Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP: C0000135 The program can't start because %hs is missing. Try resintalling the program


  • This topic is locked This topic is locked
10 replies to this topic

#1 chahedous

chahedous

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 02 May 2012 - 02:37 PM

Hello everybody I followed CatByte instruction here http://www.bleepingcomputer.com/forums/topic451183.html and I got this log:
Someone can help me plz?

Thx in advance
Scan result of Farbar Recovery Scan Tool Version: 02-05-2012 01
Ran by SystËme at 02-05-2012 21:25:14
Running from G:\
Windows 7 Ultimate N  Service Pack 1 (X64) OS Language: French Standard 
The current controlset is ControlSet001

ATTENTION: THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [168216 2011-04-19] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-04-19] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-04-19] (Intel Corporation)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [539456 2011-10-15] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [258512 2012-02-15] (Avira Operations GmbH & Co. KG)
HKU\ous\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\Windows\System32\nvinitx.dll
Tcpip\..\Interfaces\{482580BA-6416-4BE2-8836-5E7A608C398C}: [NameServer]8.8.8.8,8.8.4.4
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-02-15] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-02-15] (Avira Operations GmbH & Co. KG)
2 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [162816 2011-10-26] (Dell Products, LP.)
2 HWIONT; C:\Windows\System32\tifmsony.dll [6656 2009-07-14] (Oak Technology Inc.)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-11-05] (Intel Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2655768 2010-10-05] (Intel Corporation)
2 klehqlsmdsjdbz; "C:\Windows\TEMP\DAT6585.tmp.exe" --SERVICE [x]
3 wampapache; "c:\wamp32\bin\apache\apache2.2.21\bin\httpd.exe" -k runservice [x]
3 wampmysqld; c:\wamp32\bin\mysql\mysql5.5.20\bin\mysqld.exe wampmysqld [x]

========================== Drivers (Whitelisted) =============

2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [97312 2012-02-15] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132320 2012-02-15] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-14] (Microsoft Corporation)
3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
3 GEARAspiWDM; C:\Windows\SysWow64\Drivers\GEARAspiWDM.sys [15664 2012-01-19] (GEAR Software Inc.)
1 nvkflt; C:\Windows\System32\Drivers\nvkflt.sys [249152 2011-10-15] (NVIDIA Corporation)
3 tihub3; C:\Windows\System32\Drivers\tihub3.sys [136000 2011-07-20] (Texas Instruments Incorporated)
3 tixhci; C:\Windows\System32\Drivers\tixhci.sys [406336 2011-07-20] (Texas Instruments Incorporated)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [16120 2010-11-29] (Intel(R) Corporation)
3 catchme; \??\C:\sqdsqdqsd\catchme.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: HWIONT
NETSVC: BCMModem



========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ====================== 

Percentage of memory in use: 10%
Total physical RAM: 8098.05 MB
Available physical RAM: 7284.36 MB
Total Pagefile: 8096.25 MB
Available Pagefile: 7283.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:383.72 GB) (Free:281.31 GB) NTFS
2 Drive e: (Windows.7.AIO.SP1-Orion) (CDROM) (Total:4.31 GB) (Free:0 GB) UDF
4 Drive g: (NO NAME) (Removable) (Total:1.88 GB) (Free:1.87 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (OS) (Fixed) (Total:1.95 GB) (Free:1.93 GB) FAT32 ==>[System with boot components (obtained from reading drive)]

  N¯ disque  Statut         Taille   Libre    Dyn  GPT
  ---------  -------------  -------  -------  ---  ---
  Disque 0    En ligne        465 G octets    80 G octets         
  Disque 1    Aucun mÇdia        0 octets      0 octets         
  Disque 2    En ligne       1927 M octets      0 octets         

Partitions of Disk 0:
===============

  N¯ partition   Type              Taille   DÇcalage
  -------------  ----------------  -------  --------
  Partition 1    OEM                 39 M      31 K 
  Partition 2    Principale        2000 M      40 M 
  Partition 3    Principale         383 G    2040 M 

======================================================================================================

Disk: 0
Partition 1
Type   : DE
MasquÇ : Oui
Active : Non
DÇcalage en octets : 32256

  N¯ volume   Ltr  Nom          Fs     Type        Taille   Statut     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5                      FAT    Partition     39 M   Sain       MasquÇ  

======================================================================================================

Disk: 0
Partition 2
Type   : 0B
MasquÇ : Non
Active : Oui
DÇcalage en octets : 41943040

  N¯ volume   Ltr  Nom          Fs     Type        Taille   Statut     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   OS           FAT32  Partition   2000 M   Sain               

======================================================================================================

Disk: 0
Partition 3
Type   : 07
MasquÇ : Non
Active : Non
DÇcalage en octets : 2139095040

  N¯ volume   Ltr  Nom          Fs     Type        Taille   Statut     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    383 G   Sain               

======================================================================================================

Partitions of Disk 2:
===============

  N¯ partition   Type              Taille   DÇcalage
  -------------  ----------------  -------  --------
  Partition 1    Principale        1926 M      31 K 

======================================================================================================

Disk: 2
Partition 1
Type   : 0B
MasquÇ : Non
Active : Oui
DÇcalage en octets : 31744

  N¯ volume   Ltr  Nom          Fs     Type        Taille   Statut     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G   NO NAME      FAT32  Amovible    1926 M   Sain               

======================================================================================================

==========================================================

Last Boot: 2012-04-19 06:02

======================= End Of Log ==========================

Edited by chahedous, 02 May 2012 - 06:46 PM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 AM

Posted 02 May 2012 - 04:56 PM

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 chahedous

chahedous
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 02 May 2012 - 05:50 PM

Hi Budapest
I have a blue screen telling when I start my computer. I can't start windows.

STOP: C0000135 The program can't start because %hs is missing. Try resintalling the program
I can just run the repair tool and then open CMD and launch notepad to execute Farbar or something like that.

I am really stuck and have a lot installed apps and stuff in my HD.

Could u help. I can follow all steps you want but I can't perform what you told me.

Edited by chahedous, 02 May 2012 - 05:51 PM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:01 PM

Posted 02 May 2012 - 06:01 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
script removed

end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT

re-run ComboFix, allow it to update if it asks to do so

Edited by CatByte, 03 July 2012 - 08:51 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 chahedous

chahedous
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 02 May 2012 - 06:12 PM

Hello Thx for ure help
Here the content of fixlog

[code=auto:0]Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 02-05-2012 01
Ran by SystËme at 2012-05-03 01:10:51 Run:1
Running from H:\

ATTENTION: THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
HWIONT service deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs HWIONT Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs BCMModem Deleted successfully.
C:\Windows\System32\tifmsony.dll moved successfully.

========= bootrec /FixMbr =========

ˇ˛L


Just started my PC and I am in windows.
Now I am dowloading Combofix to run it

Just updated and runned Combofix, he just restarted the Computer.
It seems to work :)
really big thx ::)))))


thx a lot

I need to do something special to prevent those problem and malware??

Edited by chahedous, 02 May 2012 - 06:30 PM.


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:01 PM

Posted 02 May 2012 - 06:36 PM

please post the ComboFix log

it will be located at c:\combofix.txt

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 chahedous

chahedous
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 02 May 2012 - 06:38 PM


ComboFix 12-05-02.03 - ous 03/05/2012   1:20.3.8 - x64

Microsoft Windows 7 Édition Intégrale N   6.1.7601.1.1252.33.1036.18.8098.6283 [GMT 2:00]

Lancé depuis: c:\users\ous\Desktop\sqdsqdqsd.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Un nouveau point de restauration a été créé

.

.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\assembly\temp\cfg.ini

.

.

(((((((((((((((((((((((((((((   Fichiers créés du 2012-04-02 au 2012-05-02  ))))))))))))))))))))))))))))))))))))

.

.

2012-05-02 23:28 . 2012-05-02 23:28	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp

2012-05-02 23:28 . 2012-05-02 23:28	--------	d-----w-	c:\users\Default\AppData\Local\temp

2012-05-02 20:25 . 2012-05-02 20:26	--------	d-----w-	C:\FRST

2012-05-02 14:40 . 2012-03-13 17:18	2469760	----a-w-	c:\windows\SysWow64\BootMan.exe

2012-05-02 14:40 . 2012-03-13 17:05	3316736	----a-w-	c:\windows\system32\BootMan.exe

2012-05-02 14:40 . 2011-07-29 11:54	9096	----a-w-	c:\windows\system32\EuGdiDrv.sys

2012-05-02 14:40 . 2011-07-29 11:54	86408	----a-w-	c:\windows\SysWow64\setupempdrv03.exe

2012-05-02 14:40 . 2011-07-29 11:54	8456	----a-w-	c:\windows\SysWow64\EuGdiDrv.sys

2012-05-02 14:40 . 2011-07-29 11:54	16776	----a-w-	c:\windows\system32\epmntdrv.sys

2012-05-02 14:40 . 2011-07-29 11:54	14216	----a-w-	c:\windows\SysWow64\epmntdrv.sys

2012-05-02 14:40 . 2011-07-29 11:54	100232	----a-w-	c:\windows\system32\setupempdrvx64.exe

2012-05-02 14:40 . 2011-07-29 11:54	19840	----a-w-	c:\windows\SysWow64\EuEpmGdi.dll

2012-05-02 14:40 . 2011-07-29 11:54	16256	----a-w-	c:\windows\system32\EuEpmGdi.dll

2012-05-02 14:40 . 2012-05-02 14:40	--------	d-----w-	c:\program files (x86)\EASEUS

2012-05-02 13:34 . 2012-05-02 13:36	--------	d-----w-	c:\program files (x86)\Microsoft Works

2012-05-02 13:33 . 2012-05-02 13:33	--------	d-----w-	c:\windows\PCHEALTH

2012-05-02 13:31 . 2012-05-02 13:31	--------	d-----w-	C:\IDE

2012-05-02 13:31 . 2012-05-02 13:31	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8

2012-05-02 13:30 . 2012-05-02 13:30	--------	d-----r-	C:\MSOCache

2012-05-01 16:58 . 2012-05-01 16:58	--------	d-----w-	c:\users\ous\AppData\Roaming\Avira

2012-05-01 16:52 . 2012-05-01 16:52	--------	d-----w-	c:\programdata\Avira

2012-05-01 16:52 . 2012-05-01 16:52	--------	d-----w-	c:\program files (x86)\Avira

2012-05-01 16:52 . 2012-02-15 13:04	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys

2012-05-01 16:52 . 2012-02-15 13:04	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys

2012-05-01 16:52 . 2011-09-16 14:11	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys

2012-05-01 15:07 . 2012-05-01 15:07	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2AAC705F-9414-4A0F-8F11-A3D88947D954}\offreg.dll

2012-05-01 14:50 . 2012-04-13 08:46	8917360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2AAC705F-9414-4A0F-8F11-A3D88947D954}\mpengine.dll

2012-04-25 16:07 . 2012-04-25 16:07	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service

2012-04-25 16:07 . 2012-04-25 16:07	157352	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-25 16:07 . 2012-04-25 16:07	129976	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-24 21:59 . 2012-04-24 22:20	--------	d-----w-	C:\Friends

2012-04-20 21:54 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr

2012-04-20 21:54 . 2012-03-06 23:15	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe

2012-04-20 21:54 . 2012-04-20 21:54	--------	d-----w-	c:\programdata\AVAST Software

2012-04-20 21:54 . 2012-04-20 21:54	--------	d-----w-	c:\program files\AVAST Software

2012-04-20 21:36 . 2012-04-20 21:36	--------	d-----w-	c:\program files\Windows Portable Devices

2012-04-20 21:36 . 2012-04-20 21:36	--------	d-----w-	c:\program files (x86)\Windows Portable Devices

2012-04-20 20:26 . 2012-04-20 22:33	--------	d-----w-	c:\windows\system32\drivers\AVG

2012-04-20 19:35 . 2012-04-20 19:35	--------	d-----w-	c:\windows\SysWow64\LogFiles

2012-04-20 16:55 . 2012-04-20 20:29	--------	d-----w-	c:\users\ous\AppData\Roaming\AVG2012

2012-04-20 16:40 . 2012-04-20 22:33	--------	d-----w-	c:\users\ous\AppData\Local\Downloaded Installations

2012-04-20 16:20 . 2012-04-20 22:33	--------	d-----w-	c:\program files\SAMSUNG

2012-04-20 15:28 . 2012-04-20 15:28	50000	----a-w-	c:\windows\system32\drivers\rfeqpaac.sys

2012-04-19 15:52 . 2012-04-19 15:52	50000	----a-w-	c:\windows\system32\drivers\qfrrltzb.sys

2012-04-19 13:10 . 2012-04-19 13:10	--------	d--h--w-	c:\programdata\Common Files

2012-04-19 13:10 . 2012-04-19 13:10	--------	d-----w-	C:\$AVG

2012-04-19 13:10 . 2012-04-20 20:26	--------	d-----w-	c:\programdata\AVG2012

2012-04-19 13:10 . 2012-04-19 13:10	--------	d-----w-	c:\program files (x86)\AVG

2012-04-19 12:53 . 2012-04-20 22:33	--------	d-----w-	c:\programdata\MFAData

2012-04-19 10:46 . 2012-05-01 16:33	--------	d-----w-	C:\ComboFix

2012-04-18 13:07 . 2012-04-18 13:07	--------	d-----w-	c:\program files (x86)\TeamViewer

2012-04-18 07:55 . 2012-04-20 16:44	--------	d-----w-	c:\users\ous\AppData\Roaming\Samsung

2012-04-18 07:51 . 2012-04-20 16:51	--------	d-----w-	c:\programdata\Samsung

2012-04-18 07:51 . 2012-04-18 07:53	--------	d-----w-	c:\program files (x86)\Samsung

2012-04-16 10:32 . 2012-04-19 11:19	--------	d-----w-	c:\users\ous\AppData\Roaming\uTorrent

2012-04-16 09:48 . 2012-04-16 09:48	15340	----a-w-	c:\windows\wshelper.dll

2012-04-16 09:12 . 2012-04-19 16:22	--------	d-----w-	C:\wamp32 - Copie

2012-04-10 11:36 . 2012-04-10 11:36	--------	d-----w-	c:\users\ous\AppData\Roaming\SumatraPDF

2012-04-10 11:36 . 2012-04-10 11:36	--------	d-----w-	c:\program files (x86)\SumatraPDF

2012-04-08 22:29 . 2012-04-08 23:38	--------	d-----w-	c:\users\ous\AppData\Roaming\Might & Magic Heroes VI

2012-04-08 22:29 . 2012-04-08 22:32	--------	d-----w-	c:\users\ous\AppData\Local\Ubisoft Game Launcher

2012-04-08 22:10 . 2012-04-19 16:21	--------	d-----w-	c:\program files (x86)\Ubisoft

2012-04-08 21:39 . 2012-04-08 21:39	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard

2012-04-08 21:31 . 2012-04-19 16:21	--------	d-----w-	c:\program files (x86)\Paradox Interactive

2012-04-08 21:29 . 2012-04-08 21:42	--------	d-----w-	c:\users\ous\AppData\Local\SKIDROW

2012-04-08 21:25 . 2010-02-04 08:01	24920	----a-w-	c:\windows\system32\X3DAudio1_7.dll

2012-04-08 21:17 . 2012-04-19 16:21	--------	d-----w-	c:\program files (x86)\Robot Entertainment

2012-04-06 10:19 . 2012-04-06 10:19	--------	d-----w-	c:\users\ous\AppData\Local\mention

2012-04-06 10:19 . 2012-04-20 22:33	--------	d-----w-	c:\program files (x86)\mention

.

.

.

((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-24 02:02 . 2012-02-24 02:02	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe

2012-02-24 02:02 . 2012-02-24 02:02	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe

2012-02-24 02:02 . 2012-02-24 02:02	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll

2012-02-24 02:02 . 2012-02-24 02:02	85504	----a-w-	c:\windows\system32\iesetup.dll

2012-02-24 02:02 . 2012-02-24 02:02	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe

2012-02-24 02:02 . 2012-02-24 02:02	76800	----a-w-	c:\windows\system32\tdc.ocx

2012-02-24 02:02 . 2012-02-24 02:02	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-02-24 02:02 . 2012-02-24 02:02	74752	----a-w-	c:\windows\SysWow64\iesetup.dll

2012-02-24 02:02 . 2012-02-24 02:02	63488	----a-w-	c:\windows\SysWow64\tdc.ocx

2012-02-24 02:02 . 2012-02-24 02:02	603648	----a-w-	c:\windows\system32\vbscript.dll

2012-02-24 02:02 . 2012-02-24 02:02	49664	----a-w-	c:\windows\system32\imgutil.dll

2012-02-24 02:02 . 2012-02-24 02:02	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll

2012-02-24 02:02 . 2012-02-24 02:02	48640	----a-w-	c:\windows\system32\mshtmler.dll

2012-02-24 02:02 . 2012-02-24 02:02	448512	----a-w-	c:\windows\system32\html.iec

2012-02-24 02:02 . 2012-02-24 02:02	420864	----a-w-	c:\windows\SysWow64\vbscript.dll

2012-02-24 02:02 . 2012-02-24 02:02	367104	----a-w-	c:\windows\SysWow64\html.iec

2012-02-24 02:02 . 2012-02-24 02:02	35840	----a-w-	c:\windows\SysWow64\imgutil.dll

2012-02-24 02:02 . 2012-02-24 02:02	30720	----a-w-	c:\windows\system32\licmgr10.dll

2012-02-24 02:02 . 2012-02-24 02:02	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll

2012-02-24 02:02 . 2012-02-24 02:02	222208	----a-w-	c:\windows\system32\msls31.dll

2012-02-24 02:02 . 2012-02-24 02:02	173056	----a-w-	c:\windows\system32\ieUnatt.exe

2012-02-24 02:02 . 2012-02-24 02:02	165888	----a-w-	c:\windows\system32\iexpress.exe

2012-02-24 02:02 . 2012-02-24 02:02	161792	----a-w-	c:\windows\SysWow64\msls31.dll

2012-02-24 02:02 . 2012-02-24 02:02	160256	----a-w-	c:\windows\system32\wextract.exe

2012-02-24 02:02 . 2012-02-24 02:02	152064	----a-w-	c:\windows\SysWow64\wextract.exe

2012-02-24 02:02 . 2012-02-24 02:02	150528	----a-w-	c:\windows\SysWow64\iexpress.exe

2012-02-24 02:02 . 2012-02-24 02:02	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe

2012-02-24 02:02 . 2012-02-24 02:02	135168	----a-w-	c:\windows\system32\IEAdvpack.dll

2012-02-24 02:02 . 2012-02-24 02:02	12288	----a-w-	c:\windows\system32\mshta.exe

2012-02-24 02:02 . 2012-02-24 02:02	11776	----a-w-	c:\windows\SysWow64\mshta.exe

2012-02-24 02:02 . 2012-02-24 02:02	114176	----a-w-	c:\windows\system32\admparse.dll

2012-02-24 02:02 . 2012-02-24 02:02	111616	----a-w-	c:\windows\system32\iesysprep.dll

2012-02-24 02:02 . 2012-02-24 02:02	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll

2012-02-24 02:02 . 2012-02-24 02:02	101888	----a-w-	c:\windows\SysWow64\admparse.dll

2012-02-23 08:18 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe

2012-02-21 22:19 . 2012-02-21 22:19	483328	----a-w-	c:\program files (x86)\putty.exe

2012-02-21 15:47 . 2012-02-21 15:47	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll

2012-02-17 06:38 . 2012-03-14 04:21	1112064	----a-w-	c:\windows\system32\rdpcorets.dll

2012-02-17 06:38 . 2012-03-14 04:21	1031680	----a-w-	c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 04:21	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 04:21	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 04:21	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys

2012-02-15 22:24 . 2012-02-15 22:24	203320	----a-w-	c:\windows\system32\drivers\ssudmdm.sys

2012-02-15 22:24 . 2012-02-15 22:24	99384	----a-w-	c:\windows\system32\drivers\ssudbus.sys

2012-02-15 09:01 . 2012-02-15 09:01	52736	----a-w-	c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 09:01 . 2012-02-15 09:01	4547944	----a-w-	c:\windows\system32\usbaaplrc.dll

2012-02-13 22:58 . 2012-02-13 14:51	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-10 06:36 . 2012-03-14 04:25	1544192	----a-w-	c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 04:25	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll

2012-02-03 04:34 . 2012-03-14 04:25	3145728	----a-w-	c:\windows\system32\win32k.sys

.

.

(((((((((((((((((((((((((((((   SnapShot@2012-05-01_16.39.01   )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-07-24 08:50 . 2006-07-24 08:50	47920              c:\windows\SysWOW64\VBAME.DLL

+ 2006-07-24 08:50 . 2006-07-24 08:50	39728              c:\windows\SysWOW64\SCP32.DLL

- 2009-07-14 04:59 . 2012-05-01 16:42	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:59 . 2012-05-02 23:18	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:59 . 2012-05-02 23:18	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:59 . 2012-05-01 15:30	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:59 . 2012-05-01 15:30	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:59 . 2012-05-02 23:18	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-04-20 16:49 . 2009-07-14 01:41	88064              c:\windows\system32\WpdMtpUS.dll

+ 2009-07-14 05:09 . 2012-05-02 23:18	34622              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2012-04-19 11:04 . 2012-04-23 22:11	67584              c:\windows\system32\LogFiles\Srt\bootstat.dat

+ 2012-04-19 11:04 . 2012-05-02 18:47	67584              c:\windows\system32\LogFiles\Srt\bootstat.dat

+ 2009-07-14 05:36 . 2012-05-02 09:07	86016              c:\windows\system32\DriverStore\infpub.dat

- 2009-07-14 05:36 . 2012-04-20 21:36	86016              c:\windows\system32\DriverStore\infpub.dat

+ 2010-11-21 03:24 . 2010-11-21 03:24	41984              c:\windows\system32\drivers\winusb.sys

+ 2012-02-13 01:25 . 2012-05-02 14:40	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-02-13 01:25 . 2012-05-01 15:25	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-02-13 01:25 . 2012-05-01 15:25	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2012-02-13 01:25 . 2012-05-02 14:40	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:59 . 2012-05-02 14:40	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:59 . 2012-05-01 15:25	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2006-10-26 11:44 . 2006-10-26 11:44	68280              c:\windows\Microsoft.NET\Framework\v2.0.50727\al.exe

+ 2005-12-23 06:33 . 2005-12-23 06:33	11264              c:\windows\Microsoft.NET\Framework\URTInstallPath\fr\Microsoft.Build.Conversion.resources.dll

+ 2012-05-02 13:35 . 2012-05-02 13:37	35088              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe

+ 2012-05-02 13:35 . 2012-05-02 13:37	18704              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe

+ 2012-05-02 13:35 . 2012-05-02 13:37	20240              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe

+ 2006-02-28 22:53 . 2006-02-28 22:53	59466              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XSCAN32.DAT

+ 2006-10-26 19:17 . 2006-10-26 19:17	11072              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XLCALL32.DLL

+ 2006-10-26 19:13 . 2006-10-26 19:13	72472              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XL12CNVP.DLL

+ 2006-10-27 13:11 . 2006-10-27 13:11	21264              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WRD12EXE.EXE

+ 2012-05-02 13:34 . 2012-05-02 13:34	12096              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WORDPOL.DLL

+ 2012-05-02 13:34 . 2012-05-02 13:34	12080              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\VBIDEPOL.DLL

+ 2012-05-02 13:33 . 2012-05-02 13:33	64288              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\VBIDEPIA.DLL

+ 2006-10-26 12:04 . 2006-10-26 12:04	76624              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL

+ 2006-10-26 12:04 . 2006-10-26 12:04	19784              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\TWRECS.DLL

+ 2006-10-26 12:04 . 2006-10-26 12:04	51008              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\TWRECE.DLL

+ 2006-10-26 12:04 . 2006-10-26 12:04	27456              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\TWORIENT.DLL

+ 2006-10-26 12:04 . 2006-10-26 12:04	58168              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\TWLAY32.DLL

+ 2006-10-26 12:05 . 2006-10-26 12:05	86840              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL

+ 2006-10-26 12:04 . 2006-10-26 12:04	29976              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\THOCRAPI.DLL

+ 2006-10-26 17:59 . 2006-10-26 17:59	15672              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE

+ 2006-10-26 17:49 . 2006-10-26 17:49	34104              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SETLANG.EXE

+ 2006-10-26 18:55 . 2006-10-26 18:55	55056              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SCANOST.EXE

+ 2006-10-26 18:55 . 2006-10-26 18:55	76576              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\RM.DLL

+ 2006-10-26 12:04 . 2006-10-26 12:04	19784              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\REVERSE.DLL

+ 2006-10-26 18:12 . 2006-10-26 18:12	40424              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\REFIEBAR.DLL

+ 2006-10-26 19:13 . 2006-10-26 19:13	38168              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\REFEDIT.DLL

+ 2006-10-26 18:55 . 2006-10-26 18:55	39208              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\RECALL.DLL

+ 2006-10-26 18:09 . 2006-10-26 18:09	48448              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PUBTRAP.DLL

+ 2006-10-26 12:05 . 2006-10-26 12:05	77144              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PSOM.DLL

+ 2012-05-02 13:34 . 2012-05-02 13:34	12112              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PPTPOL.DLL

+ 2006-10-26 18:55 . 2006-10-26 18:55	53048              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLVBA.DLL

+ 2006-10-27 13:16 . 2006-10-27 13:16	46864              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLRPC.DLL

+ 2006-10-27 13:16 . 2006-10-27 13:16	31000              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLACCT.DLL

+ 2006-10-26 17:59 . 2006-10-26 17:59	46936              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OSETUPPS.DLL

+ 2006-10-26 17:59 . 2006-10-26 17:59	16728              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL

+ 2006-10-26 18:00 . 2006-10-26 18:00	23392              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OISCTRL.DLL

+ 2006-10-27 13:11 . 2006-10-27 13:11	54680              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OFFRHD.DLL

+ 2012-05-02 13:34 . 2012-05-02 13:34	11544              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OFFICEPL.DLL

+ 2006-10-26 18:12 . 2006-10-26 18:12	16192              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\NPOFF12.DLL

+ 2006-10-26 18:12 . 2006-10-26 18:12	65824              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\NAME.DLL

+ 2012-05-02 13:34 . 2012-05-02 13:34	12104              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSTAGPOL.DLL

+ 2012-05-02 13:33 . 2012-05-02 13:33	20280              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSTAGPIA.DLL

+ 2006-10-26 17:59 . 2006-10-26 17:59	43832              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSSH.DLL

+ 2006-10-26 17:58 . 2006-10-26 17:58	20776              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSPGIMME.DLL

+ 2006-10-27 13:26 . 2006-10-27 13:26	35152              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL

+ 2006-10-26 17:52 . 2006-10-26 17:52	66368              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOMSE.DLL

+ 2006-10-26 18:12 . 2006-10-26 18:12	67896              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOHTMED.EXE

+ 2006-10-27 13:01 . 2006-10-27 13:01	76088              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOHEV.DLL

+ 2006-10-26 19:13 . 2006-10-26 19:13	26936              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOEURO.DLL

+ 2006-10-26 17:48 . 2006-10-26 17:48	14664              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOCFU.DLL

+ 2006-10-26 17:59 . 2006-10-26 17:59	19768              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSMH.DLL

+ 2006-10-26 17:52 . 2006-10-26 17:52	48424              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSE7.EXE

+ 2006-10-26 19:18 . 2006-10-26 19:18	66880              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSAEXP30.DLL

+ 2006-10-26 18:55 . 2006-10-26 18:55	21312              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MLSHEXT.DLL

+ 2006-10-26 18:12 . 2006-10-26 18:12	89400              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\METCONV.DLL

+ 2006-10-26 19:41 . 2006-10-26 19:41	66368              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\INLAUNCH.DLL

+ 2012-05-02 13:34 . 2012-05-02 13:34	12096              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\GRAPHPOL.DLL

+ 2006-10-26 12:04 . 2006-10-26 12:04	75576              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\FORM.DLL

+ 2012-05-02 13:33 . 2012-05-02 13:33	12096              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\EXCELPOL.DLL

+ 2006-10-26 18:55 . 2006-10-26 18:55	35160              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\DUMPSTER.DLL

+ 2006-10-26 18:55 . 2006-10-26 18:55	87344              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\DLGSETP.DLL

+ 2006-10-26 19:30 . 2006-10-26 19:30	65312              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\COLLIMP.DLL

+ 2006-10-26 18:12 . 2006-10-26 18:12	53576              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\AUTHZAX.DLL

+ 2006-10-26 18:13 . 2006-10-26 18:13	56120              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACERCLR.DLL

+ 2006-10-26 18:13 . 2006-10-26 18:13	15160              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODTXT.DLL

+ 2006-10-26 18:13 . 2006-10-26 18:13	15160              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODPDX.DLL

+ 2006-10-26 18:13 . 2006-10-26 18:13	15160              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODEXL.DLL

+ 2006-10-26 18:13 . 2006-10-26 18:13	15160              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODDBS.DLL

+ 2006-10-27 13:00 . 2006-10-27 13:00	47976              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEERR.DLL

+ 2006-10-26 19:18 . 2006-10-26 19:18	94016              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACCOLK.DLL

+ 2012-05-02 13:34 . 2012-05-02 13:34	13024              c:\windows\assembly\GAC_MSIL\VSTADTEProvider.Interop\8.0.0.0__b03f5f7f11d50a3a\VSTADTEProvider.Interop.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	39624              c:\windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	53248              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Zip\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Zip.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	73728              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.WizardFramework\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.WizardFramework.Dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	19456              c:\windows\assembly\GAC_MSIL\microsoft.visualstudio.wizardframework.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.WizardFramework.Resources.Dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	86016              c:\windows\assembly\GAC_MSIL\microsoft.visualstudio.windows.forms.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Windows.Forms.Resources.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	16384              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.VSContentInstaller\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSContentInstaller.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	72472              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	13104              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.resources.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	39704              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	39712              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	11064              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.resources.dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	73728              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.resources.dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	12600              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.resources.dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	11560              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.resources.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	15872              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.TemplateWizardInterface\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TemplateWizardInterface.dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	10752              c:\windows\assembly\GAC_MSIL\microsoft.visualstudio.shell.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Resources.dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	24576              c:\windows\assembly\GAC_MSIL\microsoft.visualstudio.shell.design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Design.Resources.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	32768              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	49152              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.HostingProcess.Utilities\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.HostingProcess.Utilities.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	24576              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.HostingProcess.Utilities.Sync\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.HostingProcess.Utilities.Sync.dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	13824              c:\windows\assembly\GAC_MSIL\microsoft.visualstudio.design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Design.Resources.dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	49152              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.DebuggerVisualizers\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.DebuggerVisualizers.dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	61440              c:\windows\assembly\GAC_MSIL\microsoft.visualstudio.commonide.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.CommonIDE.resources.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	60200              c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	39728              c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	43840              c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	69632              c:\windows\assembly\GAC_MSIL\Microsoft.MSXML\8.0.0.0__b03f5f7f11d50a3a\microsoft.msxml.dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	11264              c:\windows\assembly\GAC_MSIL\microsoft.build.conversion.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Conversion.resources.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	49152              c:\windows\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	73728              c:\windows\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\VSLangProj80.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	19968              c:\windows\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a\VSLangProj2.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	53248              c:\windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\VSLangProj.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	16384              c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll

+ 2012-05-02 13:36 . 2012-05-02 13:36	10576              c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll

+ 2012-05-02 13:36 . 2012-05-02 13:36	11112              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll

+ 2012-05-02 13:36 . 2012-05-02 13:36	11128              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll

+ 2012-05-02 13:36 . 2012-05-02 13:36	11136              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	12104              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll

+ 2012-05-02 13:36 . 2012-05-02 13:36	11152              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	12632              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	12104              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	12616              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	12616              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll

+ 2012-05-02 13:36 . 2012-05-02 13:36	11128              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll

+ 2012-05-02 13:36 . 2012-05-02 13:36	11144              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll

+ 2012-05-02 13:33 . 2012-05-02 13:33	12104              c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	11264              c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	57344              c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.8.0.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	69632              c:\windows\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.CommandBars.dll

+ 2012-05-02 13:36 . 2012-05-02 13:36	63336              c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	13312              c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll

+ 2012-05-02 13:36 . 2012-05-02 13:36	19320              c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll

+ 2012-05-02 13:33 . 2012-05-02 13:33	35648              c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll

+ 2012-05-02 13:33 . 2012-05-02 13:33	88896              c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll

+ 2012-05-02 13:33 . 2012-05-02 13:33	80696              c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	16712              c:\windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	31560              c:\windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL

+ 2012-05-02 13:34 . 2012-05-02 13:34	65536              c:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL

+ 2012-02-13 01:28 . 2012-05-02 23:18	9740              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1498461681-1693866691-1575079237-1000_UserData.bin

+ 2012-05-01 21:11 . 2012-05-01 21:11	9560              c:\windows\system32\NetworkList\Icons\{ECCD01A9-9AC8-49CB-A695-0EDCA8BCF43B}_48.bin

+ 2012-05-01 21:11 . 2012-05-01 21:11	4280              c:\windows\system32\NetworkList\Icons\{ECCD01A9-9AC8-49CB-A695-0EDCA8BCF43B}_32.bin

+ 2012-05-01 21:11 . 2012-05-01 21:11	2456              c:\windows\system32\NetworkList\Icons\{ECCD01A9-9AC8-49CB-A695-0EDCA8BCF43B}_24.bin

- 2012-05-01 16:38 . 2012-05-01 16:38	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-02 23:28 . 2012-05-02 23:28	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-02 23:28 . 2012-05-02 23:28	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-05-01 16:38 . 2012-05-01 16:38	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-05-02 13:31 . 2012-05-02 13:31	8192              c:\windows\assembly\GAC_MSIL\microsoft.visualstudio.zip.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Zip.resources.dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	8192              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.resources\2.0.0.0_fr_b03f5f7f11d50a3a\microsoft.visualstudio.Resources.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	4096              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ProjectAggregator\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ProjectAggregator.dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	5120              c:\windows\assembly\GAC_MSIL\MICROSOFT.VISUALSTUDIO.PACKAGE.LANGUAGESERVICE.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Package.LanguageService.resources.dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	8192              c:\windows\assembly\GAC_MSIL\microsoft.visualstudio.configuration.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Configuration.Resources.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	4096              c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	8704              c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp80.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	8704              c:\windows\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a\microsoft.visualstudio.designer.interfaces.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	4608              c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll

+ 2006-10-26 11:45 . 2006-10-26 11:45	293376              c:\windows\SysWOW64\WISPTIS.EXE

+ 2006-07-24 08:50 . 2006-07-24 08:50	125744              c:\windows\SysWOW64\MSSTDFMT.DLL

+ 2012-04-20 16:49 . 2009-07-14 01:41	297984              c:\windows\system32\WpdMtp.dll

+ 2012-02-13 23:46 . 2012-05-02 13:12	243534              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 04:50 . 2012-05-02 23:15	431904              c:\windows\system32\FNTCACHE.DAT

- 2009-07-14 05:36 . 2012-04-20 21:36	143360              c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:36 . 2012-05-02 09:07	143360              c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 04:51 . 2012-05-02 23:19	103224              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2009-07-14 05:01 . 2012-05-02 23:28	437112              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2006-10-26 11:45 . 2006-10-26 11:45	106496              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Conversion.dll

+ 2012-05-02 13:32 . 2012-05-02 13:32	847872              c:\windows\Installer\47ae653.msi

+ 2012-05-02 13:31 . 2012-05-02 13:31	505856              c:\windows\Installer\47ae63b.msi

+ 2012-05-02 13:31 . 2012-05-02 13:31	515584              c:\windows\Installer\47ae635.msi

+ 2012-05-02 13:31 . 2012-05-02 13:31	507904              c:\windows\Installer\47ae630.msi

+ 2012-05-02 13:31 . 2012-05-02 13:31	518144              c:\windows\Installer\47ae62a.msi

+ 2012-05-02 13:31 . 2012-05-02 13:31	514048              c:\windows\Installer\47ae624.msi

+ 2012-05-02 13:31 . 2012-05-02 13:31	515072              c:\windows\Installer\47ae61e.msi

+ 2012-05-02 13:31 . 2012-05-02 13:31	506368              c:\windows\Installer\47ae619.msi

+ 2012-05-02 13:31 . 2012-05-02 13:31	506880              c:\windows\Installer\47ae614.msi

+ 2012-05-02 13:38 . 2012-05-02 13:38	217864              c:\windows\Installer\{90120000-006E-040C-0000-0000000FF1CE}\misc.exe

+ 2012-05-02 13:35 . 2012-05-02 13:37	888080              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe

+ 2012-05-02 13:35 . 2012-05-02 13:37	272648              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe

+ 2012-05-02 13:35 . 2012-05-02 13:37	922384              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe

+ 2012-05-02 13:35 . 2012-05-02 13:37	845584              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe

+ 2012-05-02 13:35 . 2012-05-02 13:37	217864              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe

+ 2012-05-02 13:35 . 2012-05-02 13:37	159504              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe

+ 2006-10-26 12:05 . 2006-10-26 12:05	530760              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XPAGE3C.DLL

+ 2006-10-26 18:49 . 2006-10-26 18:49	509200              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WRD12CVR.DLL

+ 2012-05-02 13:33 . 2012-05-02 13:33	781104              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WORDPIA.DLL

+ 2006-10-27 13:23 . 2006-10-27 13:23	347432              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WINWORD.EXE

+ 2006-10-26 12:05 . 2006-10-26 12:05	126784              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL

+ 2006-07-28 13:21 . 2006-07-28 13:21	277320              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SSGEN.DLL

+ 2006-10-26 19:18 . 2006-10-26 19:18	502608              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SOA.DLL

+ 2006-10-26 18:06 . 2006-10-26 18:06	439600              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SETUP.EXE

+ 2006-10-26 18:13 . 2006-10-26 18:13	503624              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SELFCERT.EXE

+ 2006-10-26 18:55 . 2006-10-26 18:55	272744              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SCNPST64.DLL

+ 2006-10-26 18:55 . 2006-10-26 18:55	263520              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SCNPST32.DLL

+ 2006-10-27 13:16 . 2006-10-27 13:16	408880              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\RTFHTML.DLL

+ 2006-10-26 19:42 . 2006-10-26 19:42	744808              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\REGFORM.EXE

+ 2006-10-26 18:09 . 2006-10-26 18:09	590144              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PUBCONV.DLL

+ 2006-10-27 13:04 . 2006-10-27 13:04	624456              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PTXT9.DLL

+ 2006-10-26 18:55 . 2006-10-26 18:55	413472              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PSTPRX32.DLL

+ 2006-10-26 18:09 . 2006-10-26 18:09	136008              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PRTF9.DLL

+ 2012-05-02 13:33 . 2012-05-02 13:33	248632              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PPTPIA.DLL

+ 2006-10-26 19:07 . 2006-10-26 19:07	368968              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PPSLAX.DLL

+ 2006-10-27 13:04 . 2006-10-27 13:04	465200              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\POWERPNT.EXE

+ 2006-10-26 19:30 . 2006-10-26 19:30	482088              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PORTCONN.DLL

+ 2006-10-27 13:16 . 2006-10-27 13:16	176976              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLPH.DLL

+ 2006-10-27 13:16 . 2006-10-27 13:16	594256              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLMIME.DLL

+ 2006-07-26 16:53 . 2006-07-26 16:53	459080              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL

+ 2006-10-27 13:16 . 2006-10-27 13:16	138512              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLCTL.DLL

+ 2006-10-26 17:54 . 2006-10-26 17:54	102200              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OSA.EXE

+ 2006-10-26 11:58 . 2006-10-26 11:58	540008              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ORGCHART.EXE

+ 2006-10-26 18:34 . 2006-10-26 18:34	192848              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OMSXP32.DLL

+ 2006-10-26 18:34 . 2006-10-26 18:34	660792              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OMSMAIN.DLL

+ 2006-10-26 18:55 . 2006-10-26 18:55	254776              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OLKFSTUB.DLL

+ 2006-10-26 18:00 . 2006-10-26 18:00	285008              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OISGRAPH.DLL

+ 2006-10-26 18:00 . 2006-10-26 18:00	998208              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OISAPP.DLL

+ 2006-10-26 18:00 . 2006-10-26 18:00	274744              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OIS.EXE

+ 2006-10-20 06:37 . 2006-10-20 06:37	637744              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OGALEGIT.DLL

+ 2012-05-02 13:33 . 2012-05-02 13:33	416544              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OFFICE.DLL

+ 2006-10-26 18:06 . 2006-10-26 18:06	232816              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ODEPLOY.EXE

+ 2006-10-26 17:55 . 2006-10-26 17:55	538904              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSTORES.DLL

+ 2006-10-26 17:55 . 2006-10-26 17:55	145688              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSTORE.EXE

+ 2006-10-26 17:55 . 2006-10-26 17:55	832800              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSTORDB.EXE

+ 2006-10-26 11:56 . 2006-10-26 11:56	505136              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSSOAP30.DLL

+ 2006-10-26 17:50 . 2006-10-26 17:50	672024              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSQRY32.EXE

+ 2006-10-26 17:58 . 2006-10-26 17:58	437056              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSPVIEW.EXE

+ 2006-10-26 17:58 . 2006-10-26 17:58	155488              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSPSCAN.EXE

+ 2006-10-26 12:47 . 2006-10-26 12:47	727840              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSPROOF6.DLL

+ 2006-10-26 17:58 . 2006-10-26 17:58	772944              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSPFILT.DLL

+ 2006-10-26 11:56 . 2006-10-26 11:56	436520              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSORUN.DLL

+ 2006-10-26 18:12 . 2006-10-26 18:12	428816              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSODCW.DLL

+ 2006-10-27 12:59 . 2006-10-27 12:59	161080              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOCF.DLL

+ 2006-10-26 11:58 . 2006-10-26 11:58	117552              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSCONV97.DLL

+ 2006-10-26 11:58 . 2006-10-26 11:58	290576              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSCDM.DLL

+ 2006-10-27 13:04 . 2006-10-27 13:04	497504              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MORPH9.DLL

+ 2006-10-26 17:52 . 2006-10-26 17:52	460616              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MODHELP.DLL

+ 2006-10-26 18:55 . 2006-10-26 18:55	340248              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MIMEDIR.DLL

+ 2006-10-26 17:55 . 2006-10-26 17:55	828704              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MEDCAT.DLL

+ 2006-10-26 17:58 . 2006-10-26 17:58	525664              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MDIVWCTL.DLL

+ 2006-10-26 17:58 . 2006-10-26 17:58	274776              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MDIINK.DLL

+ 2012-05-02 13:34 . 2012-05-02 13:34	118112              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IPOMINT.DLL

+ 2012-05-02 13:34 . 2012-05-02 13:34	609104              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IPOMHOST.DLL

+ 2006-10-26 19:42 . 2006-10-26 19:42	176976              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IPOLK.DLL

+ 2006-10-26 18:55 . 2006-10-26 18:55	138024              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IMPMAIL.DLL

+ 2006-10-26 18:00 . 2006-10-26 18:00	178488              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IETAG.DLL

+ 2006-10-26 18:12 . 2006-10-26 18:12	173328              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IEAWSDC.DLL

+ 2012-05-02 13:33 . 2012-05-02 13:33	150320              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\GRAPHPIA.DLL

+ 2006-10-27 13:09 . 2006-10-27 13:09	983376              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\FPWEC.DLL

+ 2006-10-26 18:55 . 2006-10-26 18:55	154960              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ENVELOPE.DLL

+ 2006-10-26 18:55 . 2006-10-26 18:55	116544              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\EMABLT32.DLL

+ 2006-10-26 17:48 . 2006-10-26 17:48	434528              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\DWTRIG20.EXE

+ 2006-10-26 18:12 . 2006-10-26 18:12	106824              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\DSSM.EXE

+ 2006-10-26 18:12 . 2006-10-26 18:12	189760              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL

+ 2006-10-27 13:16 . 2006-10-27 13:16	133936              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\CONTAB32.DLL

+ 2006-10-26 17:59 . 2006-10-26 17:59	205616              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\CLVIEW.EXE

+ 2006-10-27 13:41 . 2006-10-27 13:41	399640              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\CDLMSO.DLL

+ 2006-10-26 18:13 . 2006-10-26 18:13	371568              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEXBE.DLL

+ 2006-10-27 13:40 . 2006-10-27 13:40	208760              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEWSS.DLL

+ 2006-10-26 18:13 . 2006-10-26 18:13	826232              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEWDAT.DLL

+ 2006-10-26 18:13 . 2006-10-26 18:13	224104              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACETXT.DLL

+ 2006-10-26 18:13 . 2006-10-26 18:13	551800              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEREP.DLL

+ 2006-10-26 18:13 . 2006-10-26 18:13	289648              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACER3X.DLL

+ 2006-10-26 18:13 . 2006-10-26 18:13	260976              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACER2X.DLL

+ 2006-10-26 18:13 . 2006-10-26 18:13	392048              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEPDE.DLL

+ 2006-10-27 13:00 . 2006-10-27 13:00	387960              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL

+ 2006-10-26 18:13 . 2006-10-26 18:13	279352              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODBC.DLL

+ 2006-10-26 18:13 . 2006-10-26 18:13	207736              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACELTS.DLL

+ 2006-10-26 18:13 . 2006-10-26 18:13	629616              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEEXCL.DLL

+ 2006-10-26 18:13 . 2006-10-26 18:13	338800              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEEXCH.DLL

+ 2006-10-27 13:00 . 2006-10-27 13:00	191360              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEES.DLL

+ 2006-10-27 13:00 . 2006-10-27 13:00	576376              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEDAO.DLL

+ 2006-10-26 19:18 . 2006-10-26 19:18	162616              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACCWIZ.DLL

+ 2006-10-27 13:00 . 2006-10-27 13:00	576376              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACACEDAO.DLL

+ 2012-05-02 13:31 . 2012-05-02 13:31	765952              c:\windows\assembly\GAC_MSIL\mscorcfg.resources\2.0.0.0_fr_b03f5f7f11d50a3a\mscorcfg.resources.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	294912              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio\2.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	360448              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Windows.Forms\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Windows.Forms.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	330520              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	105248              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	211736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	376832              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	249856              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell.Design\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Design.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	806912              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Publish\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Publish.dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	421888              c:\windows\assembly\GAC_MSIL\microsoft.visualstudio.publish.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Publish.Resources.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	344064              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Package.LanguageService\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Package.LanguageService.dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	663552              c:\windows\assembly\GAC_MSIL\microsoft.visualstudio.editors.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Editors.Resources.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	434176              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Design\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Design.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	106496              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Configuration\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Configuration.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	733184              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.CommonIDE\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.commonide.dll

+ 2012-05-02 13:36 . 2012-05-02 13:36	609160              c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	106496              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	454440              c:\windows\assembly\GAC_64\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	367400              c:\windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll

+ 2012-05-02 13:36 . 2012-05-02 13:36	118176              c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll

+ 2012-05-02 13:36 . 2012-05-02 13:36	423784              c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL

+ 2012-05-02 13:34 . 2012-05-02 13:34	229376              c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL

+ 2012-05-02 13:34 . 2012-05-02 13:34	114688              c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TextManager.Interop.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	249856              c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Interop.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	167936              c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.shell.interop.8.0.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	118784              c:\windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	176128              c:\windows\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Debugger.Interop.dll

+ 2012-05-02 13:33 . 2012-05-02 13:33	371496              c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll

+ 2012-05-02 13:36 . 2012-05-02 13:36	870256              c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll

+ 2012-05-02 13:33 . 2012-05-02 13:33	232248              c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll

+ 2012-05-02 13:36 . 2012-05-02 13:36	350064              c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll

+ 2012-05-02 13:33 . 2012-05-02 13:33	920376              c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll

+ 2012-05-02 13:33 . 2012-05-02 13:33	146232              c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	404296              c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll

+ 2012-05-02 13:36 . 2012-05-02 13:36	149352              c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	135168              c:\windows\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\envdte80.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	245760              c:\windows\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a\envdte.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	110592              c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll

+ 2008-11-20 21:06 . 2008-11-20 21:06	1194848              c:\windows\SysWOW64\FM20.DLL

+ 2012-04-20 16:49 . 2009-07-14 01:41	1195008              c:\windows\system32\drivers\UMDF\WpdMtpDr.dll

+ 2009-07-14 04:51 . 2012-05-02 23:18	4251071              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 04:51 . 2012-04-20 21:36	4251071              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2012-02-13 23:35 . 2012-05-02 23:28	1009140              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1498461681-1693866691-1575079237-1000-12288.dat

+ 2009-04-04 04:45 . 2009-04-04 04:45	7999488              c:\windows\Installer\47ae8c1.msp

+ 2009-04-04 04:46 . 2009-04-04 04:46	7888384              c:\windows\Installer\47ae8b4.msp

+ 2009-04-04 04:46 . 2009-04-04 04:46	4443136              c:\windows\Installer\47ae8ab.msp

+ 2009-04-04 04:46 . 2009-04-04 04:46	1282560              c:\windows\Installer\47ae8a2.msp

+ 2009-04-04 04:46 . 2009-04-04 04:46	9926144              c:\windows\Installer\47ae89b.msp

+ 2009-04-04 04:46 . 2009-04-04 04:46	1110528              c:\windows\Installer\47ae887.msp

+ 2009-02-25 19:08 . 2009-02-25 19:08	8311808              c:\windows\Installer\47ae84a.msp

+ 2009-03-28 09:50 . 2009-03-28 09:50	5025792              c:\windows\Installer\47ae7fe.msp

+ 2012-05-02 13:31 . 2012-05-02 13:31	1659392              c:\windows\Installer\47ae64d.msi

+ 2012-05-02 13:31 . 2012-05-02 13:31	1658880              c:\windows\Installer\47ae647.msi

+ 2012-05-02 13:31 . 2012-05-02 13:31	1667072              c:\windows\Installer\47ae641.msi

+ 2012-05-02 13:31 . 2012-05-02 13:31	2368000              c:\windows\Installer\47ae60f.msi

+ 2012-05-02 13:31 . 2012-05-02 13:31	1647104              c:\windows\Installer\47ae60a.msi

+ 2012-05-02 13:31 . 2012-05-02 13:31	2029056              c:\windows\Installer\47ae604.msi

+ 2012-05-02 13:31 . 2012-05-02 13:31	1755136              c:\windows\Installer\47ae5fe.msi

+ 2012-05-02 13:30 . 2012-05-02 13:30	2419200              c:\windows\Installer\47ae5f6.msi

+ 2012-05-02 13:35 . 2012-05-02 13:37	1172240              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe

+ 2012-05-02 13:35 . 2012-05-02 13:37	1165584              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe

+ 2006-10-26 12:05 . 2006-10-26 12:05	1181520              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL

+ 2006-10-27 13:11 . 2006-10-27 13:11	4235560              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WRD12CNV.DLL

+ 2006-10-26 20:58 . 2006-10-26 20:58	3732792              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\VVIEWER.DLL

+ 2006-10-26 21:00 . 2006-10-26 21:00	1841984              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL

+ 2006-09-29 22:42 . 2006-09-29 22:42	2583344              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\VBE6.DLL

+ 2006-10-27 12:57 . 2006-10-27 12:57	2330968              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\STSLIST.DLL

+ 2006-10-26 17:52 . 2006-10-26 17:52	2012480              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PPTVIEW.EXE

+ 2006-10-27 13:04 . 2006-10-27 13:04	7980848              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PPCORE.DLL

+ 2006-09-15 14:25 . 2006-09-15 14:25	3611416              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT

+ 2006-10-26 18:07 . 2006-10-26 18:07	6536992              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OSETUP.DLL

+ 2006-10-27 13:16 . 2006-10-27 13:16	2939704              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OLMAPI32.DLL

+ 2006-10-27 13:18 . 2006-10-27 13:18	1658152              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OGL.DLL

+ 2006-10-26 18:14 . 2006-10-26 18:14	7033152              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OFFOWC.DLL

+ 2006-10-26 18:42 . 2006-10-26 18:42	8423224              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OARTCONV.DLL

+ 2006-10-26 12:47 . 2006-10-26 12:47	1512304              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\NLSD0000.DLL

+ 2006-10-27 13:04 . 2006-10-27 13:04	9581360              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSPUB.EXE

+ 2006-10-26 17:58 . 2006-10-26 17:58	1057632              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSPCORE.DLL

+ 2006-10-26 18:00 . 2006-10-26 18:00	6635320              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSORES.DLL

+ 2006-10-27 13:10 . 2006-10-27 13:10	5281592              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IPEDITOR.DLL

+ 2006-10-27 13:10 . 2006-10-27 13:10	5456704              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IPDESIGN.DLL

+ 2006-10-27 13:10 . 2006-10-27 13:10	1439032              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\INFOPATH.EXE

+ 2006-10-26 18:02 . 2006-10-26 18:02	2526520              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\GRAPH.EXE

+ 2006-10-26 17:21 . 2006-10-26 17:21	1682232              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL

+ 2006-10-26 12:10 . 2006-10-26 12:10	1190688              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\FM20.DLL

+ 2012-05-02 13:33 . 2012-05-02 13:33	1276720              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\EXCELPIA.DLL

+ 2006-10-27 13:00 . 2006-10-27 13:00	1751904              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACECORE.DLL

+ 2006-10-26 12:05 . 2006-10-26 12:05	1165584              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACCICONS.EXE

+ 2012-05-02 13:34 . 2012-05-02 13:34	4202496              c:\windows\assembly\GAC_MSIL\Microsoft.VSDesigner\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VSDesigner.dll

+ 2012-05-02 13:31 . 2012-05-02 13:31	1069056              c:\windows\assembly\GAC_MSIL\Microsoft.VSDesigner.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VSDesigner.Resources.DLL

+ 2012-05-02 13:34 . 2012-05-02 13:34	1859584              c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Editors\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Editors.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	1662976              c:\windows\assembly\GAC_32\mscorcfg\2.0.0.0__b03f5f7f11d50a3a\mscorcfg.dll

+ 2012-05-02 13:36 . 2012-05-02 13:36	1279848              c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll

+ 2012-05-02 13:33 . 2012-05-02 13:33	1612592              c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll

+ 2012-05-02 13:34 . 2012-05-02 13:34	8007680              c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll

+ 2009-04-04 04:46 . 2009-04-04 04:46	14085120              c:\windows\Installer\47ae8c7.msp

+ 2009-04-04 04:46 . 2009-04-04 04:46	10874880              c:\windows\Installer\47ae891.msp

+ 2009-04-04 04:46 . 2009-04-04 04:46	20993024              c:\windows\Installer\47ae854.msp

+ 2012-05-02 13:32 . 2012-05-02 13:32	15831552              c:\windows\Installer\47ae65b.msi

+ 2006-10-26 19:13 . 2006-10-26 19:13	14674216              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XL12CNV.EXE

+ 2006-10-27 13:23 . 2006-10-27 13:23	17483560              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WWLIB.DLL

+ 2006-10-27 13:16 . 2006-10-27 13:16	12813096              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLOOK.EXE

+ 2006-10-27 13:14 . 2006-10-27 13:14	14151456              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OART.DLL

+ 2006-10-27 13:26 . 2006-10-27 13:26	16870712              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSO.DLL

+ 2006-10-27 13:01 . 2006-10-27 13:01	10371880              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSACCESS.EXE

+ 2006-10-27 13:07 . 2006-10-27 13:07	17891112              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\EXCEL.EXE

+ 2009-04-04 04:45 . 2009-04-04 04:45	343058432              c:\windows\Installer\47ae7ea.msp

.

-- Instantané actualisé --

.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49	94208	----a-w-	c:\users\ous\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49	94208	----a-w-	c:\users\ous\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49	94208	----a-w-	c:\users\ous\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-02-15 258512]

.

c:\users\ous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\ous\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464]

mention.lnk - c:\program files (x86)\mention\mention.exe [2012-3-30 580096]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]

R2 klehqlsmdsjdbz;klehqlsmdsjdbz;c:\windows\TEMP\DAT6585.tmp.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 AntiVirSchedulerService;Avira Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-02-15 86224]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [x]

S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [x]

.

.

Contenu du dossier 'Tâches planifiées'

.

2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1498461681-1693866691-1575079237-1000Core.job

- c:\users\ous\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 14:21]

.

2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1498461681-1693866691-1575079237-1000UA.job

- c:\users\ous\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 14:21]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49	97792	----a-w-	c:\users\ous\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49	97792	----a-w-	c:\users\ous\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49	97792	----a-w-	c:\users\ous\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49	97792	----a-w-	c:\users\ous\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-19 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-19 416024]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-10-15 539456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Examen supplémentaire -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: {{725EC34E-943C-4df6-B0B2-FBDE7F242276} - c:\users\ous\Desktop\PartyPoker.fr.lnk

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{482580BA-6416-4BE2-8836-5E7A608C398C}: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{482580BA-6416-4BE2-8836-5E7A608C398C}\160716368656: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{482580BA-6416-4BE2-8836-5E7A608C398C}\36166656C616D696: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{482580BA-6416-4BE2-8836-5E7A608C398C}\D414459474E4F4E4: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{482580BA-6416-4BE2-8836-5E7A608C398C}\E4547425543534F4: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\ous\AppData\Roaming\Mozilla\Firefox\Profiles\zto4ve4k.default\

FF - prefs.js: network.proxy.ftp - 122.0.66.102

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.http - 122.0.66.102

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - 122.0.66.102

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - 122.0.66.102

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 0

.

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Autres processus actifs ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\SysWOW64\RunDll32.exe

c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe

.

**************************************************************************

.

Heure de fin: 2012-05-03  01:35:29 - La machine a redémarré

ComboFix-quarantined-files.txt  2012-05-02 23:35

ComboFix2.txt  2012-05-01 16:44

ComboFix3.txt  2012-04-20 20:03

.

Avant-CF: 301 446 725 632 octets libres

Après-CF: 301 454 594 048 octets libres

.

- - End Of File - - C97123A747F3943B8FCBCAA224EBCAD4





#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:01 PM

Posted 02 May 2012 - 06:48 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic452223.html/page__pid__2686346#entry2686346

Collect::
c:\windows\system32\drivers\rfeqpaac.sys
c:\windows\system32\drivers\qfrrltzb.sys
c:\windows\TEMP\DAT6585.tmp.exe

Driver::
klehqlsmdsjdbz

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


NEXT


Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 chahedous

chahedous
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 02 May 2012 - 07:25 PM

here the new combofix log
ComboFix 12-05-02.03 - ous 03/05/2012   2:10.4.8 - x64
Microsoft Windows 7 Édition Intégrale N   6.1.7601.1.1252.33.1036.18.8098.6323 [GMT 2:00]
Lancé depuis: c:\users\ous\Desktop\sqdsqdqsd.exe
Commutateurs utilisés :: c:\users\ous\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
.
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\qfrrltzb.sys
c:\windows\system32\drivers\rfeqpaac.sys
.
.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_klehqlsmdsjdbz
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2012-04-03 au 2012-05-03  ))))))))))))))))))))))))))))))))))))
.
.
2012-05-03 00:15 . 2012-05-03 00:15	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-05-03 00:15 . 2012-05-03 00:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-02 20:25 . 2012-05-02 20:26	--------	d-----w-	C:\FRST
2012-05-02 14:40 . 2012-03-13 17:18	2469760	----a-w-	c:\windows\SysWow64\BootMan.exe
2012-05-02 14:40 . 2012-03-13 17:05	3316736	----a-w-	c:\windows\system32\BootMan.exe
2012-05-02 14:40 . 2011-07-29 11:54	9096	----a-w-	c:\windows\system32\EuGdiDrv.sys
2012-05-02 14:40 . 2011-07-29 11:54	86408	----a-w-	c:\windows\SysWow64\setupempdrv03.exe
2012-05-02 14:40 . 2011-07-29 11:54	8456	----a-w-	c:\windows\SysWow64\EuGdiDrv.sys
2012-05-02 14:40 . 2011-07-29 11:54	16776	----a-w-	c:\windows\system32\epmntdrv.sys
2012-05-02 14:40 . 2011-07-29 11:54	14216	----a-w-	c:\windows\SysWow64\epmntdrv.sys
2012-05-02 14:40 . 2011-07-29 11:54	100232	----a-w-	c:\windows\system32\setupempdrvx64.exe
2012-05-02 14:40 . 2011-07-29 11:54	19840	----a-w-	c:\windows\SysWow64\EuEpmGdi.dll
2012-05-02 14:40 . 2011-07-29 11:54	16256	----a-w-	c:\windows\system32\EuEpmGdi.dll
2012-05-02 14:40 . 2012-05-02 14:40	--------	d-----w-	c:\program files (x86)\EASEUS
2012-05-02 13:34 . 2012-05-02 13:36	--------	d-----w-	c:\program files (x86)\Microsoft Works
2012-05-02 13:33 . 2012-05-02 13:33	--------	d-----w-	c:\windows\PCHEALTH
2012-05-02 13:31 . 2012-05-02 13:31	--------	d-----w-	C:\IDE
2012-05-02 13:31 . 2012-05-02 13:31	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2012-05-02 13:30 . 2012-05-02 13:30	--------	d-----r-	C:\MSOCache
2012-05-01 16:58 . 2012-05-01 16:58	--------	d-----w-	c:\users\ous\AppData\Roaming\Avira
2012-05-01 16:52 . 2012-05-01 16:52	--------	d-----w-	c:\programdata\Avira
2012-05-01 16:52 . 2012-05-01 16:52	--------	d-----w-	c:\program files (x86)\Avira
2012-05-01 16:52 . 2012-02-15 13:04	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-01 16:52 . 2012-02-15 13:04	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-01 16:52 . 2011-09-16 14:11	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-05-01 15:07 . 2012-05-01 15:07	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2AAC705F-9414-4A0F-8F11-A3D88947D954}\offreg.dll
2012-05-01 14:50 . 2012-04-13 08:46	8917360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2AAC705F-9414-4A0F-8F11-A3D88947D954}\mpengine.dll
2012-04-25 16:07 . 2012-04-25 16:07	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-04-25 16:07 . 2012-04-25 16:07	157352	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 16:07 . 2012-04-25 16:07	129976	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-24 21:59 . 2012-04-24 22:20	--------	d-----w-	C:\Friends
2012-04-20 21:54 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-04-20 21:54 . 2012-03-06 23:15	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-04-20 21:54 . 2012-04-20 21:54	--------	d-----w-	c:\programdata\AVAST Software
2012-04-20 21:54 . 2012-04-20 21:54	--------	d-----w-	c:\program files\AVAST Software
2012-04-20 21:36 . 2012-04-20 21:36	--------	d-----w-	c:\program files\Windows Portable Devices
2012-04-20 21:36 . 2012-04-20 21:36	--------	d-----w-	c:\program files (x86)\Windows Portable Devices
2012-04-20 20:26 . 2012-04-20 22:33	--------	d-----w-	c:\windows\system32\drivers\AVG
2012-04-20 19:35 . 2012-04-20 19:35	--------	d-----w-	c:\windows\SysWow64\LogFiles
2012-04-20 16:55 . 2012-04-20 20:29	--------	d-----w-	c:\users\ous\AppData\Roaming\AVG2012
2012-04-20 16:40 . 2012-04-20 22:33	--------	d-----w-	c:\users\ous\AppData\Local\Downloaded Installations
2012-04-20 16:20 . 2012-04-20 22:33	--------	d-----w-	c:\program files\SAMSUNG
2012-04-19 13:10 . 2012-04-19 13:10	--------	d--h--w-	c:\programdata\Common Files
2012-04-19 13:10 . 2012-04-19 13:10	--------	d-----w-	C:\$AVG
2012-04-19 13:10 . 2012-04-20 20:26	--------	d-----w-	c:\programdata\AVG2012
2012-04-19 13:10 . 2012-04-19 13:10	--------	d-----w-	c:\program files (x86)\AVG
2012-04-19 12:53 . 2012-04-20 22:33	--------	d-----w-	c:\programdata\MFAData
2012-04-19 10:46 . 2012-05-01 16:33	--------	d-----w-	C:\ComboFix
2012-04-18 13:07 . 2012-04-18 13:07	--------	d-----w-	c:\program files (x86)\TeamViewer
2012-04-18 07:55 . 2012-04-20 16:44	--------	d-----w-	c:\users\ous\AppData\Roaming\Samsung
2012-04-18 07:51 . 2012-04-20 16:51	--------	d-----w-	c:\programdata\Samsung
2012-04-18 07:51 . 2012-04-18 07:53	--------	d-----w-	c:\program files (x86)\Samsung
2012-04-16 10:32 . 2012-04-19 11:19	--------	d-----w-	c:\users\ous\AppData\Roaming\uTorrent
2012-04-16 09:48 . 2012-04-16 09:48	15340	----a-w-	c:\windows\wshelper.dll
2012-04-16 09:12 . 2012-04-19 16:22	--------	d-----w-	C:\wamp32 - Copie
2012-04-10 11:36 . 2012-04-10 11:36	--------	d-----w-	c:\users\ous\AppData\Roaming\SumatraPDF
2012-04-10 11:36 . 2012-04-10 11:36	--------	d-----w-	c:\program files (x86)\SumatraPDF
2012-04-08 22:29 . 2012-04-08 23:38	--------	d-----w-	c:\users\ous\AppData\Roaming\Might & Magic Heroes VI
2012-04-08 22:29 . 2012-04-08 22:32	--------	d-----w-	c:\users\ous\AppData\Local\Ubisoft Game Launcher
2012-04-08 22:10 . 2012-04-19 16:21	--------	d-----w-	c:\program files (x86)\Ubisoft
2012-04-08 21:39 . 2012-04-08 21:39	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-08 21:31 . 2012-04-19 16:21	--------	d-----w-	c:\program files (x86)\Paradox Interactive
2012-04-08 21:29 . 2012-04-08 21:42	--------	d-----w-	c:\users\ous\AppData\Local\SKIDROW
2012-04-08 21:25 . 2010-02-04 08:01	24920	----a-w-	c:\windows\system32\X3DAudio1_7.dll
2012-04-08 21:17 . 2012-04-19 16:21	--------	d-----w-	c:\program files (x86)\Robot Entertainment
2012-04-06 10:19 . 2012-04-06 10:19	--------	d-----w-	c:\users\ous\AppData\Local\mention
2012-04-06 10:19 . 2012-04-20 22:33	--------	d-----w-	c:\program files (x86)\mention
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 02:02 . 2012-02-24 02:02	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-02-24 02:02 . 2012-02-24 02:02	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-02-24 02:02 . 2012-02-24 02:02	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-02-24 02:02 . 2012-02-24 02:02	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-02-24 02:02 . 2012-02-24 02:02	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-24 02:02 . 2012-02-24 02:02	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-02-24 02:02 . 2012-02-24 02:02	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-24 02:02 . 2012-02-24 02:02	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-02-24 02:02 . 2012-02-24 02:02	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-02-24 02:02 . 2012-02-24 02:02	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-02-24 02:02 . 2012-02-24 02:02	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-02-24 02:02 . 2012-02-24 02:02	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-02-24 02:02 . 2012-02-24 02:02	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-02-24 02:02 . 2012-02-24 02:02	448512	----a-w-	c:\windows\system32\html.iec
2012-02-24 02:02 . 2012-02-24 02:02	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-02-24 02:02 . 2012-02-24 02:02	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-02-24 02:02 . 2012-02-24 02:02	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-02-24 02:02 . 2012-02-24 02:02	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-02-24 02:02 . 2012-02-24 02:02	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-02-24 02:02 . 2012-02-24 02:02	222208	----a-w-	c:\windows\system32\msls31.dll
2012-02-24 02:02 . 2012-02-24 02:02	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-02-24 02:02 . 2012-02-24 02:02	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-02-24 02:02 . 2012-02-24 02:02	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-02-24 02:02 . 2012-02-24 02:02	160256	----a-w-	c:\windows\system32\wextract.exe
2012-02-24 02:02 . 2012-02-24 02:02	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-02-24 02:02 . 2012-02-24 02:02	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-02-24 02:02 . 2012-02-24 02:02	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-02-24 02:02 . 2012-02-24 02:02	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-02-24 02:02 . 2012-02-24 02:02	12288	----a-w-	c:\windows\system32\mshta.exe
2012-02-24 02:02 . 2012-02-24 02:02	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-02-24 02:02 . 2012-02-24 02:02	114176	----a-w-	c:\windows\system32\admparse.dll
2012-02-24 02:02 . 2012-02-24 02:02	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-02-24 02:02 . 2012-02-24 02:02	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-02-24 02:02 . 2012-02-24 02:02	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-02-23 08:18 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-21 22:19 . 2012-02-21 22:19	483328	----a-w-	c:\program files (x86)\putty.exe
2012-02-21 15:47 . 2012-02-21 15:47	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38 . 2012-03-14 04:21	1112064	----a-w-	c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 04:21	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 04:21	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 04:21	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 04:21	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-02-15 22:24 . 2012-02-15 22:24	203320	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2012-02-15 22:24 . 2012-02-15 22:24	99384	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2012-02-15 09:01 . 2012-02-15 09:01	52736	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 09:01 . 2012-02-15 09:01	4547944	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-02-13 22:58 . 2012-02-13 14:51	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-10 06:36 . 2012-03-14 04:25	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 04:25	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 04:25	3145728	----a-w-	c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((   SnapShot_2012-05-02_23.29.12   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:59 . 2012-05-02 23:18	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:59 . 2012-05-03 00:19	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:59 . 2012-05-03 00:19	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:59 . 2012-05-02 23:18	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:59 . 2012-05-03 00:19	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:59 . 2012-05-02 23:18	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:10 . 2012-05-02 23:31	35408              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:09 . 2012-05-03 00:18	34726              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-13 01:28 . 2012-05-03 00:18	9972              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1498461681-1693866691-1575079237-1000_UserData.bin
- 2012-05-02 23:28 . 2012-05-02 23:28	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-03 00:16 . 2012-05-03 00:16	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-02 23:28 . 2012-05-02 23:28	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-03 00:16 . 2012-05-03 00:16	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:51 . 2012-05-03 00:00	113568              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-05-02 23:28	437112              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-03 00:15	437112              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-13 23:35 . 2012-05-03 00:15	1190220              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1498461681-1693866691-1575079237-1000-12288.dat
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\ous\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\ous\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\ous\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-02-15 258512]
.
c:\users\ous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ous\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464]
mention.lnk - c:\program files (x86)\mention\mention.exe [2012-3-30 580096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-02-15 86224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1498461681-1693866691-1575079237-1000Core.job
- c:\users\ous\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 14:21]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1498461681-1693866691-1575079237-1000UA.job
- c:\users\ous\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 14:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\ous\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\ous\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\ous\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\ous\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-19 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-19 416024]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-10-15 539456]
"combofix"="c:\sqdsqdqsd\CF29123.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{725EC34E-943C-4df6-B0B2-FBDE7F242276} - c:\users\ous\Desktop\PartyPoker.fr.lnk
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{482580BA-6416-4BE2-8836-5E7A608C398C}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{482580BA-6416-4BE2-8836-5E7A608C398C}\160716368656: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{482580BA-6416-4BE2-8836-5E7A608C398C}\36166656C616D696: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{482580BA-6416-4BE2-8836-5E7A608C398C}\D414459474E4F4E4: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{482580BA-6416-4BE2-8836-5E7A608C398C}\E4547425543534F4: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\ous\AppData\Roaming\Mozilla\Firefox\Profiles\zto4ve4k.default\
FF - prefs.js: network.proxy.ftp - 122.0.66.102
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 122.0.66.102
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 122.0.66.102
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 122.0.66.102
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2012-05-03  02:22:50 - La machine a redémarré
ComboFix-quarantined-files.txt  2012-05-03 00:22
ComboFix2.txt  2012-05-02 23:35
ComboFix3.txt  2012-05-01 16:44
ComboFix4.txt  2012-04-20 20:03
.
Avant-CF: 301 530 497 024 octets libres
Après-CF: 301 484 437 504 octets libres
.
- - End Of File - - 9413CCC9C13F9FC1C6D3EFE01468972F
L'envoi a r‚ussi 

Now I am running Malwarebytes' Anti-Malware

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:01 PM

Posted 02 May 2012 - 07:27 PM

:thumbup2:

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:01 PM

Posted 18 May 2012 - 10:18 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users