Se connecter / S'enregistrer
Votre question

Virus win:32 bamital

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Novembre 2010 17:40:53

bonjour

depuis plusieur jours j'ai des redirections sur mes page internet et j'ai aussi des fenentre comme quoi avast a bloqué un virus et ce virus est win:32 BAMITAL je souhaiterais savoir comment m'en debarrassé car mon pc rame et je met plusieur minute avant d arrivé a faire mes cherche que se soit internet explorer ou morzilla

Autres pages sur : virus win bamital

12 Novembre 2010 21:25:48

Bonsoir

  • Télécharge OTL (de OldTimer) sur ton Bureau.
  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
  • Coche également les cases à côté de Recherche Lop et Recherche Purity.
  • sous Personnalisation (dans le cadre blanc), copie_colle le contenu du cadre ci dessous:


    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    userinit.exe
    winlogon.exe
    wininit.exe
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT



  • Enfin, clique sur le bouton Analyse. Laisse travailler l'outil.
  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

    Pour me transmettre les rapports :
  • Clique sur ce lien : http://www.cijoint.fr/
    12 Novembre 2010 21:46:07

    je suis entrain de faire l'analyse avec otl et je poste les rapport des quil sont la et j'attendrai vos consigne et merci de me rendre service car cest vraiment galere
    Contenus similaires
    12 Novembre 2010 22:05:52

    ok
    c'est bien bamital, mais par contre, pas sûr que tu ais des copies saines sur ton pc... :o 

    Citation :
    < MD5 for: EXPLORER.EXE >
    [2008/04/14 13:00:00 | 001,037,824 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2008/04/14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\dllcache\userinit.exe
    [2008/04/14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2008/04/14 13:00:00 | 000,512,000 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\winlogon.exe



    Tu as ton cd de xp?

    ++++++++++++

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    <@_@>
    12 Novembre 2010 22:10:22

    le lien pour telechargé combo fix ne marche pas
    12 Novembre 2010 22:20:39

    re
    comment ça?


    http://download.bleepingcomputer.com/sUBs/ComboFix.exe


    si ça marche pas, prends celui ci: (cokinefix.exe, c'est combofix que j'ai renomé pour un autre internaute)

    http://www.sendspace.com/file/5yw5ei


    edit, ça serait plus simple si tu me postais ton rapport: C:\Combofix.txt

    vu:
    Citation :
    [2010/11/12 17:10:39 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2010/11/12 17:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/11/12 17:03:35 | 000,000,000 | ---D | C] -- C:\Qoobox


    Et, j'ai demandé si tu avais ton cd de windows...
    :D 


    12 Novembre 2010 22:44:54

    ComboFix 10-11-12.01 - Packard Bell 12/11/2010 22:18:06.1.2 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1012.452 [GMT 1:00]
    Lancé depuis: C:\Documents and Settings\Packard Bell\Bureau\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Packard Bell\Application Data\completescan
    C:\Documents and Settings\Packard Bell\Application Data\download2
    C:\Documents and Settings\Packard Bell\Application Data\install
    C:\WINDOWS\system32\404Fix.exe
    C:\WINDOWS\system32\Agent.OMZ.Fix.exe
    C:\WINDOWS\system32\dumphive.exe
    C:\WINDOWS\system32\IEDFix.C.exe
    C:\WINDOWS\system32\IEDFix.exe
    C:\WINDOWS\system32\Install.cmd
    C:\WINDOWS\system32\o4Patch.exe
    C:\WINDOWS\system32\Process.exe
    C:\WINDOWS\system32\SrchSTS.exe
    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\system32\VACFix.exe
    C:\WINDOWS\system32\VCCLSID.exe
    C:\WINDOWS\system32\WS2Fix.exe
    C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll

    C:\WINDOWS\explorer.exe . . . est infecté!!

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Legacy_USNJSVC
    -------\Service_usnjsvc


    ((((((((((((((((((((((((((((( Fichiers créés du 2010-10-12 au 2010-11-12 ))))))))))))))))))))))))))))))))))))
    .

    2010-11-10 23:15:04 . 2010-11-10 23:15:05 -------- d-----w- C:\WINDOWS\Internet Logs
    2010-11-10 22:57:37 . 2010-11-10 22:57:37 -------- d-----w- C:\Documents and Settings\Packard Bell\Application Data\CheckPoint
    2010-11-10 22:57:06 . 2010-11-10 22:57:06 -------- d-----w- C:\Program Files\Conduit
    2010-11-10 22:57:06 . 2010-11-10 22:57:06 -------- d-----w- C:\Documents and Settings\Packard Bell\Local Settings\Application Data\Conduit
    2010-11-10 22:56:48 . 2010-11-10 22:56:48 -------- d-----w- C:\Program Files\CheckPoint
    2010-11-10 22:54:15 . 2010-11-10 22:54:15 388096 ----a-r- C:\Documents and Settings\Packard Bell\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-11-10 22:11:53 . 2010-11-10 22:13:18 -------- d-----w- C:\Documents and Settings\Administrateur
    2010-11-05 22:08:14 . 2010-11-05 22:08:14 -------- d-----w- C:\Program Files\Fichiers communs\Skype
    2010-11-05 13:15:07 . 2010-11-05 13:39:41 -------- d-----w- C:\Documents and Settings\Packard Bell\Local Settings\Application Data\IM
    2010-11-05 13:14:22 . 2010-11-05 13:14:22 -------- d-----w- C:\Documents and Settings\All Users\Application Data\IncrediMail
    2010-11-05 13:14:21 . 2010-11-05 13:16:44 -------- d-----w- C:\Documents and Settings\All Users\Application Data\IM
    2010-11-03 17:48:19 . 2010-11-03 17:51:48 -------- dc-h--w- C:\WINDOWS\ie8
    2010-11-02 17:57:21 . 2010-11-10 18:57:42 -------- d-----w- C:\Program Files\Trend Micro
    2010-10-27 11:35:28 . 2010-10-27 11:35:28 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\QuickScan
    2010-10-27 11:09:09 . 2010-10-27 11:09:09 -------- d-----w- C:\Documents and Settings\Packard Bell\Application Data\QuickScan
    2010-10-27 11:00:40 . 2010-10-27 12:12:32 82563 ----a-w- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
    2010-10-27 09:06:30 . 2010-10-27 09:06:30 -------- d-----w- C:\Program Files\Loaris
    2010-10-25 23:59:32 . 2010-10-25 23:59:32 -------- d-----w- C:\Documents and Settings\Packard Bell\Application Data\Malwarebytes
    2010-10-25 23:59:21 . 2010-10-25 23:59:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2010-10-25 14:50:03 . 2010-10-25 14:51:09 -------- d-----w- C:\Documents and Settings\All Users\Application Data\MFAData
    2010-10-15 11:21:02 . 2010-10-15 11:21:05 -------- d-----w- C:\WINDOWS\system32\GroupPolicy

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 10:23:26 . 2009-01-16 19:51:47 974848 ----a-w- C:\WINDOWS\system32\mfc42u.dll
    2010-09-18 06:53:24 . 2009-01-16 19:51:47 974848 ----a-w- C:\WINDOWS\system32\mfc42.dll
    2010-09-18 06:53:24 . 2009-01-16 19:51:47 954368 ----a-w- C:\WINDOWS\system32\mfc40.dll
    2010-09-18 06:53:24 . 2009-01-16 19:51:47 953856 ----a-w- C:\WINDOWS\system32\mfc40u.dll
    2010-09-10 05:50:18 . 2009-01-16 19:51:58 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
    2010-09-10 05:50:15 . 2009-01-16 19:51:46 43520 ------w- C:\WINDOWS\system32\licmgr10.dll
    2010-09-10 05:50:15 . 2009-01-16 19:51:45 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
    2010-09-07 15:12:17 . 2010-07-20 14:31:10 38848 ----a-w- C:\WINDOWS\avastSS.scr
    2010-09-07 15:11:54 . 2010-02-14 10:33:31 167592 ----a-w- C:\WINDOWS\system32\aswBoot.exe
    2010-09-07 14:52:25 . 2010-02-14 10:34:01 46672 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
    2010-09-07 14:52:03 . 2010-02-14 10:34:03 165584 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
    2010-09-07 14:47:46 . 2010-02-14 10:34:02 23376 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
    2010-09-07 14:47:19 . 2010-02-14 10:33:59 100176 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
    2010-09-07 14:47:16 . 2010-02-14 10:33:59 94544 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
    2010-09-07 14:47:07 . 2010-02-14 10:34:03 17744 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2010-09-07 14:46:51 . 2010-02-14 10:33:59 28880 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
    2010-09-01 11:51:51 . 2009-01-16 19:51:37 285824 ----a-w- C:\WINDOWS\system32\atmfd.dll
    2010-09-01 07:55:16 . 2009-01-16 19:51:58 1852928 ----a-w- C:\WINDOWS\system32\win32k.sys
    2010-08-27 08:02:58 . 2009-01-16 19:51:56 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
    2010-08-27 05:58:58 . 2009-01-16 19:51:55 99840 ----a-w- C:\WINDOWS\system32\srvsvc.dll
    2010-08-27 01:43:50 . 2008-05-05 05:25:10 5632 ----a-w- C:\WINDOWS\system32\xpsp4res.dll
    2010-08-26 13:39:50 . 2009-01-16 19:51:55 357248 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
    2010-08-23 16:12:44 . 2009-01-16 19:51:38 617472 ----a-w- C:\WINDOWS\system32\comctl32.dll
    2010-08-17 13:17:06 . 2009-01-16 19:51:55 58880 ----a-w- C:\WINDOWS\system32\spoolsv.exe
    2010-08-16 08:44:32 . 2009-01-16 19:51:53 590848 ----a-w- C:\WINDOWS\system32\rpcrt4.dll
    2010-07-01 22:05:06 . 2009-11-27 12:51:59 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ------- Sigcheck -------

    [-] 2008-04-14 12:00:00 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\dllcache\atapi.sys
    [-] 2008-04-14 12:00:00 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\drivers\atapi.sys
    [-] 2008-04-14 12:00:00 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

    [-] 2008-04-14 12:00:00 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\dllcache\asyncmac.sys
    [-] 2008-04-14 12:00:00 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\asyncmac.sys

    [-] 2008-04-14 12:00:00 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\dllcache\beep.sys
    [-] 2008-04-14 12:00:00 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\drivers\beep.sys

    [-] 2008-04-14 12:00:00 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\dllcache\kbdclass.sys
    [-] 2008-04-14 12:00:00 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\drivers\kbdclass.sys
    [-] 2008-04-14 12:00:00 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\kbdclass.sys

    [-] 2008-04-14 12:00:00 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\dllcache\ndis.sys
    [-] 2008-04-14 12:00:00 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ndis.sys

    [-] 2008-04-14 12:00:00 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\dllcache\ntfs.sys
    [-] 2008-04-14 12:00:00 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\drivers\ntfs.sys

    [-] 2008-04-14 12:00:00 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\dllcache\null.sys
    [-] 2008-04-14 12:00:00 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\drivers\null.sys

    [-] 2008-06-20 11:59:02 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\dllcache\tcpip.sys
    [-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\drivers\tcpip.sys
    [-] 2008-04-14 12:00:00 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys

    [-] 2008-04-14 12:00:00 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\browser.dll
    [-] 2008-04-14 12:00:00 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\dllcache\browser.dll

    [-] 2008-04-14 12:00:00 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\lsass.exe
    [-] 2008-04-14 12:00:00 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\dllcache\lsass.exe

    [-] 2008-04-14 12:00:00 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\netman.dll
    [-] 2008-04-14 12:00:00 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\dllcache\netman.dll

    [-] 2008-04-14 12:00:00 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\qmgr.dll
    [-] 2008-04-14 12:00:00 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\dllcache\qmgr.dll

    [-] 2009-02-09 10:56:34 . F83B964469D230F445613C44DF9FE25D . 401408 . . [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] . . C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
    [-] 2009-02-09 10:53:55 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\rpcss.dll
    [-] 2009-02-09 10:53:55 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\dllcache\rpcss.dll
    [-] 2008-04-14 12:00:00 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll

    [-] 2009-02-09 11:23:48 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\services.exe
    [-] 2009-02-09 11:23:48 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\dllcache\services.exe
    [-] 2009-02-09 11:16:53 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] . . C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
    [-] 2008-04-14 12:00:00 . 54CB50058851D95E56EC70D09F70857F . 109056 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\$NtUninstallKB956572$\services.exe

    [-] 2010-08-17 13:19:36 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024 (xpsp_sp3_qfe.100817-1627)] . . C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
    [-] 2010-08-17 13:17:06 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)] . . C:\WINDOWS\system32\spoolsv.exe
    [-] 2010-08-17 13:17:06 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)] . . C:\WINDOWS\system32\dllcache\spoolsv.exe
    [-] 2008-04-14 12:00:00 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe

    [-] 2008-04-14 12:00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 512000 . . [------] . . C:\WINDOWS\system32\winlogon.exe

    [-] 2010-08-23 16:12:44 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82 (xpsp_sp3_qfe.100823-1643)] . . C:\WINDOWS\system32\comctl32.dll
    [-] 2010-08-23 16:12:44 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82 (xpsp_sp3_qfe.100823-1643)] . . C:\WINDOWS\system32\dllcache\comctl32.dll
    [-] 2010-08-23 16:12:39 . AD6F8920E9BC4ADF4F2844E3ED0D47AF . 1054208 . . [6.0 (xpsp_sp3_qfe.100823-1643)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    [-] 2008-04-14 12:00:00 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82 (xpsp.080413-2105)] . . C:\WINDOWS\$NtUninstallKB2296011$\comctl32.dll
    [-] 2008-04-14 12:00:00 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0 (xpclient.010817-1148)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    [-] 2008-04-14 12:00:00 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0 (xpsp.080413-2105)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

    [-] 2008-04-14 12:00:00 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\cryptsvc.dll
    [-] 2008-04-14 12:00:00 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\dllcache\cryptsvc.dll

    [-] 2008-07-07 20:28:20 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\system32\es.dll
    [-] 2008-07-07 20:28:20 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\system32\dllcache\es.dll
    [-] 2008-07-07 20:24:11 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
    [-] 2008-04-14 12:00:00 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . C:\WINDOWS\$NtUninstallKB950974$\es.dll

    [-] 2008-04-14 12:00:00 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\imm32.dll
    [-] 2008-04-14 12:00:00 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\dllcache\imm32.dll

    [-] 2009-03-21 14:07:58 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)] . . C:\WINDOWS\system32\kernel32.dll
    [-] 2009-03-21 14:07:58 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)] . . C:\WINDOWS\system32\dllcache\kernel32.dll
    [-] 2009-03-21 14:00:17 . C3AF0EEE26B59484E674673E3016AAB7 . 1056768 . . [5.1.2600.5781 (xpsp_sp3_qfe.090321-1341)] . . C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll
    [-] 2008-04-14 12:00:00 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll

    [-] 2008-04-14 12:00:00 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\linkinfo.dll
    [-] 2008-04-14 12:00:00 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\dllcache\linkinfo.dll

    [-] 2008-04-14 12:00:00 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\lpk.dll
    [-] 2008-04-14 12:00:00 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\dllcache\lpk.dll

    [-] 2010-09-10 05:50:17 . 07F85C15C4C0950DB8B5D4509D38182D . 5957120 . . [8.00.6001.18975 (longhorn_ie8_gdr.100907-1700)] . . C:\WINDOWS\SoftwareDistribution\Download\ce0097edfd5d7060b61d6aab37c20152\SP3GDR\mshtml.dll
    [-] 2010-09-10 05:50:17 . 07F85C15C4C0950DB8B5D4509D38182D . 5957120 . . [8.00.6001.18975 (longhorn_ie8_gdr.100907-1700)] . . C:\WINDOWS\system32\mshtml.dll
    [-] 2010-09-10 05:50:17 . 07F85C15C4C0950DB8B5D4509D38182D . 5957120 . . [8.00.6001.18975 (longhorn_ie8_gdr.100907-1700)] . . C:\WINDOWS\system32\dllcache\mshtml.dll
    [-] 2010-09-10 05:47:25 . E97A32E6341D4ED609514D59EB5D0E3D . 5958656 . . [8.00.6001.23067 (longhorn_ie8_ldr.100907-1730)] . . C:\WINDOWS\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
    [-] 2010-09-10 05:47:25 . E97A32E6341D4ED609514D59EB5D0E3D . 5958656 . . [8.00.6001.23067 (longhorn_ie8_ldr.100907-1730)] . . C:\WINDOWS\SoftwareDistribution\Download\ce0097edfd5d7060b61d6aab37c20152\SP3QFE\mshtml.dll
    [-] 2010-09-09 13:34:11 . F82767442A6541A863693B611D322B8A . 3601920 . . [7.00.6000.17092 (vista_gdr.100907-1730)] . . C:\WINDOWS\ie8\mshtml.dll
    [-] 2010-09-09 13:34:11 . F82767442A6541A863693B611D322B8A . 3601920 . . [7.00.6000.17092 (vista_gdr.100907-1730)] . . C:\WINDOWS\SoftwareDistribution\Download\4c5e2c575d2e09dda102a1e5f1cee8c5\sp3gdr\mshtml.dll
    [-] 2010-09-09 13:31:49 . 482216C69A20958D04D529102658114A . 3605504 . . [7.00.6000.21294 (vista_ldr.100907-1730)] . . C:\WINDOWS\$hf_mig$\KB2360131-IE7\SP3QFE\mshtml.dll
    [-] 2010-09-09 13:31:49 . 482216C69A20958D04D529102658114A . 3605504 . . [7.00.6000.21294 (vista_ldr.100907-1730)] . . C:\WINDOWS\SoftwareDistribution\Download\4c5e2c575d2e09dda102a1e5f1cee8c5\sp3qfe\mshtml.dll
    [-] 2010-06-24 12:28:32 . 7B63F9D998AF9FB1E147A71871773F9C . 5954560 . . [8.00.6001.23037 (longhorn_ie8_ldr.100616-1800)] . . C:\WINDOWS\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
    [-] 2010-05-06 10:33:42 . 58AF16DE738F10213E86FEF10836D0E5 . 5950976 . . [8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)] . . C:\WINDOWS\ie8updates\KB2360131-IE8\mshtml.dll
    [-] 2010-05-06 10:33:42 . 58AF16DE738F10213E86FEF10836D0E5 . 5950976 . . [8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)] . . C:\WINDOWS\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3GDR\mshtml.dll
    [-] 2010-05-06 10:27:40 . 705DA0AFB48A9333747475AD5600A902 . 5953024 . . [8.00.6001.23019 (longhorn_ie8_ldr.100503-1800)] . . C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
    [-] 2010-05-06 10:27:40 . 705DA0AFB48A9333747475AD5600A902 . 5953024 . . [8.00.6001.23019 (longhorn_ie8_ldr.100503-1800)] . . C:\WINDOWS\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3QFE\mshtml.dll
    [-] 2010-02-25 06:11:50 . B8B420A6EB2BB50AA014CD99C96CF983 . 5946880 . . [8.00.6001.22995 (longhorn_ie8_ldr.100223-0100)] . . C:\WINDOWS\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
    [-] 2009-12-21 19:01:30 . 4C3B72EA3B0835689AB747AF08586F2D . 5945856 . . [8.00.6001.22967 (longhorn_ie8_ldr.091219-0100)] . . C:\WINDOWS\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
    [-] 2009-10-29 07:44:18 . 05379D041CDD76F229614C9FA6308652 . 3598336 . . [7.00.6000.16945 (vista_gdr.091027-0049)] . . C:\WINDOWS\ie7updates\KB2360131-IE7\mshtml.dll
    [-] 2009-10-29 07:42:32 . 09CF09FD79B523D72E63C7C87DA42B7B . 5940736 . . [8.00.6001.18854 (longhorn_ie8_gdr.091026-1700)] . . C:\WINDOWS\SoftwareDistribution\Download\c606a8456b5ceb53245c2f7cc6b707d4\SP3GDR\mshtml.dll
    [-] 2009-10-29 07:37:33 . 1B40E978A49D126576DA1B4AC65C5F31 . 3602432 . . [7.00.6000.21148 (vista_ldr.091027-0032)] . . C:\WINDOWS\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
    [-] 2009-10-29 07:37:04 . CAAC5BF7EB6B3D0E58C9E94C70ACA4FC . 5944320 . . [8.00.6001.22945 (longhorn_ie8_ldr.091027-0100)] . . C:\WINDOWS\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
    [-] 2009-10-29 07:37:04 . CAAC5BF7EB6B3D0E58C9E94C70ACA4FC . 5944320 . . [8.00.6001.22945 (longhorn_ie8_ldr.091027-0100)] . . C:\WINDOWS\SoftwareDistribution\Download\c606a8456b5ceb53245c2f7cc6b707d4\SP3QFE\mshtml.dll
    [-] 2009-10-21 04:07:57 . 0C52593238E9886E1646295C9210F745 . 3598336 . . [7.00.6000.16939 (vista_gdr.091019-0119)] . . C:\WINDOWS\ie7updates\KB976325-IE7\mshtml.dll
    [-] 2009-10-21 04:05:10 . 1411E21288C951FA0011C4EE6DCB70AB . 3602432 . . [7.00.6000.21142 (vista_ldr.091019-0119)] . . C:\WINDOWS\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
    [-] 2009-08-29 07:28:29 . CDE840862EBE2DB23ED82686FC263708 . 3598336 . . [7.00.6000.16915 (vista_gdr.090826-0339)] . . C:\WINDOWS\ie7updates\KB976749-IE7\mshtml.dll
    [-] 2009-08-29 07:21:03 . 5929FA14CE47CC401E43AA7489BFA692 . 3600384 . . [7.00.6000.21115 (vista_ldr.090826-0339)] . . C:\WINDOWS\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
    [-] 2009-07-19 13:29:21 . 0E396FC8AED9D3D550DB38152F6A4FC7 . 3597824 . . [7.00.6000.16890 (vista_gdr.090717-2341)] . . C:\WINDOWS\ie7updates\KB974455-IE7\mshtml.dll
    [-] 2009-07-19 13:21:32 . 73FFE289F14EDFBB22429E88ACF17016 . 3600384 . . [7.00.6000.21089 (vista_ldr.090717-2341)] . . C:\WINDOWS\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
    [-] 2009-04-29 04:45:41 . 9B6478E6F9E83A04B6DA76FA61BB1FA7 . 3596288 . . [7.00.6000.16850 (vista_gdr.090423-0018)] . . C:\WINDOWS\ie7updates\KB972260-IE7\mshtml.dll
    [-] 2009-04-29 04:37:42 . 246F148CD2E4F5AE164C1890D0A06420 . 3598336 . . [7.00.6000.21045 (vista_ldr.090423-0018)] . . C:\WINDOWS\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
    [-] 2009-03-08 03:41:16 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] . . C:\WINDOWS\ie8updates\KB982381-IE8\mshtml.dll
    [-] 2008-10-16 06:34:18 . 72299C6CD21801EAB5CBBC3F7B1DB195 . 3088896 . . [6.00.2900.5694 (xpsp_sp3_qfe.081015-1409)] . . C:\WINDOWS\$hf_mig$\KB958215\SP3QFE\mshtml.dll
    [-] 2008-10-16 01:01:39 . CC8B4DA84F4621329ACA3F7A81584F83 . 3088896 . . [6.00.2900.5694 (xpsp_sp3_gdr.081015-1312)] . . C:\WINDOWS\ie7\mshtml.dll
    [-] 2008-08-20 10:40:14 . E1772442035064C97BA6B4D60BDA1BB9 . 3088896 . . [6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)] . . C:\WINDOWS\$NtUninstallKB958215$\mshtml.dll
    [-] 2008-08-20 05:07:31 . 4229C8960DE4DC5B6C326E2B65175E9F . 3088896 . . [6.00.2900.5659 (xpsp_sp3_qfe.080819-1352)] . . C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\mshtml.dll
    [-] 2008-04-14 12:00:00 . C4153F037157C7BE7C54FD88887F027D . 3066880 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\$NtUninstallKB956390$\mshtml.dll
    [-] 2007-08-13 18:54:12 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13 (longhorn(wmbla).070711-1130)] . . C:\WINDOWS\ie7updates\KB969897-IE7\mshtml.dll

    [-] 2008-04-14 12:00:00 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\msvcrt.dll
    [-] 2008-04-14 12:00:00 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\dllcache\msvcrt.dll
    [-] 2008-04-14 12:00:00 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    [-] 2008-04-14 12:00:00 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

    [-] 2008-06-20 17:47:22 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\mswsock.dll
    [-] 2008-06-20 17:47:22 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\dllcache\mswsock.dll
    [-] 2008-06-20 17:44:02 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    [-] 2008-04-14 12:00:00 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll

    [-] 2008-04-14 12:00:00 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\netlogon.dll
    [-] 2008-04-14 12:00:00 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\dllcache\netlogon.dll

    [-] 2010-04-28 18:13:48 . 3B9716A1BD075892D30D46C9E1A69EB8 . 2192000 . . [5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)] . . C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    [-] 2010-04-28 05:43:45 . B8A3B91AD2A266B6F53F0606503DEB2E . 2148352 . . [5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)] . . C:\WINDOWS\system32\ntoskrnl.exe
    [-] 2010-04-28 05:17:40 . 220EFAF0106119F4A7CA598076EE14E6 . 2192128 . . [5.1.2600.5973 (xpsp_sp3_qfe.100427-1650)] . . C:\WINDOWS\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
    [-] 2010-02-16 19:06:59 . 51534F39EEA63F0CD321C248D26514CF . 2148352 . . [5.1.2600.5938 (xpsp_sp3_gdr.100216-1514)] . . C:\WINDOWS\$NtUninstallKB981852$\ntoskrnl.exe
    [-] 2010-02-16 19:00:44 . 126C8FD13731649A7CD6F0A311CD49B8 . 2192128 . . [5.1.2600.5938 (xpsp_sp3_qfe.100216-1510)] . . C:\WINDOWS\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
    [-] 2009-12-09 14:32:16 . 9EC870EAB7D08695E59579C7AAC3B23D . 2191360 . . [5.1.2600.5913 (xpsp_sp3_qfe.091208-2029)] . . C:\WINDOWS\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
    [-] 2009-12-09 10:08:59 . 9A1F766DA1B7822AF822F13BE0D7DC8B . 2147328 . . [5.1.2600.5913 (xpsp_sp3_gdr.091208-2036)] . . C:\WINDOWS\$NtUninstallKB979683$\ntoskrnl.exe
    [-] 2009-08-04 17:27:57 . 4D22F47A3066B420A0F4612FC4E5A55F . 2147328 . . [5.1.2600.5857 (xpsp_sp3_gdr.090804-1435)] . . C:\WINDOWS\$NtUninstallKB977165$\ntoskrnl.exe
    [-] 2009-08-04 17:22:24 . 63864AF70CAC631077A6C1223617336B . 2191360 . . [5.1.2600.5857 (xpsp_sp3_qfe.090804-1456)] . . C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
    [-] 2009-02-10 17:16:44 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] . . C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
    [-] 2009-02-09 11:23:51 . 907C6FCD8D5FB812D74C204060911EA6 . 2147328 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\$NtUninstallKB971486$\ntoskrnl.exe
    [-] 2008-08-14 19:26:02 . D79210549BBF09B7638E860440504299 . 2191232 . . [5.1.2600.5657 (xpsp_sp3_qfe.080814-1300)] . . C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
    [-] 2008-08-14 13:23:49 . C8D4D5974F9671DA0A37175650912960 . 2191232 . . [5.1.2600.5657 (xpsp_sp3_gdr.080814-1236)] . . C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
    [-] 2008-08-14 13:23:44 . E422F0930804A5D6E697E5D7DBFD9863 . 2147328 . . [5.1.2600.5657 (xpsp_sp3_gdr.080814-1236)] . . C:\WINDOWS\$NtUninstallKB956572$\ntoskrnl.exe
    [-] 2008-04-14 12:00:00 . B10C36956EB7A8B1586DBE3B43875280 . 2147328 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\$NtUninstallKB956841$\ntoskrnl.exe

    [-] 2008-04-14 12:00:00 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\powrprof.dll
    [-] 2008-04-14 12:00:00 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\dllcache\powrprof.dll

    [-] 2008-04-14 12:00:00 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\scecli.dll
    [-] 2008-04-14 12:00:00 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\dllcache\scecli.dll

    [-] 2008-04-14 12:00:00 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfc.dll
    [-] 2008-04-14 12:00:00 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\dllcache\sfc.dll

    [-] 2008-04-14 12:00:00 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\svchost.exe
    [-] 2008-04-14 12:00:00 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\dllcache\svchost.exe

    [-] 2008-04-14 12:00:00 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\tapisrv.dll
    [-] 2008-04-14 12:00:00 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\dllcache\tapisrv.dll

    [-] 2008-04-14 12:00:00 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\user32.dll
    [-] 2008-04-14 12:00:00 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\dllcache\user32.dll

    [-] 2008-04-14 12:00:00 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\userinit.exe
    [-] 2008-04-14 12:00:00 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\dllcache\userinit.exe

    [-] 2010-09-10 05:50:18 . A7E08F8C451076D4234AEB380693E45A . 916480 . . [8.00.6001.18968 (longhorn_ie8_gdr.100824-1830)] . . C:\WINDOWS\SoftwareDistribution\Download\ce0097edfd5d7060b61d6aab37c20152\SP3GDR\wininet.dll
    [-] 2010-09-10 05:50:18 . A7E08F8C451076D4234AEB380693E45A . 916480 . . [8.00.6001.18968 (longhorn_ie8_gdr.100824-1830)] . . C:\WINDOWS\system32\wininet.dll
    [-] 2010-09-10 05:50:18 . A7E08F8C451076D4234AEB380693E45A . 916480 . . [8.00.6001.18968 (longhorn_ie8_gdr.100824-1830)] . . C:\WINDOWS\system32\dllcache\wininet.dll
    [-] 2010-09-10 05:47:27 . 73F26DB9C92C7A8259B534451E3B18F9 . 919552 . . [8.00.6001.23060 (longhorn_ie8_ldr.100824-1900)] . . C:\WINDOWS\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
    [-] 2010-09-10 05:47:27 . 73F26DB9C92C7A8259B534451E3B18F9 . 919552 . . [8.00.6001.23060 (longhorn_ie8_ldr.100824-1900)] . . C:\WINDOWS\SoftwareDistribution\Download\ce0097edfd5d7060b61d6aab37c20152\SP3QFE\wininet.dll
    [-] 2010-09-09 13:34:12 . 7DFEAEB2E644144EF8BFA1903307D3C7 . 832512 . . [7.00.6000.17091 (vista_gdr.100824-1500)] . . C:\WINDOWS\ie8\wininet.dll
    [-] 2010-09-09 13:34:12 . 7DFEAEB2E644144EF8BFA1903307D3C7 . 832512 . . [7.00.6000.17091 (vista_gdr.100824-1500)] . . C:\WINDOWS\SoftwareDistribution\Download\4c5e2c575d2e09dda102a1e5f1cee8c5\sp3gdr\wininet.dll
    [-] 2010-09-09 13:31:50 . BB224795084F7BF4B64AB84E92AB7947 . 841216 . . [7.00.6000.21293 (vista_ldr.100824-1500)] . . C:\WINDOWS\$hf_mig$\KB2360131-IE7\SP3QFE\wininet.dll
    [-] 2010-09-09 13:31:50 . BB224795084F7BF4B64AB84E92AB7947 . 841216 . . [7.00.6000.21293 (vista_ldr.100824-1500)] . . C:\WINDOWS\SoftwareDistribution\Download\4c5e2c575d2e09dda102a1e5f1cee8c5\sp3qfe\wininet.dll
    [-] 2010-06-24 12:28:32 . 9BB4D31E5EF3BA1FBA3ECBECD85B3360 . 919040 . . [8.00.6001.23037 (longhorn_ie8_ldr.100616-1800)] . . C:\WINDOWS\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
    [-] 2010-05-06 10:33:44 . B98E84E2CD3EE25D6D41936352E93112 . 916480 . . [8.00.6001.18923 (longhorn_ie8_gdr.100419-1241)] . . C:\WINDOWS\ie8updates\KB2360131-IE8\wininet.dll
    [-] 2010-05-06 10:33:44 . B98E84E2CD3EE25D6D41936352E93112 . 916480 . . [8.00.6001.18923 (longhorn_ie8_gdr.100419-1241)] . . C:\WINDOWS\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3GDR\wininet.dll
    [-] 2010-05-06 10:27:42 . C906F4EA76E7BEC9255776E626086B95 . 919040 . . [8.00.6001.23014 (longhorn_ie8_ldr.100419-1507)] . . C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
    [-] 2010-05-06 10:27:42 . C906F4EA76E7BEC9255776E626086B95 . 919040 . . [8.00.6001.23014 (longhorn_ie8_ldr.100419-1507)] . . C:\WINDOWS\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3QFE\wininet.dll
    [-] 2010-02-25 06:11:51 . B667625B38B5EA389044F90BDE80C4FD . 919040 . . [8.00.6001.22995 (longhorn_ie8_ldr.100223-0100)] . . C:\WINDOWS\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
    [-] 2009-12-21 19:01:32 . 413508B6F20DAA22074E3E1558850447 . 916480 . . [8.00.6001.22967 (longhorn_ie8_ldr.091219-0100)] . . C:\WINDOWS\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
    [-] 2009-10-29 07:44:19 . 0BA084C2B3155F10D2D49244B16B2475 . 832512 . . [7.00.6000.16945 (vista_gdr.091027-0049)] . . C:\WINDOWS\ie7updates\KB2360131-IE7\wininet.dll
    [-] 2009-10-29 07:42:33 . AB28712FEB7BE2A52A9ABFA0FF94C1B6 . 916480 . . [8.00.6001.18854 (longhorn_ie8_gdr.091026-1700)] . . C:\WINDOWS\SoftwareDistribution\Download\c606a8456b5ceb53245c2f7cc6b707d4\SP3GDR\wininet.dll
    [-] 2009-10-29 07:37:37 . E366FE230408822BD0D0A6087799F844 . 841216 . . [7.00.6000.21148 (vista_ldr.091027-0032)] . . C:\WINDOWS\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
    [-] 2009-10-29 07:37:06 . F461ACD33F06BF1FB28FFF1EF345FE63 . 916480 . . [8.00.6001.22945 (longhorn_ie8_ldr.091027-0100)] . . C:\WINDOWS\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
    [-] 2009-10-29 07:37:06 . F461ACD33F06BF1FB28FFF1EF345FE63 . 916480 . . [8.00.6001.22945 (longhorn_ie8_ldr.091027-0100)] . . C:\WINDOWS\SoftwareDistribution\Download\c606a8456b5ceb53245c2f7cc6b707d4\SP3QFE\wininet.dll
    [-] 2009-08-29 07:28:35 . 21AB2D2F2F48BD2D566777D0ABB36A45 . 832512 . . [7.00.6000.16915 (vista_gdr.090826-0339)] . . C:\WINDOWS\ie7updates\KB976325-IE7\wininet.dll
    [-] 2009-08-29 07:21:06 . 7F40D3CD13090D03552B1FC6B28C94B5 . 840704 . . [7.00.6000.21115 (vista_ldr.090826-0339)] . . C:\WINDOWS\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
    [-] 2009-06-29 16:13:40 . 71333B8101B10CDEC4D58D949C97D3BA . 828928 . . [7.00.6000.21073 (vista_ldr.090625-2339)] . . C:\WINDOWS\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
    [-] 2009-06-29 15:57:48 . 9620CC3780D7279A48D3556860813587 . 827392 . . [7.00.6000.16876 (vista_gdr.090625-2339)] . . C:\WINDOWS\ie7updates\KB974455-IE7\wininet.dll
    [-] 2009-04-29 04:45:44 . 08EFECB3F17F38F23F14148D374ACBC9 . 827392 . . [7.00.6000.16850 (vista_gdr.090423-0018)] . . C:\WINDOWS\ie7updates\KB972260-IE7\wininet.dll
    [-] 2009-04-29 04:37:45 . 754097815B575A721AB58B1C55476805 . 828928 . . [7.00.6000.21045 (vista_ldr.090423-0018)] . . C:\WINDOWS\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
    [-] 2009-03-08 03:34:58 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] . . C:\WINDOWS\ie8updates\KB982381-IE8\wininet.dll
    [-] 2008-10-16 01:04:15 . 1C6E9FDAB1F4CB983A39EFBA6F131ACC . 671232 . . [6.00.2900.5694 (xpsp_sp3_qfe.081015-1409)] . . C:\WINDOWS\$hf_mig$\KB958215\SP3QFE\wininet.dll
    [-] 2008-10-16 01:01:38 . 05033943FF61ABD13B93C00337D04E92 . 670208 . . [6.00.2900.5694 (xpsp_sp3_gdr.081015-1312)] . . C:\WINDOWS\ie7\wininet.dll
    [-] 2008-08-20 05:10:11 . 50D19E569C83A9C1AE7EFAEF6A93BC50 . 670208 . . [6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)] . . C:\WINDOWS\$NtUninstallKB958215$\wininet.dll
    [-] 2008-08-20 05:07:28 . 96D50ACA60DA22ADBD253F2825C98D1A . 670720 . . [6.00.2900.5659 (xpsp_sp3_qfe.080819-1352)] . . C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\wininet.dll
    [-] 2008-04-14 12:00:00 . 4A6E04EA20F48D750D9BFED8600D516B . 670208 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\$NtUninstallKB956390$\wininet.dll
    [-] 2007-08-13 18:54:10 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13 (longhorn(wmbla).070711-1130)] . . C:\WINDOWS\ie7updates\KB969897-IE7\wininet.dll

    [-] 2008-04-14 12:00:00 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ws2_32.dll
    [-] 2008-04-14 12:00:00 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\dllcache\ws2_32.dll

    [-] 2008-04-14 12:00:00 . 36A608BF354FCC64AD6C0F2B5E2B8806 . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ws2help.dll
    [-] 2008-04-14 12:00:00 . 36A608BF354FCC64AD6C0F2B5E2B8806 . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\dllcache\ws2help.dll

    [-] 2008-04-14 12:00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 1037824 . . [------] . . C:\WINDOWS\explorer.exe

    [-] 2010-07-16 12:06:19 . A867E538CFD78CB10B3EEF2495C10F00 . 1287680 . . [5.1.2600.6010 (xpsp_sp3_gdr.100712-1633)] . . C:\WINDOWS\system32\ole32.dll
    [-] 2010-07-16 12:06:19 . A867E538CFD78CB10B3EEF2495C10F00 . 1287680 . . [5.1.2600.6010 (xpsp_sp3_gdr.100712-1633)] . . C:\WINDOWS\system32\dllcache\ole32.dll
    [-] 2010-07-16 12:04:22 . 210E7ADFEFA2879115612E5C02D410D6 . 1288704 . . [5.1.2600.6010 (xpsp_sp3_qfe.100712-1633)] . . C:\WINDOWS\$hf_mig$\KB979687\SP3QFE\ole32.dll
    [-] 2008-04-14 12:00:00 . 9245FAF86A8235D5290A23C010DABD43 . 1287168 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\$NtUninstallKB979687$\ole32.dll

    [-] 2008-04-14 12:00:00 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\srsvc.dll
    [-] 2008-04-14 12:00:00 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\dllcache\srsvc.dll

    [-] 2008-04-14 12:00:00 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\wscntfy.exe
    [-] 2008-04-14 12:00:00 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\dllcache\wscntfy.exe

    [-] 2008-04-14 12:00:00 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\xmlprov.dll
    [-] 2008-04-14 12:00:00 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\dllcache\xmlprov.dll

    [-] 2008-04-14 12:00:00 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\eventlog.dll
    [-] 2008-04-14 12:00:00 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\dllcache\eventlog.dll

    [-] 2008-04-14 12:00:00 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
    [-] 2008-04-14 12:00:00 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\dllcache\sfcfiles.dll

    [-] 2008-04-14 12:00:00 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\ctfmon.exe
    [-] 2008-04-14 12:00:00 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\dllcache\ctfmon.exe

    [-] 2008-04-14 12:00:00 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\shsvcs.dll
    [-] 2008-04-14 12:00:00 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\dllcache\shsvcs.dll

    [-] 2008-04-14 12:00:00 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\regsvc.dll
    [-] 2008-04-14 12:00:00 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\dllcache\regsvc.dll

    [-] 2008-04-14 12:00:00 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\schedsvc.dll
    [-] 2008-04-14 12:00:00 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\dllcache\schedsvc.dll

    [-] 2008-04-14 12:00:00 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ssdpsrv.dll
    [-] 2008-04-14 12:00:00 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\dllcache\ssdpsrv.dll

    [-] 2008-04-14 12:00:00 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\termsrv.dll
    [-] 2008-04-14 12:00:00 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\dllcache\termsrv.dll

    [-] 2008-04-14 12:00:00 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\system32\drivers\acpiec.sys

    [-] 2008-04-13 09:39:24 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\system32\dllcache\aec.sys
    [-] 2008-04-13 09:39:24 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\system32\drivers\aec.sys

    [-] 2008-04-13 11:36:40 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\dllcache\agp440.sys
    [-] 2008-04-13 11:36:40 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\drivers\AGP440.SYS

    [-] 2008-04-14 12:00:00 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\dllcache\ip6fw.sys
    [-] 2008-04-14 12:00:00 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ip6fw.sys

    [-] 2010-09-18 07:18:37 . C27D0CD76C1982F36387F2E4F67E64A9 . 953856 . . [4.1.6151] . . C:\WINDOWS\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
    [-] 2010-09-18 06:53:24 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . C:\WINDOWS\system32\mfc40u.dll
    [-] 2010-09-18 06:53:24 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . C:\WINDOWS\system32\dllcache\mfc40u.dll
    [-] 2008-04-14 12:00:00 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . C:\WINDOWS\$NtUninstallKB2387149$\mfc40u.dll

    [-] 2008-04-14 12:00:00 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\msgsvc.dll
    [-] 2008-04-14 12:00:00 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\dllcache\msgsvc.dll

    [-] 2008-04-14 12:00:00 . AA370F0D5B900E13D40E9CB834B5DA10 . 52736 . . [9.0.1.56] . . C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
    [-] 2006-10-18 20:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\mspmsnsv.dll
    [-] 2006-10-18 20:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\dllcache\mspmsnsv.dll
    [-] 2005-01-28 13:44:28 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
    [-] 2005-01-28 13:44:28 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

    [-] 2010-04-28 21:17:44 . 4CC0777912FCF5EEDD6FB6ACBFCF75D8 . 2068992 . . [5.1.2600.5973 (xpsp_sp3_qfe.100427-1650)] . . C:\WINDOWS\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
    [-] 2010-04-28 05:43:49 . 5545CB7483632106BF08FA76B9FE3D54 . 2068864 . . [5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)] . . C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    [-] 2010-04-28 05:43:43 . E207E2A630F3A0B7901577B2141E89D5 . 2026496 . . [5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)] . . C:\WINDOWS\system32\ntkrnlpa.exe
    [-] 2010-02-16 19:06:56 . D124950F1EF5EEEC0EEE02CD73FB6482 . 2026496 . . [5.1.2600.5938 (xpsp_sp3_gdr.100216-1514)] . . C:\WINDOWS\$NtUninstallKB981852$\ntkrnlpa.exe
    [-] 2010-02-16 19:00:44 . 6CB7C9A8C7103FEA51B0D478128CEFC0 . 2068992 . . [5.1.2600.5938 (xpsp_sp3_qfe.100216-1510)] . . C:\WINDOWS\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
    [-] 2009-12-09 14:32:16 . 875EB5E5C8A6B3A2297D87029A880D23 . 2068224 . . [5.1.2600.5913 (xpsp_sp3_qfe.091208-2029)] . . C:\WINDOWS\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
    [-] 2009-12-09 10:08:57 . 17DDA45C41C0E764899A8B1D49475EFE . 2025984 . . [5.1.2600.5913 (xpsp_sp3_gdr.091208-2036)] . . C:\WINDOWS\$NtUninstallKB979683$\ntkrnlpa.exe
    [-] 2009-08-04 20:52:26 . FE0C9C9035E3FDC193255C646BAC2C3D . 2068224 . . [5.1.2600.5857 (xpsp_sp3_qfe.090804-1456)] . . C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
    [-] 2009-08-04 17:27:54 . 2F860A8515599DD28350662F8E3AA0CA . 2025984 . . [5.1.2600.5857 (xpsp_sp3_gdr.090804-1435)] . . C:\WINDOWS\$NtUninstallKB977165$\ntkrnlpa.exe
    [-] 2009-02-09 11:23:57 . C9E530E1258352CC8689173AEFD3A3CF . 2025984 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\$NtUninstallKB971486$\ntkrnlpa.exe
    [-] 2009-02-09 11:17:00 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] . . C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
    [-] 2008-08-14 19:26:00 . 755B50949D0DBC0F0136B0DB58765331 . 2068096 . . [5.1.2600.5657 (xpsp_sp3_qfe.080814-1300)] . . C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
    [-] 2008-08-14 13:23:49 . 8DA71F1900721E1E4FCB5B02D55FB771 . 2068096 . . [5.1.2600.5657 (xpsp_sp3_gdr.080814-1236)] . . C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
    [-] 2008-08-14 13:23:44 . F2DEC52ED964AD57220B1F5AA32B5C61 . 2025984 . . [5.1.2600.5657 (xpsp_sp3_gdr.080814-1236)] . . C:\WINDOWS\$NtUninstallKB956572$\ntkrnlpa.exe
    [-] 2008-04-14 12:00:00 . 92E82482CDB39929CF7B541A9648AFAE . 2025984 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\$NtUninstallKB956841$\ntkrnlpa.exe

    [-] 2008-04-14 12:00:00 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . C:\WINDOWS\system32\ntmssvc.dll
    [-] 2008-04-14 12:00:00 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . C:\WINDOWS\system32\dllcache\ntmssvc.dll

    [-] 2008-04-14 12:00:00 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\upnphost.dll
    [-] 2008-04-14 12:00:00 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\dllcache\upnphost.dll

    [-] 2008-04-14 12:00:00 . 4BB396EA6CAA50F2208078602549F2F2 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\dsound.dll
    [-] 2008-04-14 12:00:00 . 4BB396EA6CAA50F2208078602549F2F2 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\dllcache\dsound.dll

    [-] 2008-04-14 12:00:00 . 7EAEC24B85DD04EDAA04A51CB07DF870 . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\d3d9.dll
    [-] 2008-04-14 12:00:00 . 7EAEC24B85DD04EDAA04A51CB07DF870 . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\dllcache\d3d9.dll

    [-] 2008-04-14 12:00:00 . 75BD925DAB6E5323EDB6D5CFCDEB16D1 . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\ddraw.dll
    [-] 2008-04-14 12:00:00 . 75BD925DAB6E5323EDB6D5CFCDEB16D1 . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\dllcache\ddraw.dll

    [-] 2008-04-14 12:00:00 . 3BA21BD333A1B8B222006E5464D44F49 . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\system32\olepro32.dll
    [-] 2008-04-14 12:00:00 . 3BA21BD333A1B8B222006E5464D44F49 . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\system32\dllcache\olepro32.dll

    [-] 2008-04-14 12:00:00 . 08592889A219F7A60F9865B0EE7CAFF8 . 42496 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\perfctrs.dll
    [-] 2008-04-14 12:00:00 . 08592889A219F7A60F9865B0EE7CAFF8 . 42496 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\dllcache\perfctrs.dll

    [-] 2008-04-14 12:00:00 . A71A42AD584FAD1A8D1EC5D807C6E528 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\version.dll
    [-] 2008-04-14 12:00:00 . A71A42AD584FAD1A8D1EC5D807C6E528 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\dllcache\version.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2009-11-06 03:37:26 5724184]
    "Logitech Vid"="C:\Program Files\Logitech\Logitech Vid\vid.exe" [2009-07-16 13:35:42 5458704]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2010-10-11 15:49:48 14940040]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-30 14:54:06 68856]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 12:00:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-28 07:00:20 141848]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-28 07:00:04 166424]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-28 07:00:14 137752]
    "RTHDCPL"="RTHDCPL.EXE" [2008-12-30 06:58:28 18082304]
    "AzMixerSel"="C:\PROGRAM FILES\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 14:40:30 53248]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 10:58:42 1343488]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-08-18 07:56:00 817672]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 12:00:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 12:00:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 12:00:00 455168]
    "snp2uvc"="C:\WINDOWS\system32\csnp2uvc.dll" [2008-11-03 17:00:10 196608]
    "StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 14:51:24 36864]
    "TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 16:28:28 155648]
    "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 08:54:08 150016]
    "avast5"="C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 15:12:02 2838912]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 11:36:56 2793304]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 03:47:04 35760]
    "Adobe ARM"="C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 22:07:44 932288]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 15360]

    C:\Documents and Settings\Packard Bell\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 3.1.lnk - C:\PROGRAM FILES\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

    [HKLM\~\startupfolder\C:^Documents and Settings^Packard Bell^Menu Démarrer^Programmes^Démarrage^ZooskMessenger.lnk]
    path=C:\Documents and Settings\Packard Bell\Menu Démarrer\Programmes\Démarrage\ZooskMessenger.lnk
    backup=C:\WINDOWS\pss\ZooskMessenger.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
    2010-09-27 03:05:50 391096 ----a-w- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2008-04-14 12:00:00 208952 ----a-w- C:\WINDOWS\ime\imjp8_1\imjpmig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
    2008-07-03 13:58:22 94208 ----a-w- C:\WINDOWS\PLFSetL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-03-30 14:54:06 68856 ----a-w- C:\PROGRAM FILES\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\PROGRAM FILES\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "C:\\PROGRAM FILES\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "C:\\PROGRAM FILES\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "C:\\PROGRAM FILES\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "C:\\PROGRAM FILES\\Skype\\Plugin Manager\\skypePM.exe"=
    "C:\\PROGRAM FILES\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
    "C:\\PROGRAM FILES\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "C:\\PROGRAM FILES\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\PROGRAM FILES\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\PROGRAM FILES\\Logitech\\Logitech Vid\\Vid.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:Remote Desktop
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    "6843:TCP"= 6843:TCP:Services
    "6844:TCP"= 6844:TCP:Services
    "2929:TCP"= 2929:TCP:Services
    "4358:TCP"= 4358:TCP:Services

    R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [14/02/2010 11:34:03 165584]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [14/02/2010 11:34:03 17744]
    R3 LgBttPort;LGE Bluetooth TransPort;C:\WINDOWS\system32\drivers\lgbtport.sys [29/09/2009 07:11:22 12160]
    R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\WINDOWS\system32\drivers\lgbtbus.sys [29/09/2009 07:11:20 10496]
    R3 LGVMODEM;LGE Virtual Modem;C:\WINDOWS\system32\drivers\lgvmodem.sys [29/09/2009 07:11:20 12928]
    S0 Lbd;Lbd;C:\WINDOWS\system32\DRIVERS\Lbd.sys --> C:\WINDOWS\system32\DRIVERS\Lbd.sys [?]
    S1 MpKsl6704912d;MpKsl6704912d;\??\C:\WINDOWS\system32\MpEngineStore\MpKsl6704912d.sys --> C:\WINDOWS\system32\MpEngineStore\MpKsl6704912d.sys [?]
    S2 gupdate;Service Google Update (gupdate);C:\PROGRAM FILES\Google\Update\GoogleUpdate.exe [14/02/2010 11:34:10 133104]
    S3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [15/06/2010 12:13:22 36608]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\PROGRAM FILES\Google\Google Desktop Search\GoogleDesktop.exe [16/01/2009 14:39:02 30192]
    S3 GT72NDISIPXP;GT 72 IP NDIS;C:\WINDOWS\system32\drivers\Gt51Ip.sys [16/01/2009 14:21:21 106624]
    S3 GT72UBUS;GT 72 U BUS;C:\WINDOWS\system32\drivers\gt72ubus.sys [16/01/2009 14:21:21 59648]
    S3 JMCR;JMCR;C:\WINDOWS\system32\drivers\jmcr.sys [16/01/2009 14:19:58 94608]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contenu du dossier 'Tâches planifiées'
    12 Novembre 2010 22:46:27

    pour info jai utilisé combofix mais ma connexion internet etai desactivé est ce un souci ou pas
    12 Novembre 2010 22:46:57

    je nai pas de cd car j utilise un netbook
    13 Novembre 2010 16:14:49

    Bonjour,
    le rapport n'est pas complet... de toute façon combo n'a pas réussi à te replace explorer.exe, du coup, va falloir que l'on se débrouille autrement...

    On va travailler sous un autre environnement pour pouvoir remplacer facilement le ou les fichiers patchés par batimal... ( winlogon en a un coup aussi, on vérifiera avec OTLPE, mais le fait que l'on ne puisse pas voir le hash, ça sent mauvais...)

    Lis tes mp ;O)

    Télécharge OTLPENet.
    Prépare un CD vierge et lance OTLPENet, cela va te permettre de graver une image iso.
    Note : Le CD gravé, il faut maintenant redémarrer la machine sur le lecteur CDROM
    Pour se faire suivre ce lien : Booter sur un CD.
    Tuto OTLPE

    Tu lances l'iso d'OTLPENet que tu as gravé.
  • une fois le bureau de reatogo chargé , tu lances OTLPE , l'icône jaune

  • Double-clique sur l'icone OTLPE
  • quand demandé "Do you wish to load the remote registry", select Yes
  • quand demandé "Do you wish to load remote user profile(s) for scanning", select Yes
  • vérifier que "Automatically Load All Remaining Users" est sélectionné et press OK



  • sous Custom Scan box
    1 copie_colle le contenu du cadre ci dessous:


    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    userinit.exe
    winlogon.exe
    wininit.exe
    csrss.exe
    smss.exe
    svchost.exe
    services.exe
    spoolsv.exe
    alg.exe
    ctfmon.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    i8042prt.sys
    cdrom.sys
    disk.sys
    ndis.sys
    tcpip.sys
    mountmgr.sys
    aec.sys
    rasacd.sys
    redbook.sys
    ipsec.sys
    mrxsmb10.sys
    mrxsmb20.sys
    termdd.sys
    mrxsmb.sys
    win32k.sys
    storport.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav


  • copie colle ce texte dans un fichier texte|bloc note que tu enregistres sur clé usb que tu brancheras sous reatogo tu pourras alors facilement le copier\coller.
  • 2 Clic Run Scan pour démarrer le scan.
  • Une fois terminé , le fichier se trouve là C:\OTL.txt
  • Copie_colle le contenu dans ta prochaine réponse.
    14 Novembre 2010 20:50:21

    j'ai pris note de votre reponse mais j'ai un netbook donc pas de graveur ou lecteur cd
    15 Novembre 2010 20:14:58

    Bonsoir
    tu peux graver une iso OTLPE sur une clé usb:

    lire:
    http://forum.malekal.com/petousb-eeepc-t24701.html

    ++++++++++

    Tu as récup les fichiers que je t'ai envoyé en mp?

    Tu les mets à la racine de ton disque dur. C:\
    (et tu n'y touches pas avant d'avoir préparé ta clé usb OTLPE. ;)  )
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS