Trés mauvais virus! besoin d'aide urgente! [résolu]

S'abonner :

Newsletters

Magazines

01men.

Avis sur les produits

Avis sur les logiciels

Avis sur les jeux

Actualités

A propos de 01net

183 utilisateurs connectés

Forum de 01net / Sécurité / Trés mauvais virus! besoin d'aide urgente! [résolu]

Trés mauvais virus! besoin d'aide urgente! [résolu]

fanouchka le 04 juillet 2008 à 15h34

Bonjour,

J'ai un sale virus sur mon PC, il déconnecte mes pares feu, il m'empeche d'en installer d'autres, je ne peux pas lancer de hijackthis, ni clean, ni redémarrer en mode sans echec. Ma bécane est super lente et aprés un scan AVG(169 traces) toutes les opérations de suppressions ont échouées.
Je suis en plein milieu d'un taf et je n'ai pas le temps de reformater. Aidez moi, je commence à être à court d'idées et ce virus semble super coriace!

-->Message édité par fanouchka le 10/07/2008 12:41:29<--

répondre

dédétraqué le 04 juillet 2008 à 15h36

Salut fanouchka

Rends toi dans le dossier C:\Program Files\Trend Micro\ HijackThis < == ce dossier

Faire un clique droit sur HijackThis.exe et le renommé en scanner.exe

Refais un scan avec HijackThis modifié et poste le rapport

@++

répondre

fanouchka le 04 juillet 2008 à 15h58

Salut dédé,

Quand j'arrive à le lancer, il me dit que "scanner.exe n'est pas une application Win32 valide", sur ce, il refuse d'aller plus loin...

répondre

dédétraqué le 04 juillet 2008 à 16h04

Salut fanouchka

Télécharge Daft sur le bureau ici :

http://www.techsupportforum.com/sectools/Deckard/daft.exe

- Double clique sur daft.exe sur le bureau

- Clique sur le bouton ]b]Scan et coche toute les cases

- Clique sur le bouton Fix

- Refais le scan et si tout est ok tu verras noté All associations are OK

- Quitte Daft

Réessaie avec Hijackthis

@++

répondre

fanouchka le 04 juillet 2008 à 16h27

juste une petite divergence, aprés avoir cliqué sur scan, je n'ai pas la possibilité de cocher quoi que ce soit mais je reçois bien le message "all associations are ok"
Hijackthis ne démarre toujours pas...

Merci de prendre un peu de temps pour m'aider.

répondre

dédétraqué le 04 juillet 2008 à 16h47

Salut fanouchka

Télécharge Beagled (de sUBs) sur le bureau ici :

http://download.bleepingcomputer.com/sUBs/Beagled.exe

- Double clique sur Beagled.exe sur le bureau

- Laisse faire le scan et poste le rapport généré avec un rapport HijackThis

@++

répondre

fanouchka le 04 juillet 2008 à 17h27

Ca n'a pas été une mince affaire mais le voilà:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:38, on 04/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AEC54DFC-98AB-41C6-9502-FEDAD2DC739B} - C:\WINDOWS\system32\iepeersd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Global Startup: Canon LBP-800 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: RAID Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 6852 bytes

répondre

fanouchka le 04 juillet 2008 à 17h31

PS: J'ai remarqué puis désactivé dans msconfig des trucs étranges genre: hldrrr et 8agle.

répondre

Mérillym le 04 juillet 2008 à 17h32

Bonjour,

Où est le rapport de beagled demandé ?

Il doit se situer sur C:\

Poste-le stp.

PS: J'ai remarqué puis désactivé dans msconfig des trucs étranges genre: hldrrr et 8agle.

Rien de bizarre, c'est bagle, ton infection.

-->Message édité par Mérillym le 04/07/2008 17:33:02<--

répondre

dédétraqué le 04 juillet 2008 à 17h50

Salut fanouchka

As-tu le rapport de beagled?

@++

répondre

fanouchka le 04 juillet 2008 à 17h51

Bonjour,

Le rapport beagled ne se lance pas, au départ une fenetre "reboot" s'affichait pour me demander de redemarrer la machine, et maintenant la fenetre se ferme instantanement...
Qu'est ce que bagle? C'est un trojan?
De plus je remarque qu'un petit logiciel d'agenda "rainlendar" que je posséde à changer d'icone pour afficher un drapeau de pirate, je l'ai donc aussi désactiver. Dois je le supprimer?

répondre

dédétraqué le 04 juillet 2008 à 18h13

Salut fanouchka

Télécharge combofix.exe (de sUBs) sur le bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe tape 1 valide par Entrée pour lancer le scan

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif

N'en tiens pas compte continue la procédure

@++

répondre

fanouchka le 04 juillet 2008 à 18h15

Dans le journal Avast (qui ne marche toujours pas), je peux lire comme alerte:
Win32:Beagles-AAW [trj]
Win32:Rootkit-gen [Rtk]
Win32:Trajan-gen
INF:Autorun-P
si ça peux aider....

répondre

fanouchka le 04 juillet 2008 à 18h28

Voilà le rapport Combix:

ComboFix 08-07-03.5 - FANOUCHE 2008-07-04 18:19:39.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1157 [GMT 2:00]
Endroit: C:\Documents and Settings\FANOUCHE\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\51831359.exe
C:\WINDOWS\system32\drivers\downld\51884421.exe
C:\WINDOWS\system32\drivers\downld\52049625.exe
C:\WINDOWS\system32\drivers\downld\52094703.exe
C:\WINDOWS\system32\drivers\downld\52667718.exe
C:\WINDOWS\system32\media
C:\WINDOWS\system32\media\AvidRender.wav

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-04 to 2008-07-04 ))))))))))))))))))))))))))))))))))))
.

2008-07-04 12:38 . 2008-07-04 12:39 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-07-04 12:38 . 2008-07-04 12:38 <REP> d-------- C:\Program Files\Zone Labs
2008-07-04 12:38 . 2008-04-02 21:07 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-07-04 12:38 . 2008-07-04 12:38 352,624 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-07-04 12:37 . 2008-07-04 12:39 <REP> d-------- C:\WINDOWS\Internet Logs
2008-07-04 11:51 . 2008-07-04 16:34 <REP> d-------- C:\Program Files\Trend Micro
2008-07-04 11:41 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-04 11:40 . 2008-07-04 11:40 <REP> d-------- C:\Program Files\Panda Security
2008-07-04 10:50 . 2008-07-04 10:51 <REP> d-------- C:\Program Files\ABAEnglishCourse
2008-07-03 21:03 . 2008-07-03 21:03 <REP> d-------- C:\Documents and Settings\FANOUCHE\Application Data\Kerio
2008-07-03 10:26 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-07-03 10:26 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-07-03 10:26 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-07-03 10:26 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-07-03 10:26 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-07-03 10:26 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-07-03 10:26 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-07-03 10:26 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-07-03 10:26 . 2008-07-03 10:26 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-07-03 10:26 . 2008-07-03 10:26 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-07-02 10:02 . 2008-07-02 10:02 <REP> d-------- C:\Program Files\ALA
2008-06-27 22:12 . 2008-06-27 23:12 <REP> d-------- C:\Program Files\Mafia
2008-06-27 22:12 . 2002-08-26 19:54 327,680 -ra------ C:\WINDOWS\system32\MafiaSetup.exe
2008-06-25 16:08 . 2008-06-26 16:41 <REP> d-------- C:\Documents and Settings\FANOUCHE\Contacts
2008-06-23 11:20 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-06-15 22:30 . 2008-06-15 22:30 <REP> dr-h----- C:\Documents and Settings\FANOUCHE\Application Data\SecuROM
2008-06-15 22:29 . 2008-06-15 22:29 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-13 00:48 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 00:48 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 12:56 . 2008-06-04 12:56 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 09:39 --------- d-----w C:\Documents and Settings\FANOUCHE\Application Data\uTorrent
2008-07-04 09:28 --------- d-----w C:\Program Files\eMule
2008-07-03 19:37 5,908 ----a-w C:\WINDOWS\system32\drivers\kwfupper.log
2008-07-03 19:37 11,468 ----a-w C:\WINDOWS\system32\drivers\kwflower.log
2008-07-03 19:37 --------- d-----w C:\Program Files\Kerio
2008-07-02 20:00 --------- d-----w C:\Program Files\adslTV
2008-06-27 20:52 --------- d-----w C:\Program Files\Creative
2008-06-25 14:07 --------- d-----w C:\Program Files\MSN Messenger
2008-06-21 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-17 18:24 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-04 13:27 --------- d-----w C:\Documents and Settings\FANOUCHE\Application Data\vlc
2008-06-02 16:23 --------- d-----w C:\Documents and Settings\FANOUCHE\Application Data\AdobeAUM
2008-06-02 16:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 16:15 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-26 16:10 --------- d-----w C:\Program Files\uTorrent
2008-05-21 14:59 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-05-21 11:16 --------- d-----w C:\Program Files\Rainlendar2
2008-05-21 09:20 --------- d-----w C:\Program Files\Lavasoft
2008-05-21 09:20 --------- d-----w C:\Documents and Settings\FANOUCHE\Application Data\Lavasoft
2008-05-20 09:07 --------- d-----w C:\Program Files\Agendis
2008-05-20 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Agendis
2008-05-20 09:02 --------- d-----w C:\Documents and Settings\FANOUCHE\Application Data\Talkback
2008-05-19 16:42 --------- d-----w C:\Program Files\BitComet
2008-05-08 12:14 203,008 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-05 16:56 --------- d-----w C:\Program Files\SoftLogica
2007-09-18 13:37 16,368 ----a-w C:\Documents and Settings\FANOUCHE\Application Data\GDIPFONTCACHEV1.DAT
2007-08-19 13:40 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-08-19 13:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
2007-08-19 13:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007081920070820\index.dat
2007-08-19 13:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEC54DFC-98AB-41C6-9502-FEDAD2DC739B}]
2008-03-30 14:40 14848 --a------ C:\WINDOWS\system32\iepeersd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 06:22 7700480]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"CAPON"="C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2000-04-20 00:00 22528]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-22 13:34 6731312]
"nwiz"="nwiz.exe" [2006-10-22 06:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"P17Helper"="P17.dll" [2005-05-03 13:38 64512 C:\WINDOWS\system32\P17.dll]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 05:58 73728 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-05 12:05 2550272 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"MaxRecentDocs"= 10 (0xa)
"NoInstrumentation"= 0 (0x0)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^FANOUCHE^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\FANOUCHE\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FANOUCHE^Menu Démarrer^Programmes^Démarrage^IcoSauve.lnk]
path=C:\Documents and Settings\FANOUCHE\Menu Démarrer\Programmes\Démarrage\IcoSauve.lnk
backup=C:\WINDOWS\pss\IcoSauve.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FANOUCHE^Menu Démarrer^Programmes^Démarrage^Rainlendar2 (2).lnk]
path=C:\Documents and Settings\FANOUCHE\Menu Démarrer\Programmes\Démarrage\Rainlendar2 (2).lnk
backup=C:\WINDOWS\pss\Rainlendar2 (2).lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 09:27 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-03-14 13:55 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-05-15 15:55 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 06:22 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
--a------ 2004-05-26 06:05 692224 C:\Program Files\Rainlendar2\Rainlendar2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-05-15 15:55 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 19:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
--------- 2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-06-01 10:19]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 RapidPort;RapidPort;C:\WINDOWS\system32\Drivers\CAPLPTN.SYS [2000-04-20 00:00]
R3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\DRIVERS\BCGAME.SYS [2002-04-12 14:44]
R3 bcgbus;Nostromo USB Device Driver;C:\WINDOWS\system32\DRIVERS\BCGBUS.SYS [2002-04-12 14:44]
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-08-28 08:48]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 ProtoWall;ProtoWall Network Service;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-30 04:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-combofix - C:\DOCUME~1\FANOUCHE\LOCALS~1\Temp\RarSFX1\8agle.cmd

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 18:23:34
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-04 18:25:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-04 16:25:29

Pre-Run: 7,239,352,320 octets libres
Post-Run: 7,427,121,152 octets libres

233 --- E O F --- 2008-06-20 13:07:04

répondre

dédétraqué le 04 juillet 2008 à 19h16

Salut fanouchka

- Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

- Copie/colle ce qui est en citation ci-dessous dans le Bloc-Notes :

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEC54DFC-98AB-41C6-9502-FEDAD2DC739B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

File::
C:\WINDOWS\system32\iepeersd.dll

- Enregistre ce fichier sur le bureau (Impératif)

-Nom du fichier : CFScript.txt
-Type du fichier : tous les fichiers

- Clique sur Enregistrer et quitte le Bloc Notes

- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture :

< inclued picture >

* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Avec ce rapport, poste moi un nouveau rapport HijackThis

@++

répondre

fanouchka le 04 juillet 2008 à 19h31

Voilà le rapport Combix:

ComboFix 08-07-03.5 - FANOUCHE 2008-07-04 19:24:18.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1129 [GMT 2:00]
Endroit: C:\Documents and Settings\FANOUCHE\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\FANOUCHE\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\system32\iepeersd.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\iepeersd.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-04 to 2008-07-04 ))))))))))))))))))))))))))))))))))))
.

2008-07-04 18:35 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-07-04 18:34 . 2004-08-19 19:09 466,944 --a--c--- C:\WINDOWS\system32\dllcache\OLD957.tmp
2008-07-04 18:33 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-07-04 18:32 . 2007-02-28 18:08 2,061,440 --a--c--- C:\WINDOWS\system32\dllcache\OLD789.tmp
2008-07-04 18:31 . 2002-09-06 23:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\OLD721.tmp
2008-07-04 18:30 . 2002-09-06 23:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\OLD561.tmp
2008-07-04 18:29 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-07-04 18:28 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-07-04 18:27 . 2002-09-06 23:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\OLD301.tmp
2008-07-04 18:26 . 2004-08-19 16:09 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-07-04 18:25 . 2007-02-28 18:08 2,184,192 --a--c--- C:\WINDOWS\system32\dllcache\OLD97.tmp
2008-07-04 18:24 . 2008-07-04 18:36 <REP> d-------- C:\WINDOWS\LastGood
2008-07-04 12:38 . 2008-07-04 12:39 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-07-04 12:38 . 2008-07-04 12:38 <REP> d-------- C:\Program Files\Zone Labs
2008-07-04 12:38 . 2008-04-02 21:07 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-07-04 12:38 . 2008-07-04 12:38 352,624 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-07-04 12:37 . 2008-07-04 12:39 <REP> d-------- C:\WINDOWS\Internet Logs
2008-07-04 11:51 . 2008-07-04 16:34 <REP> d-------- C:\Program Files\Trend Micro
2008-07-04 11:41 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-04 11:40 . 2008-07-04 11:40 <REP> d-------- C:\Program Files\Panda Security
2008-07-04 10:50 . 2008-07-04 10:51 <REP> d-------- C:\Program Files\ABAEnglishCourse
2008-07-03 21:03 . 2008-07-03 21:03 <REP> d-------- C:\Documents and Settings\FANOUCHE\Application Data\Kerio
2008-07-03 10:26 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-07-03 10:26 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-07-03 10:26 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-07-03 10:26 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-07-03 10:26 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-07-03 10:26 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-07-03 10:26 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-07-03 10:26 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-07-03 10:26 . 2008-07-03 10:26 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-07-03 10:26 . 2008-07-03 10:26 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-07-02 10:02 . 2008-07-02 10:02 <REP> d-------- C:\Program Files\ALA
2008-06-27 22:12 . 2008-06-27 23:12 <REP> d-------- C:\Program Files\Mafia
2008-06-27 22:12 . 2002-08-26 19:54 327,680 -ra------ C:\WINDOWS\system32\MafiaSetup.exe
2008-06-25 16:08 . 2008-06-26 16:41 <REP> d-------- C:\Documents and Settings\FANOUCHE\Contacts
2008-06-23 11:20 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-06-15 22:30 . 2008-06-15 22:30 <REP> dr-h----- C:\Documents and Settings\FANOUCHE\Application Data\SecuROM
2008-06-15 22:29 . 2008-06-15 22:29 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-13 00:48 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 00:48 . 2008-06-14 19:59 272,768 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 12:56 . 2008-06-04 12:56 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 09:39 --------- d-----w C:\Documents and Settings\FANOUCHE\Application Data\uTorrent
2008-07-04 09:28 --------- d-----w C:\Program Files\eMule
2008-07-03 19:37 5,908 ----a-w C:\WINDOWS\system32\drivers\kwfupper.log
2008-07-03 19:37 11,468 ----a-w C:\WINDOWS\system32\drivers\kwflower.log
2008-07-03 19:37 --------- d-----w C:\Program Files\Kerio
2008-07-02 20:00 --------- d-----w C:\Program Files\adslTV
2008-06-27 20:52 --------- d-----w C:\Program Files\Creative
2008-06-25 14:07 --------- d-----w C:\Program Files\MSN Messenger
2008-06-21 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-17 18:24 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-04 13:27 --------- d-----w C:\Documents and Settings\FANOUCHE\Application Data\vlc
2008-06-02 16:23 --------- d-----w C:\Documents and Settings\FANOUCHE\Application Data\AdobeAUM
2008-06-02 16:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 16:15 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-26 16:10 --------- d-----w C:\Program Files\uTorrent
2008-05-21 14:59 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-05-21 09:20 --------- d-----w C:\Program Files\Lavasoft
2008-05-21 09:20 --------- d-----w C:\Documents and Settings\FANOUCHE\Application Data\Lavasoft
2008-05-20 09:07 --------- d-----w C:\Program Files\Agendis
2008-05-20 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Agendis
2008-05-20 09:02 --------- d-----w C:\Documents and Settings\FANOUCHE\Application Data\Talkback
2008-05-19 16:42 --------- d-----w C:\Program Files\BitComet
2008-05-08 12:14 203,008 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 16:56 --------- d-----w C:\Program Files\SoftLogica
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-09-18 13:37 16,368 ----a-w C:\Documents and Settings\FANOUCHE\Application Data\GDIPFONTCACHEV1.DAT
2007-08-19 13:40 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-08-19 13:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
2007-08-19 13:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007081920070820\index.dat
2007-08-19 13:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-04_18.25.11.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-07-05 21:52:10 577,536 ----a-w C:\WINDOWS\LastGood\notepad.exe
+ 2004-08-19 15:10:04 331,264 ----a-w C:\WINDOWS\LastGood\regedit.exe
+ 2004-08-19 17:09:20 29,696 ----a-w C:\WINDOWS\LastGood\system32\dllcache\admexs.dll
+ 2003-03-24 13:52:04 20,540 ----a-w C:\WINDOWS\LastGood\system32\dllcache\admin.dll
+ 2003-03-24 13:52:04 16,439 ----a-w C:\WINDOWS\LastGood\system32\dllcache\admin.exe
+ 2004-08-19 17:09:20 43,520 ----a-w C:\WINDOWS\LastGood\system32\dllcache\admwprox.dll
+ 2002-09-06 21:00:00 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\admxprox.dll
+ 2002-09-06 21:00:00 50,176 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adrot.dll
+ 2004-08-19 17:09:20 290,816 ----a-w C:\WINDOWS\LastGood\system32\dllcache\adsiis51.dll
+ 2004-08-19 17:09:20 110,080 ----a-w C:\WINDOWS\LastGood\system32\dllcache\appconf.dll
+ 2004-08-19 17:09:20 334,336 ----a-w C:\WINDOWS\LastGood\system32\dllcache\aqueue.dll
+ 2006-12-13 11:52:44 377,344 ----a-w C:\WINDOWS\LastGood\system32\dllcache\asp51.dll
+ 2002-09-06 21:00:00 10,240 ----a-w C:\WINDOWS\LastGood\system32\dllcache\aspperf.dll
+ 2002-09-06 21:00:00 29,184 ----a-w C:\WINDOWS\LastGood\system32\dllcache\asptxn.dll
+ 2002-09-06 21:00:00 9,216 ----a-w C:\WINDOWS\LastGood\system32\dllcache\authfilt.dll
+ 2003-03-24 13:52:04 20,540 ----a-w C:\WINDOWS\LastGood\system32\dllcache\author.dll
+ 2003-03-24 13:52:04 16,439 ----a-w C:\WINDOWS\LastGood\system32\dllcache\author.exe
+ 2002-09-06 21:00:00 45,568 ----a-w C:\WINDOWS\LastGood\system32\dllcache\browscap.dll
+ 2002-09-06 21:00:00 218,112 ----a-w C:\WINDOWS\LastGood\system32\dllcache\c_g18030.dll
+ 2002-09-06 21:00:00 6,656 ----a-w C:\WINDOWS\LastGood\system32\dllcache\c_is2022.dll
+ 2002-09-06 21:00:00 10,752 ----a-w C:\WINDOWS\LastGood\system32\dllcache\c_iscii.dll
+ 2002-09-06 21:00:00 54,528 ----a-w C:\WINDOWS\LastGood\system32\dllcache\cap7146.sys
+ 2003-03-24 13:52:04 188,480 ----a-w C:\WINDOWS\LastGood\system32\dllcache\cfgwiz.exe
+ 2002-09-06 21:00:00 10,240 ----a-w C:\WINDOWS\LastGood\system32\dllcache\change.exe
+ 2002-09-06 21:00:00 13,824 ----a-w C:\WINDOWS\LastGood\system32\dllcache\chglogon.exe
+ 2002-09-06 21:00:00 15,872 ----a-w C:\WINDOWS\LastGood\system32\dllcache\chgport.exe
+ 2002-09-06 21:00:00 14,848 ----a-w C:\WINDOWS\LastGood\system32\dllcache\chgusr.exe
+ 2002-09-06 21:00:00 1,677,824 ----a-w C:\WINDOWS\LastGood\system32\dllcache\chsbrkr.dll
+ 2002-09-06 21:00:00 838,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\chtbrkr.dll
+ 2004-08-03 23:31:52 97,792 ----a-w C:\WINDOWS\LastGood\system32\dllcache\chtmbx.dll
+ 2004-08-03 23:31:54 56,320 ----a-w C:\WINDOWS\LastGood\system32\dllcache\chtskdic.dll
+ 2004-08-03 23:31:54 173,568 ----a-w C:\WINDOWS\LastGood\system32\dllcache\chtskf.dll
+ 2004-08-03 23:31:54 198,656 ----a-w C:\WINDOWS\LastGood\system32\dllcache\cintime.dll
+ 2004-08-03 23:31:56 480,256 ----a-w C:\WINDOWS\LastGood\system32\dllcache\cintsetp.exe
+ 2004-08-19 17:09:22 47,104 ----a-w C:\WINDOWS\LastGood\system32\dllcache\coadmin.dll
+ 2004-08-19 17:09:22 24,064 ----a-w C:\WINDOWS\LastGood\system32\dllcache\compfilt.dll
+ 2002-09-06 21:00:00 33,792 ----a-w C:\WINDOWS\LastGood\system32\dllcache\controt.dll
+ 2002-09-06 21:00:00 56,832 ----a-w C:\WINDOWS\LastGood\system32\dllcache\convlog.exe
+ 2002-09-06 21:00:00 20,480 ----a-w C:\WINDOWS\LastGood\system32\dllcache\counters.dll
+ 2004-08-03 23:31:40 57,399 ----a-w C:\WINDOWS\LastGood\system32\dllcache\cplexe.exe
+ 2002-09-06 21:00:00 19,456 ----a-w C:\WINDOWS\LastGood\system32\dllcache\cprofile.exe
+ 2004-08-19 17:09:52 42,496 ----a-w C:\WINDOWS\LastGood\system32\dllcache\davcdata.exe
+ 2002-09-06 21:00:00 514,587 ----a-w C:\WINDOWS\LastGood\system32\dllcache\edb500.dll
+ 2001-08-17 18:10:54 19,996 ----a-w C:\WINDOWS\LastGood\system32\dllcache\em556n4.sys
+ 2002-09-06 21:00:00 31,744 ----a-w C:\WINDOWS\LastGood\system32\dllcache\esucmd.dll
+ 2002-09-06 21:00:00 57,856 ----a-w C:\WINDOWS\LastGood\system32\dllcache\esuimgd.dll
+ 2002-09-06 21:00:00 45,568 ----a-w C:\WINDOWS\LastGood\system32\dllcache\esunid.dll
+ 2002-09-06 21:00:00 25,856 ----a-w C:\WINDOWS\LastGood\system32\dllcache\et4000.sys
+ 2004-08-19 17:09:26 109,568 ----a-w C:\WINDOWS\LastGood\system32\dllcache\evntagnt.dll
+ 2004-08-19 17:09:54 26,112 ----a-w C:\WINDOWS\LastGood\system32\dllcache\evntcmd.exe
+ 2004-08-19 17:09:54 94,720 ----a-w C:\WINDOWS\LastGood\system32\dllcache\evntwin.exe
+ 2001-08-23 15:46:58 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_adsiisex.dll
+ 2001-08-23 15:46:58 45,056 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_aqadmin.dll
+ 2001-08-23 15:47:04 43,520 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_fcachdll.dll
+ 2001-08-23 15:47:06 65,536 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_mailmsg.dll
+ 2001-08-23 15:47:16 38,912 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_ntfsdrv.dll
+ 2001-08-23 15:47:44 23,040 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_regtrace.exe
+ 2001-08-23 15:47:16 57,856 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_scripto.dll
+ 2001-08-23 15:47:18 26,112 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_seos.dll
+ 2001-08-23 15:47:18 12,800 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_smtpctrs.dll
+ 2001-08-23 15:47:18 7,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\EXCH_snprfdll.dll
+ 2004-08-19 17:09:26 14,336 ----a-w C:\WINDOWS\LastGood\system32\dllcache\exstrace.dll
+ 2002-09-06 21:00:00 7,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\f3ahvoas.dll
+ 2001-08-17 18:10:54 22,090 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fem556n5.sys
+ 2002-09-06 21:00:00 15,360 ----a-w C:\WINDOWS\LastGood\system32\dllcache\flattemp.exe
+ 2004-05-12 22:39:48 184,435 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4amsft.dll
+ 2003-03-24 13:52:04 82,035 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4anscp.dll
+ 2003-03-24 13:52:04 147,513 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4apws.dll
+ 2003-03-24 13:52:04 49,210 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4areg.dll
+ 2003-03-24 13:52:04 102,509 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4atxt.dll
+ 2003-03-24 13:52:04 41,020 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4avnb.dll
+ 2003-03-24 13:52:04 32,826 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4avss.dll
+ 2003-03-24 13:52:04 49,212 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4awebs.dll
+ 2004-05-12 22:39:48 876,653 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp4awel.dll
+ 2002-05-14 11:08:54 14,608 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp98sadm.exe
+ 2002-05-14 11:08:54 109,328 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fp98swin.exe
+ 2003-03-24 13:52:04 24,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpadmcgi.exe
+ 2003-03-24 13:52:04 20,541 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpadmdll.dll
+ 2003-03-24 13:52:04 188,494 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpcount.exe
+ 2002-05-14 11:08:54 94,208 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpencode.dll
+ 2003-03-24 13:52:04 20,541 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpexedll.dll
+ 2004-05-12 22:39:48 598,071 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpmmc.dll
+ 2003-04-14 18:29:34 217,088 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpmmcsat.dll
+ 2003-03-24 13:52:04 20,538 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fpremadm.exe
+ 2002-09-06 21:00:00 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ftlx041e.dll
+ 2002-09-06 21:00:00 7,680 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ftpctrs2.dll
+ 2004-08-19 17:09:28 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ftpmib.dll
+ 2002-09-06 21:00:00 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ftpsapi2.dll
+ 2004-08-19 17:09:28 127,488 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ftpsv251.dll
+ 2004-08-19 17:09:28 452,096 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsapi.dll
+ 2002-09-06 21:00:00 113,664 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxscfgwz.dll
+ 2004-08-19 17:09:56 143,360 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsclnt.exe
+ 2002-09-06 21:00:00 141,312 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsclntr.dll
+ 2004-08-19 17:09:28 72,192 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxscom.dll
+ 2004-08-19 17:09:28 285,184 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxscomex.dll
+ 2004-08-19 17:09:56 238,592 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxscover.exe
+ 2004-08-19 17:09:28 27,136 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsdrv.dll
+ 2004-08-19 17:09:28 66,048 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsevent.dll
+ 2004-08-19 17:09:28 23,552 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsext32.dll
+ 2004-08-19 17:09:28 24,064 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsmon.dll
+ 2004-08-19 17:09:28 8,704 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsperf.dll
+ 2004-08-19 17:08:14 7,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsres.dll
+ 2002-09-06 21:00:00 31,744 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsroute.dll
+ 2002-09-06 21:00:00 11,776 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxssend.exe
+ 2004-08-19 17:09:28 563,712 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsst.dll
+ 2004-08-19 17:09:56 268,800 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxssvc.exe
+ 2004-08-19 17:09:28 246,272 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxst30.dll
+ 2004-08-19 17:09:28 397,312 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxstiff.dll
+ 2004-08-19 17:09:28 156,672 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsui.dll
+ 2004-08-19 17:09:28 197,120 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxswzrd.dll
+ 2004-08-19 17:09:28 400,896 ----a-w C:\WINDOWS\LastGood\system32\dllcache\fxsxp32.dll
+ 2004-08-19 17:09:28 32,256 ----a-w C:\WINDOWS\LastGood\system32\dllcache\gzip.dll
+ 2002-09-06 21:00:00 36,864 ----a-w C:\WINDOWS\LastGood\system32\dllcache\hanjadic.dll
+ 2004-08-19 17:09:28 39,936 ----a-w C:\WINDOWS\LastGood\system32\dllcache\hostmib.dll
+ 2004-08-19 17:09:28 268,288 ----a-w C:\WINDOWS\LastGood\system32\dllcache\httpext.dll
+ 2004-08-19 17:09:28 8,192 ----a-w C:\WINDOWS\LastGood\system32\dllcache\httpmb51.dll
+ 2004-08-19 17:09:28 62,464 ----a-w C:\WINDOWS\LastGood\system32\dllcache\httpod51.dll
+ 2002-09-06 21:00:00 10,096,640 ----a-w C:\WINDOWS\LastGood\system32\dllcache\hwxcht.dll
+ 2002-09-06 21:00:00 13,463,552 ----a-w C:\WINDOWS\LastGood\system32\dllcache\hwxjpn.dll
+ 2002-09-06 21:00:00 10,129,408 ----a-w C:\WINDOWS\LastGood\system32\dllcache\hwxkor.dll
+ 2004-08-19 17:09:28 25,088 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisadmin.dll
+ 2004-08-19 17:09:28 145,408 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iische51.dll
+ 2002-09-06 21:00:00 60,928 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisclex4.dll
+ 2002-09-06 21:00:00 19,456 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iiscrmap.dll
+ 2004-08-19 17:09:28 68,608 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisext51.dll
+ 2004-08-19 17:09:28 7,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisfecnv.dll
+ 2004-08-19 17:09:28 79,872 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iislog51.dll
+ 2004-08-19 17:09:28 64,512 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iismap.dll
+ 2002-09-06 21:00:00 3,584 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iismui.dll
+ 2002-09-06 21:00:00 14,848 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisreset.exe
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisrstap.dll
+ 2004-08-19 17:09:56 31,232 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisrstas.exe
+ 2004-08-19 17:09:28 133,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisrtl.dll
+ 2002-09-06 21:00:00 6,656 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iissync.exe
+ 2002-09-06 21:00:00 173,056 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iisui.dll
+ 2004-08-04 00:04:38 106,496 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imekrcic.dll
+ 2004-08-04 00:04:34 86,016 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imekrmbx.dll
+ 2002-09-06 21:00:00 44,032 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imekrmig.exe
+ 2002-09-06 21:00:00 102,463 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imepadsm.dll
+ 2002-09-06 21:00:00 311,359 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imepadsv.exe
+ 2004-08-03 23:31:50 811,064 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjp81k.dll
+ 2004-08-03 23:31:52 368,696 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjpcic.dll
+ 2004-08-03 23:31:52 716,856 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjpcus.dll
+ 2002-09-06 21:00:00 57,398 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjpdadm.exe
+ 2004-08-03 23:31:54 81,976 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjpdct.dll
+ 2004-08-03 23:31:54 307,257 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjpdct.exe
+ 2004-08-03 23:31:56 155,705 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjpdsvr.exe
+ 2004-08-03 23:31:58 196,665 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjpinst.exe
+ 2004-08-03 23:32:00 208,952 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjpmig.exe
+ 2004-08-03 23:32:12 233,527 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjprw.exe
+ 2002-09-06 21:00:00 45,109 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjpuex.exe
+ 2004-08-03 23:32:16 262,200 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjputy.exe
+ 2004-08-03 23:32:16 274,489 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imjputyc.dll
+ 2002-09-06 21:00:00 59,904 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imkrinst.exe
+ 2004-08-03 23:32:28 102,456 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imlang.dll
+ 2004-08-03 23:31:50 59,392 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imscinst.exe
+ 2002-09-06 21:00:00 471,102 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imskdic.dll
+ 2002-09-06 21:00:00 315,452 ----a-w C:\WINDOWS\LastGood\system32\dllcache\imskf.dll
+ 2004-08-19 17:09:56 15,872 ----a-w C:\WINDOWS\LastGood\system32\dllcache\inetin51.exe
+ 2004-08-19 17:09:30 842,240 ----a-w C:\WINDOWS\LastGood\system32\dllcache\inetmgr.dll
+ 2002-09-06 21:00:00 7,680 ----a-w C:\WINDOWS\LastGood\system32\dllcache\inetmgr.exe
+ 2002-09-06 21:00:00 19,968 ----a-w C:\WINDOWS\LastGood\system32\dllcache\inetsloc.dll
+ 2004-08-19 17:09:30 13,312 ----a-w C:\WINDOWS\LastGood\system32\dllcache\infoadmn.dll
+ 2004-08-19 17:09:30 257,024 ----a-w C:\WINDOWS\LastGood\system32\dllcache\infocomm.dll
+ 2002-09-06 21:00:00 8,704 ----a-w C:\WINDOWS\LastGood\system32\dllcache\infoctrs.dll
+ 2004-08-19 17:09:32 36,864 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iprip.dll
+ 2002-09-06 21:00:00 7,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\isapips.dll
+ 2004-08-19 17:09:32 68,608 ----a-w C:\WINDOWS\LastGood\system32\dllcache\isatq.dll
+ 2004-08-19 17:09:32 27,648 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iscomlog.dll
+ 2002-09-06 21:00:00 9,216 ----a-w C:\WINDOWS\LastGood\system32\dllcache\iwrps.dll
+ 2002-09-06 21:00:00 18,432 ----a-w C:\WINDOWS\LastGood\system32\dllcache\jupiw.dll
+ 2002-09-06 21:00:00 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbd101.dll
+ 2002-09-06 21:00:00 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbd101a.dll
+ 2002-09-06 21:00:00 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbd106n.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbda1.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbda2.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbda3.dll
+ 2002-09-06 21:00:00 5,120 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdarme.dll
+ 2002-09-06 21:00:00 5,120 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdarmw.dll
+ 2002-09-06 21:00:00 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdax2.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbddiv1.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbddiv2.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdfa.dll
+ 2002-09-06 21:00:00 5,120 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdgeo.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdheb.dll
+ 2002-09-06 21:00:00 7,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdibm02.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdindev.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdinguj.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdinhin.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdinkan.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdinmar.dll
+ 2002-09-06 21:00:00 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdinpun.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdintam.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdintel.dll
+ 2002-09-06 21:00:00 6,656 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdlk41a.dll
+ 2002-09-06 21:00:00 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdlk41j.dll
+ 2002-09-06 21:00:00 7,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdnec95.dll
+ 2002-09-06 21:00:00 9,216 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdnecat.dll
+ 2002-09-06 21:00:00 7,680 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdnecnt.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdsyr1.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdsyr2.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdth0.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdth1.dll
+ 2002-09-06 21:00:00 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdth2.dll
+ 2002-09-06 21:00:00 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdth3.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdurdu.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdusa.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\kbdvntc.dll
+ 2002-09-06 21:00:00 70,656 ----a-w C:\WINDOWS\LastGood\system32\dllcache\korwbrkr.dll
+ 2004-08-19 17:09:32 33,792 ----a-w C:\WINDOWS\LastGood\system32\dllcache\lmmib2.dll
+ 2002-09-06 21:00:00 22,016 ----a-w C:\WINDOWS\LastGood\system32\dllcache\logscrpt.dll
+ 2004-08-19 17:09:32 13,312 ----a-w C:\WINDOWS\LastGood\system32\dllcache\lonsint.dll
+ 2004-08-19 17:09:32 23,040 ----a-w C:\WINDOWS\LastGood\system32\dllcache\lpdsvc.dll
+ 2004-08-19 17:09:32 19,456 ----a-w C:\WINDOWS\LastGood\system32\dllcache\lprmon.dll
+ 2004-08-19 17:09:32 37,888 ----a-w C:\WINDOWS\LastGood\system32\dllcache\md5filt.dll
+ 2002-09-06 21:00:00 26,624 ----a-w C:\WINDOWS\LastGood\system32\dllcache\mdsync.dll
+ 2004-08-19 17:09:32 86,016 ----a-w C:\WINDOWS\LastGood\system32\dllcache\metada51.dll
+ 2002-09-06 21:00:00 92,032 ----a-w C:\WINDOWS\LastGood\system32\dllcache\mga.dll
+ 2002-09-06 21:00:00 92,416 ----a-w C:\WINDOWS\LastGood\system32\dllcache\mga.sys
+ 2002-09-06 21:00:00 34,816 ----a-w C:\WINDOWS\LastGood\system32\dllcache\migisol.exe
+ 2006-12-13 11:50:36 8,704 ----a-w C:\WINDOWS\LastGood\system32\dllcache\migregdb.exe
+ 2002-09-06 21:00:00 98,304 ----a-w C:\WINDOWS\LastGood\system32\dllcache\msir3jp.dll
+ 2004-08-19 17:10:00 40,960 ----a-w C:\WINDOWS\LastGood\system32\dllcache\msiregmv.exe
+ 2002-09-06 21:00:00 111,104 ----a-w C:\WINDOWS\LastGood\system32\dllcache\mtstocom.exe
+ 2002-09-06 21:00:00 229,439 ----a-w C:\WINDOWS\LastGood\system32\dllcache\multibox.dll
+ 2002-09-06 21:00:00 53,248 ----a-w C:\WINDOWS\LastGood\system32\dllcache\nextlink.dll
+ 2004-08-19 17:09:38 45,056 ----a-w C:\WINDOWS\LastGood\system32\dllcache\nsepm.dll
+ 2007-02-28 16:08:25 2,061,440 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 16:08:21 2,184,192 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ntoskrnl.exe
+ 2004-08-03 23:32:12 15,872 ----a-w C:\WINDOWS\LastGood\system32\dllcache\padrs404.dll
+ 2002-09-06 21:00:00 36,927 ----a-w C:\WINDOWS\LastGood\system32\dllcache\padrs411.dll
+ 2002-09-06 21:00:00 14,336 ----a-w C:\WINDOWS\LastGood\system32\dllcache\padrs412.dll
+ 2004-08-03 23:31:50 15,360 ----a-w C:\WINDOWS\LastGood\system32\dllcache\padrs804.dll
+ 2002-09-06 21:00:00 31,744 ----a-w C:\WINDOWS\LastGood\system32\dllcache\pagecnt.dll
+ 2002-09-06 21:00:00 20,992 ----a-w C:\WINDOWS\LastGood\system32\dllcache\permchk.dll
+ 2004-08-03 23:31:50 175,104 ----a-w C:\WINDOWS\LastGood\system32\dllcache\pintlcsa.dll
+ 2004-08-03 23:31:50 53,760 ----a-w C:\WINDOWS\LastGood\system32\dllcache\pintlcsd.dll
+ 2004-08-03 23:31:50 70,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\pintlphr.exe
+ 2004-08-03 23:31:50 67,584 ----a-w C:\WINDOWS\LastGood\system32\dllcache\pmigrate.dll
+ 2002-09-06 21:00:00 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\pmxgl.dll
+ 2002-09-06 21:00:00 11,264 ----a-w C:\WINDOWS\LastGood\system32\dllcache\pmxmcro.dll
+ 2002-09-06 21:00:00 131,584 ----a-w C:\WINDOWS\LastGood\system32\dllcache\pmxviceo.dll
+ 2004-08-19 17:09:40 7,680 ----a-w C:\WINDOWS\LastGood\system32\dllcache\pwsdata.dll
+ 2002-09-06 21:00:00 10,240 ----a-w C:\WINDOWS\LastGood\system32\dllcache\query.exe
+ 2002-09-06 21:00:00 16,896 ----a-w C:\WINDOWS\LastGood\system32\dllcache\quser.exe
+ 2004-08-04 00:00:52 20,736 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ramdisk.sys
+ 2008-07-04 12:56:03 15,360 ----a-w C:\WINDOWS\LastGood\system32\dllcache\register.exe
+ 2004-08-19 17:09:40 4,096 ----a-w C:\WINDOWS\LastGood\system32\dllcache\rpcref.dll
+ 2002-09-06 21:00:00 25,088 ----a-w C:\WINDOWS\LastGood\system32\dllcache\rw001ext.dll
+ 2002-09-06 21:00:00 26,624 ----a-w C:\WINDOWS\LastGood\system32\dllcache\rw330ext.dll
+ 2002-09-06 21:00:00 81,408 ----a-w C:\WINDOWS\LastGood\system32\dllcache\rwia001.dll
+ 2002-09-06 21:00:00 81,408 ----a-w C:\WINDOWS\LastGood\system32\dllcache\rwia330.dll
+ 2004-08-19 17:09:40 9,728 ----a-w C:\WINDOWS\LastGood\system32\dllcache\rwnh.dll
+ 2004-08-19 17:09:42 221,696 ----a-w C:\WINDOWS\LastGood\system32\dllcache\seo.dll
+ 2003-03-24 13:52:04 20,536 ----a-w C:\WINDOWS\LastGood\system32\dllcache\shtml.dll
+ 2003-03-24 13:52:04 16,437 ----a-w C:\WINDOWS\LastGood\system32\dllcache\shtml.exe
+ 2002-09-06 21:00:00 18,944 ----a-w C:\WINDOWS\LastGood\system32\dllcache\simptcp.dll
+ 2002-09-06 21:00:00 25,088 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm59w.dll
+ 2002-09-06 21:00:00 30,208 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm81w.dll
+ 2002-09-06 21:00:00 30,208 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm87w.dll
+ 2002-09-06 21:00:00 26,112 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm89w.dll
+ 2002-09-06 21:00:00 26,112 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm8aw.dll
+ 2002-09-06 21:00:00 29,184 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm8cw.dll
+ 2002-09-06 21:00:00 26,112 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm8dw.dll
+ 2002-09-06 21:00:00 26,112 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm90w.dll
+ 2002-09-06 21:00:00 26,624 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm92w.dll
+ 2002-09-06 21:00:00 26,624 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm93w.dll
+ 2002-09-06 21:00:00 38,912 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sm9aw.dll
+ 2002-09-06 21:00:00 31,744 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sma3w.dll
+ 2002-09-06 21:00:00 31,744 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smb6w.dll
+ 2004-08-19 17:10:04 236,544 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smi2smir.exe
+ 2002-09-06 21:00:00 15,872 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smierrsm.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smierrsy.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smimsgif.dll
+ 2004-08-19 17:09:42 189,440 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smtpadm.dll
+ 2004-08-19 17:09:42 10,752 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smtpapi.dll
+ 2004-08-19 17:09:44 2,134,528 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smtpsnap.dll
+ 2004-08-19 17:09:44 466,944 ----a-w C:\WINDOWS\LastGood\system32\dllcache\smtpsvc.dll
+ 2004-08-19 17:10:04 32,768 ----a-w C:\WINDOWS\LastGood\system32\dllcache\snmp.exe
+ 2004-08-19 17:09:44 259,072 ----a-w C:\WINDOWS\LastGood\system32\dllcache\snmpcl.dll
+ 2004-08-19 17:09:44 358,400 ----a-w C:\WINDOWS\LastGood\system32\dllcache\snmpincl.dll
+ 2004-08-19 17:09:44 6,144 ----a-w C:\WINDOWS\LastGood\system32\dllcache\snmpmib.dll
+ 2004-08-19 17:09:44 188,416 ----a-w C:\WINDOWS\LastGood\system32\dllcache\snmpsmir.dll
+ 2002-09-06 21:00:00 10,240 ----a-w C:\WINDOWS\LastGood\system32\dllcache\snmpstup.dll
+ 2004-08-19 17:09:44 40,448 ----a-w C:\WINDOWS\LastGood\system32\dllcache\snmpthrd.dll
+ 2004-08-19 17:10:04 8,704 ----a-w C:\WINDOWS\LastGood\system32\dllcache\snmptrap.exe
+ 2002-09-06 21:00:00 143,422 ----a-w C:\WINDOWS\LastGood\system32\dllcache\softkey.dll
+ 2002-09-06 21:00:00 101,888 ----a-w C:\WINDOWS\LastGood\system32\dllcache\srusbusd.dll
+ 2004-08-19 17:09:46 45,568 ----a-w C:\WINDOWS\LastGood\system32\dllcache\ssinc51.dll
+ 2004-08-19 17:09:46 46,592 ----a-w C:\WINDOWS\LastGood\system32\dllcache\sspifilt.dll
+ 2002-09-06 21:00:00 16,896 ----a-w C:\WINDOWS\LastGood\system32\dllcache\status.dll
+ 2004-08-19 17:09:46 8,192 ----a-w C:\WINDOWS\LastGood\system32\dllcache\staxmem.dll
+ 2004-08-19 17:09:46 46,592 ----a-w C:\WINDOWS\LastGood\system32\dllcache\svcext51.dll
+ 2003-03-24 13:52:04 32,827 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tcptest.exe
+ 2003-04-14 18:29:34 16,384 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tcptsat.dll
+ 2002-09-06 21:00:00 13,192 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tdasync.sys
+ 2002-09-06 21:00:00 21,896 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tdipx.sys
+ 2002-09-06 21:00:00 19,464 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tdspx.sys
+ 2002-09-06 21:00:00 185,344 ----a-w C:\WINDOWS\LastGood\system32\dllcache\thawbrkr.dll
+ 2004-08-03 23:32:16 44,032 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tintlphr.exe
+ 2004-08-03 23:32:16 455,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tintsetp.exe
+ 2004-08-03 23:32:14 10,240 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tmigrate.dll
+ 2002-09-06 21:00:00 31,232 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tools.dll
+ 2002-09-06 21:00:00 14,336 ----a-w C:\WINDOWS\LastGood\system32\dllcache\tsprof.exe
+ 2004-08-19 17:09:48 104,448 ----a-w C:\WINDOWS\LastGood\system32\dllcache\uihelper.dll
+ 2004-08-04 00:04:12 76,288 ----a-w C:\WINDOWS\LastGood\system32\dllcache\uniime.dll
+ 2004-08-03 23:32:36 426,041 ----a-w C:\WINDOWS\LastGood\system32\dllcache\voicepad.dll
+ 2004-08-03 23:32:36 86,073 ----a-w C:\WINDOWS\LastGood\system32\dllcache\voicesub.dll
+ 2002-09-06 21:00:00 48,256 ----a-w C:\WINDOWS\LastGood\system32\dllcache\w32.dll
+ 2002-09-06 21:00:00 4,608 ----a-w C:\WINDOWS\LastGood\system32\dllcache\w3ctrs51.dll
+ 2002-09-06 21:00:00 74,240 ----a-w C:\WINDOWS\LastGood\system32\dllcache\w3ext.dll
+ 2002-09-06 21:00:00 5,632 ----a-w C:\WINDOWS\LastGood\system32\dllcache\w3svapi.dll
+ 2004-08-19 17:09:48 366,592 ----a-w C:\WINDOWS\LastGood\system32\dllcache\w3svc.dll
+ 2004-08-19 17:09:48 77,824 ----a-w C:\WINDOWS\LastGood\system32\dllcache\wam51.dll
+ 2002-09-06 21:00:00 9,216 ----a-w C:\WINDOWS\LastGood\system32\dllcache\wamps51.dll
+ 2004-08-19 17:09:48 53,248 ----a-w C:\WINDOWS\LastGood\system32\dllcache\wamreg51.dll
+ 2002-09-06 21:00:00 7,168 ----a-w C:\WINDOWS\LastGood\system32\dllcache\wamregps.dll
+ 2002-09-06 21:00:00 41,600 ----a-w C:\WINDOWS\LastGood\system32\dllcache\weitekp9.dll
+ 2002-09-06 21:00:00 31,360 ----a-w C:\WINDOWS\LastGood\system32\dllcache\weitekp9.sys
+ 2006-11-18 22:46:48 404,992 ----a-w C:\WINDOWS\LastGood\system32\fontext.dll
+ 2006-09-28 11:56:48 50,176 ----a-w C:\WINDOWS\LastGood\system32\iexpress.exe
+ 2006-11-18 22:54:10 281,600 ----a-w C:\WINDOWS\LastGood\system32\mstask.dll
+ 2006-11-18 22:58:56 91,648 ----a-w C:\WINDOWS\LastGood\system32\mydocs.dll
+ 2006-07-05 21:52:10 577,536 ----a-w C:\WINDOWS\LastGood\system32\notepad.exe
+ 2006-12-07 18:16:50 142,336 ----a-w C:\WINDOWS\LastGood\system32\sfc_os.dll
+ 2006-07-05 21:52:10 219,648 ----a-w C:\WINDOWS\LastGood\system32\uxtheme.dll
+ 2006-12-15 17:53:44 1,264,128 ----a-w C:\WINDOWS\LastGood\system32\winntbbu.dll
+ 2006-11-18 22:59:16 370,688 ----a-w C:\WINDOWS\LastGood\system32\zipfldr.dll
+ 2004-08-04 00:10:08 53,248 -c--a-w C:\WINDOWS\system32\dllcache\1394bus.sys
+ 2001-08-17 20:06:48 11,264 -c--a-w C:\WINDOWS\system32\dllcache\1394vdbg.sys
+ 2001-08-17 19:28:00 762,780 -c--a-w C:\WINDOWS\system32\dllcache\3cwmcru.sys
+ 2001-08-23 15:46:44 689,216 -c--a-w C:\WINDOWS\system32\dllcache\3dfxvs.dll
+ 2001-08-17 18:48:32 148,352 -c--a-w C:\WINDOWS\system32\dllcache\3dfxvsm.sys
+ 2004-08-03 21:00:04 12,288 -c--a-w C:\WINDOWS\system32\dllcache\4mmdat.sys
+ 2004-08-03 21:10:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\61883.sys
+ 2001-08-23 15:46:44 38,400 -c--a-w C:\WINDOWS\system32\dllcache\8514a.dll
+ 2002-04-11 01:41:06 65,536 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
+ 2001-08-23 15:46:58 462,848 -c--a-w C:\WINDOWS\system32\dllcache\a3dapi.dll
+ 2001-08-17 19:52:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\abp480n5.sys
+ 2004-08-03 20:32:22 231,552 -c--a-w C:\WINDOWS\system32\dllcache\ac97ali.sys
+ 2001-08-17 18:20:04 96,256 -c--a-w C:\WINDOWS\system32\dllcache\ac97intc.sys
+ 2001-08-17 18:20:16 297,728 -c--a-w C:\WINDOWS\system32\dllcache\ac97sis.sys
+ 2004-08-03 20:32:32 84,480 -c--a-w C:\WINDOWS\system32\dllcache\ac97via.sys
+ 2001-08-23 15:46:58 61,952 -c--a-w C:\WINDOWS\system32\dllcache\acerscad.dll
+ 2004-08-19 16:51:56 188,672 -c--a-w C:\WINDOWS\system32\dllcache\acpi.sys
+ 2002-09-06 21:00:00 12,032 -c--a-w C:\WINDOWS\system32\dllcache\acpiec.sys
+ 2001-08-17 19:53:02 7,424 -c--a-w C:\WINDOWS\system32\dllcache\adicvls.sys
+ 2001-08-17 18:11:18 20,160 -c--a-w C:\WINDOWS\system32\dllcache\adm8511.sys
+ 2001-08-17 18:19:10 584,448 -c--a-w C:\WINDOWS\system32\dllcache\adm8810.sys
+ 2001-08-17 18:19:14 553,984 -c--a-w C:\WINDOWS\system32\dllcache\adm8820.sys
+ 2001-08-17 18:19:14 747,392 -c--a-w C:\WINDOWS\system32\dllcache\adm8830.sys
+ 2004-08-03 20:32:24 10,880 -c--a-w C:\WINDOWS\system32\dllcache\admjoy.sys
+ 2001-08-17 18:11:16 46,112 -c--a-w C:\WINDOWS\system32\dllcache\adptsf50.sys
+ 2001-08-17 20:07:32 101,888 -c--a-w C:\WINDOWS\system32\dllcache\adpu160m.sys
+ 2004-08-19 14:09:20 4,255 -c--a-w C:\WINDOWS\system32\dllcache\adv01nt5.dll
+ 2004-08-19 14:09:20 3,967 -c--a-w C:\WINDOWS\system32\dllcache\adv02nt5.dll
+ 2004-08-19 14:09:20 3,615 -c--a-w C:\WINDOWS\system32\dllcache\adv05nt5.dll
+ 2004-08-19 14:09:20 3,647 -c--a-w C:\WINDOWS\system32\dllcache\adv07nt5.dll
+ 2004-08-19 14:09:20 3,135 -c--a-w C:\WINDOWS\system32\dllcache\adv08nt5.dll
+ 2004-08-19 14:09:20 3,711 -c--a-w C:\WINDOWS\system32\dllcache\adv09nt5.dll
+ 2004-08-19 14:09:20 3,775 -c--a-w C:\WINDOWS\system32\dllcache\adv11nt5.dll
+ 2006-02-14 23:22:26 142,464 -c--a-w C:\WINDOWS\system32\dllcache\aec.sys
+ 2004-08-03 21:07:42 42,368 -c--a-w C:\WINDOWS\system32\dllcache\agp440.sys
+ 2004-08-03 21:07:44 44,928 -c--a-w C:\WINDOWS\system32\dllcache\agpcpq.sys
+ 2001-08-17 19:52:02 12,800 -c--a-w C:\WINDOWS\system32\dllcache\aha154x.sys
+ 2001-08-17 20:07:36 55,168 -c--a-w C:\WINDOWS\system32\dllcache\aic78u2.sys
+ 2001-08-17 20:07:38 56,960 -c--a-w C:\WINDOWS\system32\dllcache\aic78xx.sys
+ 2001-08-17 18:11:18 27,678 -c--a-w C:\WINDOWS\system32\dllcache\ali5261.sys
+ 2001-08-17 19:49:02 26,624 -c--a-w C:\WINDOWS\system32\dllcache\alifir.sys
+ 2001-08-17 19:51:56 5,248 -c--a-w C:\WINDOWS\system32\dllcache\aliide.sys
+ 2004-08-03 21:07:42 42,752 -c--a-w C:\WINDOWS\system32\dllcache\alim1541.sys
+ 2001-08-17 18:11:20 16,969 -c--a-w C:\WINDOWS\system32\dllcache\amb8002.sys
+ 2004-08-03 21:07:44 43,008 -c--a-w C:\WINDOWS\system32\dllcache\amdagp.sys
+ 2006-12-13 12:06:00 41,216 -c--a-w C:\WINDOWS\system32\dllcache\amdk6.sys
+ 2006-12-13 12:06:00 41,600 -c--a-w C:\WINDOWS\system32\dllcache\amdk7.sys
+ 2001-08-17 19:52:04 12,032 -c--a-w C:\WINDOWS\system32\dllcache\amsint.sys
+ 2004-08-03 20:31:20 36,224 -c--a-w C:\WINDOWS\system32\dllcache\an983.sys
+ 2001-08-17 19:47:22 6,272 -c--a-w C:\WINDOWS\system32\dllcache\apmbatt.sys
+ 2006-12-13 12:06:00 60,800 -c--a-w C:\WINDOWS\system32\dllcache\arp1394.sys
+ 2001-08-17 19:52:00 26,496 -c--a-w C:\WINDOWS\system32\dllcache\asc.sys
+ 2001-08-17 19:52:04 22,400 -c--a-w C:\WINDOWS\system32\dllcache\asc3350p.sys
+ 2001-08-17 19:51:58 14,848 -c--a-w C:\WINDOWS\system32\dllcache\asc3550.sys
+ 2001-08-17 18:12:34 97,354 -c--a-w C:\WINDOWS\system32\dllcache\aspndis3.sys
+ 2004-08-03 20:59:44 95,360 -c--a-w C:\WINDOWS\system32\dllcache\atapi.sys
+ 2001-08-23 15:46:44 96,128 -c--a-w C:\WINDOWS\system32\dllcache\ati.dll
+ 2001-08-23 14:59:32 77,824 -c--a-w C:\WINDOWS\system32\dllcache\ati.sys
+ 2004-08-03 20:29:30 56,623 -c--a-w C:\WINDOWS\system32\dllcache\ati1btxx.sys
+ 2004-08-03 20:29:30 11,615 -c--a-w C:\WINDOWS\system32\dllcache\ati1mdxx.sys
+ 2004-08-03 20:29:30 12,047 -c--a-w C:\WINDOWS\system32\dllcache\ati1pdxx.sys
+ 2004-08-03 20:29:32 30,671 -c--a-w C:\WINDOWS\system32\dllcache\ati1raxx.sys
+ 2004-08-03 20:29:32 63,663 -c--a-w C:\WINDOWS\system32\dllcache\ati1rvxx.sys
+ 2004-08-03 20:29:32 26,367 -c--a-w C:\WINDOWS\system32\dllcache\ati1snxx.sys
+ 2004-08-03 20:29:32 21,343 -c--a-w C:\WINDOWS\system32\dllcache\ati1ttxx.sys
+ 2004-08-03 20:29:32 36,463 -c--a-w C:\WINDOWS\system32\dllcache\ati1tuxx.sys
+ 2004-08-03 20:29:32 29,455 -c--a-w C:\WINDOWS\system32\dllcache\ati1xbxx.sys
+ 2004-08-03 20:29:32 34,735 -c--a-w C:\WINDOWS\system32\dllcache\ati1xsxx.sys
+ 2004-08-19 14:09:20 229,376 -c--a-w C:\WINDOWS\system32\dllcache\ati2cqag.dll
+ 2004-08-19 14:09:20 377,984 -c--a-w C:\WINDOWS\system32\dllcache\ati2dvaa.dll
+ 2004-08-19 14:09:20 201,728 -c--a-w C:\WINDOWS\system32\dllcache\ati2dvag.dll
+ 2004-08-19 13:53:40 327,168 -c--a-w C:\WINDOWS\system32\dllcache\ati2mtaa.sys
+ 2004-08-19 13:53:42 701,440 -c--a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
+ 2004-08-19 14:09:20 870,784 -c--a-w C:\WINDOWS\system32\dllcache\ati3d1ag.dll
+ 2001-08-17 18:49:04 46,464 -c--a-w C:\WINDOWS\system32\dllcache\atibt829.sys
+ 2001-08-23 15:46:44 382,592 -c--a-w C:\WINDOWS\system32\dllcache\atidrab.dll
+ 2001-08-23 15:46:44 137,216 -c--a-w C:\WINDOWS\system32\dllcache\atidrae.dll
+ 2001-08-23 15:46:44 268,160 -c--a-w C:\WINDOWS\system32\dllcache\atidvai.dll
+ 2001-08-23 15:47:26 37,376 -c--a-w C:\WINDOWS\system32\dllcache\atievxx.exe
+ 2001-08-23 14:59:36 289,920 -c--a-w C:\WINDOWS\system32\dllcache\atimpab.sys
+ 2001-08-23 14:59:36 75,392 -c--a-w C:\WINDOWS\system32\dllcache\atimpae.sys
+ 2001-08-23 14:59:38 281,728 -c--a-w C:\WINDOWS\system32\dllcache\atimtai.sys
+ 2004-08-03 20:29:28 57,856 -c--a-w C:\WINDOWS\system32\dllcache\atinbtxx.sys
+ 2004-08-03 20:29:30 13,824 -c--a-w C:\WINDOWS\system32\dllcache\atinmdxx.sys
+ 2004-08-03 20:29:30 14,336 -c--a-w C:\WINDOWS\system32\dllcache\atinpdxx.sys
+ 2004-08-03 20:29:30 52,224 -c--a-w C:\WINDOWS\system32\dllcache\atinraxx.sys
+ 2004-08-03 20:29:32 104,960 -c--a-w C:\WINDOWS\system32\dllcache\atinrvxx.sys
+ 2004-08-03 20:29:32 28,672 -c--a-w C:\WINDOWS\system32\dllcache\atinsnxx.sys
+ 2004-08-03 20:29:32 13,824 -c--a-w C:\WINDOWS\system32\dllcache\atinttxx.sys
+ 2004-08-03 20:29:32 73,216 -c--a-w C:\WINDOWS\system32\dllcache\atintuxx.sys
+ 2004-08-03 20:29:32 31,744 -c--a-w C:\WINDOWS\system32\dllcache\atinxbxx.sys
+ 2004-08-03 20:29:32 63,488 -c--a-w C:\WINDOWS\system32\dllcache\atinxsxx.sys
+ 2001-08-17 18:49:36 10,240 -c--a-w C:\WINDOWS\system32\dllcache\atipcxxx.sys
+ 2001-08-23 15:46:44 104,832 -c--a-w C:\WINDOWS\system32\dllcache\atiraged.dll
+ 2001-08-23 14:59:40 70,784 -c--a-w C:\WINDOWS\system32\dllcache\atiragem.sys
+ 2001-08-17 18:49:12 49,920 -c--a-w C:\WINDOWS\system32\dllcache\atirtcap.sys
+ 2001-08-17 18:49:18 26,880 -c--a-w C:\WINDOWS\system32\dllcache\atirtsnd.sys
+ 2001-08-17 18:49:22 17,152 -c--a-w C:\WINDOWS\system32\dllcache\atitunep.sys
+ 2001-08-17 18:49:28 17,152 -c--a-w C:\WINDOWS\system32\dllcache\atitvsnd.sys
+ 2001-08-17 18:49:38 9,472 -c--a-w C:\WINDOWS\system32\dllcache\ativmdcd.sys
+ 2004-08-19 14:09:20 32,768 -c--a-w C:\WINDOWS\system32\dllcache\ativtmxx.dll
+ 2001-08-17 18:49:44 19,456 -c--a-w C:\WINDOWS\system32\dllcache\ativttxx.sys
+ 2004-08-19 14:09:20 516,768 -c--a-w C:\WINDOWS\system32\dllcache\ativvaxx.dll
+ 2001-08-17 18:49:48 26,624 -c--a-w C:\WINDOWS\system32\dllcache\ativxbar.sys
+ 2001-08-17 18:49:34 23,552 -c--a-w C:\WINDOWS\system32\dllcache\atixbar.sys
+ 2004-08-19 14:09:22 21,183 -c--a-w C:\WINDOWS\system32\dllcache\atv01nt5.dll
+ 2004-08-19 14:09:22 11,359 -c--a-w C:\WINDOWS\system32\dllcache\atv02nt5.dll
+ 2004-08-19 14:09:22 25,471 -c--a-w C:\WINDOWS\system32\dllcache\atv04nt5.dll
+ 2004-08-19 14:09:22 14,143 -c--a-w C:\WINDOWS\system32\dllcache\atv06nt5.dll
+ 2004-08-19 14:09:22 17,279 -c--a-w C:\WINDOWS\system32\dllcache\atv10nt5.dll
+ 2001-08-17 21:59:44 3,072 -c--a-w C:\WINDOWS\system32\dllcache\audstub.sys
+ 2004-08-03 21:10:12 38,912 -c--a-w C:\WINDOWS\system32\dllcache\avc.sys
+ 2001-08-17 20:01:12 36,096 -c--a-w C:\WINDOWS\system32\dllcache\avcaudio.sys
+ 2004-08-03 21:10:00 13,696 -c--a-w C:\WINDOWS\system32\dllcache\avcstrm.sys
+ 2001-08-23 15:46:58 87,552 -c--a-w C:\WINDOWS\system32\dllcache\avmcoxp.dll
+ 2001-08-23 15:46:58 144,384 -c--a-w C:\WINDOWS\system32\dllcache\avmenum.dll
+ 2001-08-17 18:13:48 37,568 -c--a-w C:\WINDOWS\system32\dllcache\avmwan.sys
+ 2001-08-17 18:19:16 36,992 -c--a-w C:\WINDOWS\system32\dllcache\aztw2320.sys
+ 2001-08-17 18:13:56 89,952 -c--a-w C:\WINDOWS\system32\dllcache\b1cbase.sys
+ 2001-08-23 15:00:08 97,248 -c--a-w C:\WINDOWS\system32\dllcache\b57xp32.sys
+ 2001-08-23 15:46:44 342,336 -c--a-w C:\WINDOWS\system32\dllcache\banshee.dll
+ 2001-08-17 18:48:28 36,128 -c--a-w C:\WINDOWS\system32\dllcache\banshee.sys
+ 2001-08-17 19:57:54 14,080 -c--a-w C:\WINDOWS\system32\dllcache\battc.sys
+ 2001-08-17 18:11:28 66,557 -c--a-w C:\WINDOWS\system32\dllcache\bcm42u.sys
+ 2001-08-17 18:11:26 54,271 -c--a-w C:\WINDOWS\system32\dllcache\bcm42xx5.sys
+ 2001-08-17 18:11:30 26,568 -c--a-w C:\WINDOWS\system32\dllcache\bcm4e5.sys
+ 2001-08-17 19:28:00 871,388 -c--a-w C:\WINDOWS\system32\dllcache\bcmdm.sys
+ 2004-08-03 21:10:14 11,776 -c--a-w C:\WINDOWS\system32\dllcache\bdasup.sys
+ 2001-08-23 15:46:58 105,472 -c--a-w C:\WINDOWS\system32\dllcache\binlsvc.dll
+ 2001-08-23 15:46:58 19,456 -c--a-w C:\WINDOWS\system32\dllcache\brbidiif.dll
+ 2001-08-23 15:46:58 9,728 -c--a-w C:\WINDOWS\system32\dllcache\brcoinst.dll
+ 2001-08-23 15:46:58 12,800 -c--a-w C:\WINDOWS\system32\dllcache\brevif.dll
+ 2001-08-17 19:12:12 2,944 -c--a-w C:\WINDOWS\system32\dllcache\brfilt.sys
+ 2001-08-17 19:12:22 12,160 -c--a-w C:\WINDOWS\system32\dllcache\brfiltlo.sys
+ 2001-08-17 19:12:24 3,968 -c--a-w C:\WINDOWS\system32\dllcache\brfiltup.sys
+ 2001-08-23 15:46:58 15,360 -c--a-w C:\WINDOWS\system32\dllcache\brmfbidi.dll
+ 2001-08-23 15:46:58 81,920 -c--a-w C:\WINDOWS\system32\dllcache\brmfcwia.dll
+ 2001-08-23 15:46:58 29,696 -c--a-w C:\WINDOWS\system32\dllcache\brmflpt.dll
+ 2001-08-23 15:47:30 32,256 -c--a-w C:\WINDOWS\system32\dllcache\brmfrsmg.exe
+ 2001-08-23 15:46:58 41,472 -c--a-w C:\WINDOWS\system32\dllcache\brmfusb.dll
+ 2001-08-17 19:12:24 3,168 -c--a-w C:\WINDOWS\system32\dllcache\brparimg.sys
+ 2001-08-23 15:01:54 39,808 -c--a-w C:\WINDOWS\system32\dllcache\brparwdm.sys
+ 2001-08-23 15:46:58 5,120 -c--a-w C:\WINDOWS\system32\dllcache\brscnrsm.dll
+ 2001-08-23 15:46:58 9,728 -c--a-w C:\WINDOWS\system32\dllcache\brserif.dll
+ 2001-08-17 19:12:20 60,416 -c--a-w C:\WINDOWS\system32\dllcache\brserwdm.sys
+ 2001-08-17 19:12:20 11,008 -c--a-w C:\WINDOWS\system32\dllcache\brusbmdm.sys
+ 2001-08-17 19:12:22 10,368 -c--a-w C:\WINDOWS\system32\dllcache\brusbscn.sys
+ 2001-08-17 18:11:24 31,529 -c--a-w C:\WINDOWS\system32\dllcache\brzwlan.sys
+ 2004-08-19 16:09:22 20,992 -c--a-w C:\WINDOWS\system32\dllcache\bthci.dll
+ 2004-08-03 21:10:40 17,024 -c--a-w C:\WINDOWS\system32\dllcache\bthenum.sys
+ 2004-08-03 21:10:40 38,016 -c--a-w C:\WINDOWS\system32\dllcache\bthmodem.sys
+ 2004-08-03 20:58:40 100,992 -c--a-w C:\WINDOWS\system32\dllcache\bthpan.sys
+ 2004-08-03 21:10:38 35,456 -c--a-w C:\WINDOWS\system32\dllcache\bthprint.sys
+ 2004-08-19 16:09:22 30,208 -c--a-w C:\WINDOWS\system32\dllcache\bthserv.dll
+ 2004-08-03 21:10:36 18,944 -c--a-w C:\WINDOWS\system32\dllcache\bthusb.sys
+ 2001-08-23 15:02:02 14,080 -c--a-w C:\WINDOWS\system32\dllcache\bulltlp3.sys
+ 2001-08-17 20:05:48 314,752 -c--a-w C:\WINDOWS\system32\dllcache\camdro21.sys
+ 2001-08-17 20:04:46 223,232 -c--a-w C:\WINDOWS\system32\dllcache\camdrv21.sys
+ 2001-08-17 20:04:48 171,264 -c--a-w C:\WINDOWS\system32\dllcache\camdrv30.sys
+ 2001-08-23 15:47:00 74,240 -c--a-w C:\WINDOWS\system32\dllcache\camexo20.dll
+ 2001-08-23 15:47:00 236,032 -c--a-w C:\WINDOWS\system32\dllcache\camext20.dll
+ 2001-08-23 15:47:00 119,296 -c--a-w C:\WINDOWS\system32\dllcache\camext30.dll
+ 2001-08-17 18:12:16 37,916 -c--a-w C:\WINDOWS\system32\dllcache\cb102.sys
+ 2001-08-17 18:12:42 39,680 -c--a-w C:\WINDOWS\system32\dllcache\cb325.sys
+ 2001-08-17 18:13:14 46,108 -c--a-w C:\WINDOWS\system32\dllcache\cben5.sys
+ 2002-09-06 21:00:00 13,952 -c--a-w C:\WINDOWS\system32\dllcache\cbidf2k.sys
+ 2001-08-23 15:03:10 715,466 -c--a-w C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
+ 2004-08-03 21:10:18 17,024 -c--a-w C:\WINDOWS\system32\dllcache\ccdecode.sys
+ 2001-08-17 19:52:06 7,680 -c--a-w C:\WINDOWS\system32\dllcache\cd20xrnt.sys
+ 2006-12-13 12:04:14 18,688 -c--a-w C:\WINDOWS\system32\dllcache\cdaudio.sys
- 2006-10-29 17:28:52 75,736 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2004-08-03 23:59:54 49,536 -c--a-w C:\WINDOWS\system32\dllcache\cdrom.sys
+ 2001-08-23 15:03:18 21,530 -c--a-w C:\WINDOWS\system32\dllcache\ce2n5.sys
+ 2001-08-23 15:03:18 27,164 -c--a-w C:\WINDOWS\system32\dllcache\ce3n5.sys
+ 2001-08-23 15:03:18 22,556 -c--a-w C:\WINDOWS\system32\dllcache\cem28n5.sys
+ 2001-08-23 15:03:20 22,556 -c--a-w C:\WINDOWS\system32\dllcache\cem33n5.sys
+ 2001-08-23 15:03:20 49,182 -c--a-w C:\WINDOWS\system32\dllcache\cem56n5.sys
+ 2004-08-19 14:09:22 15,423 -c--a-w C:\WINDOWS\system32\dllcache\ch7xxnt5.dll
+ 2004-08-03 21:00:14 8,192 -c--a-w C:\WINDOWS\system32\dllcache\changer.sys
+ 2001-08-23 15:04:00 980,034 -c--a-w C:\WINDOWS\system32\dllcache\cicap.sys
+ 2001-08-23 15:04:06 272,640 -c--a-w C:\WINDOWS\system32\dllcache\cinemclc.sys
+ 2006-12-13 12:04:14 262,528 -c--a-w C:\WINDOWS\system32\dllcache\cinemst2.sys
+ 2001-08-23 15:46:44 91,264 -c--a-w C:\WINDOWS\system32\dllcache\cirrus.dll
+ 2001-08-17 19:57:16 45,696 -c--a-w C:\WINDOWS\system32\dllcache\cirrus.sys
+ 2001-08-23 15:46:44 111,232 -c--a-w C:\WINDOWS\system32\dllcache\cl5465.dll
+ 2001-08-23 15:46:44 170,880 -c--a-w C:\WINDOWS\system32\dllcache\cl546x.dll
+ 2001-08-17 19:57:36 248,064 -c--a-w C:\WINDOWS\system32\dllcache\cl546xm.sys
+ 2004-08-03 21:07:40 14,080 -c--a-w C:\WINDOWS\system32\dllcache\cmbatt.sys
+ 2001-08-23 15:04:40 20,864 -c--a-w C:\WINDOWS\system32\dllcache\cmbp0wdm.sys
+ 2001-08-23 15:04:44 6,656 -c--a-w C:\WINDOWS\system32\dllcache\cmdide.sys
+ 2006-12-13 12:06:00 50,688 -c--a-w C:\WINDOWS\system32\dllcache\cnbjmon.dll
+ 2001-08-23 15:47:00 44,544 -c--a-w C:\WINDOWS\system32\dllcache\cnusd.dll
+ 2001-08-17 18:11:42 39,936 -c--a-w C:\WINDOWS\system32\dllcache\cnxt1803.sys
+ 2001-08-17 19:58:00 9,344 -c--a-w C:\WINDOWS\system32\dllcache\compbatt.sys
+ 2001-08-17 19:52:06 14,976 -c--a-w C:\WINDOWS\system32\dllcache\cpqarray.sys
+ 2006-12-13 12:04:14 11,776 -c--a-w C:\WINDOWS\system32\dllcache\cpqdap01.sys
+ 2001-08-23 15:07:28 21,533 -c--a-w C:\WINDOWS\system32\dllcache\cpqndis5.sys
+ 2001-08-23 15:07:28 61,194 -c--a-w C:\WINDOWS\system32\dllcache\cpqtrnd5.sys
+ 2001-08-23 15:47:00 216,576 -c--a-w C:\WINDOWS\system32\dllcache\cpscan.dll
+ 2001-08-17 18:19:18 42,112 -c--a-w C:\WINDOWS\system32\dllcache\crtaud.sys
+ 2006-12-13 12:06:00 40,704 -c--a-w C:\WINDOWS\system32\dllcache\crusoe.sys
+ 2001-08-23 15:47:00 175,104 -c--a-w C:\WINDOWS\system32\dllcache\csamsp.dll
+ 2001-08-17 18:19:28 6,912 -c--a-w C:\WINDOWS\system32\dllcache\ctlfacem.sys
+ 2001-08-17 18:19:20 3,712 -c--a-w C:\WINDOWS\system32\dllcache\ctljystk.sys
+ 2001-08-17 18:19:20 96,256 -c--a-w C:\WINDOWS\system32\dllcache\ctlsb16.sys
+ 2004-08-19 14:09:22 252,416 -c--a-w C:\WINDOWS\system32\dllcache\ctmasetp.dll
+ 2001-08-23 15:47:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\ctwdm32.dll
+ 2001-08-17 18:19:24 3,072 -c--a-w C:\WINDOWS\system32\dllcache\cwbase.sys
+ 2001-08-17 18:19:26 3,072 -c--a-w C:\WINDOWS\system32\dllcache\cwbmidi.sys
+ 2001-08-17 18:19:28 72,832 -c--a-w C:\WINDOWS\system32\dllcache\cwbwdm.sys
+ 2001-08-17 18:19:30 3,584 -c--a-w C:\WINDOWS\system32\dllcache\cwcosnt5.sys
+ 2001-08-17 18:19:36 111,872 -c--a-w C:\WINDOWS\system32\dllcache\cwcspud.sys
+ 2001-08-17 18:19:48 93,952 -c--a-w C:\WINDOWS\system32\dllcache\cwcwdm.sys
+ 2004-08-03 20:32:26 48,640 -c--a-w C:\WINDOWS\system32\dllcache\cwrwdm.sys
+ 2001-08-23 15:08:38 17,536 -c--a-w C:\WINDOWS\system32\dllcache\cyclad-z.sys
+ 2001-08-23 15:08:38 15,104 -c--a-w C:\WINDOWS\system32\dllcache\cyclom-y.sys
+ 2001-08-23 15:47:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\cyycoins.dll
+ 2001-08-23 15:08:40 50,944 -c--a-w C:\WINDOWS\system32\dllcache\cyyport.sys
+ 2001-08-23 15:47:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\cyyports.dll
+ 2001-08-23 15:47:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\cyzcoins.dll
+ 2001-08-23 15:08:42 50,688 -c--a-w C:\WINDOWS\system32\dllcache\cyzport.sys
+ 2001-08-23 15:47:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\cyzports.dll
+ 2001-08-23 15:08:44 117,760 -c--a-w C:\WINDOWS\system32\dllcache\d100ib5.sys
+ 2001-08-17 19:52:16 179,584 -c--a-w C:\WINDOWS\system32\dllcache\dac2w2k.sys
+ 2001-08-17 19:52:16 14,720 -c--a-w C:\WINDOWS\system32\dllcache\dac960nt.sys
+ 2001-08-23 15:47:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\dc210_32.dll
+ 2001-08-23 15:47:00 82,432 -c--a-w C:\WINDOWS\system32\dllcache\dc210usd.dll
+ 2001-08-17 18:12:02 63,208 -c--a-w C:\WINDOWS\system32\dllcache\dc21x4.sys
+ 2001-08-23 15:47:00 87,552 -c--a-w C:\WINDOWS\system32\dllcache\dc240usd.dll
+ 2001-08-23 15:47:00 112,128 -c--a-w C:\WINDOWS\system32\dllcache\dc260usd.dll
+ 2001-08-17 19:52:58 7,424 -c--a-w C:\WINDOWS\system32\dllcache\ddsmc.sys
+ 2001-08-17 18:11:44 20,928 -c--a-w C:\WINDOWS\system32\dllcache\defpa.sys
+ 2001-08-23 15:47:00 256,512 -c--a-w C:\WINDOWS\system32\dllcache\devcon32.dll
+ 2001-08-23 15:47:34 24,064 -c--a-w C:\WINDOWS\system32\dllcache\devldr32.exe
+ 2001-08-17 18:11:48 24,648 -c--a-w C:\WINDOWS\system32\dllcache\dfe650.sys
+ 2001-08-17 18:11:48 24,649 -c--a-w C:\WINDOWS\system32\dllcache\dfe650d.sys
+ 2001-08-23 15:09:48 29,691 -c--a-w C:\WINDOWS\system32\dllcache\dgapci.sys
+ 2001-08-23 15:47:00 422,429 -c--a-w C:\WINDOWS\system32\dllcache\dgconfig.dll
+ 2001-08-17 18:13:48 164,923 -c--a-w C:\WINDOWS\system32\dllcache\diapi2.sys
+ 2001-08-23 15:47:02 32,256 -c--a-w C:\WINDOWS\system32\dllcache\diapi2NT.dll
+ 2001-08-23 15:47:02 65,622 -c--a-w C:\WINDOWS\system32\dllcache\digiasyn.dll
+ 2001-08-23 15:10:10 37,927 -c--a-w C:\WINDOWS\system32\dllcache\digiasyn.sys
+ 2001-08-23 15:47:02 135,252 -c--a-w C:\WINDOWS\system32\dllcache\digidbp.dll
+ 2001-08-23 15:10:10 103,492 -c--a-w C:\WINDOWS\system32\dllcache\digidxb.sys
+ 2001-08-23 15:10:12 90,685 -c--a-w C:\WINDOWS\system32\dllcache\digifep5.sys
+ 2001-08-23 15:47:02 229,462 -c--a-w C:\WINDOWS\system32\dllcache\digifwrk.dll
+ 2001-08-23 15:47:02 159,828 -c--a-w C:\WINDOWS\system32\dllcache\digihlc.dll
+ 2001-08-23 15:47:02 102,484 -c--a-w C:\WINDOWS\system32\dllcache\digiinf.dll
+ 2001-08-23 15:47:02 41,046 -c--a-w C:\WINDOWS\system32\dllcache\digiisdn.dll
+ 2001-08-17 18:14:44 21,606 -c--a-w C:\WINDOWS\system32\dllcache\digiisdn.sys
+ 2001-08-23 15:47:02 110,621 -c--a-w C:\WINDOWS\system32\dllcache\digirlpt.dll
+ 2001-08-23 15:10:16 42,656 -c--a-w C:\WINDOWS\system32\dllcache\digirlpt.sys
+ 2001-08-23 15:47:34 622,621 -c--a-w C:\WINDOWS\system32\dllcache\digiview.exe
+ 2001-08-17 18:13:52 91,305 -c--a-w C:\WINDOWS\system32\dllcache\dimaint.sys
+ 2004-08-03 23:59:56 36,352 -c--a-w C:\WINDOWS\system32\dllcache\disk.sys
+ 2001-08-23 15:47:02 6,729 -c--a-w C:\WINDOWS\system32\dllcache\disrvci.dll
+ 2001-08-23 15:47:02 31,817 -c--a-w C:\WINDOWS\system32\dllcache\disrvpp.dll
+ 2001-08-23 15:47:02 38,985 -c--a-w C:\WINDOWS\system32\dllcache\disrvsu.dll
+ 2001-08-23 15:47:34 236,060 -c--a-w C:\WINDOWS\system32\dllcache\ditrace.exe
+ 2001-08-23 15:47:02 6,216 -c--a-w C:\WINDOWS\system32\dllcache\divaci.dll
+ 2001-08-23 15:47:02 37,962 -c--a-w C:\WINDOWS\system32\dllcache\divaprop.dll
+ 2001-08-23 15:47:02 29,768 -c--a-w C:\WINDOWS\system32\dllcache\divasu.dll
+ 2001-08-17 18:11:44 26,698 -c--a-w C:\WINDOWS\system32\dllcache\dlh5xnd5.sys
+ 2004-08-03 21:00:06 8,320 -c--a-w C:\WINDOWS\system32\dllcache\dlttape.sys
+ 2001-08-17 18:11:42 29,696 -c--a-w C:\WINDOWS\system32\dllcache\dm9pci5.sys
+ 2004-08-03 21:07:40 52,864 -c--a-w C:\WINDOWS\system32\dllcache\dmusic.sys
+ 2006-12-13 12:06:00 58,880 -c--a-w C:\WINDOWS\system32\dllcache\dmutil.dll
+ 2004-08-03 20:58:30 207,360 -c--a-w C:\WINDOWS\system32\dllcache\dot4.sys
+ 2001-08-17 19:47:32 12,928 -c--a-w C:\WINDOWS\system32\dllcache\dot4prt.sys
+ 2001-08-17 19:47:32 8,704 -c--a-w C:\WINDOWS\system32\dllcache\dot4scan.sys
+ 2001-08-23 15:11:02 24,064 -c--a-w C:\WINDOWS\system32\dllcache\dot4usb.sys
+ 2001-08-17 18:12:32 28,062 -c--a-w C:\WINDOWS\system32\dllcache\dp83820.sys
+ 2001-08-17 20:07:44 20,192 -c--a-w C:\WINDOWS\system32\dllcache\dpti2o.sys
+ 2004-08-03 21:08:00 60,288 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2004-08-03 21:07:58 2,944 -c--a-w C:\WINDOWS\system32\dllcache\drmkaud.sys
+ 2001-08-17 18:20:18 334,208 -c--a-w C:\WINDOWS\system32\dllcache\ds1wdm.sys
+ 2006-12-13 12:04:14 59,392 -c--a-w C:\WINDOWS\system32\dllcache\dvdplay.exe
+ 2004-08-04 00:00:56 71,040 -c--a-w C:\WINDOWS\system32\dllcache\dxg.sys
+ 2001-08-23 15:12:50 51,743 -c--a-w C:\WINDOWS\system32\dllcache\e1000nt5.sys
+ 2001-08-23 15:12:50 117,760 -c--a-w C:\WINDOWS\system32\dllcache\e100b325.sys
+ 2001-08-17 18:12:12 19,594 -c--a-w C:\WINDOWS\system32\dllcache\e100isa4.sys
+ 2001-08-23 15:13:26 44,615 -c--a-w C:\WINDOWS\system32\dllcache\el515.sys
+ 2001-08-17 18:10:56 55,999 -c--a-w C:\WINDOWS\system32\dllcache\el556nd5.sys
+ 2001-08-17 18:10:56 24,653 -c--a-w C:\WINDOWS\system32\dllcache\el574nd4.sys
+ 2001-08-17 18:10:58 69,692 -c--a-w C:\WINDOWS\system32\dllcache\el575nd5.sys
+ 2001-08-17 18:10:52 26,141 -c--a-w C:\WINDOWS\system32\dllcache\el589nd5.sys
+ 2001-08-17 18:11:00 69,194 -c--a-w C:\WINDOWS\system32\dllcache\el656cd5.sys
+ 2001-08-23 15:13:28 634,166 -c--a-w C:\WINDOWS\system32\dllcache\el656ct5.sys
+ 2001-08-17 18:11:00 77,386 -c--a-w C:\WINDOWS\system32\dllcache\el656nd5.sys
+ 2001-08-23 15:13:30 241,238 -c--a-w C:\WINDOWS\system32\dllcache\el656se5.sys
+ 2001-08-17 18:11:06 66,591 -c--a-w C:\WINDOWS\system32\dllcache\el90xbc5.sys
+ 2001-08-23 15:13:30 153,631 -c--a-w C:\WINDOWS\system32\dllcache\el90xnd5.sys
+ 2001-08-23 15:13:30 455,711 -c--a-w C:\WINDOWS\system32\dllcache\el985n51.sys
+ 2001-08-17 18:11:04 70,174 -c--a-w C:\WINDOWS\system32\dllcache\el98xn5.sys
+ 2001-08-23 15:13:32 175,104 -c--a-w C:\WINDOWS\system32\dllcache\el99xn51.sys
+ 2001-08-17 19:53:02 7,296 -c--a-w C:\WINDOWS\system32\dllcache\elmsmc.sys
+ 2001-08-17 18:10:52 25,159 -c--a-w C:\WINDOWS\system32\dllcache\elnk3.sys
+ 2001-08-17 18:10:54 19,996 -c--a-w C:\WINDOWS\system32\dllcache\em556n4.sys
+ 2001-08-17 18:19:26 283,904 -c--a-w C:\WINDOWS\system32\dllcache\emu10k1m.sys
+ 2001-08-17 21:46:40 6,400 -c--a-w C:\WINDOWS\system32\dllcache\enum1394.sys
+ 2001-08-17 19:50:20 144,896 -c--a-w C:\WINDOWS\system32\dllcache\epcfw2k.sys
+ 2001-08-17 18:12:08 18,503 -c--a-w C:\WINDOWS\system32\dllcache\epro4.sys
+ 2001-08-17 19:50:20 114,944 -c--a-w C:\WINDOWS\system32\dllcache\epstw2k.sys
+ 2001-08-23 15:16:00 630,016 -c--a-w C:\WINDOWS\system32\dllcache\eqn.sys
+ 2001-08-23 15:47:34 53,760 -c--a-w C:\WINDOWS\system32\dllcache\eqndiag.exe
+ 2001-08-23 15:47:34 51,712 -c--a-w C:\WINDOWS\system32\dllcache\eqnlogr.exe
+ 2001-08-23 15:47:34 62,464 -c--a-w C:\WINDOWS\system32\dllcache\eqnloop.exe
+ 2001-08-17 18:19:38 37,120 -c--a-w C:\WINDOWS\system32\dllcache\es1370mp.sys
+ 2001-08-17 18:19:34 40,704 -c--a-w C:\WINDOWS\system32\dllcache\es1371mp.sys
+ 2001-08-17 18:19:58 72,192 -c--a-w C:\WINDOWS\system32\dllcache\es1969.sys
+ 2001-08-17 18:19:48 174,464 -c--a-w C:\WINDOWS\system32\dllcache\es198x.sys
+ 2001-08-23 15:16:04 596,319 -c--a-w C:\WINDOWS\system32\dllcache\es56cvmp.sys
+ 2001-08-23 15:16:06 594,910 -c--a-w C:\WINDOWS\system32\dllcache\es56hpi.sys
+ 2001-08-23 15:16:06 348,222 -c--a-w C:\WINDOWS\system32\dllcache\es56tpi.sys
+ 2001-08-17 18:19:56 63,360 -c--a-w C:\WINDOWS\system32\dllcache\ess.sys
+ 2004-08-03 20:32:28 137,088 -c--a-w C:\WINDOWS\system32\dllcache\essm2e.sys
+ 2001-08-23 15:47:04 43,008 -c--a-w C:\WINDOWS\system32\dllcache\esucm.dll
+ 2001-08-23 15:47:04 34,816 -c--a-w C:\WINDOWS\system32\dllcache\esuimg.dll
+ 2001-08-23 15:47:04 46,080 -c--a-w C:\WINDOWS\system32\dllcache\esuni.dll
+ 2001-08-23 15:47:04 46,080 -c--a-w C:\WINDOWS\system32\dllcache\esunib.dll
+ 2001-08-17 18:12:08 16,998 -c--a-w C:\WINDOWS\system32\dllcache\ex10.sys
+ 2001-08-17 19:52:48 7,040 -c--a-w C:\WINDOWS\system32\dllcache\exabyte2.sys
+ 2001-08-17 18:11:54 12,362 -c--a-w C:\WINDOWS\system32\dllcache\f3ab18xi.sys
+ 2001-08-17 18:11:56 11,850 -c--a-w C:\WINDOWS\system32\dllcache\f3ab18xj.sys
+ 2001-08-17 18:12:32 16,074 -c--a-w C:\WINDOWS\system32\dllcache\fa312nd5.sys
+ 2001-08-17 18:12:32 24,618 -c--a-w C:\WINDOWS\system32\dllcache\fa410nd5.sys
+ 2004-08-03 23:59:28 27,392 -c--a-w C:\WINDOWS\system32\dllcache\fdc.sys
+ 2001-08-17 18:10:54 22,090 -c--a-w C:\WINDOWS\system32\dllcache\fem556n5.sys
+ 2001-08-17 18:13:08 27,165 -c--a-w C:\WINDOWS\system32\dllcache\fetnd5.sys
+ 2004-08-03 23:59:28 20,480 -c--a-w C:\WINDOWS\system32\dllcache\flpydisk.sys
+ 2001-08-23 15:47:04 72,192 -c--a-w C:\WINDOWS\system32\dllcache\fnfilter.dll
+ 2004-08-03 20:31:24 34,173 -c--a-w C:\WINDOWS\system32\dllcache\forehe.sys
+ 2001-08-17 18:14:24 444,416 -c--a-w C:\WINDOWS\system32\dllcache\fpcibase.sys
+ 2001-08-17 18:14:44 441,728 -c--a-w C:\WINDOWS\system32\dllcache\fpcmbase.sys
+ 2001-08-17 18:15:02 442,240 -c--a-w C:\WINDOWS\system32\dllcache\fpnpbase.sys
+ 2004-08-19 17:09:56 193,024 -c--a-w C:\WINDOWS\system32\dllcache\fsquirt.exe
+ 2006-12-13 12:04:14 12,416 -c--a-w C:\WINDOWS\system32\dllcache\fsvga.sys
+ 2002-09-06 21:00:00 126,080 -c--a-w C:\WINDOWS\system32\dllcache\ftdisk.sys
+ 2001-08-17 18:15:22 455,680 -c--a-w C:\WINDOWS\system32\dllcache\fus2base.sys
+ 2001-08-17 18:15:38 455,296 -c--a-w C:\WINDOWS\system32\dllcache\fusbbase.sys
+ 2001-08-23 15:47:04 92,672 -c--a-w C:\WINDOWS\system32\dllcache\fuusd.dll
+ 2001-08-17 18:15:56 454,912 -c--a-w C:\WINDOWS\system32\dllcache\fxusbase.sys
+ 2001-08-23 15:46:44 470,144 -c--a-w C:\WINDOWS\system32\dllcache\g200d.dll
+ 2001-08-23 15:18:04 320,512 -c--a-w C:\WINDOWS\system32\dllcache\g200m.sys
+ 2001-08-23 15:18:06 322,560 -c--a-w C:\WINDOWS\system32\dllcache\g400m.sys
+ 2004-08-03 21:07:44 46,464 -c--a-w C:\WINDOWS\system32\dllcache\gagp30kx.sys
+ 2004-08-03 21:08:22 10,624 -c--a-w C:\WINDOWS\system32\dllcache\gameenum.sys
+ 2004-08-03 21:08:30 59,136 -c--a-w C:\WINDOWS\system32\dllcache\gckernel.sys
+ 2001-08-23 15:18:36 17,664 -c--a-w C:\WINDOWS\system32\dllcache\gpr400.sys
+ 2001-08-23 15:18:40 82,560 -c--a-w C:\WINDOWS\system32\dllcache\grclass.sys
+ 2004-08-19 13:55:22 28,672 -c--a-w C:\WINDOWS\system32\dllcache\grserial.sys
+ 2004-08-19 17:09:28 7,168 -c--a-w C:\WINDOWS\system32\dllcache\hccoin.dll
+ 2001-08-23 15:19:04 908,000 -c--a-w C:\WINDOWS\system32\dllcache\hcf_msft.sys
+ 2006-12-13 12:06:00 20,992 -c--a-w C:\WINDOWS\system32\dllcache\hid.dll
+ 2001-08-17 19:58:00 19,200 -c--a-w C:\WINDOWS\system32\dllcache\hidbatt.sys
+ 2004-08-19 13:55:52 25,856 -c--a-w C:\WINDOWS\system32\dllcache\hidbth.sys
+ 2004-08-04 00:08:20 36,224 -c--a-w C:\WINDOWS\system32\dllcache\hidclass.sys
+ 2001-08-17 20:02:32 8,576 -c--a-w C:\WINDOWS\system32\dllcache\hidgame.sys
+ 2004-08-03 21:08:20 15,104 -c--a-w C:\WINDOWS\system32\dllcache\hidir.sys
+ 2004-08-04 00:08:18 24,960 -c--a-w C:\WINDOWS\system32\dllcache\hidparse.sys
+ 2004-08-19 14:09:28 21,504 -c--a-w C:\WINDOWS\system32\dllcache\hidserv.dll
+ 2001-08-17 20:02:50 2,688 -c--a-w C:\WINDOWS\system32\dllcache

répondre

fanouchka le 04 juillet 2008 à 19h32

Voilà le rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:30, on 04/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Global Startup: Canon LBP-800 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: RAID Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 5867 bytes

répondre

dédétraqué le 04 juillet 2008 à 19h48

Salut fanouchka

Je vois rien de probant dans ce rapport, Avast est un mauvais garnement, comme tu peux le voir.
Je te conseille très vivement de désinstaller Avast! pour Antivir, voir ce lien :

~ Avast! ne vous protège plus ? ~

L'utilitaire pour ça désinstallation :

http://www.avast.com/fre/avast-uninstall-utility.html

Tutoriel et téléchargement Antivir :

http://www.malekal.com/tutorial_antivir.php

Suivre le tutoriel et faire un scan en mode sans échec, sauvegarde le rapport et redémarre en mode normal et poste le rapport.

@++

répondre

fanouchka le 04 juillet 2008 à 20h03

Ok je m'y mets tout de suite. Merci beaucoup pour ton aide, je te postes ça dés que c'est fait.
Au risque d'abuser voudrais tu bien jeter un oeil sur le rapport Hijackthis de mon Pc qui est en reseau, pour être sûre qu'il n'a pas été contaminé? Je suis en train de faire un scan panda.

Voila le log du PC2:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:06, on 04/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Global Startup: Canon LBP-800 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6826 bytes

répondre

dédétraqué le 04 juillet 2008 à 20h11

Salut fanouchka

On ne peut pas ce fier que sur un rapport HijackThis, mais tous semble OK pour ton Deuxième PC.

@++

répondre

fanouchka le 05 juillet 2008 à 00h12

Salut détrak,

C'était long mais mais il est arrivé! voila le rapport de Antivir:

Avira AntiVir Personal
Report file date: vendredi 4 juillet 2008 20:38

Scanning for 1165085 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: FANOUCHE
Computer name: FANOUCHKA

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:42
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 19:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25/03/2008 08:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 07/04/2008 15:34:46
AESCN.DLL : 8.1.0.12 115060 Bytes 07/04/2008 15:34:46
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:46
AEPACK.DLL : 8.1.1.0 364918 Bytes 18/03/2008 11:20:44
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 07/04/2008 15:34:46
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 07/04/2008 15:34:46
AEHELP.DLL : 8.1.0.11 115061 Bytes 07/04/2008 15:34:44
AEGEN.DLL : 8.1.0.15 299379 Bytes 07/04/2008 15:34:44
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:44
AECORE.DLL : 8.1.0.25 168309 Bytes 08/04/2008 09:58:34
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:52
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:48
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:26
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:12

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 4 juillet 2008 20:38

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '31' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <PRIVE>
Begin scan in 'E:\' <NEW>
Begin scan in 'H:\' <VIDEOTHEQUE>

End of the scan: vendredi 4 juillet 2008 23:00
Used time: 2:21:45 min

The scan has been done completely.

6939 Scanning directories
301284 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
301284 Files not concerned
7996 Archives were scanned
2 Warnings
0 Notes

Mon piti PC va bien mieux, pourtant j'ai vraiment flipé un moment. Heureusement tu étais là :super:

Je ne sais pas vraiment ce qu'a fait Antivir des 2 alarmes qu'il a détecté, mais tout semble avoir repris son cours.
Merci beaucoup pour toute ton aide. Fan

répondre

dédétraqué le 05 juillet 2008 à 02h14

Salut fanouchka

Ton rapport est propre, on va faire un ménage des outils téléchargés, télécharge Tools Cleaner sur le bureau :

http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
http://www.commentcamarche.net/download/fichiers/ToolsCleaner2.exe

- Double clique sur ToolsCleaner2.exe sur le bureau
- Clique sur Recherche et laisse le scan agir.
- Clique sur Suppression pour finaliser.
- Tu peux, si tu le souhaites, te servir des Options facultatives.
- Clique sur Quitter pour obtenir le rapport.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

-----

- Je te donne quelques consignes de sécurité :

- Windows Update parfaitement à jour http://www.windowsupdate.com/ (catégories critique, Services Pack et Services Release)
- pare-feu bien paramétré
- antivirus bien paramétré et mis à jour régulièrement (quotidiennement s'il le faut) avec un scan complet régulier (journalier s'il le faut).
- une attitude prudente vis à vis de la navigation (pas de sites douteux : cracks, warez, sexe...) et vis à vis de la messagerie (fichiers joints aux messages doivent être scannés avant d'être ouverts)
- une attitude vigilante (être à l'affût d'un fonctionnement inhabituel de son système)
- nettoyage hebdomadaire du système (suppression des fichiers inutiles, nettoyage de la base de registre, scandisk, defrag)
- scan hebdomadaire antispyware
- un contôle régulier de la console JAVA pour s'assurer qu'elle est à jour http://www.java.com/en/download/help/testvm.xml

Si tu considère ton problème comme résolu, édite [:jlj:3]

ton premier poste et ajoute [résolu] dans le titre.

@++

répondre

fanouchka le 10 juillet 2008 à 12h37

Bonjour,

J'ai bien suivi tes dernières instructions, voilà le rapport du Tool cleaner:

-->- Recherche:

C:\Qoobox: trouvé !
C:\Documents and Settings\FANOUCHE\Bureau\Nouveau dossier\HijackThis.lnk: trouvé !
C:\Documents and Settings\FANOUCHE\Bureau\Nouveau dossier\ComboFix.exe: trouvé !
C:\Documents and Settings\FANOUCHE\Bureau\Nouveau dossier\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\FANOUCHE\Bureau\Nouveau dossier\HijackThis.lnk: supprimé !
C:\Documents and Settings\FANOUCHE\Bureau\Nouveau dossier\ComboFix.exe: supprimé !
C:\Documents and Settings\FANOUCHE\Bureau\Nouveau dossier\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Qoobox: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !

J'espère que du coup windows n'aura plus à faire de vérification du système au démarrage.
Antivir est installé et à jour.
Je considère ce sujet comme largement résolu, merci beaucoup pour ton aide.
Me conseille tu un pare feu et un anti spyware en particulier? Kerio bloquait mes partages reseaux et j'ai du mal à configurer pc-cillin.

Merci encore. Fan

répondre

dédétraqué le 11 juillet 2008 à 03h59

Salut fanouchka

Comme pare feu :

http://www.malekal.com/tutorial_zonealarm.php
http://www.malekal.com/tutorial_SygateFirewall.php

Comme Anti spyware tu as déjà AVG Anti-Spyware 7.5 qui est très bien

@++

répondre