:13:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2010/05/01 20:13:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2010/05/01 20:13:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2010/05/01 20:13:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2010/05/01 20:13:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2010/05/01 20:13:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2010/05/01 20:13:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2010/05/01 20:13:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2010/05/01 20:13:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2010/05/01 20:13:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2010/05/01 20:13:06 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2010/05/01 20:13:06 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2010/05/01 20:13:06 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2010/05/01 20:13:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2010/05/01 20:13:06 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2010/05/01 20:13:06 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2010/05/01 20:13:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2010/05/01 20:13:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2010/05/01 20:13:06 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2010/05/01 20:13:06 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2010/05/01 20:13:06 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2010/05/01 20:13:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2010/05/01 20:13:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2010/05/01 20:13:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2010/05/01 20:13:05 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2010/05/01 20:13:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2010/05/01 20:13:04 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2010/05/01 20:13:04 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2010/05/01 20:13:04 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2010/05/01 20:13:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2010/05/01 20:13:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2010/05/01 20:13:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2010/05/01 20:13:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2010/05/01 20:13:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2010/05/01 20:13:03 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2010/05/01 20:13:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2010/05/01 20:13:03 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2010/05/01 20:13:03 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2010/05/01 20:13:03 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2010/05/01 20:13:03 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2010/05/01 20:13:03 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2010/05/01 20:13:03 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2010/05/01 20:13:03 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2010/05/01 20:13:03 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2010/05/01 20:13:03 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2010/05/01 20:13:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2010/05/01 20:13:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2010/05/01 20:13:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2010/05/01 20:13:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2010/05/01 20:13:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2010/05/01 20:13:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2010/05/01 20:13:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2010/05/01 20:13:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2010/05/01 20:13:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2010/05/01 20:13:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2010/05/01 20:13:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2010/05/01 20:13:03 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2010/05/01 20:13:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2010/05/01 20:13:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2010/05/01 20:13:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2010/05/01 20:12:58 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2010/05/01 20:12:58 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2010/05/01 20:12:58 | 000,086,044 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2010/05/01 20:12:58 | 000,086,044 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2010/05/01 20:12:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/05/01 20:12:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/05/01 20:12:57 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2010/05/01 20:12:57 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2010/05/01 20:12:57 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/05/01 20:12:57 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/05/01 20:12:57 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2010/05/01 20:12:57 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2010/05/01 20:12:57 | 000,009,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2010/05/01 20:12:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2010/05/01 20:12:57 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2010/05/01 20:12:57 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2010/05/01 20:12:56 | 000,127,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2010/05/01 20:12:56 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2010/05/01 20:12:56 | 000,073,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2010/05/01 20:12:56 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2010/05/01 20:12:56 | 000,025,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2010/05/01 20:12:56 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2010/05/01 20:12:56 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2010/05/01 20:12:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2010/05/01 20:12:56 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2010/05/01 20:12:56 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2010/05/01 20:12:56 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2010/05/01 20:12:56 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2010/05/01 20:12:55 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2010/05/01 20:12:55 | 000,070,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2010/05/01 20:12:55 | 000,033,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2010/05/01 20:12:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2010/05/01 20:12:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2010/05/01 20:12:55 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irenum.sys
[2010/05/01 20:12:54 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2010/05/01 20:12:54 | 000,070,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2010/05/01 20:12:54 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\batt.dll
[2010/05/01 20:12:54 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2010/05/01 20:12:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2010/05/01 20:12:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Menu Démarrer
[2010/05/01 20:12:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/05/01 20:12:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Modèles
[2010/05/01 20:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favoris
[2010/05/01 20:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Bureau
[2010/05/01 20:12:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/05/01 20:12:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/05/01 20:12:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/05/01 20:12:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/05/01 20:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/05/01 20:12:11 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/05/01 20:11:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Gigi\IECompatCache
[2010/05/01 20:10:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Gigi\PrivacIE
[2010/05/01 20:10:14 | 002,469,888 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2010/05/01 20:10:14 | 000,221,239 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stacsv.exe
[2010/05/01 20:10:11 | 000,442,433 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
[2010/05/01 20:09:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Gigi\IETldCache
[2010/05/01 20:05:04 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/05/01 20:05:04 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/05/01 20:05:04 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/05/01 20:05:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\NLDRV
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-fr
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1036
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/05/01 20:05:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010/05/01 19:58:49 | 011,070,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/05/01 19:58:49 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/05/01 19:58:49 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/05/01 19:58:49 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/05/01 19:58:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/05/01 19:57:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/05/01 19:57:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/01 19:31:56 | 000,442,439 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stacapi.dll
[2010/05/01 19:30:37 | 000,272,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/05/01 19:30:23 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010/05/01 19:30:11 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/05/01 19:29:39 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/05/01 19:28:38 | 002,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/05/01 19:28:35 | 002,148,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/05/01 19:28:34 | 002,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/05/01 19:28:17 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2010/05/01 19:28:16 | 000,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2010/05/01 19:28:15 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2010/05/01 19:28:14 | 000,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2010/05/01 19:28:13 | 000,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2010/05/01 19:28:12 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2010/05/01 19:28:12 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2010/05/01 19:28:11 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2010/05/01 19:27:24 | 008,101,951 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\idtsg.cpl
[2010/05/01 19:27:21 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2010/05/01 19:27:21 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2010/05/01 19:27:19 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010/05/01 19:27:19 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2010/05/01 19:27:09 | 001,293,448 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys
[2010/05/01 19:27:09 | 000,164,352 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\staco.dll
[2010/05/01 19:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2010/05/01 19:25:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/05/01 19:25:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/05/01 19:14:29 | 000,044,544 | ---- | C] (Absolute Software Corp.) -- C:\WINDOWS\System32\agremove.exe
[2010/05/01 19:04:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/05/01 19:02:08 | 003,630,080 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\NETw5x32.sys
[2010/05/01 19:02:08 | 002,756,608 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NETw5r32.dll
[2010/05/01 19:02:08 | 000,659,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NETw5c32.dll
[2010/05/01 19:00:03 | 000,090,880 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys
[2010/05/01 19:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/05/01 19:00:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2010/05/01 18:58:39 | 006,047,904 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\igxpmp32.sys
[2010/05/01 18:58:39 | 000,278,528 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2010/05/01 18:58:39 | 000,278,528 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2010/05/01 18:58:39 | 000,258,048 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2010/05/01 18:58:39 | 000,258,048 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2010/05/01 18:58:39 | 000,258,048 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2010/05/01 18:58:39 | 000,253,952 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2010/05/01 18:58:39 | 000,237,568 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2010/05/01 18:58:39 | 000,225,280 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2010/05/01 18:58:39 | 000,184,320 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2010/05/01 18:58:39 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2010/05/01 18:58:39 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe
[2010/05/01 18:58:39 | 000,057,344 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxprd32.dll
[2010/05/01 18:58:39 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2010/05/01 18:58:38 | 002,352,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdv32.dll
[2010/05/01 18:58:38 | 002,277,376 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ig4dev32.dll
[2010/05/01 18:58:38 | 000,229,376 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2010/05/01 18:58:38 | 000,106,496 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2010/05/01 18:58:38 | 000,052,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2010/05/01 18:58:37 | 005,672,960 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2010/05/01 18:58:37 | 003,862,528 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ig4icd32.dll
[2010/05/01 18:58:37 | 003,401,216 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdx32.dll
[2010/05/01 18:58:37 | 000,651,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2010/05/01 18:58:37 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2010/05/01 18:58:37 | 000,278,528 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2010/05/01 18:58:37 | 000,278,528 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2010/05/01 18:58:37 | 000,274,432 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2010/05/01 18:58:37 | 000,270,336 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2010/05/01 18:58:37 | 000,266,240 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2010/05/01 18:58:37 | 000,266,240 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2010/05/01 18:58:37 | 000,262,144 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2010/05/01 18:58:37 | 000,262,144 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2010/05/01 18:58:37 | 000,258,048 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsky.lrc
[2010/05/01 18:58:37 | 000,258,048 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2010/05/01 18:58:37 | 000,253,952 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrslv.lrc
[2010/05/01 18:58:37 | 000,253,952 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2010/05/01 18:58:37 | 000,249,856 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2010/05/01 18:58:37 | 000,217,088 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdev.dll
[2010/05/01 18:58:37 | 000,212,992 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2010/05/01 18:58:37 | 000,181,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpgd32.dll
[2010/05/01 18:58:37 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2010/05/01 18:58:37 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2010/05/01 18:58:37 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2010/05/01 18:58:37 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2010/05/01 18:58:36 | 000,920,088 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\igxpun.exe
[2010/05/01 18:58:36 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2010/05/01 18:58:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/05/01 18:56:27 | 000,017,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/05/01 18:56:25 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010/05/01 18:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/05/01 18:56:05 | 000,196,608 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCtrl.dll
[2010/05/01 18:56:05 | 000,181,176 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\drivers\SynTP.sys
[2010/05/01 18:56:05 | 000,143,360 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPAPI.dll
[2010/05/01 18:56:05 | 000,110,592 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPCo4.dll
[2010/05/01 18:56:04 | 000,163,840 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCOM.dll
[2010/05/01 18:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/05/01 18:54:45 | 000,000,000 | ---D | C] -- C:\Intel
[2010/05/01 18:54:15 | 000,011,264 | ---- | C] (Chicony Electronics Co., Ltd.) -- C:\WINDOWS\System32\drivers\UVCFTR_S.SYS
[2010/05/01 18:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\Camera Assistant Software for Gateway
[2010/05/01 18:53:52 | 000,126,976 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\Imsmudlg.exe
[2010/05/01 18:53:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ENU
[2010/05/01 18:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/05/01 18:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Application Data\InstallShield
[2010/05/01 18:51:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/05/01 18:51:46 | 000,059,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RTSTOR.sys
[2010/05/01 18:51:46 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/05/01 18:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\InstallShield
[2010/05/01 18:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/05/01 18:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/05/01 18:39:41 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/05/01 18:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/05/01 18:32:57 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2010/05/01 18:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\USB-set
[2010/05/01 18:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\usb-set
[2010/05/01 18:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Application Data\Identities
[2010/05/01 18:27:16 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/05/01 18:27:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gigi\Mes documents\Mes images
[2010/05/01 18:27:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gigi\Mes documents\Ma musique
[2010/05/01 18:27:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Gigi\Application Data\Microsoft
[2010/05/01 18:27:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gigi\SendTo
[2010/05/01 18:27:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gigi\Recent
[2010/05/01 18:27:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gigi\Application Data
[2010/05/01 18:27:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gigi\Mes documents
[2010/05/01 18:27:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gigi\Menu Démarrer
[2010/05/01 18:27:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gigi\Favoris
[2010/05/01 18:27:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Gigi\Cookies
[2010/05/01 18:27:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Gigi\Voisinage réseau
[2010/05/01 18:27:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Gigi\Voisinage d'impression
[2010/05/01 18:27:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Gigi\Modèles
[2010/05/01 18:27:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Gigi\Local Settings
[2010/05/01 18:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Local Settings\Application Data\Microsoft
[2010/05/01 18:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gigi\Bureau
[2010/05/01 18:26:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/05/01 18:26:23 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/05/01 18:26:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/01 18:26:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/05/01 18:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/05/01 18:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/05/01 18:26:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/05/01 18:25:12 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/05/01 18:25:12 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/05/01 18:25:12 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/05/01 18:25:11 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/05/01 18:25:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/05/01 18:25:11 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/05/01 18:25:10 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2010/05/01 18:25:10 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2010/05/01 18:25:10 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/05/01 18:25:10 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/05/01 18:25:10 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2010/05/01 18:25:09 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2010/05/01 18:25:09 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/05/01 18:25:09 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2010/05/01 18:25:09 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/05/01 18:25:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2010/05/01 18:25:09 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010/05/01 18:25:08 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/05/01 18:25:07 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2010/05/01 18:25:07 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/05/01 18:25:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/05/01 18:25:06 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2010/05/01 18:25:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/05/01 18:25:05 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/05/01 18:25:05 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/05/01 18:25:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/05/01 18:25:05 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/05/01 18:25:04 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/05/01 18:25:04 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/05/01 18:25:04 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/05/01 18:25:04 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/05/01 18:25:02 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2010/05/01 18:25:02 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2010/05/01 18:25:02 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2010/05/01 18:25:02 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2010/05/01 18:25:01 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/05/01 18:25:01 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/05/01 18:24:59 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010/05/01 18:24:59 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010/05/01 18:24:59 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010/05/01 18:24:59 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010/05/01 18:24:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010/05/01 18:24:59 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/05/01 18:24:59 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010/05/01 18:24:59 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/05/01 18:24:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010/05/01 18:24:58 | 000,466,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010/05/01 18:24:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/05/01 18:24:57 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010/05/01 18:24:57 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/05/01 18:24:57 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/05/01 18:24:57 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/05/01 18:24:57 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/05/01 18:24:57 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/05/01 18:24:57 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/05/01 18:24:57 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2010/05/01 18:24:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/05/01 18:24:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/05/01 18:24:56 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/05/01 18:24:56 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/05/01 18:24:56 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/05/01 18:24:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/05/01 18:24:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/05/01 18:24:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/05/01 18:24:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/05/01 18:24:56 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/05/01 18:24:56 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/05/01 18:24:53 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2010/05/01 18:24:53 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/05/01 18:24:53 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/05/01 18:24:52 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/05/01 18:24:52 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/05/01 18:24:52 | 000,029,184 | ---- | C] (RICOH Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/05/01 18:24:52 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2010/05/01 18:24:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2010/05/01 18:24:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/05/01 18:24:51 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2010/05/01 18:24:50 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/05/01 18:24:50 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/05/01 18:24:49 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/05/01 18:24:49 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2010/05/01 18:24:49 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/05/01 18:24:49 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/05/01 18:24:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2010/05/01 18:24:47 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/05/01 18:24:47 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/05/01 18:24:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/05/01 18:24:46 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/05/01 18:24:46 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/05/01 18:24:46 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/05/01 18:24:46 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/05/01 18:24:46 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/05/01 18:24:45 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2010/05/01 18:24:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2010/05/01 18:24:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/05/01 18:24:44 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/05/01 18:24:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/05/01 18:24:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/05/01 18:24:42 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2010/05/01 18:24:42 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/05/01 18:24:41 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2010/05/01 18:24:40 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/05/01 18:24:39 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/05/01 18:24:38 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiregmv.exe
[2010/05/01 18:24:37 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/05/01 18:24:37 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/05/01 18:24:33 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/05/01 18:24:33 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/05/01 18:24:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010/05/01 18:24:32 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2010/05/01 18:24:32 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2010/05/01 18:24:32 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2010/05/01 18:24:31 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/05/01 18:24:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010/05/01 18:24:30 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010/05/01 18:24:30 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2010/05/01 18:24:30 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010/05/01 18:24:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2010/05/01 18:24:28 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/05/01 18:24:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/05/01 18:24:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/05/01 18:24:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/05/01 18:24:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/05/01 18:24:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/05/01 18:24:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/05/01 18:24:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/05/01 18:24:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/05/01 18:24:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010/05/01 18:24:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010/05/01 18:24:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/05/01 18:24:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/05/01 18:24:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/05/01 18:24:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/05/01 18:24:26 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010/05/01 18:24:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/05/01 18:24:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/05/01 18:24:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/05/01 18:24:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/05/01 18:24:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/05/01 18:24:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/05/01 18:24:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/05/01 18:24:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/05/01 18:24:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/05/01 18:24:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/05/01 18:24:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2010/05/01 18:24:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2010/05/01 18:24:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/05/01 18:24:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2010/05/01 18:24:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/05/01 18:24:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/05/01 18:24:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/05/01 18:24:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/05/01 18:24:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/05/01 18:24:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/05/01 18:24:25 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/05/01 18:24:25 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/05/01 18:24:24 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010/05/01 18:24:24 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2010/05/01 18:24:24 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/05/01 18:24:24 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2010/05/01 18:24:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2010/05/01 18:24:23 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2010/05/01 18:24:23 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2010/05/01 18:24:22 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/05/01 18:24:22 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/05/01 18:24:22 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2010/05/01 18:24:21 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/05/01 18:24:21 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/05/01 18:24:21 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/05/01 18:24:21 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/05/01 18:24:21 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/05/01 18:24:21 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/05/01 18:24:20 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/05/01 18:24:20 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/05/01 18:24:20 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/05/01 18:24:20 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/05/01 18:24:20 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/05/01 18:24:20 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/05/01 18:24:19 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/05/01 18:24:19 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/05/01 18:24:19 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/05/01 18:24:19 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/05/01 18:24:19 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/05/01 18:24:18 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/05/01 18:24:18 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/05/01 18:24:18 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/05/01 18:24:18 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2010/05/01 18:24:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/05/01 18:24:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2010/05/01 18:24:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2010/05/01 18:24:18 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2010/05/01 18:24:17 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2010/05/01 18:24:17 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2010/05/01 18:24:17 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2010/05/01 18:24:17 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010/05/01 18:24:12 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/05/01 18:23:59 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/05/01 18:23:59 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2010/05/01 18:23:59 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2010/05/01 18:23:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2010/05/01 18:23:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010/05/01 18:23:58 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/05/01 18:23:57 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2010/05/01 18:23:56 | 000,563,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010/05/01 18:23:56 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010/05/01 18:23:56 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010/05/01 18:23:56 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010/05/01 18:23:56 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010/05/01 18:23:56 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010/05/01 18:23:56 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010/05/01 18:23:56 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/05/01 18:23:56 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/05/01 18:23:55 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010/05/01 18:23:55 | 000,238,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010/05/01 18:23:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010/05/01 18:23:55 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/05/01 18:23:55 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010/05/01 18:23:55 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010/05/01 18:23:55 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010/05/01 18:23:55 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010/05/01 18:23:55 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010/05/01 18:23:55 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010/05/01 18:23:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010/05/01 18:23:54 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010/05/01 18:23:54 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2010/05/01 18:23:54 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/05/01 18:23:54 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010/05/01 18:23:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/05/01 18:23:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2010/05/01 18:23:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/05/01 18:23:53 | 000,618,605 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4autl.dll
[2010/05/01 18:23:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/05/01 18:23:53 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2010/05/01 18:23:53 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/05/01 18:23:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010/05/01 18:23:52 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010/05/01 18:23:52 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010/05/01 18:23:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010/05/01 18:23:52 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/05/01 18:23:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2010/05/01 18:23:51 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/05/01 18:23:51 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/05/01 18:23:51 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/05/01 18:23:50 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2010/05/01 18:23:47 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/05/01 18:23:47 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2010/05/01 18:23:46 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/05/01 18:23:45 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/05/01 18:23:45 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2010/05/01 18:23:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2010/05/01 18:23:45 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2010/05/01 18:23:44 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2010/05/01 18:23:43 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/05/01 18:23:43 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/05/01 18:23:43 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/05/01 18:23:42 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/05/01 18:23:42 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/05/01 18:23:42 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/05/01 18:23:42 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/05/01 18:23:41 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/05/01 18:23:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/05/01 18:23:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/05/01 18:23:41 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/05/01 18:23:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/05/01 18:23:40 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/05/01 18:23:40 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/05/01 18:23:39 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2010/05/01 18:23:39 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/05/01 18:23:34 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2010/05/01 18:23:33 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2010/05/01 18:23:32 | 000,377,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2010/05/01 18:23:32 | 000,334,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010/05/01 18:23:32 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2010/05/01 18:23:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2010/05/01 18:23:31 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2010/05/01 18:23:31 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/05/01 18:23:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010/05/01 18:23:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010/05/01 18:23:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010/05/01 18:23:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010/05/01 18:23:30 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010/05/01 18:23:30 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010/05/01 18:23:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/05/01 18:23:29 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2010/05/01 18:23:29 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2010/05/01 18:23:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2010/05/01 18:23:26 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2010/05/01 18:23:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2010/05/01 18:23:26 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2010/05/01 18:23:26 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010/05/01 18:23:25 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2010/05/01 18:23:25 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2010/05/01 18:23:25 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010/05/01 18:23:25 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2010/05/01 18:23:22 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2010/05/01 18:23:21 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2010/05/01 18:23:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010/05/01 18:23:21 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2010/05/01 18:23:21 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010/05/01 18:23:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2010/05/01 18:23:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/05/01 18:23:20 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2010/05/01 18:23:20 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2010/05/01 18:23:20 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2010/05/01 18:23:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2010/05/01 18:23:20 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010/05/01 18:23:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010/05/01 18:23:19 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/05/01 18:23:19 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/05/01 18:23:19 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/05/01 18:23:19 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2010/05/01 18:23:19 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/05/01 18:23:19 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2010/05/01 18:23:19 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010/05/01 18:23:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010/05/01 18:23:18 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2010/05/01 18:23:18 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2010/05/01 18:23:18 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2010/05/01 18:23:18 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2010/05/01 18:23:18 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2010/05/01 18:23:18 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2010/05/01 18:23:18 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2010/05/01 18:23:18 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2010/05/01 18:23:18 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2010/05/01 18:23:17 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2010/05/01 18:23:17 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/05/01 18:23:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010/05/01 18:23:17 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2010/05/01 18:23:17 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2010/05/01 18:23:16 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2010/05/01 18:23:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2010/05/01 18:23:16 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010/05/01 18:23:16 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2010/05/01 18:23:16 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2010/05/01 18:23:14 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010/05/01 18:23:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/05/01 18:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/05/01 18:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/05/01 18:22:48 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2010/05/01 18:22:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/05/01 18:22:07 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/05/01 18:22:07 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/05/01 18:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Services en ligne
[2010/05/01 18:21:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/05/01 18:21:38 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2010/05/01 18:21:38 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2010/05/01 18:21:38 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2010/05/01 18:21:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2010/05/01 18:21:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2010/05/01 18:21:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2010/05/01 18:21:28 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2010/05/01 18:21:27 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2010/05/01 18:21:27 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2010/05/01 18:21:27 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2010/05/01 18:21:26 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2010/05/01 18:21:26 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2010/05/01 18:21:26 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2010/05/01 18:21:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2010/05/01 18:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Services
[2010/05/01 18:21:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2010/05/01 18:21:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2010/05/01 18:21:23 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/05/01 18:21:22 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2010/05/01 18:21:22 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2010/05/01 18:21:22 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2010/05/01 18:21:22 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2010/05/01 18:21:22 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2010/05/01 18:21:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2010/05/01 18:21:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/05/01 18:21:21 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2010/05/01 18:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\MSSoap
[2010/05/01 18:21:18 | 000,727,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchui.dll
[2010/05/01 18:21:18 | 000,058,434 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchctls.dll
[2010/05/01 18:21:17 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2010/05/01 18:21:17 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\VGX.dll
[2010/05/01 18:21:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/05/01 18:21:16 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2010/05/01 18:21:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/05/01 18:21:15 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2010/05/01 18:21:15 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2010/05/01 18:21:15 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2010/05/01 18:21:15 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2010/05/01 18:21:14 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2010/05/01 18:21:14 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2010/05/01 18:21:14 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2010/05/01 18:21:14 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2010/05/01 18:21:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2010/05/01 18:21:14 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/05/01 18:21:13 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2010/05/01 18:21:13 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2010/05/01 18:21:13 | 000,209,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2010/05/01 18:21:13 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2010/05/01 18:21:13 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng1.dll
[2010/05/01 18:21:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll
[2010/05/01 18:21:12 | 001,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2010/05/01 18:21:12 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2010/05/01 18:21:12 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2010/05/01 18:21:12 | 000,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2010/05/01 18:21:12 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2010/05/01 18:21:12 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt1.exe
[2010/05/01 18:21:12 | 000,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2010/05/01 18:21:12 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2010/05/01 18:21:12 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2010/05/01 18:21:11 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2010/05/01 18:21:11 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2010/05/01 18:21:11 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgrprxy.dll
[2010/05/01 18:21:11 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx2.dll
[2010/05/01 18:21:11 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2010/05/01 18:21:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx4.dll
[2010/05/01 18:21:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/05/01 18:21:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx3.dll
[2010/05/01 18:21:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2010/05/01 18:21:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res2.dll
[2010/05/01 18:21:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2eres.dll
[2010/05/01 18:21:08 | 004,290,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2010/05/01 18:21:08 | 000,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2010/05/01 18:21:08 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll
[2010/05/01 18:21:08 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2010/05/01 18:21:08 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll
[2010/05/01 18:21:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ext.dll
[2010/05/01 18:21:07 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/05/01 18:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/05/01 18:20:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobdl.dll
[2010/05/01 18:20:51 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2010/05/01 18:20:51 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobcomm.dll
[2010/05/01 18:20:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2010/05/01 18:20:51 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobshel.dll
[2010/05/01 18:20:51 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2010/05/01 18:20:51 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobweb.dll
[2010/05/01 18:20:48 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2010/05/01 18:20:48 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2010/05/01 18:20:48 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrslv.dll
[2010/05/01 18:20:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2010/05/01 18:20:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrcdlg.dll
[2010/05/01 18:20:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2010/05/01 18:20:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\racpldlg.dll
[2010/05/01 18:20:48 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2010/05/01 18:20:48 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrdm.dll
[2010/05/01 18:20:47 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchshell.dll
[2010/05/01 18:20:47 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchsvc.dll
[2010/05/01 18:20:45 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2010/05/01 18:20:45 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2010/05/01 18:20:44 | 000,769,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpctr.exe
[2010/05/01 18:20:44 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/05/01 18:20:44 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2010/05/01 18:20:43 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstrui.exe
[2010/05/01 18:20:43 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2010/05/01 18:20:43 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srrstr.dll
[2010/05/01 18:20:43 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srsvc.dll
[2010/05/01 18:20:43 | 000,129,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2010/05/01 18:20:43 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srclient.dll
[2010/05/01 18:20:43 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2010/05/01 18:20:43 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2010/05/01 18:20:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/05/01 18:20:42 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2010/05/01 18:20:42 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ils.dll
[2010/05/01 18:20:42 | 000,073,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sr.sys
[2010/05/01 18:20:42 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2010/05/01 18:20:42 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.dll
[2010/05/01 18:20:42 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2010/05/01 18:20:42 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\isrdbg32.dll
[2010/05/01 18:20:41 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2010/05/01 18:20:41 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2010/05/01 18:20:41 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconf.dll
[2010/05/01 18:20:41 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcap32.dll
[2010/05/01 18:20:41 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmsrvc.exe
[2010/05/01 18:20:41 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2010/05/01 18:20:41 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmmkcert.dll
[2010/05/01 18:20:41 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmasnt.dll
[2010/05/01 18:20:40 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2010/05/01 18:20:40 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2010/05/01 18:20:40 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rrcm.dll
[2010/05/01 18:20:40 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323cc.dll
[2010/05/01 18:20:40 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmrsl.dll
[2010/05/01 18:20:39 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2010/05/01 18:20:39 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmwb.dll
[2010/05/01 18:20:39 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2010/05/01 18:20:39 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2010/05/01 18:20:39 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmchat.dll
[2010/05/01 18:20:39 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmcom.dll
[2010/05/01 18:20:39 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst123.dll
[2010/05/01 18:20:38 | 001,044,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conf.exe
[2010/05/01 18:20:38 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2010/05/01 18:20:38 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeacct.dll
[2010/05/01 18:20:38 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2010/05/01 18:20:38 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoert2.dll
[2010/05/01 18:20:38 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2010/05/01 18:20:38 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/05/01 18:20:38 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabfind.dll
[2010/05/01 18:20:38 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2010/05/01 18:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/05/01 18:20:37 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/05/01 18:20:37 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2010/05/01 18:20:37 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32res.dll
[2010/05/01 18:20:37 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2010/05/01 18:20:37 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2010/05/01 18:20:37 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetres.dll
[2010/05/01 18:20:36 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oeimport.dll
[2010/05/01 18:20:36 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe
[2010/05/01 18:20:35 | 002,534,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeres.dll
[2010/05/01 18:20:35 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe
[2010/05/01 18:20:35 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2010/05/01 18:20:35 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemiglib.dll
[2010/05/01 18:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/05/01 18:20:34 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstask.dll
[2010/05/01 18:20:34 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schedsvc.dll
[2010/05/01 18:20:34 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2010/05/01 18:20:34 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdial.dll
[2010/05/01 18:20:34 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2010/05/01 18:20:34 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwphbk.dll
[2010/05/01 18:20:34 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2010/05/01 18:20:34 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstinit.exe
[2010/05/01 18:20:33 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2010/05/01 18:20:33 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2010/05/01 18:20:33 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/05/01 18:20:33 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2010/05/01 18:20:32 | 000,554,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dao360.dll
[2010/05/01 18:20:32 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2010/05/01 18:20:32 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2010/05/01 18:20:32 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2010/05/01 18:20:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn.dll
[2010/05/01 18:20:32 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwutil.dll
[2010/05/01 18:20:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2010/05/01 18:20:32 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2010/05/01 18:20:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2010/05/01 18:20:31 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2010/05/01 18:20:31 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2010/05/01 18:20:31 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32r.dll
[2010/05/01 18:20:30 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2010/05/01 18:20:30 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2010/05/01 18:20:30 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2010/05/01 18:20:30 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatl3.dll
[2010/05/01 18:20:30 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaosp.dll
[2010/05/01 18:20:30 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxactps.dll
[2010/05/01 18:20:30 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatt.dll
[2010/05/01 18:20:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasqlr.dll
[2010/05/01 18:20:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaorar.dll
[2010/05/01 18:20:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaurl.dll
[2010/05/01 18:20:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasc.dll
[2010/05/01 18:20:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaer.dll
[2010/05/01 18:20:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaenum.dll
[2010/05/01 18:20:29 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2010/05/01 18:20:29 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2010/05/01 18:20:29 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2010/05/01 18:20:29 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2010/05/01 18:20:29 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2010/05/01 18:20:29 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2010/05/01 18:20:29 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2010/05/01 18:20:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2010/05/01 18:20:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2010/05/01 18:20:29 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadrh15.dll
[2010/05/01 18:20:29 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msador15.dll
[2010/05/01 18:20:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msader15.dll
[2010/05/01 18:20:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadc.dll
[2010/05/01 18:20:28 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/05/01 18:20:28 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2010/05/01 18:20:28 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2010/05/01 18:20:28 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2010/05/01 18:20:28 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdarem.dll
[2010/05/01 18:20:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcf.dll
[2010/05/01 18:20:28 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcs.dll
[2010/05/01 18:20:28 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdfmap.dll
[2010/05/01 18:20:28 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaddsr.dll
[2010/05/01 18:20:28 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcer.dll
[2010/05/01 18:20:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaremr.dll
[2010/05/01 18:20:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprsr.dll
[2010/05/01 18:20:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcor.dll
[2010/05/01 18:20:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcfr.dll
[2010/05/01 18:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\System
[2010/05/01 18:20:26 | 000,638,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2010/05/01 18:20:26 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2010/05/01 18:20:26 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2010/05/01 18:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/05/01 18:20:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Mes images
[2010/05/01 18:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/05/01 18:20:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/05/01 18:20:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Ma musique
[2010/05/01 18:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/05/01 18:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/05/01 18:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/05/01 18:19:56 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2010/05/01 18:19:55 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2010/05/01 18:19:55 | 000,781,397 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2010/05/01 18:19:55 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2010/05/01 18:19:55 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2010/05/01 18:19:55 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2010/05/01 18:19:55 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2010/05/01 18:19:55 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2010/05/01 18:19:55 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2010/05/01 18:19:55 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2010/05/01 18:19:54 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2010/05/01 18:19:54 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2010/05/01 18:19:54 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2010/05/01 18:19:54 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2010/05/01 18:19:54 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2010/05/01 18:19:54 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2010/05/01 18:19:54 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2010/05/01 18:19:54 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2010/05/01 18:19:54 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2010/05/01 18:19:53 | 001,042,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2010/05/01 18:19:53 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2010/05/01 18:19:53 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2010/05/01 18:19:52 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2010/05/01 18:19:52 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2010/05/01 18:19:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2010/05/01 18:19:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2010/05/01 18:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/05/01 18:19:43 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2010/05/01 18:19:43 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2010/05/01 18:19:43 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2010/05/01 18:19:43 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2010/05/01 18:19:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2010/05/01 18:19:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2010/05/01 18:19:43 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2010/05/01 18:19:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2010/05/01 18:19:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2010/05/01 18:19:43 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2010/05/01 18:19:42 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2010/05/01 18:19:42 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2010/05/01 18:19:35 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2010/05/01 18:19:35 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2010/05/01 18:19:35 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2010/05/01 18:19:35 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2010/05/01 18:19:35 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2010/05/01 18:19:35 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2010/05/01 18:19:34 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2010/05/01 18:19:34 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2010/05/01 18:19:34 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2010/05/01 18:19:34 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2010/05/01 18:19:34 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2010/05/01 18:19:34 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2010/05/01 18:19:34 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2010/05/01 18:19:34 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2010/05/01 18:19:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2010/05/01 18:19:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2010/05/01 18:19:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2010/05/01 18:19:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2010/05/01 18:19:33 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2010/05/01 18:19:33 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2010/05/01 18:19:33 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2010/05/01 18:19:33 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2010/05/01 18:19:33 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2010/05/01 18:19:33 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2010/05/01 18:19:33 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2010/05/01 18:19:33 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2010/05/01 18:19:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2010/05/01 18:19:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2010/05/01 18:19:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2010/05/01 18:19:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2010/05/01 18:19:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2010/05/01 18:19:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2010/05/01 18:19:33 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2010/05/01 18:19:33 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2010/05/01 18:19:33 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2010/05/01 18:19:33 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2010/05/01 18:19:32 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2010/05/01 18:19:32 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2010/05/01 18:19:32 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2010/05/01 18:19:32 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2010/05/01 18:19:32 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2010/05/01 18:19:32 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2010/05/01 18:19:32 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2010/05/01 18:19:31 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2010/05/01 18:19:28 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2010/05/01 18:19:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2010/05/01 18:19:28 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2010/05/01 18:19:27 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2010/05/01 18:19:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2010/05/01 18:19:27 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2010/05/01 18:19:27 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2010/05/01 18:19:27 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2010/05/01 18:19:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2010/05/01 18:19:27 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2010/05/01 18:19:27 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2010/05/01 18:19:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2010/05/01 18:19:27 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2010/05/01 18:19:26 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2010/05/01 18:19:26 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2010/05/01 18:19:26 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2010/05/01 18:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/05/01 18:19:12 | 000,284,160 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/05/01 18:19:12 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2010/05/01 18:19:12 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2010/05/01 18:19:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl
[2010/05/01 18:19:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2010/05/01 18:19:11 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2010/05/01 18:19:11 | 000,354,304 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2010/05/01 18:19:11 | 000,133,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2010/05/01 18:19:11 | 000,133,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2010/05/01 18:19:11 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2010/05/01 18:19:11 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2010/05/01 18:19:10 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2010/05/01 18:19:10 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2010/05/01 18:19:10 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2010/05/01 18:19:10 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2010/05/01 18:19:10 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2010/05/01 18:19:10 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2010/05/01 18:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/05/01 18:19:09 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2010/05/01 18:19:09 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2010/05/01 18:19:09 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscfgwmi.dll
[2010/05/01 18:19:09 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys
[2010/05/01 18:19:09 | 000,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys
[2010/05/01 18:19:08 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/05/01 18:19:08 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rhttpaa.dll
[2010/05/01 18:19:08 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aaclient.dll
[2010/05/01 18:19:08 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/05/01 18:19:08 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/05/01 18:19:08 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsgqec.dll
[2010/05/01 18:19:07 | 002,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2010/05/01 18:19:07 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2010/05/01 18:19:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2010/05/01 18:19:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe
[2010/05/01 18:19:07 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\remotepg.dll
[2010/05/01 18:19:07 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2010/05/01 18:19:07 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe
[2010/05/01 18:19:06 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2010/05/01 18:19:06 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2010/05/01 18:19:06 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2010/05/01 18:19:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2010/05/01 18:19:06 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2010/05/01 18:19:06 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwsx.dll
[2010/05/01 18:19:06 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2010/05/01 18:19:06 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe
[2010/05/01 18:19:06 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2010/05/01 18:19:06 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe
[2010/05/01 18:19:06 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2010/05/01 18:19:06 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpsnd.dll
[2010/05/01 18:19:05 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2010/05/01 18:19:05 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2010/05/01 18:19:05 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2010/05/01 18:19:05 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2010/05/01 18:19:05 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2010/05/01 18:19:05 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2010/05/01 18:19:05 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2010/05/01 18:19:05 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2010/05/01 18:19:05 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgbkend.dll
[2010/05/01 18:19:05 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2010/05/01 18:19:05 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2010/05/01 18:19:05 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll
[2010/05/01 18:19:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/05/01 18:19:04 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2010/05/01 18:19:04 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2010/05/01 18:19:04 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2010/05/01 18:19:04 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xolehlp.dll
[2010/05/01 18:19:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtc.exe
[2010/05/01 18:19:03 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2010/05/01 18:19:03 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2010/05/01 18:19:03 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2010/05/01 18:19:03 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2010/05/01 18:19:03 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2010/05/01 18:19:03 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2010/05/01 18:19:03 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2010/05/01 18:19:03 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2010/05/01 18:19:03 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2010/05/01 18:19:03 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2010/05/01 18:19:03 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2010/05/01 18:19:03 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2010/05/01 18:19:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2010/05/01 18:19:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2010/05/01 18:19:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2010/05/01 18:19:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2010/05/01 18:19:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2010/05/01 18:19:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/05/01 18:19:02 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvut.dll
[2010/05/01 18:19:02 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2010/05/01 18:19:02 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrv.dll
[2010/05/01 18:19:02 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2010/05/01 18:19:02 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatex.dll
[2010/05/01 18:19:02 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2010/05/01 18:19:02 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvps.dll
[2010/05/01 18:19:02 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2010/05/01 18:19:02 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2010/05/01 18:19:02 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2010/05/01 18:19:01 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsvcs.dll
[2010/05/01 18:19:01 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2010/05/01 18:19:01 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2010/05/01 18:19:01 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2010/05/01 18:19:01 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatq.dll
[2010/05/01 18:19:01 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2010/05/01 18:19:01 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2010/05/01 18:18:59 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmisvc.dll
[2010/05/01 18:18:59 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiutils.dll
[2010/05/01 18:18:58 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmic.exe
[2010/05/01 18:18:58 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2010/05/01 18:18:58 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2010/05/01 18:18:58 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprov.dll
[2010/05/01 18:18:58 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2010/05/01 18:18:58 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2010/05/01 18:18:58 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapsrv.exe
[2010/05/01 18:18:58 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiaprpl.dll
[2010/05/01 18:18:58 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipjobj.dll
[2010/05/01 18:18:58 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipiprt.dll
[2010/05/01 18:18:58 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmicookr.dll
[2010/05/01 18:18:58 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipsess.dll
[2010/05/01 18:18:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapres.dll
[2010/05/01 18:18:57 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcore.dll
[2010/05/01 18:18:57 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemess.dll
[2010/05/01 18:18:57 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcomn.dll
[2010/05/01 18:18:57 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2010/05/01 18:18:57 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll
[2010/05/01 18:18:57 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2010/05/01 18:18:57 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2010/05/01 18:18:57 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2010/05/01 18:18:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcons.dll
[2010/05/01 18:18:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemsvc.dll
[2010/05/01 18:18:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemprox.dll
[2010/05/01 18:18:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2010/05/01 18:18:56 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2010/05/01 18:18:56 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\repdrvfs.dll
[2010/05/01 18:18:56 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\policman.dll
[2010/05/01 18:18:56 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdprov.dll
[2010/05/01 18:18:56 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2010/05/01 18:18:55 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\framedyn.dll
[2010/05/01 18:18:55 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofd.dll
[2010/05/01 18:18:55 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ncprov.dll
[2010/05/01 18:18:55 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\krnlprov.dll
[2010/05/01 18:18:55 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2010/05/01 18:18:54 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cimwin32.dll
[2010/05/01 18:18:54 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esscli.dll
[2010/05/01 18:18:54 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2010/05/01 18:18:54 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\servdeps.dll
[2010/05/01 18:18:53 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2010/05/01 18:18:53 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2010/05/01 18:18:53 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2010/05/01 18:18:53 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licwmi.dll
[2010/05/01 18:18:53 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2010/05/01 18:18:53 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmfutil.dll
[2010/05/01 18:18:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Mes vidéos
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/06 19:55:20 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\agremove.exe
[2010/05/06 19:52:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/06 19:52:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/06 19:52:08 | 3211,186,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/06 19:51:10 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Gigi\NTUSER.DAT
[2010/05/06 19:51:10 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Gigi\ntuser.ini
[2010/05/06 19:23:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gigi\Bureau\OTL.exe
[2010/05/06 19:07:46 | 000,216,950 | ---- | M] () -- C:\Documents and Settings\Gigi\Bureau\Howto.pdf
[2010/05/06 18:57:48 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/06 18:57:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/06 18:57:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/06 00:10:29 | 000,001,532 | ---- | M] () -- C:\Documents and Settings\Gigi\Bureau\ImgBurn.lnk
[2010/05/05 23:56:37 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/05/05 23:49:00 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/05/05 23:48:59 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/05/02 23:29:34 | 000,000,108 | ---- | M] () -- C:\index.ini
[2010/05/02 23:08:51 | 000,003,007 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/02 22:11:38 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\a-squared HiJackFree.lnk
[2010/05/02 21:24:11 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\a-squared Free.lnk
[2010/05/02 21:02:08 | 000,392,355 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100502-210537.backup
[2010/05/02 20:39:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100502-210208.backup
[2010/05/02 17:34:45 | 000,775,210 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/02 17:34:45 | 000,368,314 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/05/02 17:34:45 | 000,311,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/02 17:34:45 | 000,049,054 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/05/02 17:34:45 | 000,040,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/02 16:09:04 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/02 14:56:54 | 000,000,639 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\WinMerge.lnk
[2010/05/02 02:25:02 | 000,625,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\autochk.exe
[2010/05/02 02:25:02 | 000,625,152 | ---- | M] () -- C:\WINDOWS\System32\autochk.exe
[2010/05/01 23:19:50 | 000,392,355 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100501-232614.backup
[2010/05/01 23:14:29 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\Gigi\Bureau\Spybot - Search & Destroy.lnk
[2010/05/01 22:46:09 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\TrueCrypt.lnk
[2010/05/01 22:46:08 | 000,223,440 | ---- | M] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys
[2010/05/01 21:56:26 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2010/05/01 20:33:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100501-231950.backup
[2010/05/01 20:31:48 | 006,406,492 | -H-- | M] () -- C:\Documents and Settings\Gigi\Local Settings\Application Data\IconCache.db
[2010/05/01 20:25:11 | 003,925,102 | R--- | M] () -- C:\Documents and Settings\Gigi\Bureau\ComboFix.exe
[2010/05/01 20:17:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/01 20:17:03 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/05/01 20:15:47 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/05/01 20:13:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/05/01 20:09:04 | 000,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/01 18:57:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/05/01 18:56:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01000_Coinstaller_Critical.Wdf
[2010/05/01 18:47:41 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\StrmExt.dll
[2010/05/01 18:47:41 | 000,003,026 | ---- | M] () -- C:\WINDOWS\System32\RWStream.vbs
[2010/05/01 18:47:41 | 000,003,018 | ---- | M] () -- C:\WINDOWS\System32\HardLinks.vbs
[2010/05/01 18:46:50 | 000,000,950 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2010/05/01 18:39:41 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/05/01 18:35:40 | 000,001,377 | ---- | M] () -- C:\Documents and Settings\Gigi\Bureau\cmd.exe.lnk
[2010/05/01 18:32:29 | 000,000,620 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\USB-set.lnk
[2010/05/01 18:31:01 | 000,001,317 | ---- | M] () -- C:\Documents and Settings\Gigi\Bureau\explorer.lnk
[2010/05/01 18:28:12 | 000,012,328 | ---- | M] () -- C:\Documents and Settings\Gigi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/01 18:26:10 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/05/01 18:25:20 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/01 18:22:56 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/01 18:22:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/01 18:22:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/01 18:22:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/05/01 18:22:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/01 18:22:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/01 18:22:54 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/01 18:22:53 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/01 18:22:53 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/01 18:22:48 | 000,004,205 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/01 18:22:07 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/01 18:22:07 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/01 18:22:02 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/01 18:22:02 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/01 18:22:02 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/01 18:22:02 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/01 18:22:02 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/01 18:22:02 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/01 18:20:06 | 000,021,892 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/01 18:20:04 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/05/01 18:20:04 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/05/01 18:18:38 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/06 19:07:45 | 000,216,950 | ---- | C] () -- C:\Documents and Settings\Gigi\Bureau\Howto.pdf
[2010/05/06 00:10:29 | 000,001,532 | ---- | C] () -- C:\Documents and Settings\Gigi\Bureau\ImgBurn.lnk
[2010/05/05 23:56:37 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/05/02 22:56:24 | 000,000,108 | ---- | C] () -- C:\index.ini
[2010/05/02 22:11:38 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\a-squared HiJackFree.lnk
[2010/05/02 21:24:11 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\a-squared Free.lnk
[2010/05/02 21:05:37 | 000,392,355 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100502-210537.backup
[2010/05/02 21:02:08 | 000,000,027 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100502-210208.backup
[2010/05/02 15:51:11 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/05/02 14:56:54 | 000,000,639 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\WinMerge.lnk
[2010/05/01 23:26:14 | 000,392,355 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100501-232614.backup
[2010/05/01 23:19:50 | 000,000,027 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100501-231950.backup
[2010/05/01 23:14:29 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\Gigi\Bureau\Spybot - Search & Destroy.lnk
[2010/05/01 22:46:47 | 001,048,576 | ---- | C] () -- C:\Documents and Settings\Gigi\Mes documents\fs.cr
[2010/05/01 22:46:09 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\TrueCrypt.lnk
[2010/05/01 21:55:52 | 3211,186,176 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/01 20:28:16 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/05/01 20:28:14 | 000,263,488 | ---- | C] () -- C:\cmldr
[2010/05/01 20:26:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/01 20:26:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/01 20:26:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/01 20:26:40 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/01 20:26:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/01 20:24:37 | 003,925,102 | R--- | C] () -- C:\Documents and Settings\Gigi\Bureau\ComboFix.exe
[2010/05/01 20:17:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/01 20:17:03 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/05/01 20:15:47 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/05/01 20:13:28 | 000,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/05/01 20:13:24 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/01 20:13:18 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/05/01 20:13:18 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/05/01 20:13:18 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/05/01 20:13:17 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/05/01 20:13:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2010/05/01 20:13:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/05/01 20:13:10 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2010/05/01 20:13:10 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/05/01 20:13:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2010/05/01 20:13:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/05/01 20:13:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2010/05/01 20:13:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/05/01 20:13:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2010/05/01 20:13:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/05/01 20:13:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2010/05/01 20:13:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/05/01 20:13:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2010/05/01 20:13:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/05/01 20:13:06 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2010/05/01 20:13:06 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/05/01 20:13:06 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2010/05/01 20:13:06 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/05/01 20:13:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2010/05/01 20:13:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/05/01 20:13:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2010/05/01 20:13:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/05/01 20:13:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2010/05/01 20:13:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/05/01 20:13:04 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2010/05/01 20:13:04 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/05/01 20:13:04 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2010/05/01 20:13:04 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/05/01 20:13:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2010/05/01 20:13:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/05/01 20:13:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2010/05/01 20:13:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/05/01 20:13:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2010/05/01 20:13:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/05/01 20:13:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2010/05/01 20:13:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/05/01 20:13:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2010/05/01 20:13:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/05/01 20:12:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2010/05/01 20:12:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/05/01 20:12:49 | 002,037,681 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/05/01 20:12:49 | 001,246,130 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/05/01 20:12:49 | 000,809,394 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/05/01 20:12:49 | 000,399,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/05/01 20:12:49 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/05/01 20:12:49 | 000,105,926 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/05/01 20:12:49 | 000,037,509 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/05/01 20:12:49 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/05/01 20:12:49 | 000,033,765 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/05/01 20:12:49 | 000,022,351 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/05/01 20:12:49 | 000,016,825 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/05/01 20:12:49 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/05/01 20:12:49 | 000,013,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/05/01 20:12:49 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/05/01 20:12:49 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/05/01 20:12:49 | 000,008,599 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/05/01 20:12:49 | 000,007,407 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/05/01 20:12:49 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/05/01 20:12:48 | 000,636,042 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/05/01 20:12:11 | 000,090,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/01 20:10:55 | 000,000,283 | RHS- | C] () -- C:\boot.ini
[2010/05/01 20:10:54 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/01 18:58:37 | 001,481,884 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2010/05/01 18:58:37 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2010/05/01 18:58:37 | 000,029,472 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2010/05/01 18:58:37 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2010/05/01 18:57:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/05/01 18:56:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01000_Coinstaller_Critical.Wdf
[2010/05/01 18:56:05 | 001,060,424 | ---- | C] () -- C:\WINDOWS\System32\WdfCoInstaller01000.dll
[2010/05/01 18:51:46 | 005,631,520 | ---- | C] () -- C:\WINDOWS\System\DriveIcon.dll
[2010/05/01 18:51:46 | 000,038,660 | ---- | C] () -- C:\WINDOWS\System\sd.ico
[2010/05/01 18:51:46 | 000,037,300 | ---- | C] () -- C:\WINDOWS\System\cf.ico
[2010/05/01 18:51:46 | 000,037,041 | ---- | C] () -- C:\WINDOWS\System\sm.ico
[2010/05/01 18:51:46 | 000,034,530 | ---- | C] () -- C:\WINDOWS\System\ms.ico
[2010/05/01 18:51:46 | 000,005,430 | ---- | C] () -- C:\WINDOWS\System\MyMulti.ico
[2010/05/01 18:46:50 | 000,000,950 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010/05/01 18:40:23 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/05/01 18:40:23 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/05/01 18:35:35 | 000,001,377 | ---- | C] () -- C:\Documents and Settings\Gigi\Bureau\cmd.exe.lnk
[2010/05/01 18:32:29 | 000,000,620 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\USB-set.lnk
[2010/05/01 18:30:58 | 000,001,317 | ---- | C] () -- C:\Documents and Settings\Gigi\Bureau\explorer.lnk
[2010/05/01 18:27:11 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Gigi\ntuser.dat.LOG
[2010/05/01 18:27:11 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\Gigi\ntuser.ini
[2010/05/01 18:27:10 | 005,767,168 | -H-- | C] () -- C:\Documents and Settings\Gigi\NTUSER.DAT
[2010/05/01 18:26:10 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/05/01 18:25:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/01 18:25:16 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/05/01 18:24:47 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/05/01 18:24:47 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/05/01 18:24:46 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/05/01 18:24:29 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/05/01 18:24:28 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/05/01 18:24:22 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/05/01 18:24:20 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/05/01 18:24:18 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/05/01 18:24:04 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/05/01 18:23:58 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/05/01 18:23:54 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/05/01 18:23:43 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/05/01 18:23:39 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/05/01 18:23:39 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/05/01 18:23:39 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/05/01 18:23:39 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/05/01 18:23:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/05/01 18:23:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/05/01 18:23:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/05/01 18:23:38 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/05/01 18:23:38 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/05/01 18:23:38 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/05/01 18:23:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/05/01 18:23:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/05/01 18:23:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/05/01 18:23:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/05/01 18:23:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/05/01 18:23:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/05/01 18:23:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/05/01 18:23:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/05/01 18:23:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/05/01 18:23:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/05/01 18:23:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/05/01 18:23:37 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/05/01 18:23:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/05/01 18:23:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/05/01 18:23:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/05/01 18:23:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/05/01 18:23:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/05/01 18:23:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/05/01 18:23:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/05/01 18:23:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/05/01 18:23:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/05/01 18:23:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/05/01 18:23:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/05/01 18:23:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/05/01 18:23:36 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/05/01 18:23:36 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/05/01 18:23:36 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/05/01 18:23:36 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/05/01 18:23:36 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/05/01 18:23:36 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/05/01 18:23:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/05/01 18:23:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/05/01 18:23:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/05/01 18:23:35 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/05/01 18:23:35 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/05/01 18:23:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/05/01 18:23:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/05/01 18:23:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/05/01 18:23:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/05/01 18:23:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/05/01 18:23:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/05/01 18:23:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/05/01 18:23:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/05/01 18:23:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/05/01 18:23:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/05/01 18:23:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/05/01 18:23:34 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/05/01 18:23:34 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/05/01 18:23:34 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/05/01 18:23:33 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/05/01 18:22:56 | 000,003,007 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/01 18:22:56 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/05/01 18:22:56 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/05/01 18:22:56 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/05/01 18:22:56 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/05/01 18:22:53 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/01 18:22:53 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/01 18:22:52 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/01 18:22:07 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/01 18:22:07 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/01 18:22:02 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/01 18:22:02 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/01 18:22:02 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/01 18:22:02 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/01 18:22:02 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/01 18:22:02 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/01 18:21:52 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/05/01 18:21:35 | 000,049,102 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/05/01 18:21:35 | 000,049,102 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/05/01 18:21:28 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/05/01 18:20:45 | 000,382,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/05/01 18:20:06 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/01 18:19:37 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Vent de prairie.bmp
[2010/05/01 18:19:37 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Mur de Santa Fe.bmp
[2010/05/01 18:19:37 | 000,026,680 | ---- | C] () -- C:\WINDOWS\Rivière Sumida.bmp
[2010/05/01 18:19:37 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Granit vert.bmp
[2010/05/01 18:19:37 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/05/01 18:19:37 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Jour de pêche.bmp
[2010/05/01 18:19:37 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Tasse à café.bmp
[2010/05/01 18:19:37 | 000,016,730 | ---- | C] () -- C:\WINDOWS\Plume.bmp
[2010/05/01 18:19:37 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/05/01 18:19:36 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/05/01 18:19:36 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Bulles de savon.bmp
[2010/05/01 18:19:36 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/05/01 18:19:36 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/05/01 18:19:36 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/05/01 18:19:36 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/05/01 18:19:36 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/05/01 18:19:36 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Rosace bleue 16.bmp
[2010/05/01 18:19:35 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/05/01 18:19:35 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/05/01 18:19:33 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/05/01 18:19:33 | 000,001,263 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/05/01 18:19:32 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/05/01 18:19:26 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2000/02/04 17:01:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\StrmExt.dll
< End of report >

OTL Extras logfile created on: 06/05/2010 20:06:57 - Run 4
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Gigi\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 221,23 Gb Free Space | 95,00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADAM
Current User Name: Gigi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-789336058-57989841-1177238915-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.2 - Français
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B92B952E-4459-480F-A500-60D87F6F527F}_is1" = USB-set 1.4.1
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"97149975-b4b1-4d2b-b9fe-7ba413d0efeb_is1" = SummerProperties 1.2
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"a-squared Free_is1" = a-squared Free 4.5
"a-squared HiJackFree_is1" = a-squared HiJackFree 3.1
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"KeyScrambler" = KeyScrambler
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueCrypt" = TrueCrypt
"Wdf01000" = Microsoft Kernel-Mode Driver Framework 1.0
"WinMerge_is1" = WinMerge 2.12.4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/05/2010 16:26:25 | Computer Name = ADAM | Source = Application Hang | ID = 1002
Description = Application bloquée a2hijackfree.exe, version 3.1.0.22, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 02/05/2010 16:27:48 | Computer Name = ADAM | Source = Application Hang | ID = 1002
Description = Application bloquée a2hijackfree.exe, version 3.1.0.22, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 02/05/2010 16:28:56 | Computer Name = ADAM | Source = Application Hang | ID = 1002
Description = Application bloquée a2hijackfree.exe, version 3.1.0.22, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 02/05/2010 16:34:50 | Computer Name = ADAM | Source = Application Hang | ID = 1002
Description = Application bloquée a2hijackfree.exe, version 3.1.0.22, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 01/05/2010 13:02:13 | Computer Name = ADAM | Source = Service Control Manager | ID = 7006
Description = L'appel ScRegSetValueExW a échoué pour Type avec l'erreur : %%5

Error - 01/05/2010 13:02:14 | Computer Name = ADAM | Source = Service Control Manager | ID = 7006
Description = L'appel ScRegSetValueExW a échoué pour Type avec l'erreur : %%5

Error - 01/05/2010 13:02:16 | Computer Name = ADAM | Source = W32Time | ID = 39452689
Description = Fournisseur de temps NtpClient : une erreur s'est produite lors de
la recherche DNS de l'homologue manuellement configuré 'time.windows.com,0x1'. NtpClient
va essayer à nouveau la recherche DNS dans 15 minutes. L'erreur était : Une opération
a été tentée sur un hôte impossible à atteindre. (0x80072751)

Error - 01/05/2010 13:02:16 | Computer Name = ADAM | Source = W32Time | ID = 39452701
Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps
à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement
accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 15 minutes.
NtpClient
n'a pas de source de temps précis.

Error - 02/05/2010 09:53:44 | Computer Name = ADAM | Source = sr | ID = 1
Description = Le filtre de restauration du système à rencontré l'erreur inattendue
'0xC000007F' pendant le traitement du fichier 'desktop.ini' sur le volume 'TrueCryptVolumeG'.
Ceci a entraîné l'arrêt de la surveillance du volume.

Error - 02/05/2010 10:00:16 | Computer Name = ADAM | Source = sr | ID = 1
Description = Le filtre de restauration du système à rencontré l'erreur inattendue
'0xC000007F' pendant le traitement du fichier 'desktop.ini' sur le volume 'TrueCryptVolumeG'.
Ceci a entraîné l'arrêt de la surveillance du volume.

Error - 02/05/2010 11:45:56 | Computer Name = ADAM | Source = PlugPlayManager | ID = 11
Description = Le périphérique Root\LEGACY_PROCMON20\0000 a disparu du système sans
que sa suppression ait tout d'abord été préparée.

Error - 02/05/2010 14:37:55 | Computer Name = ADAM | Source = PlugPlayManager | ID = 11
Description = Le périphérique Root\LEGACY_PROCMON20\0000 a disparu du système sans
que sa suppression ait tout d'abord été préparée.

Error - 02/05/2010 15:15:46 | Computer Name = ADAM | Source = Service Control Manager | ID = 7031
Description = Le service a-squared Anti-Malware Service s'est terminé de manière
inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée
dans 0 millisecondes : Redémarrer le service.

Error - 05/05/2010 19:05:27 | Computer Name = ADAM | Source = Service Control Manager | ID = 7034
Description = Le service rpcnetp s'est terminé de façon inattendue pour la 1ème
fois.


< End of report >


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-06 20:30:21
Windows 5.1.2600 Service Pack 3
Running: 1xr9gwpn.exe; Driver: C:\DOCUME~1\Gigi\LOCALS~1\Temp\fgtdrpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA325958C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xA3259E0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xA325A922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xA325AE94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xA325A0EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xA3258436]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xA325AD6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xA3259192]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xA325AC28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xA325934E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xA325AFC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA325CC08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xA3259AAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xA325ACCA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xA325C5FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xA32589FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xA3258D88]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xA325A576]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xA325D5CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xA3258ECA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA3258F74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xA325A382]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xA325C68C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xA3258412]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xA3258424]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xA325CCBC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xA32590C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xA325AF36]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xA3259E8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xA32585DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xA325AE04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xA3259792]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xA325CC32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xA325B068]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xA32596B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xA325901E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xA3258C46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xA325CFD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xA3258896]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xA325C922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xA3258B0E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xA32582B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xA325B3F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xA325B2B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xA325C39A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xA325FE2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xA325D4AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xA3258248]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xA325A65C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xA3259CC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xA325BC4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xA325C786]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xA325D114]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xA325871E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xA325D1F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xA325D320]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xA325C526]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xA325990A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xA3259860]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xA325CE8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xA32599EA]

INT 0x62 ? 8A33DBF8
INT 0x63 ? 897C2ED8
INT 0x82 ? 8A33DBF8
INT 0x83 ? 897C2ED8
INT 0x94 ? 897C2ED8
INT 0xA4 ? 897C2ED8
INT 0xB4 ? 8A2CABF8

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP A324E4DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP A324E8B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C98 80504534 16 Bytes [4E, 93, 25, A3, C6, AF, 25, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D54 805045F0 12 Bytes [8C, C6, 25, A3, 12, 84, 25, ...] {MOV ESI, ES; AND EAX, 0x258412a3; MOV [0xa3258424], EAX}
.text ntkrnlpa.exe!ZwCallbackReturn + 2ED0 8050476C 16 Bytes [0E, 8B, 25, A3, B0, 82, 25, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FC4 80504860 12 Bytes [F8, D1, 25, A3, 20, D3, 25, ...] {CLC ; SHL DWORD [0x25d320a3], 0x1; MOV [0xa325c526], EAX}
.text ntkrnlpa.exe!ZwCallbackReturn + 3024 805048C0 4 Bytes JMP F4A32599
? spit.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload B7DDF8AC 5 Bytes JMP 897C24B8
.text awiih1aa.SYS B78F9386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text awiih1aa.SYS B78F93AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text awiih1aa.SYS B78F93C4 3 Bytes [00, 80, 02]
.text awiih1aa.SYS B78F93C9 1 Byte [30]
.text awiih1aa.SYS B78F93C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\a-squared Free\a2service.exe[280] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00454E05 C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spit.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spit.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spit.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spit.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spit.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spit.sys
IAT \SystemRoot\System32\Drivers\awiih1aa.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\awiih1aa.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\awiih1aa.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\awiih1aa.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\awiih1aa.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\awiih1aa.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\awiih1aa.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\awiih1aa.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\awiih1aa.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\awiih1aa.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\awiih1aa.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\awiih1aa.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\awiih1aa.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\awiih1aa.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\awiih1aa.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [A2D35CC0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [A2D35CC0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A2C91F8

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\sptd \Device\3395460512 spit.sys

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 897071F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A2CB1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A2CB1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A2CB1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A2CB1F8
Device \Driver\usbehci \Device\USBPDO-1 896F31F8
Device \Driver\usbuhci \Device\USBPDO-2 897071F8
Device \Driver\usbuhci \Device\USBPDO-3 897071F8
Device \Driver\PCI_PNP4262 \Device\00000047 spit.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{C2470E52-6A6B-4974-B12E-C5779DBA4CA3} 875331F8
Device \Driver\usbehci \Device\USBPDO-4 896F31F8

AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbuhci \Device\USBPDO-5 897071F8
Device \Driver\usbuhci \Device\USBPDO-6 897071F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A33E1F8
Device \Driver\Cdrom \Device\CdRom0 896BE500
Device \Driver\Cdrom \Device\CdRom1 896BE500
Device \Driver\iaStor \Device\Ide\iaStor0 [B9D7C580] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [B9D7C580] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBT_Tcpip_{BF7FA276-04CD-43D2-A3E0-26F63D1CBC21} 875331F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 875331F8
Device \Driver\usbstor \Device\00000083 872151F8
Device \Driver\NetBT \Device\NetbiosSmb 875331F8
Device \Driver\usbstor \Device\00000086 872151F8

AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbuhci \Device\USBFDO-0 897071F8
Device \Driver\usbuhci \Device\USBFDO-1 897071F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8732C1F8
Device \Driver\usbehci \Device\USBFDO-2 896F31F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8732C1F8
Device \Driver\usbuhci \Device\USBFDO-3 897071F8
Device \Driver\usbuhci \Device\USBFDO-4 897071F8
Device \Driver\Ftdisk \Device\FtControl 8A33E1F8
Device \Driver\usbuhci \Device\USBFDO-5 897071F8
Device \Driver\usbehci \Device\USBFDO-6 896F31F8
Device \Driver\awiih1aa \Device\Scsi\awiih1aa1 8974E1F8
Device \Driver\awiih1aa \Device\Scsi\awiih1aa1Port3Path0Target0Lun0 8974E1F8
Device \FileSystem\Cdfs \Cdfs 897403E0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0x89 0xD5 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x91 0x91 0xEE 0x7A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x31 0x3D 0x12 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0x89 0xD5 0x1D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x91 0x91 0xEE 0x7A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x31 0x3D 0x12 0xA3 ...

---- Files - GMER 1.0.15 ----

ADS C:\System Volume Information\_restore{3506BDB5-8325-40CF-B0D6-94F3A144D062}\RP12\A0001377.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3506BDB5-8325-40CF-B0D6-94F3A144D062}\RP13\A0001769.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3506BDB5-8325-40CF-B0D6-94F3A144D062}\RP13\A0001909.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3506BDB5-8325-40CF-B0D6-94F3A144D062}\RP14\A0002003.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3506BDB5-8325-40CF-B0D6-94F3A144D062}\RP17\A0002578.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3506BDB5-8325-40CF-B0D6-94F3A144D062}\RP17\A0002634.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3506BDB5-8325-40CF-B0D6-94F3A144D062}\RP17\A0002889.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3506BDB5-8325-40CF-B0D6-94F3A144D062}\RP17\A0003097.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3506BDB5-8325-40CF-B0D6-94F3A144D062}\RP18\A0003128.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3506BDB5-8325-40CF-B0D6-94F3A144D062}\RP18\A0003211.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3506BDB5-8325-40CF-B0D6-94F3A144D062}\RP18\A0004438.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3506BDB5-8325-40CF-B0D6-94F3A144D062}\RP18\A0003285.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3506BDB5-8325-40CF-B0D6-94F3A144D062}\RP18\A0004429.exe:BAK 22528 bytes executable

---- EOF - GMER 1.0.15 ----

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:50 PM

Posted 06 May 2010 - 02:39 PM

First of all, lets make sure all system files are where they belong. Because autochk.exe is not the only file Combofix detects as being bad. This is the reason you should not just run Combofix if you are not able to interpret the log smile.gif

Please click Start > Run, type sfc /scannow in the runbox and press enter.
Let the system file checker run unhindered and insert the XP CD when asked.

When done, download a new copy of combofix and run it. Post me the log afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Guillaume75

Guillaume75
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 07 May 2010 - 02:44 AM

Hello Elise,

I did what you said from the original Windows CD (and not the one from Nlite...)

Here is the log

Regards,

Guillaume

ComboFix 10-05-06.04 - Gigi 07/05/2010 9:35.5.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3062.2662 [GMT 2:00]
Lancé depuis: c:\documents and settings\Gigi\Bureau\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-04-07 au 2010-05-07 ))))))))))))))))))))))))))))))))))))
.

2010-05-07 07:26 . 2008-04-13 17:33 116736 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-05-07 07:26 . 2001-08-23 15:47 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-05-07 07:26 . 2008-04-13 17:33 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-05-07 07:26 . 2001-08-23 15:47 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-05-07 07:26 . 2001-08-23 15:47 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-05-07 07:26 . 2001-08-23 15:47 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-05-07 07:26 . 2001-08-17 18:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-05-07 07:24 . 2008-04-13 07:34 11935 -c--a-w- c:\windows\system32\dllcache\wadv11nt.sys
2010-05-07 07:23 . 2001-08-17 19:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-05-07 07:22 . 2001-08-17 18:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-05-07 07:21 . 2001-08-17 18:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-05-07 07:20 . 2001-08-23 15:47 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-05-07 07:19 . 2001-08-17 18:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-05-07 07:18 . 2001-08-23 15:46 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-05-07 07:17 . 2001-08-23 15:20 24064 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2010-05-07 07:16 . 2001-08-23 15:47 10240 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2010-05-07 07:15 . 2001-08-17 19:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2010-05-07 07:14 . 2001-08-17 18:11 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2010-05-07 07:13 . 2008-04-13 09:46 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-05-07 07:12 . 2001-08-17 18:50 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2010-05-07 07:11 . 2001-08-17 20:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-05-07 07:10 . 2001-08-23 15:47 59392 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-05-07 07:09 . 2001-08-23 15:47 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-05-07 07:08 . 2008-04-14 12:00 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2010-05-07 07:07 . 2008-04-13 09:23 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2010-05-07 07:06 . 2001-08-23 15:47 68608 -c--a-w- c:\windows\system32\dllcache\hpgt53tk.dll
2010-05-07 07:05 . 2001-08-23 15:47 92672 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-05-07 07:04 . 2001-08-17 18:19 40704 -c--a-w- c:\windows\system32\dllcache\es1371mp.sys
2010-05-07 07:03 . 2001-08-17 18:11 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2010-05-07 07:02 . 2001-08-17 18:19 3584 -c--a-w- c:\windows\system32\dllcache\cwcosnt5.sys
2010-05-07 07:01 . 2001-08-23 15:02 14080 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-05-07 07:00 . 2001-08-23 15:47 37376 -c--a-w- c:\windows\system32\dllcache\atievxx.exe
2010-05-07 06:59 . 2001-08-23 15:46 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-05-05 22:15 . 2010-05-05 22:15 -------- d-----w- c:\documents and settings\Gigi\Application Data\ImgBurn
2010-05-05 22:10 . 2010-05-05 22:10 -------- d-----w- c:\program files\ImgBurn
2010-05-05 21:56 . 2010-05-05 21:56 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-05 21:56 . 2010-05-05 21:57 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-05 21:56 . 2010-05-05 22:02 -------- d-----w- c:\documents and settings\Gigi\Application Data\DAEMON Tools Lite
2010-05-05 21:56 . 2010-05-05 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-05-02 22:43 . 2010-05-02 22:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-02 20:11 . 2010-05-02 20:39 -------- d-----w- c:\program files\a-squared HiJackFree
2010-05-02 19:23 . 2010-05-02 20:05 -------- d-----w- c:\program files\a-squared Free
2010-05-02 13:59 . 2010-05-02 14:00 -------- d-----w- c:\documents and settings\Gigi\Local Settings\Application Data\Adobe
2010-05-02 13:58 . 2010-05-02 13:58 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-05-02 13:51 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-05-02 13:51 . 1998-07-12 23:08 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-05-02 13:51 . 1998-07-12 23:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2010-05-02 13:51 . 1998-07-12 23:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-05-02 13:51 . 2010-05-02 13:51 -------- d-----w- c:\program files\PDFCreator
2010-05-02 13:51 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-05-02 13:23 . 2010-05-02 13:27 -------- d-----w- C:\cabs
2010-05-02 12:56 . 2008-12-21 21:22 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-02 12:56 . 2008-12-21 21:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-02 12:56 . 2008-12-21 21:22 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2010-05-02 12:56 . 2010-05-02 13:04 -------- d-----w- c:\program files\WinMerge
2010-05-01 21:23 . 2009-10-05 10:34 796400 ----a-w- c:\documents and settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
2010-05-01 21:14 . 2010-05-01 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-01 21:14 . 2010-05-01 21:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-01 20:55 . 2010-05-02 13:20 -------- d-----w- C:\Soft
2010-05-01 20:46 . 2010-05-01 20:47 -------- d-----w- c:\documents and settings\Gigi\Application Data\TrueCrypt
2010-05-01 20:46 . 2010-05-01 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\TrueCrypt
2010-05-01 20:46 . 2010-05-01 20:46 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-05-01 20:46 . 2010-05-01 20:46 -------- d-----w- c:\program files\TrueCrypt

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 07:39 . 2010-05-01 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\usb-set
2010-05-07 07:39 . 2010-05-01 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-05-06 18:55 . 2010-05-01 17:14 44544 ----a-w- c:\windows\system32\agremove.exe
2010-05-05 22:33 . 2010-05-01 16:32 -------- d-----w- c:\program files\USB-set
2010-05-05 21:49 . 2010-05-01 16:40 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-05 21:48 . 2010-05-01 16:40 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-02 15:34 . 2008-04-14 12:00 49054 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-02 15:34 . 2008-04-14 12:00 368314 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-02 00:25 . 2008-04-14 12:00 625152 ----a-w- c:\windows\system32\autochk.exe
2010-05-01 21:22 . 2010-05-01 18:20 -------- d-----w- c:\program files\KeyScrambler
2010-05-01 18:17 . 2010-05-01 18:17 0 ----a-w- c:\windows\nsreg.dat
2010-05-01 18:16 . 2010-05-01 18:16 -------- d-----w- c:\program files\CONEXANT
2010-05-01 17:32 . 2010-05-01 17:32 131 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-05-01 17:31 . 2010-05-01 16:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-01 17:27 . 2010-05-01 17:27 -------- d-----w- c:\program files\IDT
2010-05-01 17:22 . 2010-05-01 16:22 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-01 17:09 . 2010-05-01 17:09 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-05-01 17:09 . 2010-05-01 17:09 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-05-01 17:09 . 2010-05-01 17:09 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-05-01 17:09 . 2010-05-01 17:09 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-05-01 17:09 . 2010-05-01 17:09 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-05-01 17:08 . 2010-05-01 17:08 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-05-01 17:08 . 2010-05-01 17:08 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-05-01 17:00 . 2010-05-01 17:00 -------- d-----w- c:\program files\Realtek
2010-05-01 16:57 . 2010-05-01 16:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-05-01 16:56 . 2010-05-01 16:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01000_Coinstaller_Critical.Wdf
2010-05-01 16:56 . 2010-05-01 16:56 -------- d-----w- c:\program files\Synaptics
2010-05-01 16:55 . 2010-05-01 16:53 -------- d-----w- c:\program files\Intel
2010-05-01 16:54 . 2010-05-01 16:54 -------- d-----w- c:\program files\Camera Assistant Software for Gateway
2010-05-01 16:53 . 2010-05-01 16:53 -------- d-----w- c:\documents and settings\Gigi\Application Data\InstallShield
2010-05-01 16:51 . 2010-05-01 16:51 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-05-01 16:47 . 2000-02-04 15:01 40960 ----a-w- c:\windows\system32\StrmExt.dll
2010-05-01 16:47 . 2000-02-04 14:58 3018 ----a-w- c:\windows\system32\HardLinks.vbs
2010-05-01 16:47 . 2000-02-04 00:32 3026 ----a-w- c:\windows\system32\RWStream.vbs
2010-05-01 16:46 . 2010-05-01 16:46 950 ----a-w- c:\windows\unins000.dat
2010-05-01 16:45 . 2010-05-01 16:45 1078 ----a-r- c:\documents and settings\Gigi\Application Data\Microsoft\Installer\{76EFAC4F-1712-401F-B2AE-590B170C9BCE}\_60c11ac7.exe
2010-05-01 16:39 . 2010-05-01 16:39 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-01 16:37 . 2010-05-01 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-05-01 16:28 . 2010-05-01 16:28 12328 ----a-w- c:\documents and settings\Gigi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-01 16:23 . 2010-05-01 16:23 -------- d-----w- c:\program files\microsoft frontpage
2010-05-01 16:21 . 2010-05-01 16:21 -------- d-----w- c:\program files\Services en ligne
2010-05-01 16:20 . 2010-05-01 16:20 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:16 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:17 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:06 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2008-04-13 19:07 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-05-01 17:30 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

------- Sigcheck -------

[-] 2008-10-01 . 33578A738C564B4F84D906EFD91025E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-05-06_16.57.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-13 19:33 . 2008-04-14 12:00 52736 c:\windows\system32\dllcache\wzcsapi.dll
+ 2010-05-07 07:25 . 2008-04-13 07:34 19455 c:\windows\system32\dllcache\wvchntxx.sys
+ 2010-05-01 18:15 . 2008-04-13 11:46 19200 c:\windows\system32\dllcache\wstcodec.sys
+ 2010-05-07 07:25 . 2008-04-13 07:34 12063 c:\windows\system32\dllcache\wsiintxx.sys
+ 2001-08-23 17:47 . 2008-04-14 12:00 14336 c:\windows\system32\dllcache\wowfaxui.dll
+ 2010-05-07 07:25 . 2001-08-23 15:05 35402 c:\windows\system32\dllcache\wlandrv2.sys
+ 2010-05-07 07:25 . 2001-08-23 15:47 54272 c:\windows\system32\dllcache\wiamsmud.dll
+ 2010-05-07 07:25 . 2001-08-23 15:47 87040 c:\windows\system32\dllcache\wiafbdrv.dll
+ 2010-05-07 07:25 . 2008-04-13 07:34 23615 c:\windows\system32\dllcache\wch7xxnt.sys
+ 2010-05-07 07:25 . 2008-04-13 16:57 32128 c:\windows\system32\dllcache\wceusbsh.sys
+ 2010-05-07 07:25 . 2001-08-17 18:10 35871 c:\windows\system32\dllcache\wbfirdma.sys
+ 2010-05-07 07:25 . 2008-04-13 07:34 25471 c:\windows\system32\dllcache\watv10nt.sys
+ 2010-05-07 07:25 . 2008-04-13 07:34 22271 c:\windows\system32\dllcache\watv06nt.sys
+ 2010-05-07 07:25 . 2008-04-13 07:34 33599 c:\windows\system32\dllcache\watv04nt.sys
+ 2010-05-07 07:25 . 2008-04-13 07:34 19551 c:\windows\system32\dllcache\watv02nt.sys
+ 2010-05-07 07:25 . 2008-04-13 07:34 29311 c:\windows\system32\dllcache\watv01nt.sys
+ 2010-05-07 07:24 . 2008-04-13 07:34 11871 c:\windows\system32\dllcache\wadv09nt.sys
+ 2010-05-07 07:24 . 2008-04-13 07:34 11295 c:\windows\system32\dllcache\wadv08nt.sys
+ 2010-05-07 07:24 . 2008-04-13 07:34 11807 c:\windows\system32\dllcache\wadv07nt.sys
+ 2010-05-07 07:24 . 2008-04-13 07:34 11775 c:\windows\system32\dllcache\wadv05nt.sys
+ 2010-05-07 07:24 . 2008-04-13 07:34 12127 c:\windows\system32\dllcache\wadv02nt.sys
+ 2010-05-07 07:24 . 2008-04-13 07:34 12415 c:\windows\system32\dllcache\wadv01nt.sys
+ 2010-05-07 07:24 . 2008-04-13 09:43 14208 c:\windows\system32\dllcache\wacompen.sys
+ 2010-05-07 07:24 . 2001-08-17 18:13 16925 c:\windows\system32\dllcache\w940nd.sys
+ 2010-05-07 07:24 . 2001-08-17 18:13 19016 c:\windows\system32\dllcache\w926nd.sys
+ 2010-05-07 07:24 . 2001-08-17 18:13 19528 c:\windows\system32\dllcache\w840nd.sys
+ 2010-05-07 07:24 . 2001-08-17 19:28 64605 c:\windows\system32\dllcache\vvoice.sys
+ 2010-05-07 07:24 . 2001-08-17 19:49 24576 c:\windows\system32\dllcache\viairda.sys
+ 2010-05-07 07:24 . 2008-04-13 09:36 42240 c:\windows\system32\dllcache\viaagp.sys
+ 2001-08-17 22:02 . 2008-04-14 12:00 58112 c:\windows\system32\dllcache\vdmindvd.sys
+ 2010-05-07 07:24 . 2008-04-13 17:33 11325 c:\windows\system32\dllcache\vchnt5.dll
+ 2001-08-23 17:47 . 2008-04-14 12:00 49211 c:\windows\system32\dllcache\usrvpa.dll
+ 2001-08-23 17:47 . 2008-04-14 12:00 45116 c:\windows\system32\dllcache\usrvoica.dll
+ 2001-08-23 17:47 . 2008-04-14 12:00 49209 c:\windows\system32\dllcache\usrv80a.dll
+ 2001-08-23 17:47 . 2008-04-14 12:00 41019 c:\windows\system32\dllcache\usrsvpia.dll
+ 2001-08-23 17:47 . 2008-04-14 12:00 69700 c:\windows\system32\dllcache\usrshuta.exe
+ 2001-08-23 17:47 . 2008-04-14 12:00 49211 c:\windows\system32\dllcache\usrsdpia.dll
+ 2001-08-23 17:47 . 2008-04-14 12:00 77883 c:\windows\system32\dllcache\usrrtosa.dll
+ 2001-08-23 17:47 . 2008-04-14 12:00 61508 c:\windows\system32\dllcache\usrprbda.exe
+ 2001-08-23 17:47 . 2008-04-14 12:00 77891 c:\windows\system32\dllcache\usrmlnka.exe
+ 2001-08-23 17:47 . 2008-04-14 12:00 53305 c:\windows\system32\dllcache\usrlbva.dll
+ 2001-08-23 17:47 . 2008-04-14 12:00 86073 c:\windows\system32\dllcache\usrfaxa.dll
+ 2001-08-23 17:47 . 2008-04-14 12:00 77890 c:\windows\system32\dllcache\usrdpa.dll
+ 2001-08-23 17:47 . 2008-04-14 12:00 69699 c:\windows\system32\dllcache\usrcoina.dll
+ 2001-08-23 17:47 . 2008-04-14 12:00 61500 c:\windows\system32\dllcache\usrcntra.dll
+ 2008-04-14 12:00 . 2008-04-14 12:00 26368 c:\windows\system32\dllcache\usbstor.sys
+ 2010-05-07 07:23 . 2008-04-13 09:45 26112 c:\windows\system32\dllcache\usbser.sys
+ 2010-05-07 07:23 . 2008-04-13 09:45 15104 c:\windows\system32\dllcache\usbscan.sys
+ 2010-05-07 07:23 . 2008-04-13 09:47 25856 c:\windows\system32\dllcache\usbprint.sys
+ 2010-05-07 07:23 . 2008-04-13 09:45 17152 c:\windows\system32\dllcache\usbohci.sys
+ 2008-04-13 11:45 . 2008-04-14 12:00 15872 c:\windows\system32\dllcache\usbintel.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 32128 c:\windows\system32\dllcache\usbccgp.sys
+ 2008-04-13 11:45 . 2008-04-14 12:00 25728 c:\windows\system32\dllcache\usbcamd2.sys
+ 2008-04-13 11:45 . 2008-04-14 12:00 25600 c:\windows\system32\dllcache\usbcamd.sys
+ 2010-05-07 07:23 . 2008-04-13 09:45 60032 c:\windows\system32\dllcache\usbaudio.sys
+ 2010-05-07 07:23 . 2008-04-13 09:56 12800 c:\windows\system32\dllcache\usb8023x.sys
+ 2010-05-07 07:23 . 2008-04-13 16:55 32384 c:\windows\system32\dllcache\usb101et.sys
+ 2010-05-07 07:23 . 2001-08-23 15:47 94720 c:\windows\system32\dllcache\umaxud32.dll
+ 2010-05-07 07:23 . 2001-08-23 15:47 28672 c:\windows\system32\dllcache\umaxu40.dll
+ 2010-05-07 07:23 . 2001-08-23 15:47 27136 c:\windows\system32\dllcache\umaxu22.dll
+ 2010-05-07 07:23 . 2001-08-23 15:47 70144 c:\windows\system32\dllcache\umaxu12.dll
+ 2010-05-07 07:23 . 2001-08-23 15:47 50688 c:\windows\system32\dllcache\umaxscan.dll
+ 2010-05-07 07:23 . 2001-08-17 19:58 22912 c:\windows\system32\dllcache\umaxpcls.sys
+ 2010-05-07 07:23 . 2001-08-23 15:47 50688 c:\windows\system32\dllcache\umaxp60.dll
+ 2010-05-07 07:23 . 2001-08-23 15:47 47616 c:\windows\system32\dllcache\umaxcam.dll
+ 2010-05-07 07:23 . 2001-08-17 19:52 36736 c:\windows\system32\dllcache\ultra.sys
+ 2010-05-07 07:23 . 2008-04-13 09:36 44672 c:\windows\system32\dllcache\uagp35.sys
+ 2010-05-07 07:23 . 2001-08-17 19:48 11520 c:\windows\system32\dllcache\twotrack.sys
+ 2008-04-13 11:56 . 2008-04-14 12:00 12288 c:\windows\system32\dllcache\tunmp.sys
+ 2001-08-17 22:06 . 2008-04-14 12:00 21376 c:\windows\system32\dllcache\tsbvcap.sys
+ 2010-05-07 07:22 . 2001-08-17 18:12 34375 c:\windows\system32\dllcache\tpro4.sys
+ 2010-05-07 07:22 . 2001-08-23 15:46 43520 c:\windows\system32\dllcache\tp4res.dll
+ 2010-05-07 07:22 . 2008-04-13 17:34 82944 c:\windows\system32\dllcache\tp4mon.exe
+ 2010-05-07 07:22 . 2001-08-23 15:47 31744 c:\windows\system32\dllcache\tp4.dll
+ 2001-08-17 22:01 . 2008-04-14 12:00 51712 c:\windows\system32\dllcache\tosdvd.sys
+ 2010-05-07 07:22 . 2001-08-17 18:10 28232 c:\windows\system32\dllcache\tos4mo.sys
+ 2010-05-07 07:22 . 2001-08-23 15:46 81408 c:\windows\system32\dllcache\tgiul50.dll
+ 2010-05-01 16:18 . 2008-04-13 17:34 40840 c:\windows\system32\dllcache\termdd.sys
+ 2010-05-07 07:21 . 2001-08-17 18:13 37961 c:\windows\system32\dllcache\tdk100b.sys
+ 2010-05-07 07:21 . 2001-08-17 19:49 30464 c:\windows\system32\dllcache\tbatm155.sys
+ 2010-05-07 07:21 . 2001-08-17 18:50 36640 c:\windows\system32\dllcache\t2r4mini.sys
+ 2010-05-07 07:21 . 2001-08-17 20:07 32640 c:\windows\system32\dllcache\symc8xx.sys
+ 2010-05-07 07:21 . 2001-08-17 20:07 16256 c:\windows\system32\dllcache\symc810.sys
+ 2010-05-07 07:21 . 2001-08-17 20:07 30688 c:\windows\system32\dllcache\sym_u3.sys
+ 2010-05-07 07:21 . 2001-08-17 20:07 28384 c:\windows\system32\dllcache\sym_hi.sys
+ 2010-05-07 07:21 . 2001-08-23 15:47 94293 c:\windows\system32\dllcache\sxports.dll
+ 2010-05-07 07:21 . 2001-08-23 15:47 10240 c:\windows\system32\dllcache\swpidflt.dll
+ 2010-05-07 07:21 . 2001-08-23 15:47 10240 c:\windows\system32\dllcache\swpdflt2.dll
+ 2010-05-07 07:21 . 2001-08-23 15:47 53760 c:\windows\system32\dllcache\sw_wheel.dll
+ 2010-05-07 07:21 . 2001-08-23 15:47 41472 c:\windows\system32\dllcache\sw_effct.dll
+ 2010-05-01 18:15 . 2008-04-13 11:46 15232 c:\windows\system32\dllcache\streamip.sys
+ 2010-05-01 18:12 . 2008-04-13 19:33 76800 c:\windows\system32\dllcache\storprop.dll
+ 2010-05-07 07:20 . 2001-08-23 15:47 53248 c:\windows\system32\dllcache\stlncoin.dll
+ 2010-05-07 07:20 . 2001-08-23 14:57 17024 c:\windows\system32\dllcache\stcusb.sys
+ 2010-05-07 07:20 . 2001-08-17 18:11 48736 c:\windows\system32\dllcache\srwlnd5.sys
+ 2010-05-07 07:20 . 2001-08-23 15:47 99840 c:\windows\system32\dllcache\srusd.dll
+ 2010-05-07 07:20 . 2001-08-23 15:47 24660 c:\windows\system32\dllcache\spxupchk.dll
+ 2001-08-23 17:47 . 2008-04-14 12:00 72192 c:\windows\system32\dllcache\sprio800.dll
+ 2001-08-23 17:47 . 2008-04-14 12:00 70656 c:\windows\system32\dllcache\sprio600.dll
+ 2001-08-23 17:47 . 2008-04-14 12:00 69632 c:\windows\system32\dllcache\spnike.dll
+ 2010-05-07 07:20 . 2001-08-17 19:51 61824 c:\windows\system32\dllcache\speed.sys
+ 2010-05-07 07:20 . 2001-08-17 20:07 19072 c:\windows\system32\dllcache\sparrow.sys
+ 2010-05-07 07:20 . 2001-08-17 18:51 37040 c:\windows\system32\dllcache\sonypi.sys
+ 2010-05-07 07:20 . 2001-08-17 18:51 20752 c:\windows\system32\dllcache\sonync.sys
+ 2008-04-13 11:46 . 2008-04-14 12:00 25344 c:\windows\system32\dllcache\sonydcam.sys
+ 2010-05-07 07:19 . 2001-08-17 18:12 25034 c:\windows\system32\dllcache\smcpwr2n.sys
+ 2010-05-07 07:19 . 2001-08-23 15:21 36937 c:\windows\system32\dllcache\smcirda.sys
+ 2010-05-07 07:19 . 2001-08-17 18:12 24576 c:\windows\system32\dllcache\smc8000n.sys
+ 2010-05-07 07:19 . 2008-04-13 09:36 16000 c:\windows\system32\dllcache\smbbatt.sys
+ 2010-05-07 07:19 . 2001-08-23 15:47 45568 c:\windows\system32\dllcache\smb3w.dll
+ 2010-05-07 07:19 . 2001-08-23 15:47 33792 c:\windows\system32\dllcache\smb0w.dll
+ 2010-05-07 07:19 . 2001-08-23 15:47 28672 c:\windows\system32\dllcache\sma0w.dll
+ 2010-05-07 07:19 . 2001-08-23 15:47 28160 c:\windows\system32\dllcache\sm91w.dll
+ 2010-05-07 07:19 . 2008-04-13 09:23 13240 c:\windows\system32\dllcache\slwdmsup.sys
+ 2010-05-07 07:19 . 2008-04-13 17:34 73796 c:\windows\system32\dllcache\slserv.exe
+ 2010-05-07 07:19 . 2008-04-13 17:34 32866 c:\windows\system32\dllcache\slrundll.exe
+ 2010-05-07 07:19 . 2008-04-13 09:23 95424 c:\windows\system32\dllcache\slnthal.sys
+ 2010-05-01 18:15 . 2008-04-13 11:46 11136 c:\windows\system32\dllcache\slip.sys
+ 2010-05-07 07:19 . 2008-04-13 17:33 73832 c:\windows\system32\dllcache\slcoinst.dll
+ 2010-05-07 07:19 . 2008-04-13 07:35 63547 c:\windows\system32\dllcache\sla30nd5.sys
+ 2010-05-07 07:19 . 2001-08-17 18:12 91294 c:\windows\system32\dllcache\skfpwin.sys
+ 2010-05-07 07:19 . 2001-08-23 15:21 95114 c:\windows\system32\dllcache\sk98xwin.sys
+ 2010-05-07 07:19 . 2001-08-17 18:50 50432 c:\windows\system32\dllcache\sisv.sys
+ 2010-05-07 07:19 . 2008-04-13 07:35 32768 c:\windows\system32\dllcache\sisnic.sys
+ 2010-05-07 07:19 . 2008-04-13 09:36 40960 c:\windows\system32\dllcache\sisagp.sys
+ 2010-05-07 07:18 . 2001-08-17 18:50 68608 c:\windows\system32\dllcache\sis6306p.sys
+ 2010-05-07 07:18 . 2001-07-21 20:29 18400 c:\windows\system32\dllcache\sgsmld.sys
+ 2010-05-07 07:18 . 2001-08-17 18:51 98080 c:\windows\system32\dllcache\sgiulnt5.sys
+ 2010-05-07 07:18 . 2001-08-17 18:19 36480 c:\windows\system32\dllcache\sfmanm.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 11392 c:\windows\system32\dllcache\sfloppy.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 11008 c:\windows\system32\dllcache\sffp_sd.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 11904 c:\windows\system32\dllcache\sffdisk.sys
+ 2010-05-07 07:18 . 2001-08-23 15:20 18432 c:\windows\system32\dllcache\sermouse.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 66048 c:\windows\system32\dllcache\serial.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 15744 c:\windows\system32\dllcache\serenum.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 29184 c:\windows\system32\dllcache\sdhcinst.dll
+ 2008-04-14 12:00 . 2008-04-14 12:00 79232 c:\windows\system32\dllcache\sdbus.sys
+ 2010-05-07 07:18 . 2008-04-13 09:45 11520 c:\windows\system32\dllcache\scsiscan.sys
+ 2010-05-07 07:18 . 2001-08-17 19:52 11648 c:\windows\system32\dllcache\scsiprnt.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 96384 c:\windows\system32\dllcache\scsiport.sys
+ 2010-05-07 07:18 . 2001-08-23 15:20 17536 c:\windows\system32\dllcache\scr111.sys
+ 2010-05-07 07:18 . 2001-08-23 15:20 16768 c:\windows\system32\dllcache\scmstcs.sys
+ 2010-05-07 07:18 . 2001-08-17 19:51 23936 c:\windows\system32\dllcache\sccmusbm.sys
+ 2010-05-07 07:17 . 2008-04-13 09:40 43904 c:\windows\system32\dllcache\sbp2port.sys
+ 2010-05-07 07:17 . 2001-08-17 18:50 75392 c:\windows\system32\dllcache\s3savmxm.sys
+ 2010-05-07 07:17 . 2001-08-17 18:50 77824 c:\windows\system32\dllcache\s3sav4m.sys
+ 2010-05-07 07:17 . 2001-08-17 18:50 61504 c:\windows\system32\dllcache\s3sav3dm.sys
+ 2010-05-07 07:17 . 2001-08-23 15:46 62496 c:\windows\system32\dllcache\s3mtrio.dll
+ 2010-05-07 07:17 . 2001-08-17 18:50 41216 c:\windows\system32\dllcache\s3mt3d.sys
+ 2010-05-07 07:17 . 2001-08-17 19:57 65664 c:\windows\system32\dllcache\s3legacy.sys
+ 2010-05-07 07:17 . 2001-08-23 15:47 83968 c:\windows\system32\dllcache\rwia450.dll
+ 2010-05-07 07:17 . 2001-08-23 15:47 81408 c:\windows\system32\dllcache\rwia430.dll
+ 2010-05-07 07:17 . 2008-04-13 17:33 29696 c:\windows\system32\dllcache\rw450ext.dll
+ 2010-05-07 07:17 . 2008-04-13 17:33 28160 c:\windows\system32\dllcache\rw430ext.dll
+ 2010-05-07 07:17 . 2008-04-13 07:35 20992 c:\windows\system32\dllcache\rtl8139.sys
+ 2010-05-07 07:17 . 2001-08-17 18:12 19017 c:\windows\system32\dllcache\rtl8029.sys
+ 2010-05-07 07:17 . 2001-08-17 18:19 30720 c:\windows\system32\dllcache\rthwcls.sys
+ 2010-05-07 07:16 . 2008-04-13 16:58 79360 c:\windows\system32\dllcache\rocket.sys
+ 2010-05-07 07:16 . 2008-04-13 09:56 30592 c:\windows\system32\dllcache\rndismpx.sys
+ 2010-05-07 07:16 . 2001-08-17 18:12 37563 c:\windows\system32\dllcache\rlnet5.sys
+ 2001-08-17 21:24 . 2008-04-14 12:00 12032 c:\windows\system32\dllcache\riodrv.sys
+ 2001-08-17 21:24 . 2008-04-14 12:00 12032 c:\windows\system32\dllcache\rio8drv.sys
+ 2010-05-07 07:16 . 2008-04-13 09:46 59136 c:\windows\system32\dllcache\rfcomm.sys
+ 2010-05-07 07:16 . 2001-08-23 15:47 86097 c:\windows\system32\dllcache\reslog32.dll
+ 2010-05-01 18:14 . 2008-04-13 18:57 58752 c:\windows\system32\dllcache\redbook.sys
+ 2010-05-07 07:16 . 2008-04-13 09:23 13776 c:\windows\system32\dllcache\recagent.sys
+ 2010-05-07 07:16 . 2001-08-17 19:51 19584 c:\windows\system32\dllcache\rasirda.sys
+ 2010-05-07 07:16 . 2001-08-23 15:47 41984 c:\windows\system32\dllcache\qvusd.dll
+ 2010-05-07 07:16 . 2001-08-17 19:52 49024 c:\windows\system32\dllcache\ql1280.sys
+ 2010-05-07 07:16 . 2001-08-17 19:52 40448 c:\windows\system32\dllcache\ql1240.sys
+ 2010-05-07 07:16 . 2001-08-17 19:52 45312 c:\windows\system32\dllcache\ql12160.sys
+ 2010-05-07 07:16 . 2001-08-17 19:52 33152 c:\windows\system32\dllcache\ql10wnt.sys
+ 2010-05-07 07:16 . 2001-08-17 19:52 40320 c:\windows\system32\dllcache\ql1080.sys
+ 2010-05-07 07:15 . 2001-08-23 15:47 35328 c:\windows\system32\dllcache\psisload.dll
+ 2010-05-07 07:15 . 2001-08-23 15:17 16512 c:\windows\system32\dllcache\pscr.sys
+ 2008-04-13 18:55 . 2008-04-14 12:00 40064 c:\windows\system32\dllcache\processr.sys
+ 2010-05-07 07:15 . 2008-04-13 09:41 17664 c:\windows\system32\dllcache\ppa3.sys
+ 2010-05-07 07:15 . 2001-08-17 19:53 17792 c:\windows\system32\dllcache\ppa.sys
+ 2008-04-13 19:33 . 2008-04-14 12:00 15360 c:\windows\system32\dllcache\pjlmon.dll
+ 2008-04-13 19:33 . 2008-04-14 12:00 35328 c:\windows\system32\dllcache\pid.dll
+ 2010-05-07 07:15 . 2001-08-17 20:07 19840 c:\windows\system32\dllcache\philtune.sys
+ 2010-05-07 07:15 . 2001-08-17 20:04 92416 c:\windows\system32\dllcache\phildec.sys
+ 2010-05-07 07:15 . 2001-08-17 20:04 75776 c:\windows\system32\dllcache\philcam1.sys
+ 2010-05-07 07:15 . 2001-08-23 15:47 16896 c:\windows\system32\dllcache\philcam1.dll
+ 2010-05-07 07:15 . 2008-04-13 09:44 28032 c:\windows\system32\dllcache\perm3.sys
+ 2010-05-07 07:15 . 2008-04-13 09:44 27904 c:\windows\system32\dllcache\perm2.sys
+ 2010-05-07 07:15 . 2001-08-17 20:07 27296 c:\windows\system32\dllcache\perc2.sys
+ 2010-05-07 07:15 . 2001-08-23 15:47 86016 c:\windows\system32\dllcache\pctspk.exe
+ 2010-05-07 07:14 . 2001-08-17 18:11 29769 c:\windows\system32\dllcache\pcntn5m.sys
+ 2010-05-07 07:14 . 2001-08-17 18:11 30282 c:\windows\system32\dllcache\pcntn5hl.sys
+ 2010-05-07 07:14 . 2001-08-17 18:12 26153 c:\windows\system32\dllcache\pcmlm56.sys
+ 2010-05-07 07:14 . 2008-04-13 07:35 29502 c:\windows\system32\dllcache\pca200e.sys
+ 2010-05-07 07:14 . 2001-08-17 18:12 30495 c:\windows\system32\dllcache\pc100nds.sys
+ 2008-04-13 19:09 . 2008-04-14 12:00 80384 c:\windows\system32\dllcache\parport.sys
+ 2008-04-13 19:09 . 2008-04-14 12:00 46848 c:\windows\system32\dllcache\p3.sys
+ 2010-05-07 07:14 . 2001-08-23 15:47 42496 c:\windows\system32\dllcache\ovui2rc.dll
+ 2010-05-07 07:14 . 2001-08-23 15:47 44544 c:\windows\system32\dllcache\ovui2.dll
+ 2010-05-07 07:14 . 2001-08-17 20:05 25216 c:\windows\system32\dllcache\ovsound2.sys
+ 2010-05-07 07:14 . 2001-08-23 15:47 39424 c:\windows\system32\dllcache\ovcoms.exe
+ 2010-05-07 07:14 . 2001-08-23 15:47 20480 c:\windows\system32\dllcache\ovcomc.dll
+ 2010-05-07 07:14 . 2001-08-17 20:05 31872 c:\windows\system32\dllcache\ovce.sys
+ 2010-05-07 07:14 . 2001-08-17 20:05 28032 c:\windows\system32\dllcache\ovcd.sys
+ 2010-05-07 07:14 . 2001-08-17 20:05 48000 c:\windows\system32\dllcache\ovcam2.sys
+ 2010-05-07 07:14 . 2001-08-17 20:05 25088 c:\windows\system32\dllcache\ovca.sys
+ 2010-05-07 07:14 . 2001-08-23 15:15 54954 c:\windows\system32\dllcache\otcsercb.sys
+ 2010-05-07 07:14 . 2001-08-23 15:15 44297 c:\windows\system32\dllcache\otceth5.sys
+ 2010-05-07 07:14 . 2001-08-17 18:12 27209 c:\windows\system32\dllcache\otc06x5.sys
+ 2010-05-07 07:14 . 2001-08-17 18:20 54528 c:\windows\system32\dllcache\opl3sax.sys
+ 2010-05-07 07:13 . 2001-08-17 18:49 51552 c:\windows\system32\dllcache\ntgrip.sys
+ 2010-05-07 07:13 . 2008-04-13 09:54 28672 c:\windows\system32\dllcache\nscirda.sys
+ 2010-05-07 07:13 . 2001-08-17 18:20 87040 c:\windows\system32\dllcache\nm6wdm.sys
+ 2001-08-17 21:24 . 2008-04-14 12:00 12032 c:\windows\system32\dllcache\nikedrv.sys
+ 2008-04-13 11:51 . 2008-04-14 12:00 61824 c:\windows\system32\dllcache\nic1394.sys
+ 2010-05-07 07:13 . 2001-08-17 18:12 32840 c:\windows\system32\dllcache\ngrpci.sys
+ 2010-05-07 07:13 . 2001-08-23 15:10 66302 c:\windows\system32\dllcache\netflx3.sys
+ 2010-05-07 07:13 . 2001-08-17 18:50 39264 c:\windows\system32\dllcache\neo20xx.sys
+ 2010-05-07 07:13 . 2001-08-23 15:46 60480 c:\windows\system32\dllcache\neo20xx.dll
+ 2010-05-07 07:13 . 2001-08-17 19:49 15872 c:\windows\system32\dllcache\ne2000.sys
+ 2008-04-13 11:56 . 2008-04-14 12:00 14592 c:\windows\system32\dllcache\ndisuio.sys
+ 2010-05-01 18:15 . 2008-04-13 11:46 10880 c:\windows\system32\dllcache\ndisip.sys
+ 2010-05-01 18:15 . 2008-04-13 11:46 85248 c:\windows\system32\dllcache\nabtsfec.sys
+ 2010-05-07 07:13 . 2001-08-23 15:46 91488 c:\windows\system32\dllcache\n9i3disp.dll
+ 2010-05-07 07:13 . 2001-08-17 18:50 27936 c:\windows\system32\dllcache\n9i3d.sys
+ 2010-05-07 07:12 . 2001-08-23 15:46 59104 c:\windows\system32\dllcache\n9i128v2.dll
+ 2010-05-07 07:12 . 2001-08-17 18:50 13664 c:\windows\system32\dllcache\n9i128.sys
+ 2010-05-07 07:12 . 2001-08-23 15:46 35392 c:\windows\system32\dllcache\n9i128.dll
+ 2010-05-07 07:12 . 2001-08-23 15:09 53791 c:\windows\system32\dllcache\n1000nt5.sys
+ 2010-05-07 07:12 . 2001-08-23 15:09 76928 c:\windows\system32\dllcache\mxport.sys
+ 2010-05-07 07:12 . 2001-08-17 19:49 19968 c:\windows\system32\dllcache\mxnic.sys
+ 2010-05-07 07:12 . 2001-08-23 15:47 19968 c:\windows\system32\dllcache\mxicfg.dll
+ 2010-05-07 07:12 . 2001-08-23 15:08 22144 c:\windows\system32\dllcache\mxcard.sys
+ 2010-05-07 07:12 . 2008-04-13 09:43 12672 c:\windows\system32\dllcache\mutohpen.sys
+ 2010-05-07 07:12 . 2008-04-13 09:46 49024 c:\windows\system32\dllcache\mstape.sys
+ 2008-04-13 11:36 . 2008-04-14 12:00 15488 c:\windows\system32\dllcache\mssmbios.sys
+ 2010-05-07 07:12 . 2001-08-17 19:48 12416 c:\windows\system32\dllcache\msriffwv.sys
+ 2010-05-07 07:12 . 2008-04-13 09:54 22016 c:\windows\system32\dllcache\msircomm.sys
+ 2010-05-07 07:11 . 2008-04-13 09:46 51200 c:\windows\system32\dllcache\msdv.sys
+ 2010-05-07 07:11 . 2001-08-17 19:52 17280 c:\windows\system32\dllcache\mraid35x.sys
+ 2010-05-07 07:11 . 2008-04-13 09:46 15232 c:\windows\system32\dllcache\mpe.sys
+ 2001-08-23 17:04 . 2008-04-14 12:00 12288 c:\windows\system32\dllcache\mouhid.sys
+ 2010-05-07 07:11 . 2001-08-17 19:57 16128 c:\windows\system32\dllcache\modemcsa.sys
+ 2008-04-13 18:53 . 2008-04-14 12:00 30336 c:\windows\system32\dllcache\modem.sys
+ 2008-04-13 11:36 . 2008-04-14 12:00 63744 c:\windows\system32\dllcache\mf.sys
+ 2010-05-07 07:11 . 2008-04-13 09:41 26112 c:\windows\system32\dllcache\memstpci.sys
+ 2010-05-07 07:11 . 2001-08-23 15:47 47616 c:\windows\system32\dllcache\memgrp.dll
+ 2010-05-07 07:11 . 2001-08-17 18:19 48768 c:\windows\system32\dllcache\maestro.sys
+ 2010-05-07 07:10 . 2001-08-23 15:47 58880 c:\windows\system32\dllcache\m3091dc.dll
+ 2010-05-07 07:10 . 2001-08-17 18:49 22848 c:\windows\system32\dllcache\lwusbhid.sys
+ 2010-05-07 07:10 . 2008-04-13 07:39 20864 c:\windows\system32\dllcache\lwadihid.sys
+ 2010-05-07 07:10 . 2001-08-17 18:12 70730 c:\windows\system32\dllcache\lne100tx.sys
+ 2010-05-07 07:10 . 2001-08-17 18:12 20573 c:\windows\system32\dllcache\lne100.sys
+ 2010-05-07 07:10 . 2001-08-17 18:11 25065 c:\windows\system32\dllcache\lmndis3.sys
+ 2010-05-07 07:10 . 2001-08-23 15:00 16384 c:\windows\system32\dllcache\lit220p.sys
+ 2010-05-07 07:10 . 2008-04-13 09:40 34688 c:\windows\system32\dllcache\lbrtfdc.sys
+ 2010-05-07 07:10 . 2001-08-23 14:59 26922 c:\windows\system32\dllcache\lanepic5.sys
+ 2010-05-07 07:10 . 2001-08-17 18:12 19016 c:\windows\system32\dllcache\ktc111.sys
+ 2010-05-07 07:10 . 2001-08-23 15:47 37888 c:\windows\system32\dllcache\kousd.dll
+ 2010-05-07 07:10 . 2008-04-13 17:33 49152 c:\windows\system32\dllcache\kdsui.dll
+ 2010-05-07 07:09 . 2008-04-13 17:05 14720 c:\windows\system32\dllcache\kbdhid.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 25216 c:\windows\system32\dllcache\kbdclass.sys
+ 2010-05-07 07:09 . 2001-08-17 19:49 26624 c:\windows\system32\dllcache\irstusb.sys
+ 2010-05-07 07:09 . 2001-08-17 19:51 18688 c:\windows\system32\dllcache\irsir.sys
+ 2010-05-07 07:09 . 2008-04-13 17:33 29184 c:\windows\system32\dllcache\irmon.dll
+ 2010-05-07 07:09 . 2001-08-17 19:49 23552 c:\windows\system32\dllcache\irmk7.sys
+ 2010-05-07 07:09 . 2008-04-13 09:54 88192 c:\windows\system32\dllcache\irda.sys
+ 2010-05-07 07:09 . 2008-04-13 09:45 46592 c:\windows\system32\dllcache\irbus.sys
+ 2010-05-07 07:09 . 2001-08-17 18:12 45632 c:\windows\system32\dllcache\ip5515.sys
+ 2010-05-07 07:09 . 2001-08-23 15:47 90200 c:\windows\system32\dllcache\io8ports.dll
+ 2010-05-07 07:09 . 2001-08-17 19:50 38784 c:\windows\system32\dllcache\io8.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 40576 c:\windows\system32\dllcache\intelppm.sys
+ 2010-05-07 07:09 . 2001-08-23 14:57 13824 c:\windows\system32\dllcache\inport.sys
+ 2010-05-07 07:09 . 2001-08-17 19:52 16000 c:\windows\system32\dllcache\ini910u.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 42112 c:\windows\system32\dllcache\imapi.sys
+ 2010-05-07 07:08 . 2001-08-23 15:47 20992 c:\windows\system32\dllcache\icam5ext.dll
+ 2010-05-07 07:08 . 2001-08-23 15:47 45056 c:\windows\system32\dllcache\icam5com.dll
+ 2010-05-07 07:08 . 2001-08-23 15:47 63488 c:\windows\system32\dllcache\icam4ext.dll
+ 2010-05-07 07:08 . 2001-08-23 15:47 92160 c:\windows\system32\dllcache\icam4com.dll
+ 2010-05-07 07:08 . 2001-08-23 15:47 27136 c:\windows\system32\dllcache\icam3ext.dll
+ 2010-05-07 07:08 . 2001-08-17 20:06 38528 c:\windows\system32\dllcache\ibmvcap.sys
+ 2010-05-07 07:08 . 2001-08-23 15:45 10240 c:\windows\system32\dllcache\ibmsgnet.dll
+ 2010-05-07 07:08 . 2001-08-17 18:11 28700 c:\windows\system32\dllcache\ibmexmp.sys
+ 2010-05-07 07:08 . 2001-08-17 18:49 58592 c:\windows\system32\dllcache\i740nt5.sys
+ 2010-05-07 07:08 . 2008-04-13 09:41 18560 c:\windows\system32\dllcache\i2omp.sys
+ 2010-05-07 07:07 . 2008-04-13 17:33 32285 c:\windows\system32\dllcache\hsfcisp2.dll
+ 2010-05-07 07:07 . 2001-08-17 19:28 50751 c:\windows\system32\dllcache\hsf_tone.sys
+ 2010-05-07 07:07 . 2001-08-17 19:28 73279 c:\windows\system32\dllcache\hsf_spkp.sys
+ 2010-05-07 07:07 . 2001-08-17 19:28 44863 c:\windows\system32\dllcache\hsf_soar.sys
+ 2010-05-07 07:07 . 2001-08-17 19:28 57471 c:\windows\system32\dllcache\hsf_samp.sys
+ 2010-05-07 07:07 . 2001-08-17 19:28 67167 c:\windows\system32\dllcache\hsf_bsc2.sys
+ 2010-05-07 07:07 . 2001-08-23 15:47 19456 c:\windows\system32\dllcache\hr1w.dll
+ 2010-05-07 07:07 . 2001-08-23 15:47 13312 c:\windows\system32\dllcache\hpsjmcro.dll
+ 2010-05-07 07:07 . 2001-08-17 20:07 25952 c:\windows\system32\dllcache\hpn.sys
+ 2010-05-07 07:07 . 2001-08-23 15:47 32768 c:\windows\system32\dllcache\hpgtmcro.dll
+ 2010-05-07 07:06 . 2001-08-23 15:47 31232 c:\windows\system32\dllcache\hpgt42tk.dll
+ 2010-05-07 07:06 . 2001-08-23 15:47 93696 c:\windows\system32\dllcache\hpgt42.dll
+ 2010-05-07 07:06 . 2001-08-23 15:47 48128 c:\windows\system32\dllcache\hpgt33tk.dll
+ 2010-05-07 07:06 . 2001-08-23 15:47 89088 c:\windows\system32\dllcache\hpgt33.dll
+ 2010-05-07 07:06 . 2001-08-23 15:47 83968 c:\windows\system32\dllcache\hpgt21.dll
+ 2008-04-14 12:00 . 2008-04-14 12:00 10368 c:\windows\system32\dllcache\hidusb.sys
+ 2010-05-07 07:06 . 2008-04-13 17:33 21504 c:\windows\system32\dllcache\hidserv.dll
+ 2008-04-14 12:00 . 2008-04-14 12:00 24960 c:\windows\system32\dllcache\hidparse.sys
+ 2010-05-07 07:06 . 2008-04-13 09:45 19200 c:\windows\system32\dllcache\hidir.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 36864 c:\windows\system32\dllcache\hidclass.sys
+ 2010-05-07 07:06 . 2008-04-13 16:59 25856 c:\windows\system32\dllcache\hidbth.sys
+ 2010-05-07 07:06 . 2008-04-13 09:36 20352 c:\windows\system32\dllcache\hidbatt.sys
+ 2008-04-13 19:33 . 2008-04-14 12:00 20992 c:\windows\system32\dllcache\hid.dll
+ 2010-05-07 07:06 . 2008-04-13 16:59 28544 c:\windows\system32\dllcache\grserial.sys
+ 2010-05-07 07:06 . 2001-08-23 15:18 82560 c:\windows\system32\dllcache\grclass.sys
+ 2010-05-07 07:06 . 2001-08-23 15:18 17664 c:\windows\system32\dllcache\gpr400.sys
+ 2010-05-07 07:06 . 2008-04-13 09:45 59136 c:\windows\system32\dllcache\gckernel.sys
+ 2010-05-07 07:06 . 2008-04-13 09:45 10624 c:\windows\system32\dllcache\gameenum.sys
+ 2010-05-07 07:06 . 2008-04-13 09:36 46464 c:\windows\system32\dllcache\gagp30kx.sys
+ 2001-08-23 17:17 . 2008-04-14 12:00 12416 c:\windows\system32\dllcache\fsvga.sys
+ 2010-05-07 07:05 . 2008-04-13 07:35 34173 c:\windows\system32\dllcache\forehe.sys
+ 2010-05-07 07:05 . 2001-08-23 15:47 72192 c:\windows\system32\dllcache\fnfilter.dll
+ 2008-04-14 12:00 . 2008-04-14 12:00 20480 c:\windows\system32\dllcache\flpydisk.sys
+ 2010-05-07 07:05 . 2001-08-17 18:13 27165 c:\windows\system32\dllcache\fetnd5.sys
+ 2010-05-07 07:05 . 2001-08-17 18:10 22090 c:\windows\system32\dllcache\fem556n5.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 27392 c:\windows\system32\dllcache\fdc.sys
+ 2010-05-07 07:05 . 2001-08-17 18:12 24618 c:\windows\system32\dllcache\fa410nd5.sys
+ 2010-05-07 07:05 . 2001-08-17 18:12 16074 c:\windows\system32\dllcache\fa312nd5.sys
+ 2010-05-07 07:05 . 2001-08-17 18:11 11850 c:\windows\system32\dllcache\f3ab18xj.sys
+ 2010-05-07 07:05 . 2001-08-17 18:11 12362 c:\windows\system32\dllcache\f3ab18xi.sys
+ 2010-05-07 07:05 . 2001-08-17 18:12 16998 c:\windows\system32\dllcache\ex10.sys
+ 2010-05-07 07:05 . 2001-08-23 15:47 46080 c:\windows\system32\dllcache\esunib.dll
+ 2010-05-07 07:05 . 2001-08-23 15:47 46080 c:\windows\system32\dllcache\esuni.dll
+ 2010-05-07 07:05 . 2001-08-23 15:47 34816 c:\windows\system32\dllcache\esuimg.dll
+ 2010-05-07 07:05 . 2001-08-23 15:47 43008 c:\windows\system32\dllcache\esucm.dll
+ 2010-05-07 07:05 . 2001-08-17 18:19 63360 c:\windows\system32\dllcache\ess.sys
+ 2010-05-07 07:05 . 2001-08-17 18:19 72192 c:\windows\system32\dllcache\es1969.sys
+ 2010-05-07 07:04 . 2001-08-17 18:19 37120 c:\windows\system32\dllcache\es1370mp.sys
+ 2010-05-07 07:04 . 2001-08-23 15:47 62464 c:\windows\system32\dllcache\eqnloop.exe
+ 2010-05-07 07:04 . 2001-08-23 15:47 51712 c:\windows\system32\dllcache\eqnlogr.exe
+ 2010-05-07 07:04 . 2001-08-23 15:47 53760 c:\windows\system32\dllcache\eqndiag.exe
+ 2010-05-07 07:04 . 2001-08-17 18:12 18503 c:\windows\system32\dllcache\epro4.sys
+ 2010-05-07 07:04 . 2001-08-17 18:10 19996 c:\windows\system32\dllcache\em556n4.sys
+ 2010-05-07 07:04 . 2001-08-17 18:10 25159 c:\windows\system32\dllcache\elnk3.sys
+ 2010-05-07 07:04 . 2001-08-17 18:11 70174 c:\windows\system32\dllcache\el98xn5.sys
+ 2010-05-07 07:04 . 2001-08-17 18:11 66591 c:\windows\system32\dllcache\el90xbc5.sys
+ 2010-05-07 07:04 . 2001-08-17 18:11 77386 c:\windows\system32\dllcache\el656nd5.sys
+ 2010-05-07 07:04 . 2001-08-17 18:11 69194 c:\windows\system32\dllcache\el656cd5.sys
+ 2010-05-07 07:04 . 2001-08-17 18:10 26141 c:\windows\system32\dllcache\el589nd5.sys
+ 2010-05-07 07:04 . 2001-08-17 18:10 69692 c:\windows\system32\dllcache\el575nd5.sys
+ 2010-05-07 07:04 . 2001-08-17 18:10 24653 c:\windows\system32\dllcache\el574nd4.sys
+ 2010-05-07 07:04 . 2001-08-17 18:10 55999 c:\windows\system32\dllcache\el556nd5.sys
+ 2010-05-07 07:04 . 2001-08-23 15:13 44615 c:\windows\system32\dllcache\el515.sys
+ 2010-05-07 07:04 . 2001-08-17 18:12 19594 c:\windows\system32\dllcache\e100isa4.sys
+ 2010-05-07 07:04 . 2001-08-23 15:12 51743 c:\windows\system32\dllcache\e1000nt5.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 71168 c:\windows\system32\dllcache\dxg.sys
+ 2001-08-23 17:47 . 2008-04-14 12:00 59392 c:\windows\system32\dllcache\dvdplay.exe
+ 2010-05-07 07:04 . 2001-08-17 20:07 20192 c:\windows\system32\dllcache\dpti2o.sys
+ 2010-05-07 07:04 . 2001-08-17 18:12 28062 c:\windows\system32\dllcache\dp83820.sys
+ 2010-05-07 07:04 . 2001-08-23 15:11 24064 c:\windows\system32\dllcache\dot4usb.sys
+ 2010-05-07 07:04 . 2001-08-17 19:47 12928 c:\windows\system32\dllcache\dot4prt.sys
+ 2008-04-13 19:33 . 2008-04-14 12:00 58880 c:\windows\system32\dllcache\dmutil.dll
+ 2010-05-07 07:03 . 2001-08-17 18:11 26698 c:\windows\system32\dllcache\dlh5xnd5.sys
+ 2010-05-07 07:03 . 2001-08-23 15:47 29768 c:\windows\system32\dllcache\divasu.dll
+ 2010-05-07 07:03 . 2001-08-23 15:47 37962 c:\windows\system32\dllcache\divaprop.dll
+ 2010-05-07 07:03 . 2001-08-23 15:47 38985 c:\windows\system32\dllcache\disrvsu.dll
+ 2010-05-07 07:03 . 2001-08-23 15:47 31817 c:\windows\system32\dllcache\disrvpp.dll
+ 2008-04-14 12:00 . 2008-04-14 12:00 36352 c:\windows\system32\dllcache\disk.sys
+ 2010-05-07 07:03 . 2001-08-17 18:13 91305 c:\windows\system32\dllcache\dimaint.sys
+ 2010-05-07 07:03 . 2001-08-23 15:10 42656 c:\windows\system32\dllcache\digirlpt.sys
+ 2010-05-07 07:03 . 2001-08-17 18:14 21606 c:\windows\system32\dllcache\digiisdn.sys
+ 2010-05-07 07:03 . 2001-08-23 15:47 41046 c:\windows\system32\dllcache\digiisdn.dll
+ 2010-05-07 07:03 . 2001-08-23 15:10 90685 c:\windows\system32\dllcache\digifep5.sys
+ 2010-05-07 07:03 . 2001-08-23 15:10 37927 c:\windows\system32\dllcache\digiasyn.sys
+ 2010-05-07 07:03 . 2001-08-23 15:47 65622 c:\windows\system32\dllcache\digiasyn.dll
+ 2010-05-07 07:02 . 2001-08-23 15:47 32256 c:\windows\system32\dllcache\diapi2NT.dll
+ 2010-05-07 07:03 . 2001-08-23 15:09 29691 c:\windows\system32\dllcache\dgapci.sys
+ 2010-05-07 07:03 . 2001-08-17 18:11 24649 c:\windows\system32\dllcache\dfe650d.sys
+ 2010-05-07 07:03 . 2001-08-17 18:11 24648 c:\windows\system32\dllcache\dfe650.sys
+ 2010-05-07 07:03 . 2001-08-23 15:47 24064 c:\windows\system32\dllcache\devldr32.exe
+ 2010-05-07 07:03 . 2001-08-17 18:11 20928 c:\windows\system32\dllcache\defpa.sys
+ 2010-05-07 07:03 . 2001-08-23 15:47 87552 c:\windows\system32\dllcache\dc240usd.dll
+ 2010-05-07 07:03 . 2001-08-17 18:12 63208 c:\windows\system32\dllcache\dc21x4.sys
+ 2010-05-07 07:03 . 2001-08-23 15:47 82432 c:\windows\system32\dllcache\dc210usd.dll
+ 2010-05-07 07:03 . 2001-08-23 15:47 25600 c:\windows\system32\dllcache\dc210_32.dll
+ 2010-05-07 07:03 . 2001-08-17 19:52 14720 c:\windows\system32\dllcache\dac960nt.sys
+ 2010-05-07 07:03 . 2001-08-23 15:47 28160 c:\windows\system32\dllcache\cyzports.dll
+ 2010-05-07 07:03 . 2001-08-23 15:08 50688 c:\windows\system32\dllcache\cyzport.sys
+ 2010-05-07 07:03 . 2001-08-23 15:47 28160 c:\windows\system32\dllcache\cyzcoins.dll
+ 2010-05-07 07:03 . 2001-08-23 15:47 28160 c:\windows\system32\dllcache\cyyports.dll
+ 2010-05-07 07:03 . 2001-08-23 15:08 50944 c:\windows\system32\dllcache\cyyport.sys
+ 2010-05-07 07:03 . 2001-08-23 15:47 29184 c:\windows\system32\dllcache\cyycoins.dll
+ 2010-05-07 07:03 . 2001-08-23 15:08 15104 c:\windows\system32\dllcache\cyclom-y.sys
+ 2010-05-07 07:03 . 2001-08-23 15:08 17536 c:\windows\system32\dllcache\cyclad-z.sys
+ 2010-05-07 07:03 . 2008-04-13 07:36 48640 c:\windows\system32\dllcache\cwrwdm.sys
+ 2010-05-07 07:03 . 2001-08-17 18:19 93952 c:\windows\system32\dllcache\cwcwdm.sys
+ 2010-05-07 07:02 . 2001-08-17 18:19 72832 c:\windows\system32\dllcache\cwbwdm.sys
+ 2010-05-07 07:02 . 2001-08-17 18:19 96256 c:\windows\system32\dllcache\ctlsb16.sys
+ 2008-04-13 19:02 . 2008-04-14 12:00 40960 c:\windows\system32\dllcache\crusoe.sys
+ 2010-05-07 07:02 . 2001-08-17 18:19 42112 c:\windows\system32\dllcache\crtaud.sys
+ 2010-05-07 07:02 . 2001-08-23 15:07 61194 c:\windows\system32\dllcache\cpqtrnd5.sys
+ 2010-05-07 07:02 . 2001-08-23 15:07 21533 c:\windows\system32\dllcache\cpqndis5.sys
+ 2001-08-17 21:24 . 2008-04-14 12:00 11776 c:\windows\system32\dllcache\cpqdap01.sys
+ 2010-05-07 07:02 . 2001-08-17 19:52 14976 c:\windows\system32\dllcache\cpqarray.sys
+ 2010-05-01 18:14 . 2008-04-13 11:36 10240 c:\windows\system32\dllcache\compbatt.sys
+ 2010-05-07 07:02 . 2001-08-17 18:11 39936 c:\windows\system32\dllcache\cnxt1803.sys
+ 2010-05-07 07:02 . 2001-08-23 15:47 44544 c:\windows\system32\dllcache\cnusd.dll
+ 2008-04-13 19:33 . 2008-04-14 12:00 50688 c:\windows\system32\dllcache\cnbjmon.dll
+ 2010-05-07 07:02 . 2001-08-23 15:04 20864 c:\windows\system32\dllcache\cmbp0wdm.sys
+ 2010-05-01 18:14 . 2008-04-13 11:36 13952 c:\windows\system32\dllcache\cmbatt.sys
+ 2010-05-07 07:02 . 2001-08-17 19:57 45696 c:\windows\system32\dllcache\cirrus.sys
+ 2010-05-07 07:02 . 2001-08-23 15:46 91264 c:\windows\system32\dllcache\cirrus.dll
+ 2010-05-07 07:02 . 2008-04-13 17:33 15423 c:\windows\system32\dllcache\ch7xxnt5.dll
+ 2010-05-07 07:02 . 2001-08-23 15:03 49182 c:\windows\system32\dllcache\cem56n5.sys
+ 2010-05-07 07:02 . 2001-08-23 15:03 22556 c:\windows\system32\dllcache\cem33n5.sys
+ 2010-05-07 07:02 . 2001-08-23 15:03 22556 c:\windows\system32\dllcache\cem28n5.sys
+ 2010-05-07 07:02 . 2001-08-23 15:03 27164 c:\windows\system32\dllcache\ce3n5.sys
+ 2010-05-07 07:02 . 2001-08-23 15:03 21530 c:\windows\system32\dllcache\ce2n5.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 62976 c:\windows\system32\dllcache\cdrom.sys
+ 2001-08-17 21:52 . 2008-04-14 12:00 18688 c:\windows\system32\dllcache\cdaudio.sys
+ 2010-05-01 18:15 . 2008-04-13 11:46 17024 c:\windows\system32\dllcache\ccdecode.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 13952 c:\windows\system32\dllcache\cbidf2k.sys
+ 2010-05-07 07:02 . 2001-08-17 18:13 46108 c:\windows\system32\dllcache\cben5.sys
+ 2010-05-07 07:02 . 2001-08-17 18:12 39680 c:\windows\system32\dllcache\cb325.sys
+ 2010-05-07 07:02 . 2001-08-17 18:12 37916 c:\windows\system32\dllcache\cb102.sys
+ 2010-05-07 07:02 . 2001-08-23 15:47 74240 c:\windows\system32\dllcache\camexo20.dll
+ 2010-05-07 07:01 . 2008-04-13 09:46 18944 c:\windows\system32\dllcache\bthusb.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 30208 c:\windows\system32\dllcache\bthserv.dll
+ 2010-05-07 07:01 . 2008-04-13 09:46 36480 c:\windows\system32\dllcache\bthprint.sys
+ 2010-05-07 07:01 . 2008-04-13 09:46 37888 c:\windows\system32\dllcache\bthmodem.sys
+ 2010-05-07 07:01 . 2008-04-13 09:46 17024 c:\windows\system32\dllcache\bthenum.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 20992 c:\windows\system32\dllcache\bthci.dll
+ 2010-05-07 07:01 . 2001-08-17 18:11 31529 c:\windows\system32\dllcache\brzwlan.sys
+ 2010-05-07 07:01 . 2001-08-17 19:12 10368 c:\windows\system32\dllcache\brusbscn.sys
+ 2010-05-07 07:01 . 2001-08-17 19:12 11008 c:\windows\system32\dllcache\brusbmdm.sys
+ 2010-05-07 07:01 . 2001-08-17 19:12 60416 c:\windows\system32\dllcache\brserwdm.sys
+ 2010-05-07 07:01 . 2001-08-23 15:01 39808 c:\windows\system32\dllcache\brparwdm.sys
+ 2010-05-07 07:01 . 2001-08-23 15:46 41472 c:\windows\system32\dllcache\brmfusb.dll
+ 2010-05-07 07:01 . 2001-08-23 15:47 32256 c:\windows\system32\dllcache\brmfrsmg.exe
+ 2010-05-07 07:01 . 2001-08-23 15:46 29696 c:\windows\system32\dllcache\brmflpt.dll
+ 2010-05-07 07:01 . 2001-08-23 15:46 81920 c:\windows\system32\dllcache\brmfcwia.dll
+ 2010-05-07 07:01 . 2001-08-23 15:46 15360 c:\windows\system32\dllcache\brmfbidi.dll
+ 2010-05-07 07:01 . 2001-08-17 19:12 12160 c:\windows\system32\dllcache\brfiltlo.sys
+ 2010-05-07 07:01 . 2001-08-23 15:46 12800 c:\windows\system32\dllcache\brevif.dll
+ 2010-05-07 07:01 . 2001-08-23 15:46 19456 c:\windows\system32\dllcache\brbidiif.dll
+ 2010-05-07 07:01 . 2008-04-13 09:46 11776 c:\windows\system32\dllcache\bdasup.sys
+ 2010-05-07 07:01 . 2001-08-17 18:11 26568 c:\windows\system32\dllcache\bcm4e5.sys
+ 2010-05-07 07:01 . 2001-08-17 18:11 54271 c:\windows\system32\dllcache\bcm42xx5.sys
+ 2010-05-07 07:01 . 2001-08-17 18:11 66557 c:\windows\system32\dllcache\bcm42u.sys
+ 2010-05-01 18:14 . 2008-04-13 11:36 14208 c:\windows\system32\dllcache\battc.sys
+ 2010-05-07 07:01 . 2001-08-17 18:48 36128 c:\windows\system32\dllcache\banshee.sys
+ 2010-05-07 07:01 . 2001-08-23 15:00 97248 c:\windows\system32\dllcache\b57xp32.sys
+ 2010-05-07 07:01 . 2001-08-17 18:13 89952 c:\windows\system32\dllcache\b1cbase.sys
+ 2010-05-07 07:01 . 2001-08-17 18:19 36992 c:\windows\system32\dllcache\aztw2320.sys
+ 2010-05-07 07:01 . 2001-08-17 18:13 37568 c:\windows\system32\dllcache\avmwan.sys
+ 2010-05-07 07:01 . 2001-08-23 15:46 87552 c:\windows\system32\dllcache\avmcoxp.dll
+ 2010-05-07 07:01 . 2008-04-13 09:46 13696 c:\windows\system32\dllcache\avcstrm.sys
+ 2010-05-07 07:01 . 2001-08-17 20:01 36096 c:\windows\system32\dllcache\avcaudio.sys
+ 2010-05-07 07:01 . 2008-04-13 09:46 38912 c:\windows\system32\dllcache\avc.sys
+ 2010-05-07 07:01 . 2008-04-13 17:33 17279 c:\windows\system32\dllcache\atv10nt5.dll
+ 2010-05-07 07:01 . 2008-04-13 17:33 14143 c:\windows\system32\dllcache\atv06nt5.dll
+ 2010-05-07 07:01 . 2008-04-13 17:33 25471 c:\windows\system32\dllcache\atv04nt5.dll
+ 2010-05-07 07:01 . 2008-04-13 17:33 11359 c:\windows\system32\dllcache\atv02nt5.dll
+ 2010-05-07 07:01 . 2008-04-13 17:33 21183 c:\windows\system32\dllcache\atv01nt5.dll
+ 2010-05-07 07:01 . 2001-08-17 18:49 23552 c:\windows\system32\dllcache\atixbar.sys
+ 2010-05-07 07:01 . 2001-08-17 18:49 26624 c:\windows\system32\dllcache\ativxbar.sys
+ 2010-05-07 07:01 . 2001-08-17 18:49 19456 c:\windows\system32\dllcache\ativttxx.sys
+ 2010-05-07 07:01 . 2008-04-13 17:33 32768 c:\windows\system32\dllcache\ativtmxx.dll
+ 2010-05-07 07:01 . 2001-08-17 18:49 17152 c:\windows\system32\dllcache\atitvsnd.sys
+ 2010-05-07 07:01 . 2001-08-17 18:49 17152 c:\windows\system32\dllcache\atitunep.sys
+ 2010-05-07 07:01 . 2001-08-17 18:49 26880 c:\windows\system32\dllcache\atirtsnd.sys
+ 2010-05-07 07:01 . 2001-08-17 18:49 49920 c:\windows\system32\dllcache\atirtcap.sys
+ 2010-05-07 07:01 . 2001-08-23 14:59 70784 c:\windows\system32\dllcache\atiragem.sys
+ 2010-05-07 07:01 . 2001-08-17 18:49 10240 c:\windows\system32\dllcache\atipcxxx.sys
+ 2010-05-07 07:01 . 2008-04-13 07:34 63488 c:\windows\system32\dllcache\atinxsxx.sys
+ 2010-05-07 07:01 . 2008-04-13 07:34 31744 c:\windows\system32\dllcache\atinxbxx.sys
+ 2010-05-07 07:01 . 2008-04-13 07:34 73216 c:\windows\system32\dllcache\atintuxx.sys
+ 2010-05-07 07:01 . 2008-04-13 07:34 13824 c:\windows\system32\dllcache\atinttxx.sys
+ 2010-05-07 07:01 . 2008-04-13 07:34 28672 c:\windows\system32\dllcache\atinsnxx.sys
+ 2010-05-07 07:01 . 2008-04-13 07:34 52224 c:\windows\system32\dllcache\atinraxx.sys
+ 2010-05-07 07:01 . 2008-04-13 07:34 14336 c:\windows\system32\dllcache\atinpdxx.sys
+ 2010-05-07 07:01 . 2008-04-13 07:34 13824 c:\windows\system32\dllcache\atinmdxx.sys
+ 2010-05-07 07:01 . 2008-04-13 07:34 57856 c:\windows\system32\dllcache\atinbtxx.sys
+ 2010-05-07 07:01 . 2001-08-23 14:59 75392 c:\windows\system32\dllcache\atimpae.sys
+ 2010-05-07 07:00 . 2001-08-17 18:49 46464 c:\windows\system32\dllcache\atibt829.sys
+ 2010-05-07 07:00 . 2008-04-13 07:34 34735 c:\windows\system32\dllcache\ati1xsxx.sys
+ 2010-05-07 07:00 . 2008-04-13 07:34 29455 c:\windows\system32\dllcache\ati1xbxx.sys
+ 2010-05-07 07:00 . 2008-04-13 07:34 36463 c:\windows\system32\dllcache\ati1tuxx.sys
+ 2010-05-07 07:00 . 2008-04-13 07:34 21343 c:\windows\system32\dllcache\ati1ttxx.sys
+ 2010-05-07 07:00 . 2008-04-13 07:34 26367 c:\windows\system32\dllcache\ati1snxx.sys
+ 2010-05-07 07:00 . 2008-04-13 07:34 63663 c:\windows\system32\dllcache\ati1rvxx.sys
+ 2010-05-07 07:00 . 2008-04-13 07:34 30671 c:\windows\system32\dllcache\ati1raxx.sys
+ 2010-05-07 07:00 . 2008-04-13 07:34 12047 c:\windows\system32\dllcache\ati1pdxx.sys
+ 2010-05-07 07:00 . 2008-04-13 07:34 11615 c:\windows\system32\dllcache\ati1mdxx.sys
+ 2010-05-07 07:00 . 2008-04-13 07:34 56623 c:\windows\system32\dllcache\ati1btxx.sys
+ 2010-05-07 07:00 . 2001-08-23 14:59 77824 c:\windows\system32\dllcache\ati.sys
+ 2010-05-07 07:00 . 2001-08-23 15:46 96128 c:\windows\system32\dllcache\ati.dll
+ 2010-05-07 07:00 . 2001-08-17 18:12 97354 c:\windows\system32\dllcache\aspndis3.sys
+ 2010-05-07 07:00 . 2001-08-17 19:51 14848 c:\windows\system32\dllcache\asc3550.sys
+ 2010-05-07 07:00 . 2001-08-17 19:52 22400 c:\windows\system32\dllcache\asc3350p.sys
+ 2010-05-07 07:00 . 2001-08-17 19:52 26496 c:\windows\system32\dllcache\asc.sys
+ 2008-04-13 11:51 . 2008-04-14 12:00 60800 c:\windows\system32\dllcache\arp1394.sys
+ 2010-05-07 07:00 . 2008-04-13 07:35 36224 c:\windows\system32\dllcache\an983.sys
+ 2010-05-07 07:00 . 2001-08-17 19:52 12032 c:\windows\system32\dllcache\amsint.sys
+ 2008-04-13 18:54 . 2008-04-14 12:00 41856 c:\windows\system32\dllcache\amdk7.sys
+ 2008-04-13 18:54 . 2008-04-14 12:00 41472 c:\windows\system32\dllcache\amdk6.sys
+ 2010-05-07 07:00 . 2008-04-13 09:36 43008 c:\windows\system32\dllcache\amdagp.sys
+ 2010-05-07 07:00 . 2001-08-17 18:11 16969 c:\windows\system32\dllcache\amb8002.sys
+ 2010-05-07 07:00 . 2008-04-13 09:36 42752 c:\windows\system32\dllcache\alim1541.sys
+ 2010-05-07 07:00 . 2001-08-17 19:49 26624 c:\windows\system32\dllcache\alifir.sys
+ 2010-05-07 07:00 . 2001-08-17 18:11 27678 c:\windows\system32\dllcache\ali5261.sys
+ 2010-05-07 07:00 . 2001-08-17 20:07 56960 c:\windows\system32\dllcache\aic78xx.sys
+ 2010-05-07 07:00 . 2001-08-17 20:07 55168 c:\windows\system32\dllcache\aic78u2.sys
+ 2010-05-07 07:00 . 2001-08-17 19:52 12800 c:\windows\system32\dllcache\aha154x.sys
+ 2010-05-07 07:00 . 2008-04-13 09:36 44928 c:\windows\system32\dllcache\agpcpq.sys
+ 2010-05-07 07:00 . 2008-04-13 09:36 42368 c:\windows\system32\dllcache\agp440.sys
+ 2010-05-07 07:00 . 2001-08-17 18:11 46112 c:\windows\system32\dllcache\adptsf50.sys
+ 2010-05-07 07:00 . 2008-04-13 07:36 10880 c:\windows\system32\dllcache\admjoy.sys
+ 2010-05-07 07:00 . 2001-08-17 18:11 20160 c:\windows\system32\dllcache\adm8511.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 12032 c:\windows\system32\dllcache\acpiec.sys
+ 2010-05-07 07:00 . 2001-08-23 15:46 61952 c:\windows\system32\dllcache\acerscad.dll
+ 2010-05-07 07:00 . 2008-04-13 07:36 84480 c:\windows\system32\dllcache\ac97via.sys
+ 2010-05-07 07:00 . 2001-08-17 18:20 96256 c:\windows\system32\dllcache\ac97intc.sys
+ 2010-05-07 07:00 . 2001-08-17 19:52 23552 c:\windows\system32\dllcache\abp480n5.sys
+ 2010-05-07 07:00 . 2001-08-23 15:46 98304 c:\windows\system32\dllcache\a3d.dll
+ 2010-05-07 07:00 . 2001-08-23 15:46 38400 c:\windows\system32\dllcache\8514a.dll
+ 2010-05-07 07:00 . 2008-04-13 09:46 48128 c:\windows\system32\dllcache\61883.sys
+ 2010-05-07 07:00 . 2008-04-13 09:40 12288 c:\windows\system32\dllcache\4mmdat.sys
+ 2010-05-07 07:00 . 2001-08-17 20:06 11264 c:\windows\system32\dllcache\1394vdbg.sys
+ 2010-05-07 07:00 . 2008-04-13 09:46 53376 c:\windows\system32\dllcache\1394bus.sys
+ 2010-05-07 07:25 . 2008-04-13 17:33 8192 c:\windows\system32\dllcache\wshirda.dll
+ 2001-08-23 17:46 . 2008-04-14 12:00 3200 c:\windows\system32\dllcache\wowfax.dll
+ 2010-05-07 07:25 . 2008-04-13 09:36 8832 c:\windows\system32\dllcache\wmiacpi.sys
+ 2010-05-07 07:24 . 2008-04-13 09:40 5376 c:\windows\system32\dllcache\viaide.sys
+ 2010-05-07 07:24 . 2001-08-17 19:28 7556 c:\windows\system32\dllcache\usroslba.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 4736 c:\windows\system32\dllcache\usbd.sys
+ 2010-05-07 07:22 . 2001-08-23 15:00 4992 c:\windows\system32\dllcache\toside.sys
- 2008-04-14 12:00 . 2008-04-14 12:00 4096 c:\windows\system32\dllcache\timer.drv
+ 2010-05-01 18:12 . 2008-04-14 12:00 4096 c:\windows\system32\dllcache\timer.drv
+ 2010-05-07 07:21 . 2001-08-17 19:52 7040 c:\windows\system32\dllcache\tandqic.sys
+ 2010-05-07 07:21 . 2001-08-17 20:02 3968 c:\windows\system32\dllcache\swusbflt.sys
+ 2008-04-13 11:39 . 2008-04-14 12:00 4352 c:\windows\system32\dllcache\swenum.sys
+ 2001-08-23 17:47 . 2008-04-14 12:00 8192 c:\windows\system32\dllcache\streamci.dll
+ 2010-05-07 07:20 . 2001-08-17 19:56 7552 c:\windows\system32\dllcache\sonypvu1.sys
+ 2010-05-07 07:20 . 2001-08-17 19:53 9600 c:\windows\system32\dllcache\sonymc.sys
+ 2010-05-07 07:20 . 2008-04-13 09:40 7552 c:\windows\system32\dllcache\sonyait.sys
+ 2010-05-07 07:20 . 2001-08-17 19:53 7040 c:\windows\system32\dllcache\snyaitmc.sys
+ 2010-05-07 07:19 . 2001-08-17 19:57 6784 c:\windows\system32\dllcache\smbhc.sys
+ 2010-05-07 07:19 . 2008-04-13 09:36 6912 c:\windows\system32\dllcache\smbclass.sys
+ 2010-05-07 07:19 . 2008-04-13 09:36 5888 c:\windows\system32\dllcache\smbali.sys
+ 2010-05-07 07:18 . 2008-04-13 17:33 3901 c:\windows\system32\dllcache\siint5.dll
+ 2010-05-07 07:18 . 2001-08-23 15:20 6912 c:\windows\system32\dllcache\serscan.sys
+ 2010-05-07 07:18 . 2001-08-17 19:53 6912 c:\windows\system32\dllcache\seaddsmc.sys
+ 2010-05-07 07:16 . 2001-08-17 18:19 3840 c:\windows\system32\dllcache\rpfun.sys
+ 2010-05-07 07:16 . 2001-08-17 19:53 3328 c:\windows\system32\dllcache\qv2kux.sys
+ 2010-05-07 07:16 . 2008-04-13 09:40 6016 c:\windows\system32\dllcache\qic157.sys
+ 2010-05-07 07:15 . 2001-08-23 15:47 5632 c:\windows\system32\dllcache\ptpusb.dll
+ 2010-05-07 07:15 . 2008-04-13 09:40 8832 c:\windows\system32\dllcache\powerfil.sys
+ 2010-05-07 07:15 . 2001-08-17 19:53 7168 c:\windows\system32\dllcache\pnrmc.sys
+ 2010-05-07 07:15 . 2001-08-17 20:07 5504 c:\windows\system32\dllcache\perc2hib.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 3456 c:\windows\system32\dllcache\oprghdlr.sys
+ 2010-05-07 07:13 . 2001-08-23 15:11 9472 c:\windows\system32\dllcache\ntapm.sys
+ 2010-05-07 07:13 . 2001-08-17 19:53 7552 c:\windows\system32\dllcache\nsmmc.sys
+ 2010-05-07 07:12 . 2001-08-23 15:47 7168 c:\windows\system32\dllcache\mxport.dll
+ 2010-05-01 18:15 . 2008-04-13 11:39 5504 c:\windows\system32\dllcache\mstee.sys
+ 2010-05-01 18:15 . 2008-04-13 11:39 4992 c:\windows\system32\dllcache\mspqm.sys
+ 2010-05-01 18:15 . 2008-04-13 11:39 5376 c:\windows\system32\dllcache\mspclock.sys
+ 2010-05-07 07:12 . 2001-08-17 20:00 2944 c:\windows\system32\dllcache\msmpu401.sys
+ 2010-05-01 18:15 . 2008-04-13 11:39 7552 c:\windows\system32\dllcache\mskssrv.sys
+ 2010-05-07 07:11 . 2001-08-17 19:48 6016 c:\windows\system32\dllcache\msfsio.sys
+ 2010-05-07 07:11 . 2001-08-17 19:52 6528 c:\windows\system32\dllcache\miniqic.sys
+ 2010-05-07 07:11 . 2001-08-17 19:58 8320 c:\windows\system32\dllcache\memcard.sys
+ 2010-05-07 07:11 . 2001-08-17 19:52 7424 c:\windows\system32\dllcache\mammoth.sys
+ 2010-05-07 07:10 . 2008-04-13 09:40 7040 c:\windows\system32\dllcache\ltotape.sys
+ 2010-05-07 07:10 . 2001-08-17 19:53 4992 c:\windows\system32\dllcache\loop.sys
+ 2010-05-07 07:10 . 2001-08-23 15:47 8192 c:\windows\system32\dllcache\kbdkor.dll
+ 2010-05-07 07:09 . 2008-04-13 17:31 6144 c:\windows\system32\dllcache\kbd106.dll
+ 2010-05-07 07:09 . 2001-08-17 20:55 5632 c:\windows\system32\dllcache\kbd103.dll
+ 2010-05-07 07:09 . 2001-08-17 20:55 6144 c:\windows\system32\dllcache\kbd101c.dll
+ 2010-05-07 07:09 . 2001-08-17 20:55 6144 c:\windows\system32\dllcache\kbd101b.dll
+ 2010-05-07 07:09 . 2008-04-13 17:03 5504 c:\windows\system32\dllcache\intelide.sys
+ 2010-05-07 07:08 . 2008-04-13 09:41 8576 c:\windows\system32\dllcache\i2omgmt.sys
+ 2010-05-07 07:07 . 2001-08-23 15:47 9759 c:\windows\system32\dllcache\hsf_inst.dll
+ 2010-05-07 07:07 . 2001-08-17 19:52 5760 c:\windows\system32\dllcache\hpt4qic.sys
+ 2010-05-07 07:06 . 2001-08-17 20:02 2688 c:\windows\system32\dllcache\hidswvd.sys
+ 2010-05-07 07:06 . 2001-08-17 20:02 8576 c:\windows\system32\dllcache\hidgame.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 7168 c:\windows\system32\dllcache\hccoin.dll
+ 2010-05-07 07:05 . 2001-08-17 19:52 7040 c:\windows\system32\dllcache\exabyte2.sys
+ 2010-05-07 07:04 . 2001-08-17 19:46 6400 c:\windows\system32\dllcache\enum1394.sys
+ 2010-05-07 07:04 . 2001-08-17 19:53 7296 c:\windows\system32\dllcache\elmsmc.sys
+ 2010-05-07 07:04 . 2001-08-17 19:47 8704 c:\windows\system32\dllcache\dot4scan.sys
+ 2010-05-07 07:03 . 2008-04-13 09:40 8320 c:\windows\system32\dllcache\dlttape.sys
+ 2010-05-07 07:03 . 2001-08-23 15:47 6216 c:\windows\system32\dllcache\divaci.dll
+ 2010-05-07 07:03 . 2001-08-23 15:47 6729 c:\windows\system32\dllcache\disrvci.dll
+ 2010-05-07 07:03 . 2001-08-17 19:52 7424 c:\windows\system32\dllcache\ddsmc.sys
+ 2010-05-07 07:02 . 2001-08-17 18:19 3072 c:\windows\system32\dllcache\cwbmidi.sys
+ 2010-05-07 07:02 . 2001-08-17 18:19 3072 c:\windows\system32\dllcache\cwbase.sys
+ 2010-05-07 07:02 . 2001-08-23 15:47 4096 c:\windows\system32\dllcache\ctwdm32.dll
+ 2010-05-07 07:02 . 2001-08-17 18:19 3712 c:\windows\system32\dllcache\ctljystk.sys
+ 2010-05-07 07:02 . 2001-08-17 18:19 6912 c:\windows\system32\dllcache\ctlfacem.sys
+ 2010-05-07 07:02 . 2001-08-23 15:04 6656 c:\windows\system32\dllcache\cmdide.sys
+ 2010-05-07 07:02 . 2008-04-13 09:41 8192 c:\windows\system32\dllcache\changer.sys
+ 2010-05-07 07:02 . 2001-08-17 19:52 7680 c:\windows\system32\dllcache\cd20xrnt.sys
+ 2010-05-07 07:01 . 2001-08-23 15:46 9728 c:\windows\system32\dllcache\brserif.dll
+ 2010-05-07 07:01 . 2001-08-23 15:46 5120 c:\windows\system32\dllcache\brscnrsm.dll
+ 2010-05-07 07:01 . 2001-08-17 19:12 3168 c:\windows\system32\dllcache\brparimg.sys
+ 2010-05-07 07:01 . 2001-08-17 19:12 3968 c:\windows\system32\dllcache\brfiltup.sys
+ 2010-05-07 07:01 . 2001-08-17 19:12 2944 c:\windows\system32\dllcache\brfilt.sys
+ 2010-05-07 07:01 . 2001-08-23 15:46 9728 c:\windows\system32\dllcache\brcoinst.dll
+ 2010-05-01 18:15 . 2001-08-17 21:59 3072 c:\windows\system32\dllcache\audstub.sys
+ 2010-05-07 07:01 . 2001-08-17 18:49 9472 c:\windows\system32\dllcache\ativmdcd.sys
+ 2010-05-07 07:00 . 2001-08-17 19:47 6272 c:\windows\system32\dllcache\apmbatt.sys
+ 2010-05-07 07:00 . 2001-08-17 19:51 5248 c:\windows\system32\dllcache\aliide.sys
+ 2010-05-07 07:00 . 2008-04-13 17:33 3775 c:\windows\system32\dllcache\adv11nt5.dll
+ 2010-05-07 07:00 . 2008-04-13 17:33 3711 c:\windows\system32\dllcache\adv09nt5.dll
+ 2010-05-07 07:00 . 2008-04-13 17:33 3135 c:\windows\system32\dllcache\adv08nt5.dll
+ 2010-05-07 07:00 . 2008-04-13 17:33 3647 c:\windows\system32\dllcache\adv07nt5.dll
+ 2010-05-07 07:00 . 2008-04-13 17:33 3615 c:\windows\system32\dllcache\adv05nt5.dll
+ 2010-05-07 07:00 . 2008-04-13 17:33 3967 c:\windows\system32\dllcache\adv02nt5.dll
+ 2010-05-07 07:00 . 2008-04-13 17:33 4255 c:\windows\system32\dllcache\adv01nt5.dll
+ 2010-05-07 07:00 . 2001-08-17 19:53 7424 c:\windows\system32\dllcache\adicvls.sys
+ 2008-04-13 19:33 . 2008-04-14 12:00 483840 c:\windows\system32\dllcache\wzcsvc.dll
+ 2008-04-14 12:00 . 2008-04-14 12:00 108032 c:\windows\system32\dllcache\wshbth.dll
+ 2010-05-07 07:25 . 2008-04-13 07:35 154624 c:\windows\system32\dllcache\wlluc48.sys
+ 2010-05-07 07:25 . 2001-08-17 19:28 771581 c:\windows\system32\dllcache\winacisa.sys
+ 2010-05-07 07:25 . 2001-08-17 19:28 701386 c:\windows\system32\dllcache\wdhaalba.sys
+ 2010-05-07 07:24 . 2001-08-17 19:28 397502 c:\windows\system32\dllcache\vpctcom.sys
+ 2010-05-07 07:24 . 2001-08-17 19:28 604253 c:\windows\system32\dllcache\vmodem.sys
+ 2010-05-07 07:24 . 2001-08-17 18:14 249402 c:\windows\system32\dllcache\vinwm.sys
+ 2010-05-07 07:24 . 2001-08-17 19:28 687999 c:\windows\system32\dllcache\usrwdxjs.sys
+ 2001-08-23 17:47 . 2008-04-14 12:00 102457 c:\windows\system32\dllcache\usrv42a.dll
+ 2010-05-07 07:24 . 2001-08-17 19:28 765884 c:\windows\system32\dllcache\usrti.sys
+ 2010-05-07 07:24 . 2001-08-17 19:28 113762 c:\windows\system32\dllcache\usrpda.sys
+ 2001-08-23 17:47 . 2008-04-14 12:00 323641 c:\windows\system32\dllcache\usrdtea.dll
+ 2010-05-07 07:24 . 2001-08-17 19:28 224802 c:\windows\system32\dllcache\usr1807a.sys
+ 2010-05-07 07:23 . 2001-08-17 19:28 793598 c:\windows\system32\dllcache\usr1806.sys
+ 2010-05-07 07:23 . 2001-08-17 19:28 794654 c:\windows\system32\dllcache\usr1801.sys
+ 2010-05-07 07:23 . 2001-08-23 15:47 212480 c:\windows\system32\dllcache\um54scan.dll
+ 2010-05-07 07:23 . 2001-08-23 15:47 216576 c:\windows\system32\dllcache\um34scan.dll
+ 2010-05-07 07:22 . 2001-08-23 15:47 525568 c:\windows\system32\dllcache\tridxp.dll
+ 2010-05-07 07:22 . 2001-08-17 18:51 159232 c:\windows\system32\dllcache\tridkbm.sys
+ 2010-05-07 07:22 . 2001-08-23 15:46 440576 c:\windows\system32\dllcache\tridkb.dll
+ 2010-05-07 07:22 . 2001-08-17 18:51 222336 c:\windows\system32\dllcache\trid3dm.sys
+ 2010-05-07 07:22 . 2001-08-23 15:46 315520 c:\windows\system32\dllcache\trid3d.dll
+ 2010-05-07 07:22 . 2001-08-17 20:02 230912 c:\windows\system32\dllcache\tosdvd03.sys
+ 2010-05-07 07:22 . 2001-08-17 20:01 241664 c:\windows\system32\dllcache\tosdvd02.sys
+ 2010-05-07 07:22 . 2001-08-17 18:14 123995 c:\windows\system32\dllcache\tjisdn.sys
+ 2010-05-07 07:22 . 2001-08-17 18:51 138528 c:\windows\system32\dllcache\tgiulnt5.sys
+ 2010-05-07 07:22 . 2008-04-13 09:40 149376 c:\windows\system32\dllcache\tffsport.sys
+ 2010-05-07 07:21 . 2001-08-23 15:46 172768 c:\windows\system32\dllcache\t2r4disp.dll
+ 2010-05-07 07:21 . 2001-08-17 19:50 103936 c:\windows\system32\dllcache\sx.sys
+ 2010-05-07 07:20 . 2001-08-23 14:57 286848 c:\windows\system32\dllcache\stlnata.sys
+ 2010-05-07 07:20 . 2001-08-23 15:47 106584 c:\windows\system32\dllcache\spdports.dll
+ 2010-05-07 07:20 . 2001-08-23 15:47 114688 c:\windows\system32\dllcache\sonypi.dll
+ 2010-05-07 07:19 . 2001-08-23 15:46 147200 c:\windows\system32\dllcache\smidispb.dll
+ 2010-05-07 07:19 . 2008-04-13 09:23 404990 c:\windows\system32\dllcache\slntamr.sys
+ 2010-05-07 07:19 . 2008-04-13 09:23 129535 c:\windows\system32\dllcache\slnt7554.sys
+ 2010-05-07 07:19 . 2008-04-13 17:33 188508 c:\windows\system32\dllcache\slgen.dll
+ 2010-05-07 07:19 . 2008-04-13 17:33 286792 c:\windows\system32\dllcache\slextspk.dll
+ 2010-05-07 07:19 . 2001-08-23 15:46 157696 c:\windows\system32\dllcache\sisv256.dll
+ 2010-05-07 07:19 . 2001-08-23 15:47 238592 c:\windows\system32\dllcache\sisgrv.dll
+ 2010-05-07 07:19 . 2001-08-17 18:50 104064 c:\windows\system32\dllcache\sisgrp.sys
+ 2010-05-07 07:18 . 2001-08-23 15:46 252032 c:\windows\system32\dllcache\sis300iv.dll
+ 2010-05-07 07:18 . 2001-08-17 18:50 101760 c:\windows\system32\dllcache\sis300ip.sys
+ 2010-05-07 07:18 . 2001-08-23 15:21 161664 c:\windows\system32\dllcache\sgsmusb.sys
+ 2010-05-07 07:18 . 2001-08-23 15:46 386560 c:\windows\system32\dllcache\sgiul50.dll
+ 2010-05-07 07:17 . 2001-08-23 15:47 495616 c:\windows\system32\dllcache\sblfx.dll
+ 2010-05-07 07:17 . 2001-08-23 15:46 245632 c:\windows\system32\dllcache\s3savmx.dll
+ 2010-05-07 07:17 . 2001-08-23 15:46 198400 c:\windows\system32\dllcache\s3sav4.dll
+ 2010-05-07 07:17 . 2001-08-23 15:46 179264 c:\windows\system32\dllcache\s3sav3d.dll
+ 2010-05-07 07:17 . 2001-08-23 15:46 210496 c:\windows\system32\dllcache\s3mvirge.dll
+ 2010-05-07 07:17 . 2001-08-23 15:46 182272 c:\windows\system32\dllcache\s3mt3d.dll
+ 2010-05-07 07:17 . 2001-08-17 18:50 166720 c:\windows\system32\dllcache\s3m.sys
+ 2010-05-07 07:17 . 2008-04-13 07:34 166912 c:\windows\system32\dllcache\s3gnbm.sys
+ 2010-05-07 07:17 . 2008-04-13 17:33 397056 c:\windows\system32\dllcache\s3gnb.dll
+ 2010-05-01 16:18 . 2008-04-13 09:32 196224 c:\windows\system32\dllcache\rdpdr.sys
+ 2010-05-07 07:16 . 2001-08-23 15:18 715530 c:\windows\system32\dllcache\r2mdmkxx.sys
+ 2010-05-07 07:16 . 2001-08-23 15:18 899914 c:\windows\system32\dllcache\r2mdkxga.sys
+ 2010-05-07 07:15 . 2001-08-17 19:28 112574 c:\windows\system32\dllcache\ptserlp.sys
+ 2010-05-07 07:15 . 2001-08-17 19:28 128286 c:\windows\system32\dllcache\ptserli.sys
+ 2010-05-07 07:15 . 2008-04-13 17:33 159232 c:\windows\system32\dllcache\ptpusd.dll
+ 2010-05-07 07:15 . 2008-04-13 17:33 363520 c:\windows\system32\dllcache\psisdecd.dll
+ 2010-05-07 07:15 . 2001-08-23 15:47 121344 c:\windows\system32\dllcache\phvfwext.dll
+ 2010-05-07 07:15 . 2001-08-17 20:04 173696 c:\windows\system32\dllcache\philcam2.sys
+ 2010-05-07 07:15 . 2008-04-13 17:32 259328 c:\windows\system32\dllcache\perm3dd.dll
+ 2010-05-07 07:15 . 2008-04-13 17:32 211584 c:\windows\system32\dllcache\perm2dll.dll
+ 2010-05-07 07:15 . 2008-04-13 07:12 169984 c:\windows\system32\dllcache\pcx500.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 120576 c:\windows\system32\dllcache\pcmcia.sys
+ 2001-08-23 17:47 . 2008-04-14 12:00 157696 c:\windows\system32\dllcache\paqsp.dll
+ 2010-05-07 07:14 . 2001-08-17 20:05 351616 c:\windows\system32\dllcache\ovcodek2.sys
+ 2010-05-07 07:14 . 2001-08-23 15:47 116736 c:\windows\system32\dllcache\ovcodec2.dll
+ 2010-05-07 07:13 . 2001-08-17 18:50 198144 c:\windows\system32\dllcache\nv3.sys
+ 2010-05-07 07:13 . 2001-08-23 15:46 123776 c:\windows\system32\dllcache\nv3.dll
+ 2010-05-07 07:13 . 2008-04-13 09:23 180360 c:\windows\system32\dllcache\ntmtlfax.sys
+ 2010-05-07 07:13 . 2001-08-17 18:20 126080 c:\windows\system32\dllcache\nm5a2wdm.sys
+ 2010-05-07 07:13 . 2008-04-13 17:06 132695 c:\windows\system32\dllcache\netwlan5.sys
+ 2010-05-07 07:12 . 2001-08-23 15:09 131072 c:\windows\system32\dllcache\n100325.sys
+ 2010-05-07 07:12 . 2001-08-17 18:50 103296 c:\windows\system32\dllcache\mtxvideo.sys
+ 2010-05-07 07:12 . 2008-04-13 07:34 452736 c:\windows\system32\dllcache\mtxparhm.sys
+ 2010-05-07 07:12 . 2008-04-13 09:23 126686 c:\windows\system32\dllcache\mtlmnt5.sys
- 2010-05-01 17:29 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-04-14 12:00 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-05-07 07:11 . 2001-08-23 15:03 320384 c:\windows\system32\dllcache\mgaum.sys
+ 2010-05-07 07:11 . 2001-08-23 15:46 235648 c:\windows\system32\dllcache\mgaud.dll
+ 2001-08-23 17:47 . 2008-04-14 12:00 147968 c:\windows\system32\dllcache\mdwmdmsp.dll
+ 2010-05-07 07:11 . 2001-08-23 15:02 165066 c:\windows\system32\dllcache\mdgndis5.sys
+ 2010-05-07 07:10 . 2001-08-17 19:28 797500 c:\windows\system32\dllcache\ltsmt.sys
+ 2010-05-07 07:10 . 2001-08-17 19:28 802683 c:\windows\system32\dllcache\ltsm.sys
+ 2010-05-07 07:10 . 2008-04-13 17:07 422528 c:\windows\system32\dllcache\ltmdmntt.sys
+ 2010-05-07 07:10 . 2001-08-23 15:00 577514 c:\windows\system32\dllcache\ltmdmntl.sys
+ 2010-05-07 07:10 . 2008-04-13 17:07 607452 c:\windows\system32\dllcache\ltmdmnt.sys
+ 2010-05-07 07:10 . 2001-08-23 15:00 728554 c:\windows\system32\dllcache\ltck000c.sys
+ 2010-05-07 07:10 . 2008-04-13 17:33 254464 c:\windows\system32\dllcache\kdsusd.dll
+ 2010-05-07 07:09 . 2008-04-13 17:34 153088 c:\windows\system32\dllcache\irftp.exe
+ 2010-05-07 07:08 . 2001-08-23 15:47 372824 c:\windows\system32\dllcache\iconf32.dll
+ 2010-05-07 07:08 . 2001-08-17 20:06 100992 c:\windows\system32\dllcache\icam5usb.sys
+ 2010-05-07 07:08 . 2001-08-17 20:06 154496 c:\windows\system32\dllcache\icam4usb.sys
+ 2010-05-07 07:08 . 2001-08-17 20:05 141056 c:\windows\system32\dllcache\icam3.sys
+ 2010-05-07 07:08 . 2001-08-17 18:12 109085 c:\windows\system32\dllcache\ibmtrp.sys
+ 2010-05-07 07:08 . 2001-08-17 18:12 100936 c:\windows\system32\dllcache\ibmtok.sys
+ 2010-05-07 07:08 . 2008-04-13 07:34 161020 c:\windows\system32\dllcache\i81xnt5.sys
+ 2010-05-07 07:08 . 2008-04-13 17:33 702845 c:\windows\system32\dllcache\i81xdnt5.dll
+ 2010-05-07 07:08 . 2001-08-23 15:46 353184 c:\windows\system32\dllcache\i740dnt5.dll
+ 2008-04-14 12:00 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
- 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2010-05-07 07:07 . 2008-04-13 09:23 685056 c:\windows\system32\dllcache\hsfcxts2.sys
+ 2010-05-07 07:07 . 2008-04-13 09:23 220032 c:\windows\system32\dllcache\hsfbs2s2.sys
+ 2010-05-07 07:07 . 2001-08-17 19:28 488383 c:\windows\system32\dllcache\hsf_v124.sys
+ 2010-05-07 07:07 . 2001-08-17 19:28 542879 c:\windows\system32\dllcache\hsf_msft.sys
+ 2010-05-07 07:07 . 2001-08-17 19:28 391199 c:\windows\system32\dllcache\hsf_k56k.sys
+ 2010-05-07 07:07 . 2001-08-17 19:28 115807 c:\windows\system32\dllcache\hsf_fsks.sys
+ 2010-05-07 07:07 . 2001-08-17 19:28 199711 c:\windows\system32\dllcache\hsf_faxx.sys
+ 2010-05-07 07:07 . 2001-08-17 19:28 289887 c:\windows\system32\dllcache\hsf_fall.sys
+ 2010-05-07 07:07 . 2001-08-17 19:28 150239 c:\windows\system32\dllcache\hsf_amos.sys
+ 2010-05-07 07:07 . 2001-08-23 15:47 324608 c:\windows\system32\dllcache\hpojwia.dll
+ 2010-05-07 07:06 . 2001-08-23 15:47 165888 c:\windows\system32\dllcache\hpgt53.dll
+ 2010-05-07 07:06 . 2001-08-23 15:47 126976 c:\windows\system32\dllcache\hpgt34tk.dll
+ 2010-05-07 07:06 . 2001-08-23 15:47 101376 c:\windows\system32\dllcache\hpgt34.dll
+ 2010-05-07 07:06 . 2001-08-23 15:47 123392 c:\windows\system32\dllcache\hpgt21tk.dll
+ 2010-05-07 07:06 . 2001-08-23 15:47 119296 c:\windows\system32\dllcache\hpdigwia.dll
+ 2010-05-07 07:06 . 2001-08-23 15:19 908000 c:\windows\system32\dllcache\hcf_msft.sys
+ 2010-05-07 07:06 . 2001-08-23 15:18 322560 c:\windows\system32\dllcache\g400m.sys
+ 2010-05-07 07:06 . 2001-08-23 15:18 320512 c:\windows\system32\dllcache\g200m.sys
+ 2010-05-07 07:06 . 2001-08-23 15:46 470144 c:\windows\system32\dllcache\g200d.dll
+ 2010-05-07 07:06 . 2001-08-17 18:15 454912 c:\windows\system32\dllcache\fxusbase.sys
+ 2010-05-07 07:05 . 2001-08-17 18:15 455296 c:\windows\system32\dllcache\fusbbase.sys
+ 2010-05-07 07:05 . 2001-08-17 18:15 455680 c:\windows\system32\dllcache\fus2base.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 126080 c:\windows\system32\dllcache\ftdisk.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 193024 c:\windows\system32\dllcache\fsquirt.exe
+ 2010-05-07 07:05 . 2001-08-17 18:15 442240 c:\windows\system32\dllcache\fpnpbase.sys
+ 2010-05-07 07:05 . 2001-08-17 18:14 441728 c:\windows\system32\dllcache\fpcmbase.sys
+ 2010-05-07 07:05 . 2001-08-17 18:14 444416 c:\windows\system32\dllcache\fpcibase.sys
+ 2010-05-07 07:05 . 2008-04-13 07:36 137088 c:\windows\system32\dllcache\essm2e.sys
+ 2010-05-07 07:05 . 2001-08-23 15:16 348222 c:\windows\system32\dllcache\es56tpi.sys
+ 2010-05-07 07:05 . 2001-08-23 15:16 594910 c:\windows\system32\dllcache\es56hpi.sys
+ 2010-05-07 07:05 . 2001-08-23 15:16 596319 c:\windows\system32\dllcache\es56cvmp.sys
+ 2010-05-07 07:05 . 2001-08-17 18:19 174464 c:\windows\system32\dllcache\es198x.sys
+ 2010-05-07 07:04 . 2001-08-23 15:16 630016 c:\windows\system32\dllcache\eqn.sys
+ 2010-05-07 07:04 . 2001-08-17 19:50 114944 c:\windows\system32\dllcache\epstw2k.sys
+ 2010-05-07 07:04 . 2001-08-17 19:50 144896 c:\windows\system32\dllcache\epcfw2k.sys
+ 2010-05-07 07:04 . 2001-08-17 18:19 283904 c:\windows\system32\dllcache\emu10k1m.sys
+ 2010-05-07 07:04 . 2001-08-23 15:13 175104 c:\windows\system32\dllcache\el99xn51.sys
+ 2010-05-07 07:04 . 2001-08-23 15:13 455711 c:\windows\system32\dllcache\el985n51.sys
+ 2010-05-07 07:04 . 2001-08-23 15:13 153631 c:\windows\system32\dllcache\el90xnd5.sys
+ 2010-05-07 07:04 . 2001-08-23 15:13 241238 c:\windows\system32\dllcache\el656se5.sys
+ 2010-05-07 07:04 . 2001-08-23 15:13 634166 c:\windows\system32\dllcache\el656ct5.sys
+ 2010-05-07 07:04 . 2001-08-23 15:12 117760 c:\windows\system32\dllcache\e100b325.sys
+ 2010-05-07 07:04 . 2001-08-17 18:20 334208 c:\windows\system32\dllcache\ds1wdm.sys
+ 2010-05-07 07:04 . 2008-04-13 09:39 206976 c:\windows\system32\dllcache\dot4.sys
+ 2010-05-07 07:03 . 2001-08-17 18:14 952007 c:\windows\system32\dllcache\diwan.sys
+ 2010-05-07 07:03 . 2001-08-23 15:47 236060 c:\windows\system32\dllcache\ditrace.exe
+ 2010-05-07 07:03 . 2001-08-23 15:47 622621 c:\windows\system32\dllcache\digiview.exe
+ 2010-05-07 07:03 . 2001-08-23 15:47 110621 c:\windows\system32\dllcache\digirlpt.dll
+ 2010-05-07 07:03 . 2001-08-23 15:47 102484 c:\windows\system32\dllcache\digiinf.dll
+ 2010-05-07 07:03 . 2001-08-23 15:47 159828 c:\windows\system32\dllcache\digihlc.dll
+ 2010-05-07 07:03 . 2001-08-23 15:47 229462 c:\windows\system32\dllcache\digifwrk.dll
+ 2010-05-07 07:03 . 2001-08-23 15:10 103492 c:\windows\system32\dllcache\digidxb.sys
+ 2010-05-07 07:03 . 2001-08-23 15:47 135252 c:\windows\system32\dllcache\digidbp.dll
+ 2010-05-07 07:02 . 2001-08-17 18:13 164923 c:\windows\system32\dllcache\diapi2.sys
+ 2010-05-07 07:03 . 2001-08-23 15:47 422429 c:\windows\system32\dllcache\dgconfig.dll
+ 2010-05-07 07:03 . 2001-08-23 15:47 256512 c:\windows\system32\dllcache\devcon32.dll
+ 2010-05-07 07:03 . 2001-08-23 15:47 112128 c:\windows\system32\dllcache\dc260usd.dll
+ 2010-05-07 07:03 . 2001-08-17 19:52 179584 c:\windows\system32\dllcache\dac2w2k.sys
+ 2010-05-07 07:03 . 2001-08-23 15:08 117760 c:\windows\system32\dllcache\d100ib5.sys
+ 2010-05-07 07:03 . 2001-08-17 18:19 111872 c:\windows\system32\dllcache\cwcspud.sys
+ 2010-05-07 07:02 . 2008-04-13 17:33 252416 c:\windows\system32\dllcache\ctmasetp.dll
+ 2010-05-07 07:02 . 2001-08-23 15:47 175104 c:\windows\system32\dllcache\csamsp.dll
+ 2010-05-07 07:02 . 2001-08-23 15:47 216576 c:\windows\system32\dllcache\cpscan.dll
+ 2010-05-07 07:02 . 2001-08-17 19:57 248064 c:\windows\system32\dllcache\cl546xm.sys
+ 2010-05-07 07:02 . 2001-08-23 15:46 170880 c:\windows\system32\dllcache\cl546x.dll
+ 2010-05-07 07:02 . 2001-08-23 15:46 111232 c:\windows\system32\dllcache\cl5465.dll
+ 2001-08-23 17:04 . 2008-04-14 12:00 262528 c:\windows\system32\dllcache\cinemst2.sys
+ 2010-05-07 07:02 . 2001-08-23 15:04 272640 c:\windows\system32\dllcache\cinemclc.sys
+ 2010-05-07 07:02 . 2001-08-23 15:04 980034 c:\windows\system32\dllcache\cicap.sys
+ 2010-05-07 07:02 . 2001-08-23 15:03 715466 c:\windows\system32\dllcache\cbmdmkxx.sys
+ 2010-05-07 07:02 . 2008-04-13 17:33 121856 c:\windows\system32\dllcache\camext30.dll
+ 2010-05-07 07:02 . 2001-08-23 15:47 236032 c:\windows\system32\dllcache\camext20.dll
+ 2010-05-07 07:02 . 2001-08-17 20:04 171264 c:\windows\system32\dllcache\camdrv30.sys
+ 2010-05-07 07:02 . 2001-08-17 20:04 223232 c:\windows\system32\dllcache\camdrv21.sys
+ 2010-05-07 07:02 . 2001-08-17 20:05 314752 c:\windows\system32\dllcache\camdro21.sys
+ 2010-05-07 07:01 . 2008-04-13 09:51 101120 c:\windows\system32\dllcache\bthpan.sys
+ 2010-05-07 07:01 . 2001-08-23 15:46 105472 c:\windows\system32\dllcache\binlsvc.dll
+ 2010-05-07 07:01 . 2001-08-17 19:28 871388 c:\windows\system32\dllcache\bcmdm.sys
+ 2010-05-07 07:01 . 2001-08-23 15:46 342336 c:\windows\system32\dllcache\banshee.dll
+ 2010-05-07 07:01 . 2001-08-23 15:46 144384 c:\windows\system32\dllcache\avmenum.dll
+ 2010-05-07 07:01 . 2008-04-13 17:33 516768 c:\windows\system32\dllcache\ativvaxx.dll
+ 2010-05-07 07:01 . 2001-08-23 15:46 104832 c:\windows\system32\dllcache\atiraged.dll
+ 2010-05-07 07:01 . 2008-04-13 07:34 104960 c:\windows\system32\dllcache\atinrvxx.sys
+ 2010-05-07 07:01 . 2001-08-23 14:59 281728 c:\windows\system32\dllcache\atimtai.sys
+ 2010-05-07 07:01 . 2001-08-23 14:59 289920 c:\windows\system32\dllcache\atimpab.sys
+ 2010-05-07 07:00 . 2001-08-23 15:46 268160 c:\windows\system32\dllcache\atidvai.dll
+ 2010-05-07 07:00 . 2001-08-23 15:46 137216 c:\windows\system32\dllcache\atidrae.dll
+ 2010-05-07 07:00 . 2001-08-23 15:46 382592 c:\windows\system32\dllcache\atidrab.dll
+ 2010-05-07 07:00 . 2008-04-13 17:33 870784 c:\windows\system32\dllcache\ati3d1ag.dll
+ 2010-05-07 07:00 . 2008-04-13 16:55 701440 c:\windows\system32\dllcache\ati2mtag.sys
+ 2010-05-07 07:00 . 2008-04-13 16:55 327168 c:\windows\system32\dllcache\ati2mtaa.sys
+ 2010-05-07 07:00 . 2008-04-13 17:33 201728 c:\windows\system32\dllcache\ati2dvag.dll
+ 2010-05-07 07:00 . 2008-04-13 17:33 377984 c:\windows\system32\dllcache\ati2dvaa.dll
+ 2010-05-07 07:00 . 2008-04-13 17:33 229376 c:\windows\system32\dllcache\ati2cqag.dll
+ 2010-05-07 07:00 . 2001-08-17 20:07 101888 c:\windows\system32\dllcache\adpu160m.sys
+ 2010-05-07 07:00 . 2001-08-17 18:19 747392 c:\windows\system32\dllcache\adm8830.sys
+ 2010-05-07 07:00 . 2001-08-17 18:19 553984 c:\windows\system32\dllcache\adm8820.sys
+ 2010-05-07 07:00 . 2001-08-17 18:19 584448 c:\windows\system32\dllcache\adm8810.sys
+ 2008-04-14 12:00 . 2008-04-14 12:00 188672 c:\windows\system32\dllcache\acpi.sys
+ 2010-05-07 07:00 . 2001-08-17 18:20 297728 c:\windows\system32\dllcache\ac97sis.sys
+ 2010-05-07 07:00 . 2008-04-13 07:36 231552 c:\windows\system32\dllcache\ac97ali.sys
+ 2010-05-07 07:00 . 2001-08-23 15:46 462848 c:\windows\system32\dllcache\a3dapi.dll
+ 2010-05-07 07:00 . 2001-08-17 18:48 148352 c:\windows\system32\dllcache\3dfxvsm.sys
+ 2010-05-07 07:00 . 2001-08-23 15:46 689216 c:\windows\system32\dllcache\3dfxvs.dll
+ 2010-05-07 07:00 . 2001-08-17 19:28 762780 c:\windows\system32\dllcache\3cwmcru.sys
+ 2010-05-07 07:13 . 2008-04-13 07:34 1897408 c:\windows\system32\dllcache\nv4_mini.sys
+ 2010-05-07 07:13 . 2008-04-13 17:33 4274816 c:\windows\system32\dllcache\nv4_disp.dll
+ 2008-04-13 19:07 . 2010-02-16 19:06 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
- 2010-05-01 17:28 . 2010-02-16 19:06 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-04-14 12:00 . 2010-02-16 19:06 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2010-05-01 17:28 . 2010-02-16 19:06 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2010-05-07 07:12 . 2008-04-13 17:33 1737856 c:\windows\system32\dllcache\mtxparhd.dll
+ 2010-05-07 07:12 . 2008-04-13 09:23 1309184 c:\windows\system32\dllcache\mtlstrm.sys
+ 2010-05-01 16:19 . 2009-06-10 07:21 2066432 c:\windows\system32\dllcache\lhmstscx.dll
+ 2010-05-07 07:06 . 2001-08-23 15:46 1733120 c:\windows\system32\dllcache\g400d.dll
+ 2010-05-07 07:00 . 2008-04-13 17:33 1888992 c:\windows\system32\dllcache\ati3duag.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB-Set"="wscript" [X]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-06 442433]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20:18 36880]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [02/05/2010 21:23 1872320]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [01/05/2010 20:20 115312]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18:39 19472]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/05/2010 23:56 691696]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Ajouter à l'Anti-bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
FF - ProfilePath - c:\documents and settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\
FF - component: c:\documents and settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 09:38
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2884)
c:\windows\system32\webcheck.dll
c:\windows\system32\eappprxy.dll
.
Heure de fin: 2010-05-07 09:40:51
ComboFix-quarantined-files.txt 2010-05-07 07:40
ComboFix.txt 2010-05-02 15:50
ComboFix2.txt 2010-05-06 17:00
ComboFix3.txt 2010-05-02 18:53
ComboFix4.txt 2010-05-01 18:34

Avant-CF: 236 917 526 528 octets libres
Après-CF: 236 885 069 824 octets libres

- - End Of File - - 4D53D881DCF831509D1EF9016CFB041F


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:50 PM

Posted 07 May 2010 - 05:09 AM

No infected file except for sfcfiles.dll

Please insert your XP CD in your CD Drive.

Click Start > Run, type cmd and press enter.

copy/paste the following line in the command window (replace "X" with your CD drive letter).

expand X:\i386\sfcfiles.dl_ c:\windows\sfcfiles.dll

Press enter. A file will now be copied from your CD.

After doing this, rerun Combofix.

Edited by elise025, 07 May 2010 - 05:10 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Guillaume75

Guillaume75
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 07 May 2010 - 01:54 PM

Hello Elise,

Ok, here it is... but it seem that sfcfiles.dll reinfects as soon as I restore it !
autochk.exe also change it MD5 every time I boot... but not this time ;)

Regards;

Guillaume

ComboFix 10-05-06.04 - Gigi 07/05/2010 20:37:38.6.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3062.2580 [GMT 2:00]
Lancé depuis: c:\documents and settings\Gigi\Bureau\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-04-07 au 2010-05-07 ))))))))))))))))))))))))))))))))))))
.

2010-05-07 17:54 . 2010-05-07 18:28 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-05-07 17:53 . 2010-05-07 18:27 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-05-07 17:41 . 2008-04-13 17:33 1571840 ----a-w- c:\windows\sfcfiles.dll
2010-05-07 07:26 . 2008-04-13 17:33 116736 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-05-07 07:26 . 2001-08-23 15:47 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-05-07 07:26 . 2008-04-13 17:33 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-05-07 07:26 . 2001-08-23 15:47 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-05-07 07:26 . 2001-08-23 15:47 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-05-07 07:26 . 2001-08-23 15:47 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-05-07 07:26 . 2001-08-17 18:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-05-07 07:24 . 2008-04-13 07:34 11935 -c--a-w- c:\windows\system32\dllcache\wadv11nt.sys
2010-05-07 07:23 . 2001-08-17 19:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-05-07 07:22 . 2001-08-17 18:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-05-07 07:21 . 2001-08-17 18:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-05-07 07:20 . 2001-08-23 15:47 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-05-07 07:19 . 2001-08-17 18:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-05-07 07:18 . 2001-08-23 15:46 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-05-07 07:17 . 2001-08-23 15:20 24064 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2010-05-07 07:16 . 2001-08-23 15:47 10240 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2010-05-07 07:15 . 2001-08-17 19:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2010-05-07 07:14 . 2001-08-17 18:11 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2010-05-07 07:13 . 2008-04-13 09:46 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-05-07 07:12 . 2001-08-17 18:50 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2010-05-07 07:11 . 2001-08-17 20:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-05-07 07:10 . 2001-08-23 15:47 59392 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-05-07 07:09 . 2001-08-23 15:47 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-05-07 07:08 . 2008-04-14 12:00 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2010-05-07 07:07 . 2008-04-13 09:23 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2010-05-07 07:06 . 2001-08-23 15:47 68608 -c--a-w- c:\windows\system32\dllcache\hpgt53tk.dll
2010-05-07 07:05 . 2001-08-23 15:47 92672 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-05-07 07:04 . 2001-08-17 18:19 40704 -c--a-w- c:\windows\system32\dllcache\es1371mp.sys
2010-05-07 07:03 . 2001-08-17 18:11 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2010-05-07 07:02 . 2001-08-17 18:19 3584 -c--a-w- c:\windows\system32\dllcache\cwcosnt5.sys
2010-05-07 07:01 . 2001-08-23 15:02 14080 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-05-07 07:00 . 2001-08-23 15:47 37376 -c--a-w- c:\windows\system32\dllcache\atievxx.exe
2010-05-07 06:59 . 2001-08-23 15:46 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-05-05 22:15 . 2010-05-05 22:15 -------- d-----w- c:\documents and settings\Gigi\Application Data\ImgBurn
2010-05-05 22:10 . 2010-05-05 22:10 -------- d-----w- c:\program files\ImgBurn
2010-05-05 21:56 . 2010-05-07 18:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-05 21:56 . 2010-05-05 22:02 -------- d-----w- c:\documents and settings\Gigi\Application Data\DAEMON Tools Lite
2010-05-05 21:56 . 2010-05-05 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-05-02 22:43 . 2010-05-02 22:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-02 13:59 . 2010-05-02 14:00 -------- d-----w- c:\documents and settings\Gigi\Local Settings\Application Data\Adobe
2010-05-02 13:58 . 2010-05-02 13:58 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-05-02 13:51 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-05-02 13:51 . 1998-07-12 23:08 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-05-02 13:51 . 1998-07-12 23:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2010-05-02 13:51 . 1998-07-12 23:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-05-02 13:51 . 2010-05-02 13:51 -------- d-----w- c:\program files\PDFCreator
2010-05-02 13:51 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-05-02 13:23 . 2010-05-02 13:27 -------- d-----w- C:\cabs
2010-05-02 12:56 . 2008-12-21 21:22 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-02 12:56 . 2008-12-21 21:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-02 12:56 . 2008-12-21 21:22 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2010-05-02 12:56 . 2010-05-02 13:04 -------- d-----w- c:\program files\WinMerge
2010-05-01 21:23 . 2009-10-05 10:34 796400 ----a-w- c:\documents and settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
2010-05-01 21:14 . 2010-05-07 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-01 20:55 . 2010-05-02 13:20 -------- d-----w- C:\Soft
2010-05-01 20:46 . 2010-05-01 20:47 -------- d-----w- c:\documents and settings\Gigi\Application Data\TrueCrypt
2010-05-01 20:46 . 2010-05-01 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\TrueCrypt
2010-05-01 20:46 . 2010-05-01 20:46 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-05-01 20:46 . 2010-05-01 20:46 -------- d-----w- c:\program files\TrueCrypt

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 18:41 . 2010-05-01 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\usb-set
2010-05-07 18:41 . 2010-05-01 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-05-07 17:46 . 2010-05-01 17:14 44544 ----a-w- c:\windows\system32\agremove.exe
2010-05-05 22:33 . 2010-05-01 16:32 -------- d-----w- c:\program files\USB-set
2010-05-05 21:49 . 2010-05-01 16:40 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-05 21:48 . 2010-05-01 16:40 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-02 15:34 . 2008-04-14 12:00 49054 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-02 15:34 . 2008-04-14 12:00 368314 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-02 00:25 . 2008-04-14 12:00 625152 ----a-w- c:\windows\system32\autochk.exe
2010-05-01 21:22 . 2010-05-01 18:20 -------- d-----w- c:\program files\KeyScrambler
2010-05-01 18:17 . 2010-05-01 18:17 0 ----a-w- c:\windows\nsreg.dat
2010-05-01 18:16 . 2010-05-01 18:16 -------- d-----w- c:\program files\CONEXANT
2010-05-01 17:32 . 2010-05-01 17:32 131 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-05-01 17:31 . 2010-05-01 16:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-01 17:27 . 2010-05-01 17:27 -------- d-----w- c:\program files\IDT
2010-05-01 17:22 . 2010-05-01 16:22 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-01 17:09 . 2010-05-01 17:09 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-05-01 17:09 . 2010-05-01 17:09 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-05-01 17:09 . 2010-05-01 17:09 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-05-01 17:09 . 2010-05-01 17:09 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-05-01 17:09 . 2010-05-01 17:09 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-05-01 17:08 . 2010-05-01 17:08 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-05-01 17:08 . 2010-05-01 17:08 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-05-01 17:00 . 2010-05-01 17:00 -------- d-----w- c:\program files\Realtek
2010-05-01 16:57 . 2010-05-01 16:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-05-01 16:56 . 2010-05-01 16:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01000_Coinstaller_Critical.Wdf
2010-05-01 16:56 . 2010-05-01 16:56 -------- d-----w- c:\program files\Synaptics
2010-05-01 16:55 . 2010-05-01 16:53 -------- d-----w- c:\program files\Intel
2010-05-01 16:54 . 2010-05-01 16:54 -------- d-----w- c:\program files\Camera Assistant Software for Gateway
2010-05-01 16:53 . 2010-05-01 16:53 -------- d-----w- c:\documents and settings\Gigi\Application Data\InstallShield
2010-05-01 16:51 . 2010-05-01 16:51 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-05-01 16:47 . 2000-02-04 15:01 40960 ----a-w- c:\windows\system32\StrmExt.dll
2010-05-01 16:47 . 2000-02-04 14:58 3018 ----a-w- c:\windows\system32\HardLinks.vbs
2010-05-01 16:47 . 2000-02-04 00:32 3026 ----a-w- c:\windows\system32\RWStream.vbs
2010-05-01 16:46 . 2010-05-01 16:46 950 ----a-w- c:\windows\unins000.dat
2010-05-01 16:39 . 2010-05-01 16:39 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-01 16:37 . 2010-05-01 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-05-01 16:28 . 2010-05-01 16:28 12328 ----a-w- c:\documents and settings\Gigi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-01 16:23 . 2010-05-01 16:23 -------- d-----w- c:\program files\microsoft frontpage
2010-05-01 16:21 . 2010-05-01 16:21 -------- d-----w- c:\program files\Services en ligne
2010-05-01 16:20 . 2010-05-01 16:20 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:16 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:17 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:06 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2008-04-13 19:07 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-05-01 17:30 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

------- Sigcheck -------

[-] 2008-10-01 . 33578A738C564B4F84D906EFD91025E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[7] 2008-04-13 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB-Set"="wscript" [X]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-06 442433]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20:18 36880]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [01/05/2010 20:20 115312]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18:39 19472]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/05/2010 23:56 691696]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\
FF - component: c:\documents and settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 20:41
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1400)
c:\windows\system32\webcheck.dll
c:\windows\system32\eappprxy.dll
.
Heure de fin: 2010-05-07 20:42:44
ComboFix-quarantined-files.txt 2010-05-07 18:42
ComboFix.txt 2010-05-02 15:50
ComboFix2.txt 2010-05-07 07:40
ComboFix3.txt 2010-05-06 17:00
ComboFix4.txt 2010-05-02 18:53
ComboFix5.txt 2010-05-07 17:54

Avant-CF: 236 877 750 272 octets libres
Après-CF: 236 845 678 592 octets libres

- - End Of File - - AD670D5863D6EEF42C2444B2DAD4F53F


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:50 PM

Posted 07 May 2010 - 01:55 PM

Now lets see if we can tackle sfcfiles smile.gif

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
CODE
FCopy::
c:\windows\sfcfiles.dll | c:\windows\system32\sfcfiles.dll

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Guillaume75

Guillaume75
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 07 May 2010 - 02:24 PM

Elise,

I did a other Co,bofix to show you the problem with autochk.exe

Guillaume

ComboFix 10-05-06.04 - Gigi 07/05/2010 21:08:29.7.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3062.2687 [GMT 2:00]
Lancé depuis: c:\documents and settings\Gigi\Bureau\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

Une copie infectée de c:\windows\system32\autochk.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\system32\dllcache\autochk.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-07 au 2010-05-07 ))))))))))))))))))))))))))))))))))))
.

2010-05-07 19:07 . 2010-05-07 19:07 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-05-07 19:06 . 2010-05-07 19:06 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-05-07 17:41 . 2008-04-13 17:33 1571840 ----a-w- c:\windows\sfcfiles.dll
2010-05-07 07:26 . 2008-04-13 17:33 116736 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-05-07 07:26 . 2001-08-23 15:47 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-05-07 07:26 . 2008-04-13 17:33 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-05-07 07:26 . 2001-08-23 15:47 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-05-07 07:26 . 2001-08-23 15:47 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-05-07 07:26 . 2001-08-23 15:47 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-05-07 07:26 . 2001-08-17 18:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-05-07 07:24 . 2008-04-13 07:34 11935 -c--a-w- c:\windows\system32\dllcache\wadv11nt.sys
2010-05-07 07:23 . 2001-08-17 19:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-05-07 07:22 . 2001-08-17 18:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-05-07 07:21 . 2001-08-17 18:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-05-07 07:20 . 2001-08-23 15:47 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-05-07 07:19 . 2001-08-17 18:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-05-07 07:18 . 2001-08-23 15:46 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-05-07 07:17 . 2001-08-23 15:20 24064 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2010-05-07 07:16 . 2001-08-23 15:47 10240 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2010-05-07 07:15 . 2001-08-17 19:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2010-05-07 07:14 . 2001-08-17 18:11 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2010-05-07 07:13 . 2008-04-13 09:46 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-05-07 07:12 . 2001-08-17 18:50 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2010-05-07 07:11 . 2001-08-17 20:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-05-07 07:10 . 2001-08-23 15:47 59392 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-05-07 07:09 . 2001-08-23 15:47 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-05-07 07:08 . 2008-04-14 12:00 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2010-05-07 07:07 . 2008-04-13 09:23 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2010-05-07 07:06 . 2001-08-23 15:47 68608 -c--a-w- c:\windows\system32\dllcache\hpgt53tk.dll
2010-05-07 07:05 . 2001-08-23 15:47 92672 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-05-07 07:04 . 2001-08-17 18:19 40704 -c--a-w- c:\windows\system32\dllcache\es1371mp.sys
2010-05-07 07:03 . 2001-08-17 18:11 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2010-05-07 07:02 . 2001-08-17 18:19 3584 -c--a-w- c:\windows\system32\dllcache\cwcosnt5.sys
2010-05-07 07:01 . 2001-08-23 15:02 14080 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-05-07 07:00 . 2001-08-23 15:47 37376 -c--a-w- c:\windows\system32\dllcache\atievxx.exe
2010-05-07 06:59 . 2001-08-23 15:46 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-05-05 22:15 . 2010-05-05 22:15 -------- d-----w- c:\documents and settings\Gigi\Application Data\ImgBurn
2010-05-05 22:10 . 2010-05-05 22:10 -------- d-----w- c:\program files\ImgBurn
2010-05-05 21:56 . 2010-05-07 18:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-05 21:56 . 2010-05-05 22:02 -------- d-----w- c:\documents and settings\Gigi\Application Data\DAEMON Tools Lite
2010-05-05 21:56 . 2010-05-05 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-05-02 22:43 . 2010-05-02 22:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-02 13:59 . 2010-05-02 14:00 -------- d-----w- c:\documents and settings\Gigi\Local Settings\Application Data\Adobe
2010-05-02 13:58 . 2010-05-02 13:58 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-05-02 13:51 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-05-02 13:51 . 1998-07-12 23:08 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-05-02 13:51 . 1998-07-12 23:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2010-05-02 13:51 . 1998-07-12 23:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-05-02 13:51 . 2010-05-02 13:51 -------- d-----w- c:\program files\PDFCreator
2010-05-02 13:51 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-05-02 13:23 . 2010-05-02 13:27 -------- d-----w- C:\cabs
2010-05-02 12:56 . 2008-12-21 21:22 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-02 12:56 . 2008-12-21 21:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-02 12:56 . 2008-12-21 21:22 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2010-05-02 12:56 . 2010-05-02 13:04 -------- d-----w- c:\program files\WinMerge
2010-05-01 21:23 . 2009-10-05 10:34 796400 ----a-w- c:\documents and settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
2010-05-01 21:14 . 2010-05-07 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-01 20:55 . 2010-05-02 13:20 -------- d-----w- C:\Soft
2010-05-01 20:46 . 2010-05-01 20:47 -------- d-----w- c:\documents and settings\Gigi\Application Data\TrueCrypt
2010-05-01 20:46 . 2010-05-01 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\TrueCrypt
2010-05-01 20:46 . 2010-05-01 20:46 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-05-01 20:46 . 2010-05-01 20:46 -------- d-----w- c:\program files\TrueCrypt

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 19:19 . 2010-05-01 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-05-07 19:19 . 2010-05-01 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\usb-set
2010-05-07 19:02 . 2010-05-01 17:14 44544 ----a-w- c:\windows\system32\agremove.exe
2010-05-05 22:33 . 2010-05-01 16:32 -------- d-----w- c:\program files\USB-set
2010-05-05 21:49 . 2010-05-01 16:40 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-05 21:48 . 2010-05-01 16:40 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-02 15:34 . 2008-04-14 12:00 49054 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-02 15:34 . 2008-04-14 12:00 368314 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-02 00:25 . 2008-04-14 12:00 625152 ----a-w- c:\windows\system32\autochk.exe
2010-05-01 21:22 . 2010-05-01 18:20 -------- d-----w- c:\program files\KeyScrambler
2010-05-01 18:17 . 2010-05-01 18:17 0 ----a-w- c:\windows\nsreg.dat
2010-05-01 18:16 . 2010-05-01 18:16 -------- d-----w- c:\program files\CONEXANT
2010-05-01 17:32 . 2010-05-01 17:32 131 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-05-01 17:31 . 2010-05-01 16:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-01 17:27 . 2010-05-01 17:27 -------- d-----w- c:\program files\IDT
2010-05-01 17:22 . 2010-05-01 16:22 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-01 17:09 . 2010-05-01 17:09 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-05-01 17:09 . 2010-05-01 17:09 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-05-01 17:09 . 2010-05-01 17:09 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-05-01 17:09 . 2010-05-01 17:09 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-05-01 17:09 . 2010-05-01 17:09 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-05-01 17:08 . 2010-05-01 17:08 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-05-01 17:08 . 2010-05-01 17:08 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-05-01 17:00 . 2010-05-01 17:00 -------- d-----w- c:\program files\Realtek
2010-05-01 16:57 . 2010-05-01 16:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-05-01 16:56 . 2010-05-01 16:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01000_Coinstaller_Critical.Wdf
2010-05-01 16:56 . 2010-05-01 16:56 -------- d-----w- c:\program files\Synaptics
2010-05-01 16:55 . 2010-05-01 16:53 -------- d-----w- c:\program files\Intel
2010-05-01 16:54 . 2010-05-01 16:54 -------- d-----w- c:\program files\Camera Assistant Software for Gateway
2010-05-01 16:53 . 2010-05-01 16:53 -------- d-----w- c:\documents and settings\Gigi\Application Data\InstallShield
2010-05-01 16:51 . 2010-05-01 16:51 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-05-01 16:47 . 2000-02-04 15:01 40960 ----a-w- c:\windows\system32\StrmExt.dll
2010-05-01 16:47 . 2000-02-04 14:58 3018 ----a-w- c:\windows\system32\HardLinks.vbs
2010-05-01 16:47 . 2000-02-04 00:32 3026 ----a-w- c:\windows\system32\RWStream.vbs
2010-05-01 16:46 . 2010-05-01 16:46 950 ----a-w- c:\windows\unins000.dat
2010-05-01 16:39 . 2010-05-01 16:39 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-01 16:37 . 2010-05-01 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-05-01 16:28 . 2010-05-01 16:28 12328 ----a-w- c:\documents and settings\Gigi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-01 16:23 . 2010-05-01 16:23 -------- d-----w- c:\program files\microsoft frontpage
2010-05-01 16:21 . 2010-05-01 16:21 -------- d-----w- c:\program files\Services en ligne
2010-05-01 16:20 . 2010-05-01 16:20 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:16 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:17 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:06 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2008-04-13 19:07 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-05-01 17:30 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

------- Sigcheck -------

[-] 2008-10-01 . 33578A738C564B4F84D906EFD91025E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[7] 2008-04-13 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB-Set"="wscript" [X]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-06 442433]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20:18 36880]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/05/2010 23:56 691696]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [01/05/2010 20:20 115312]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18:39 19472]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Ajouter à l'Anti-bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
FF - ProfilePath - c:\documents and settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\
FF - component: c:\documents and settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 21:19
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\idt\gatewayxpv_12\wdm\STacSV.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\wscript.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Camera Assistant Software for Gateway\CEC_MAIN.exe
.
**************************************************************************
.
Heure de fin: 2010-05-07 21:22:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-05-07 19:21
ComboFix.txt 2010-05-02 15:50
ComboFix2.txt 2010-05-07 18:42
ComboFix3.txt 2010-05-07 07:40
ComboFix4.txt 2010-05-06 17:00
ComboFix5.txt 2010-05-07 19:07

Avant-CF: 236 846 899 200 octets libres
Après-CF: 236 814 036 992 octets libres

- - End Of File - - 1DB6D0BB1FF0CA8A566D4C7B8382628C


#12 Guillaume75

Guillaume75
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 07 May 2010 - 02:41 PM

Great !
sfsfiles tackles !

Regards,

Guillaume

ComboFix 10-05-06.04 - Gigi 07/05/2010 21:32:08.8.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3062.2692 [GMT 2:00]
Lancé depuis: c:\documents and settings\Gigi\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Gigi\Bureau\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

Une copie infectée de c:\windows\system32\autochk.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\system32\dllcache\autochk.exe

.
--------------- FCopy ---------------

c:\windows\sfcfiles.dll --> c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-07 au 2010-05-07 ))))))))))))))))))))))))))))))))))))
.

2010-05-07 19:07 . 2010-05-07 19:28 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-05-07 19:06 . 2010-05-07 19:27 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-05-07 17:41 . 2008-04-13 17:33 1571840 ------w- c:\windows\sfcfiles.dll
2010-05-07 07:26 . 2008-04-13 17:33 116736 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-05-07 07:26 . 2001-08-23 15:47 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-05-07 07:26 . 2008-04-13 17:33 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-05-07 07:26 . 2001-08-23 15:47 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-05-07 07:26 . 2001-08-23 15:47 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-05-07 07:26 . 2001-08-23 15:47 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-05-07 07:26 . 2001-08-17 18:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-05-07 07:24 . 2008-04-13 07:34 11935 -c--a-w- c:\windows\system32\dllcache\wadv11nt.sys
2010-05-07 07:23 . 2001-08-17 19:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-05-07 07:22 . 2001-08-17 18:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-05-07 07:21 . 2001-08-17 18:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-05-07 07:20 . 2001-08-23 15:47 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-05-07 07:19 . 2001-08-17 18:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-05-07 07:18 . 2001-08-23 15:46 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-05-07 07:17 . 2001-08-23 15:20 24064 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2010-05-07 07:16 . 2001-08-23 15:47 10240 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2010-05-07 07:15 . 2001-08-17 19:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2010-05-07 07:14 . 2001-08-17 18:11 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2010-05-07 07:13 . 2008-04-13 09:46 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-05-07 07:12 . 2001-08-17 18:50 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2010-05-07 07:11 . 2001-08-17 20:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-05-07 07:10 . 2001-08-23 15:47 59392 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-05-07 07:09 . 2001-08-23 15:47 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-05-07 07:08 . 2008-04-14 12:00 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2010-05-07 07:07 . 2008-04-13 09:23 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2010-05-07 07:06 . 2001-08-23 15:47 68608 -c--a-w- c:\windows\system32\dllcache\hpgt53tk.dll
2010-05-07 07:05 . 2001-08-23 15:47 92672 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-05-07 07:04 . 2001-08-17 18:19 40704 -c--a-w- c:\windows\system32\dllcache\es1371mp.sys
2010-05-07 07:03 . 2001-08-17 18:11 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2010-05-07 07:02 . 2001-08-17 18:19 3584 -c--a-w- c:\windows\system32\dllcache\cwcosnt5.sys
2010-05-07 07:01 . 2001-08-23 15:02 14080 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-05-07 07:00 . 2001-08-23 15:47 37376 -c--a-w- c:\windows\system32\dllcache\atievxx.exe
2010-05-07 06:59 . 2001-08-23 15:46 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-05-05 22:15 . 2010-05-05 22:15 -------- d-----w- c:\documents and settings\Gigi\Application Data\ImgBurn
2010-05-05 22:10 . 2010-05-05 22:10 -------- d-----w- c:\program files\ImgBurn
2010-05-05 21:56 . 2010-05-07 18:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-05 21:56 . 2010-05-05 22:02 -------- d-----w- c:\documents and settings\Gigi\Application Data\DAEMON Tools Lite
2010-05-05 21:56 . 2010-05-05 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-05-02 22:43 . 2010-05-02 22:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-02 13:59 . 2010-05-02 14:00 -------- d-----w- c:\documents and settings\Gigi\Local Settings\Application Data\Adobe
2010-05-02 13:58 . 2010-05-02 13:58 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-05-02 13:51 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-05-02 13:51 . 1998-07-12 23:08 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-05-02 13:51 . 1998-07-12 23:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2010-05-02 13:51 . 1998-07-12 23:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-05-02 13:51 . 2010-05-02 13:51 -------- d-----w- c:\program files\PDFCreator
2010-05-02 13:51 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-05-02 13:23 . 2010-05-02 13:27 -------- d-----w- C:\cabs
2010-05-02 12:56 . 2008-12-21 21:22 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-02 12:56 . 2008-12-21 21:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-02 12:56 . 2008-12-21 21:22 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2010-05-02 12:56 . 2010-05-02 13:04 -------- d-----w- c:\program files\WinMerge
2010-05-01 21:23 . 2009-10-05 10:34 796400 ----a-w- c:\documents and settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
2010-05-01 21:14 . 2010-05-07 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-01 20:55 . 2010-05-02 13:20 -------- d-----w- C:\Soft
2010-05-01 20:46 . 2010-05-01 20:47 -------- d-----w- c:\documents and settings\Gigi\Application Data\TrueCrypt
2010-05-01 20:46 . 2010-05-01 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\TrueCrypt
2010-05-01 20:46 . 2010-05-01 20:46 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-05-01 20:46 . 2010-05-01 20:46 -------- d-----w- c:\program files\TrueCrypt

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 19:36 . 2010-05-01 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\usb-set
2010-05-07 19:36 . 2010-05-01 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-05-07 19:02 . 2010-05-01 17:14 44544 ----a-w- c:\windows\system32\agremove.exe
2010-05-05 22:33 . 2010-05-01 16:32 -------- d-----w- c:\program files\USB-set
2010-05-05 21:49 . 2010-05-01 16:40 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-05 21:48 . 2010-05-01 16:40 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-02 15:34 . 2008-04-14 12:00 49054 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-02 15:34 . 2008-04-14 12:00 368314 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-02 00:25 . 2008-04-14 12:00 625152 ----a-w- c:\windows\system32\autochk.exe
2010-05-01 21:22 . 2010-05-01 18:20 -------- d-----w- c:\program files\KeyScrambler
2010-05-01 18:17 . 2010-05-01 18:17 0 ----a-w- c:\windows\nsreg.dat
2010-05-01 18:16 . 2010-05-01 18:16 -------- d-----w- c:\program files\CONEXANT
2010-05-01 17:32 . 2010-05-01 17:32 131 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-05-01 17:31 . 2010-05-01 16:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-01 17:27 . 2010-05-01 17:27 -------- d-----w- c:\program files\IDT
2010-05-01 17:22 . 2010-05-01 16:22 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-01 17:09 . 2010-05-01 17:09 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-05-01 17:09 . 2010-05-01 17:09 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-05-01 17:09 . 2010-05-01 17:09 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-05-01 17:09 . 2010-05-01 17:09 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-05-01 17:09 . 2010-05-01 17:09 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-05-01 17:08 . 2010-05-01 17:08 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-05-01 17:08 . 2010-05-01 17:08 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-05-01 17:00 . 2010-05-01 17:00 -------- d-----w- c:\program files\Realtek
2010-05-01 16:57 . 2010-05-01 16:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-05-01 16:56 . 2010-05-01 16:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01000_Coinstaller_Critical.Wdf
2010-05-01 16:56 . 2010-05-01 16:56 -------- d-----w- c:\program files\Synaptics
2010-05-01 16:55 . 2010-05-01 16:53 -------- d-----w- c:\program files\Intel
2010-05-01 16:54 . 2010-05-01 16:54 -------- d-----w- c:\program files\Camera Assistant Software for Gateway
2010-05-01 16:53 . 2010-05-01 16:53 -------- d-----w- c:\documents and settings\Gigi\Application Data\InstallShield
2010-05-01 16:51 . 2010-05-01 16:51 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-05-01 16:47 . 2000-02-04 15:01 40960 ----a-w- c:\windows\system32\StrmExt.dll
2010-05-01 16:47 . 2000-02-04 14:58 3018 ----a-w- c:\windows\system32\HardLinks.vbs
2010-05-01 16:47 . 2000-02-04 00:32 3026 ----a-w- c:\windows\system32\RWStream.vbs
2010-05-01 16:46 . 2010-05-01 16:46 950 ----a-w- c:\windows\unins000.dat
2010-05-01 16:39 . 2010-05-01 16:39 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-01 16:37 . 2010-05-01 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-05-01 16:28 . 2010-05-01 16:28 12328 ----a-w- c:\documents and settings\Gigi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-01 16:23 . 2010-05-01 16:23 -------- d-----w- c:\program files\microsoft frontpage
2010-05-01 16:21 . 2010-05-01 16:21 -------- d-----w- c:\program files\Services en ligne
2010-05-01 16:20 . 2010-05-01 16:20 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:16 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:17 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:06 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2008-04-13 19:07 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-05-01 17:30 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB-Set"="wscript" [X]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-06 442433]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20:18 36880]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [01/05/2010 20:20 115312]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18:39 19472]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/05/2010 23:56 691696]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Ajouter à l'Anti-bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
FF - ProfilePath - c:\documents and settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\
FF - component: c:\documents and settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 21:36
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\idt\gatewayxpv_12\wdm\STacSV.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\wscript.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Camera Assistant Software for Gateway\CEC_MAIN.exe
.
**************************************************************************
.
Heure de fin: 2010-05-07 21:38:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-05-07 19:38
ComboFix.txt 2010-05-02 15:50
ComboFix2.txt 2010-05-07 19:22
ComboFix3.txt 2010-05-07 18:42
ComboFix4.txt 2010-05-07 07:40
ComboFix5.txt 2010-05-07 19:29

Avant-CF: 236 812 390 400 octets libres
Après-CF: 236 799 926 272 octets libres

- - End Of File - - B7FF579E611974A11E0394E92EB1B8B3


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:50 PM

Posted 07 May 2010 - 03:11 PM

Okay, sfcfiles is fine now smile.gif

Please reboot your computer, open a few programs, do a few things, reboot again and then run Combofix once again. Post me the log please.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Guillaume75

Guillaume75
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 07 May 2010 - 03:39 PM

Hello Elise,

Here it is,

Regards,

Guillaume

ComboFix 10-05-07.01 - Gigi 07/05/2010 22:32:32.9.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3062.2629 [GMT 2:00]
Lancé depuis: c:\documents and settings\Gigi\Bureau\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-04-07 au 2010-05-07 ))))))))))))))))))))))))))))))))))))
.

2010-05-07 19:07 . 2010-05-07 20:21 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-05-07 19:06 . 2010-05-07 20:20 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-05-07 17:41 . 2008-04-13 17:33 1571840 ------w- c:\windows\sfcfiles.dll
2010-05-07 07:26 . 2008-04-13 17:33 116736 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-05-07 07:26 . 2001-08-23 15:47 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-05-07 07:26 . 2008-04-13 17:33 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-05-07 07:26 . 2001-08-23 15:47 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-05-07 07:26 . 2001-08-23 15:47 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-05-07 07:26 . 2001-08-23 15:47 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-05-07 07:26 . 2001-08-17 18:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-05-07 07:24 . 2008-04-13 07:34 11935 -c--a-w- c:\windows\system32\dllcache\wadv11nt.sys
2010-05-07 07:23 . 2001-08-17 19:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-05-07 07:22 . 2001-08-17 18:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-05-07 07:21 . 2001-08-17 18:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-05-07 07:20 . 2001-08-23 15:47 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-05-07 07:19 . 2001-08-17 18:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-05-07 07:18 . 2001-08-23 15:46 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-05-07 07:17 . 2001-08-23 15:20 24064 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2010-05-07 07:16 . 2001-08-23 15:47 10240 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2010-05-07 07:15 . 2001-08-17 19:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2010-05-07 07:14 . 2001-08-17 18:11 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2010-05-07 07:13 . 2008-04-13 09:46 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-05-07 07:12 . 2001-08-17 18:50 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2010-05-07 07:11 . 2001-08-17 20:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-05-07 07:10 . 2001-08-23 15:47 59392 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-05-07 07:09 . 2001-08-23 15:47 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-05-07 07:08 . 2008-04-14 12:00 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2010-05-07 07:07 . 2008-04-13 09:23 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2010-05-07 07:06 . 2001-08-23 15:47 68608 -c--a-w- c:\windows\system32\dllcache\hpgt53tk.dll
2010-05-07 07:05 . 2001-08-23 15:47 92672 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-05-07 07:04 . 2001-08-17 18:19 40704 -c--a-w- c:\windows\system32\dllcache\es1371mp.sys
2010-05-07 07:03 . 2001-08-17 18:11 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2010-05-07 07:02 . 2001-08-17 18:19 3584 -c--a-w- c:\windows\system32\dllcache\cwcosnt5.sys
2010-05-07 07:01 . 2001-08-23 15:02 14080 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-05-07 07:00 . 2001-08-23 15:47 37376 -c--a-w- c:\windows\system32\dllcache\atievxx.exe
2010-05-07 06:59 . 2001-08-23 15:46 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-05-05 22:15 . 2010-05-05 22:15 -------- d-----w- c:\documents and settings\Gigi\Application Data\ImgBurn
2010-05-05 22:10 . 2010-05-05 22:10 -------- d-----w- c:\program files\ImgBurn
2010-05-05 21:56 . 2010-05-07 18:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-05 21:56 . 2010-05-05 22:02 -------- d-----w- c:\documents and settings\Gigi\Application Data\DAEMON Tools Lite
2010-05-05 21:56 . 2010-05-05 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-05-02 22:43 . 2010-05-02 22:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-02 13:59 . 2010-05-02 14:00 -------- d-----w- c:\documents and settings\Gigi\Local Settings\Application Data\Adobe
2010-05-02 13:58 . 2010-05-02 13:58 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-05-02 13:51 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-05-02 13:51 . 1998-07-12 23:08 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-05-02 13:51 . 1998-07-12 23:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2010-05-02 13:51 . 1998-07-12 23:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-05-02 13:51 . 2010-05-02 13:51 -------- d-----w- c:\program files\PDFCreator
2010-05-02 13:51 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-05-02 13:23 . 2010-05-02 13:27 -------- d-----w- C:\cabs
2010-05-02 12:56 . 2008-12-21 21:22 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-02 12:56 . 2008-12-21 21:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-02 12:56 . 2008-12-21 21:22 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2010-05-02 12:56 . 2010-05-02 13:04 -------- d-----w- c:\program files\WinMerge
2010-05-01 21:23 . 2009-10-05 10:34 796400 ----a-w- c:\documents and settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
2010-05-01 21:14 . 2010-05-07 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-01 20:55 . 2010-05-02 13:20 -------- d-----w- C:\Soft
2010-05-01 20:46 . 2010-05-01 20:47 -------- d-----w- c:\documents and settings\Gigi\Application Data\TrueCrypt
2010-05-01 20:46 . 2010-05-01 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\TrueCrypt
2010-05-01 20:46 . 2010-05-01 20:46 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-05-01 20:46 . 2010-05-01 20:46 -------- d-----w- c:\program files\TrueCrypt

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 20:29 . 2010-05-01 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-05-07 20:28 . 2010-05-01 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\usb-set
2010-05-07 20:25 . 2010-05-01 16:32 -------- d-----w- c:\program files\USB-set
2010-05-07 20:24 . 2010-05-01 17:14 44544 ----a-w- c:\windows\system32\agremove.exe
2010-05-05 21:49 . 2010-05-01 16:40 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-05 21:48 . 2010-05-01 16:40 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-02 15:34 . 2008-04-14 12:00 49054 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-02 15:34 . 2008-04-14 12:00 368314 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-02 00:25 . 2008-04-14 12:00 625152 ----a-w- c:\windows\system32\autochk.exe
2010-05-01 21:22 . 2010-05-01 18:20 -------- d-----w- c:\program files\KeyScrambler
2010-05-01 18:17 . 2010-05-01 18:17 0 ----a-w- c:\windows\nsreg.dat
2010-05-01 18:16 . 2010-05-01 18:16 -------- d-----w- c:\program files\CONEXANT
2010-05-01 17:32 . 2010-05-01 17:32 131 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-05-01 17:31 . 2010-05-01 16:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-01 17:27 . 2010-05-01 17:27 -------- d-----w- c:\program files\IDT
2010-05-01 17:22 . 2010-05-01 16:22 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-01 17:09 . 2010-05-01 17:09 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-05-01 17:09 . 2010-05-01 17:09 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-05-01 17:09 . 2010-05-01 17:09 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-05-01 17:09 . 2010-05-01 17:09 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-05-01 17:09 . 2010-05-01 17:09 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-05-01 17:08 . 2010-05-01 17:08 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-05-01 17:08 . 2010-05-01 17:08 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-05-01 17:00 . 2010-05-01 17:00 -------- d-----w- c:\program files\Realtek
2010-05-01 16:57 . 2010-05-01 16:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-05-01 16:56 . 2010-05-01 16:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01000_Coinstaller_Critical.Wdf
2010-05-01 16:56 . 2010-05-01 16:56 -------- d-----w- c:\program files\Synaptics
2010-05-01 16:55 . 2010-05-01 16:53 -------- d-----w- c:\program files\Intel
2010-05-01 16:54 . 2010-05-01 16:54 -------- d-----w- c:\program files\Camera Assistant Software for Gateway
2010-05-01 16:53 . 2010-05-01 16:53 -------- d-----w- c:\documents and settings\Gigi\Application Data\InstallShield
2010-05-01 16:51 . 2010-05-01 16:51 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-05-01 16:47 . 2000-02-04 15:01 40960 ----a-w- c:\windows\system32\StrmExt.dll
2010-05-01 16:47 . 2000-02-04 14:58 3018 ----a-w- c:\windows\system32\HardLinks.vbs
2010-05-01 16:47 . 2000-02-04 00:32 3026 ----a-w- c:\windows\system32\RWStream.vbs
2010-05-01 16:46 . 2010-05-01 16:46 950 ----a-w- c:\windows\unins000.dat
2010-05-01 16:39 . 2010-05-01 16:39 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-01 16:37 . 2010-05-01 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-05-01 16:28 . 2010-05-01 16:28 12328 ----a-w- c:\documents and settings\Gigi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-01 16:23 . 2010-05-01 16:23 -------- d-----w- c:\program files\microsoft frontpage
2010-05-01 16:21 . 2010-05-01 16:21 -------- d-----w- c:\program files\Services en ligne
2010-05-01 16:20 . 2010-05-01 16:20 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:16 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:17 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:06 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2008-04-13 19:07 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-05-01 17:30 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-05-07_07.39.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-01 19:45 . 2008-04-13 17:33 1571840 c:\windows\system32\sfcfiles.dll
- 2008-10-01 19:45 . 2008-10-01 19:45 1571840 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB-Set"="wscript" [X]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-06 442433]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20:18 36880]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [01/05/2010 20:20 115312]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18:39 19472]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/05/2010 23:56 691696]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\
FF - component: c:\documents and settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 22:35
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1936)
c:\windows\system32\webcheck.dll
c:\windows\system32\eappprxy.dll
.
Heure de fin: 2010-05-07 22:37:04
ComboFix-quarantined-files.txt 2010-05-07 20:37
ComboFix.txt 2010-05-02 15:50
ComboFix2.txt 2010-05-07 19:38
ComboFix3.txt 2010-05-07 19:22
ComboFix4.txt 2010-05-07 18:42
ComboFix5.txt 2010-05-07 20:32

Avant-CF: 236 797 419 520 octets libres
Après-CF: 236 764 434 432 octets libres

- - End Of File - - EF7C8B477069115655ECDF21A65C8B25


#15 Guillaume75

Guillaume75
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 07 May 2010 - 04:02 PM

Elise,

I reboot again and run combofix again...
It seems that there is still something wrong on my system crazy.gif

I can't understand how it remains after I clean sweep and reinstall XP !

ComboFix 10-05-07.01 - Gigi 07/05/2010 22:49:50.10.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3062.2655 [GMT 2:00]
Lancé depuis: c:\documents and settings\Gigi\Bureau\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

Une copie infectée de c:\windows\system32\autochk.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\system32\dllcache\autochk.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-07 au 2010-05-07 ))))))))))))))))))))))))))))))))))))
.

2010-05-07 19:07 . 2010-05-07 20:42 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-05-07 19:06 . 2010-05-07 20:41 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-05-07 17:41 . 2008-04-13 17:33 1571840 ------w- c:\windows\sfcfiles.dll
2010-05-07 07:26 . 2008-04-13 17:33 116736 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-05-07 07:26 . 2001-08-23 15:47 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-05-07 07:26 . 2008-04-13 17:33 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-05-07 07:26 . 2001-08-23 15:47 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-05-07 07:26 . 2001-08-23 15:47 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-05-07 07:26 . 2001-08-23 15:47 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-05-07 07:26 . 2001-08-17 18:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-05-07 07:24 . 2008-04-13 07:34 11935 -c--a-w- c:\windows\system32\dllcache\wadv11nt.sys
2010-05-07 07:23 . 2001-08-17 19:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-05-07 07:22 . 2001-08-17 18:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-05-07 07:21 . 2001-08-17 18:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-05-07 07:20 . 2001-08-23 15:47 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-05-07 07:19 . 2001-08-17 18:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-05-07 07:18 . 2001-08-23 15:46 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-05-07 07:17 . 2001-08-23 15:20 24064 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2010-05-07 07:16 . 2001-08-23 15:47 10240 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2010-05-07 07:15 . 2001-08-17 19:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2010-05-07 07:14 . 2001-08-17 18:11 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2010-05-07 07:13 . 2008-04-13 09:46 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-05-07 07:12 . 2001-08-17 18:50 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2010-05-07 07:11 . 2001-08-17 20:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-05-07 07:10 . 2001-08-23 15:47 59392 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-05-07 07:09 . 2001-08-23 15:47 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-05-07 07:08 . 2008-04-14 12:00 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2010-05-07 07:07 . 2008-04-13 09:23 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2010-05-07 07:06 . 2001-08-23 15:47 68608 -c--a-w- c:\windows\system32\dllcache\hpgt53tk.dll
2010-05-07 07:05 . 2001-08-23 15:47 92672 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-05-07 07:04 . 2001-08-17 18:19 40704 -c--a-w- c:\windows\system32\dllcache\es1371mp.sys
2010-05-07 07:03 . 2001-08-17 18:11 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2010-05-07 07:02 . 2001-08-17 18:19 3584 -c--a-w- c:\windows\system32\dllcache\cwcosnt5.sys
2010-05-07 07:01 . 2001-08-23 15:02 14080 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-05-07 07:00 . 2001-08-23 15:47 37376 -c--a-w- c:\windows\system32\dllcache\atievxx.exe
2010-05-07 06:59 . 2001-08-23 15:46 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-05-05 22:15 . 2010-05-05 22:15 -------- d-----w- c:\documents and settings\Gigi\Application Data\ImgBurn
2010-05-05 22:10 . 2010-05-05 22:10 -------- d-----w- c:\program files\ImgBurn
2010-05-05 21:56 . 2010-05-07 18:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-05 21:56 . 2010-05-05 22:02 -------- d-----w- c:\documents and settings\Gigi\Application Data\DAEMON Tools Lite
2010-05-05 21:56 . 2010-05-05 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-05-02 22:43 . 2010-05-02 22:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-02 13:59 . 2010-05-02 14:00 -------- d-----w- c:\documents and settings\Gigi\Local Settings\Application Data\Adobe
2010-05-02 13:58 . 2010-05-02 13:58 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-05-02 13:51 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-05-02 13:51 . 1998-07-12 23:08 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-05-02 13:51 . 1998-07-12 23:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2010-05-02 13:51 . 1998-07-12 23:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-05-02 13:51 . 2010-05-02 13:51 -------- d-----w- c:\program files\PDFCreator
2010-05-02 13:51 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-05-02 13:23 . 2010-05-02 13:27 -------- d-----w- C:\cabs
2010-05-02 12:56 . 2008-12-21 21:22 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-02 12:56 . 2008-12-21 21:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-02 12:56 . 2008-12-21 21:22 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2010-05-02 12:56 . 2010-05-02 13:04 -------- d-----w- c:\program files\WinMerge
2010-05-01 21:23 . 2009-10-05 10:34 796400 ----a-w- c:\documents and settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
2010-05-01 21:14 . 2010-05-07 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-01 20:55 . 2010-05-02 13:20 -------- d-----w- C:\Soft
2010-05-01 20:46 . 2010-05-01 20:47 -------- d-----w- c:\documents and settings\Gigi\Application Data\TrueCrypt
2010-05-01 20:46 . 2010-05-01 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\TrueCrypt
2010-05-01 20:46 . 2010-05-01 20:46 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-05-01 20:46 . 2010-05-01 20:46 -------- d-----w- c:\program files\TrueCrypt

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 20:54 . 2010-05-01 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\usb-set
2010-05-07 20:54 . 2010-05-01 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-05-07 20:44 . 2010-05-01 17:14 44544 ----a-w- c:\windows\system32\agremove.exe
2010-05-07 20:25 . 2010-05-01 16:32 -------- d-----w- c:\program files\USB-set
2010-05-05 21:49 . 2010-05-01 16:40 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-05 21:48 . 2010-05-01 16:40 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-02 15:34 . 2008-04-14 12:00 49054 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-02 15:34 . 2008-04-14 12:00 368314 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-02 00:25 . 2008-04-14 12:00 625152 ----a-w- c:\windows\system32\autochk.exe
2010-05-01 21:22 . 2010-05-01 18:20 -------- d-----w- c:\program files\KeyScrambler
2010-05-01 18:17 . 2010-05-01 18:17 0 ----a-w- c:\windows\nsreg.dat
2010-05-01 18:16 . 2010-05-01 18:16 -------- d-----w- c:\program files\CONEXANT
2010-05-01 17:32 . 2010-05-01 17:32 131 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-05-01 17:31 . 2010-05-01 16:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-01 17:27 . 2010-05-01 17:27 -------- d-----w- c:\program files\IDT
2010-05-01 17:22 . 2010-05-01 16:22 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-01 17:09 . 2010-05-01 17:09 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-05-01 17:09 . 2010-05-01 17:09 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-05-01 17:09 . 2010-05-01 17:09 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-05-01 17:09 . 2010-05-01 17:09 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-05-01 17:09 . 2010-05-01 17:09 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-05-01 17:08 . 2010-05-01 17:08 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-05-01 17:08 . 2010-05-01 17:08 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-05-01 17:00 . 2010-05-01 17:00 -------- d-----w- c:\program files\Realtek
2010-05-01 16:57 . 2010-05-01 16:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-05-01 16:56 . 2010-05-01 16:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01000_Coinstaller_Critical.Wdf
2010-05-01 16:56 . 2010-05-01 16:56 -------- d-----w- c:\program files\Synaptics
2010-05-01 16:55 . 2010-05-01 16:53 -------- d-----w- c:\program files\Intel
2010-05-01 16:54 . 2010-05-01 16:54 -------- d-----w- c:\program files\Camera Assistant Software for Gateway
2010-05-01 16:53 . 2010-05-01 16:53 -------- d-----w- c:\documents and settings\Gigi\Application Data\InstallShield
2010-05-01 16:51 . 2010-05-01 16:51 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-05-01 16:47 . 2000-02-04 15:01 40960 ----a-w- c:\windows\system32\StrmExt.dll
2010-05-01 16:47 . 2000-02-04 14:58 3018 ----a-w- c:\windows\system32\HardLinks.vbs
2010-05-01 16:47 . 2000-02-04 00:32 3026 ----a-w- c:\windows\system32\RWStream.vbs
2010-05-01 16:46 . 2010-05-01 16:46 950 ----a-w- c:\windows\unins000.dat
2010-05-01 16:39 . 2010-05-01 16:39 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-01 16:37 . 2010-05-01 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-05-01 16:28 . 2010-05-01 16:28 12328 ----a-w- c:\documents and settings\Gigi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-01 16:23 . 2010-05-01 16:23 -------- d-----w- c:\program files\microsoft frontpage
2010-05-01 16:21 . 2010-05-01 16:21 -------- d-----w- c:\program files\Services en ligne
2010-05-01 16:20 . 2010-05-01 16:20 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:16 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:17 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:06 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2008-04-13 19:07 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-05-01 17:30 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-05-07_07.39.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-01 19:45 . 2008-04-13 17:33 1571840 c:\windows\system32\sfcfiles.dll
- 2008-10-01 19:45 . 2008-10-01 19:45 1571840 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB-Set"="wscript" [X]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-06 442433]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20:18 36880]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [01/05/2010 20:20 115312]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18:39 19472]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/05/2010 23:56 691696]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\
FF - component: c:\documents and settings\Gigi\Application Data\Mozilla\Firefox\Profiles\ckqdf18s.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 22:54
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2280)
c:\windows\system32\webcheck.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\idt\gatewayxpv_12\wdm\STacSV.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\wscript.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Camera Assistant Software for Gateway\CEC_MAIN.exe
.
**************************************************************************
.
Heure de fin: 2010-05-07 22:56:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-05-07 20:56
ComboFix.txt 2010-05-02 15:50
ComboFix2.txt 2010-05-07 20:37
ComboFix3.txt 2010-05-07 19:38
ComboFix4.txt 2010-05-07 19:22
ComboFix5.txt 2010-05-07 20:49

Avant-CF: 236 755 804 160 octets libres
Après-CF: 236 723 023 872 octets libres

- - End Of File - - E6D4C45D1C3B8F2AC3A0BEE059BA2917





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users