Se connecter / S'enregistrer
Votre question

virus travaillezplus mabraze + willpolo

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Octobre 2008 19:26:03

Bonjour à tous,

depuis quelques temps j'ai une fenêtre qui s'affiche automatiquement toutes les 30 minutes avec ce message: dans un petit rectangle dont l'entête est en bleu et le titre est "Au travail" il est ecrit: "il est temps de se mettre au travail, au lieu de rester a ne rien faire d'important!! ce n'est pas un mabraze ici!!"

Par ailleurs, j'ai dans la barre de mon internet explorer "piraté par willpolo ingénieur en hacking f*** you..."

Le problème c'est que ça affecte toutes les disques amovibles que j'utilise.

J'ai cru comprendre qu'il fallait faire un scan avec hijackthis, tu coup je vous le mets en réponse à cette demande d'aide. d'avance merci.

Autres pages sur : virus travaillezplus mabraze willpolo

13 Octobre 2008 19:26:50

Voici mon rapport:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:44, on 13/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Travaillez plus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Au travail !Arrêtez de surfer!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\antinul.vbe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {253A28CE-B0F3-459B-9132-9E77CE2232A8} - C:\WINDOWS\system32\opnlMdbC.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\OeApi.vbs
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [(Default)] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [WillPolo] C:\WINDOWS\WillPolo.vbs
O4 - HKLM\..\Run: [CPQEASYBTTN] C:\WINDOWS\system32\BttnServ.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [75b5e94e] rundll32.exe "C:\WINDOWS\system32\nyxnxoxk.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WebCallDirect] "C:\Program Files\WebCallDirect.com\WebCallDirect\WebCallDirect.exe" -nosplash -minimized
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\lnaccess.exe /res
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Ra...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://titefeechoco.spaces.live.com//PhotoUpload/MsnPUp...
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://webgames.d.tmsrv.com/c=d48dabd21b98208c85c8f2c74...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-975767790430bf09.spaces.live.com/PhotoUpload...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zyloml...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ,C:\WINDOWS\System32\compstui32.dll,C:\WINDOWS\System32\compstui32.dll
O20 - Winlogon Notify: 75b5e9e1448 - C:\WINDOWS\System32\compstui32.dll
O20 - Winlogon Notify: __c00E966B - C:\WINDOWS\system32\__c00E966B.dat (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 11933 bytes
13 Octobre 2008 20:57:35

bonsoir

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse


NOTE : Le rapport se trouve également ici : C:\fixnavi.txt

Contenus similaires
Pas de réponse à votre question ? Demandez !
13 Octobre 2008 21:33:42

Bonsoir,

d'avance merci beaucoup!


Search Navipromo version 3.6.6 commencé le 13/10/2008 à 21:17:58,40

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Prodencio"

Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***

...\Instant Access trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Prodencio\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.PRU\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Prodencio\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.PRU\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Prodencio\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.PRU\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Prodencio\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1.PRU\locals~1\applic~1" *



*** Recherche fichiers ***


C:\WINDOWS\Downloaded Program Files\IaLdr32.inf trouvé !
C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

sgwqyiq.dat trouvé !
sgwqyiq_nav.dat trouvé !
sgwqyiq_navps.dat trouvé !

* Dans "C:\Documents and Settings\Prodencio\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1.PRU\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\CbdMlnpo.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\eeKSvyay.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 13/10/2008 à 21:31:57,09 ***



Merci encore
13 Octobre 2008 22:01:35

re

Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
Suis les instructions. Choisis ensuite l'option 2 puis valide.
Laisse toi guider et réponds aux questions éventuelles.

L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
[#ff0000]**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
Appuie maintenant sur une touche, comme demandé.
(si ton PC ne redémarre pas automatiquement, fais-le manuellement)

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.

Ferme Internet Explorer puis Démarrer/Panneau de Configuration/Options Internet.
Choisis l'onglet Contenu puis onglet Certificats.
Si tu trouves les programmes suivant (en particulier dans Editeurs approuvés), Dis-le moi :

VIP
13 Octobre 2008 22:50:57

re!

Rapport cleannavi

Clean Navipromo version 3.6.6 commencé le 13/10/2008 à 22:25:10,04

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Prodencio"

Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\Prodencio\locals~1\applic~1" *


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\ADMINI~1.PRU\locals~1\applic~1" *


*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***

...\Instant Access ...suppression...
...\Instant Access supprimé !


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Prodencio\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1.PRU\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Prodencio\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1.PRU\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Prodencio\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1.PRU\menudm~1\progra~1" ***



*** Suppression fichiers ***

C:\WINDOWS\Downloaded Program Files\IaLdr32.inf supprimé !
C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Prodencio\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


sgwqyiq.dat trouvé !
Copie sgwqyiq.dat réalisée avec succès !
sgwqyiq.dat supprimé !

sgwqyiq_nav.dat trouvé !
Copie sgwqyiq_nav.dat réalisée avec succès !
sgwqyiq_nav.dat supprimé !

sgwqyiq_navps.dat trouvé !
Copie sgwqyiq_navps.dat réalisée avec succès !
sgwqyiq_navps.dat supprimé !


* Dans "C:\Documents and Settings\Prodencio\locals~1\applic~1" *


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


* Dans "C:\DOCUME~1\ADMINI~1.PRU\locals~1\applic~1" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 13/10/2008 à 22:29:17,93 ***





Nouveau rapport hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:36:20, on 13/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Travaillez plus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Au travail !Arrêtez de surfer!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\antinul.vbe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {253A28CE-B0F3-459B-9132-9E77CE2232A8} - C:\WINDOWS\system32\opnlMdbC.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\OeApi.vbs
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [(Default)] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [WillPolo] C:\WINDOWS\WillPolo.vbs
O4 - HKLM\..\Run: [CPQEASYBTTN] C:\WINDOWS\system32\BttnServ.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [75b5e94e] rundll32.exe "C:\WINDOWS\system32\nyxnxoxk.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WebCallDirect] "C:\Program Files\WebCallDirect.com\WebCallDirect\WebCallDirect.exe" -nosplash -minimized
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Ra...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://titefeechoco.spaces.live.com//PhotoUpload/MsnPUp...
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://webgames.d.tmsrv.com/c=d48dabd21b98208c85c8f2c74...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-975767790430bf09.spaces.live.com/PhotoUpload...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zyloml...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ,C:\WINDOWS\System32\compstui32.dll,C:\WINDOWS\System32\compstui32.dll
O20 - Winlogon Notify: 75b5e9e1448 - C:\WINDOWS\System32\compstui32.dll
O20 - Winlogon Notify: __c00E966B - C:\WINDOWS\system32\__c00E966B.dat (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 11635 bytes


Par contre dans mon internet explorer la page de démarrage est une recherche travaillezplus.com et pour les certificats et editeurs approuvés il n'y a rien.
Merci encore!
13 Octobre 2008 23:25:34

re

1

Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!


2

~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Travaillez plus.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {253A28CE-B0F3-459B-9132-9E77CE2232A8} - C:\WINDOWS\system32\opnlMdbC.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\OeApi.vbs
O4 - HKLM\..\Run: [(Default)] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [WillPolo] C:\WINDOWS\WillPolo.vbs
O4 - HKLM\..\Run: [CPQEASYBTTN] C:\WINDOWS\system32\BttnServ.exe
O4 - HKLM\..\Run: [75b5e94e] rundll32.exe "C:\WINDOWS\system32\nyxnxoxk.dll",b
O4 - HKCU\..\Run: [WebCallDirect] "C:\Program Files\WebCallDirect.com\WebCallDirect\WebCallDirect.exe" -nosplash -minimized
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://webgames.d.tmsrv.com/c=d48d [...] 0.0.48.cab
O20 - AppInit_DLLs: ,C:\WINDOWS\System32\compstui32.dll,C:\WINDOWS\System32\compstui32.dll
O20 - Winlogon Notify: 75b5e9e1448 - C:\WINDOWS\System32\compstui32.dll
O20 - Winlogon Notify: __c00E966B - C:\WINDOWS\system32\__c00E966B.dat (file missing)

Clique sur Fix checked (en bas à gauche)


3



Copie (Ctrl+C) le texte ci-dessous :
File::
C:\WINDOWS\System32\compstui32.dll
C:\WINDOWS\system32\nyxnxoxk.dll
C:\WINDOWS\system32\BttnServ.exe
C:\WINDOWS\WillPolo.vbs
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\OeApi.vbs

Folder::
C:\Program Files\WebCallDirect.com



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture



  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


    14 Octobre 2008 00:32:11

    re voici le rapport

    ComboFix 08-10-12.01 - Prodencio 2008-10-13 23:58:26.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.546 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Prodencio\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\Prodencio\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\svchost.exe
    C:\WINDOWS\system32\BttnServ.exe
    C:\WINDOWS\System32\compstui32.dll
    C:\WINDOWS\system32\nyxnxoxk.dll
    C:\WINDOWS\system32\OeApi.vbs
    C:\WINDOWS\WillPolo.vbs
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    C:\Documents and Settings\All Users\Application Data\ZangoSA
    C:\Documents and Settings\Prodencio\Application Data\install.dat
    C:\Documents and Settings\Prodencio\Application Data\ShoppingReport
    C:\Documents and Settings\Prodencio\Application Data\ShoppingReport\cs\Config.xml
    C:\Documents and Settings\Prodencio\Application Data\ShoppingReport\cs\db\Aliases.dbs
    C:\Documents and Settings\Prodencio\Application Data\ShoppingReport\cs\db\Sites.dbs
    C:\Documents and Settings\Prodencio\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    C:\Documents and Settings\Prodencio\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    C:\Documents and Settings\Prodencio\Application Data\ShoppingReport\cs\report\send_storage.xml
    C:\Documents and Settings\Prodencio\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
    C:\Documents and Settings\Prodencio\Application Data\WeatherDPA
    C:\Documents and Settings\Prodencio\Application Data\WeatherDPA\Weather\WeatherStartup.xml
    C:\Documents and Settings\Prodencio\Application Data\Zango
    C:\Program Files\ShoppingReport
    C:\Program Files\ShoppingReport\Uninst.exe
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\dirty_dishes.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\foodtray.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart1.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart2.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart3.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_down.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_up.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\mop_prop.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\ticket.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a1.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a2.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a3.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a4.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\mainmenumusic.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\baby_cry.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\chef_cook1.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\closing_time.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\customer_ditch.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_down.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_up.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\drink_table.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\expert.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_deliver.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_pickup.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\keystroke2.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_lose.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_win.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_click.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_rollover.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_pickup.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_spill.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_bring_check_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_food_ready_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_gain_heart_1.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_menu_down.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pencil_write_2.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_seat_people_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\spill.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\table_drink.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\tip_2.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_lose.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_win.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\fullscreendialog.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\high_score_menu_bg.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelover.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu_logo.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\textfield.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\upgrade_lines.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_highlight.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_normal.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_selected.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_1.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_2.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_3.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_1.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_2.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_3.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a1.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a2.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a3.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_mask.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_mask.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_down.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_over.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_up.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\welcome_player.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\actionpoints.bin
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\career.bin
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\customer.bin
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\endless.bin
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\global.bin
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\powerups.bin
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cook\stove.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\arrow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click2.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\grab.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\open.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue_legs.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red_legs.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue_legs.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red_legs.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_baby.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_legs.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_baby.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_legs.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue_legs.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red_legs.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\fonts\mercurius.mvec
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\blue_highchairbaby.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt2top.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt4top.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\green_highchairbaby.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\purple_highchairbaby.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\radio.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\red_highchairbaby.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\stereo.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\yellow_highchairbaby.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\family.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help_dividerline.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch1.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch2.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_noise.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_score.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_cleardishes.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_givecheck.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_pickupfood.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_servefood.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_takeorder.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\local-hs-bb.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\p1icon.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_1.bin
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_2.bin
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_3.bin
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_4.bin
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_5.bin
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_6.bin
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1.bin
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_a.bin
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_b.bin
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_c.bin
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\playfirstlogo.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\background.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\blue.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\grey.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\red.pal
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\cup1.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_0.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_1.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\props\cup_prop1.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrades.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\tableshadow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\careerupgrade.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\choosedifficulty.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\closeconfirm.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\entername.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\game.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\getmoregames.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help1.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help2.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscore.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoreinfo.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoresubmit.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelintro.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelover.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\loading.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainloop.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainmenu.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\ok.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\pause.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\style.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upgrade.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upsell.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\yesno.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\aol_logo.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\playfirst_logo.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\strings.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_bubble.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_mop.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_rejectmeal.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\check.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\checkmark.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\closed.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\decor_lines.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\dollar.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\expert.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.anm
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\lives_icon.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\noisering.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_d.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_e.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_f.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\traynumber.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialarrow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialbox.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_base.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_hand.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_off.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_on.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgradeanim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_a.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_b.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_c.png
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd1.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd2.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd3.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd4.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48\dinerdash2.exe
    C:\WINDOWS\IE4 Error Log.txt
    C:\WINDOWS\system\msvbvm60.dll
    C:\WINDOWS\system32\aexmssmf.ini
    C:\WINDOWS\system32\bikwuekc.ini
    C:\WINDOWS\system32\bnaobply.dll
    C:\WINDOWS\system32\bnvxopyk.ini
    C:\WINDOWS\system32\CbdMlnpo.ini
    C:\WINDOWS\system32\CbdMlnpo.ini2
    C:\WINDOWS\System32\compstui32.dll
    C:\WINDOWS\system32\ddkrgikl.ini
    C:\WINDOWS\system32\ddpopnbn.ini
    C:\WINDOWS\system32\eeKSvyay.ini
    C:\WINDOWS\system32\eeKSvyay.ini2
    C:\WINDOWS\system32\eyeiprgd.ini
    C:\WINDOWS\system32\eyylmgej.ini
    C:\WINDOWS\system32\ghoqmrgm.ini
    C:\WINDOWS\system32\gnblpolm.ini
    C:\WINDOWS\system32\gumhmtdl.ini
    C:\WINDOWS\system32\hkfqatww.ini
    C:\WINDOWS\system32\hpopav.dll
    C:\WINDOWS\system32\idthuest.ini
    C:\WINDOWS\system32\imbvkmjl.ini
    C:\WINDOWS\system32\jcvkafkc.ini
    C:\WINDOWS\system32\jmofkqkt.ini
    C:\WINDOWS\system32\kqgywumt.ini
    C:\WINDOWS\system32\kxoxnxyn.ini
    C:\WINDOWS\system32\lvuxofif.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mmldmhdc.ini
    C:\WINDOWS\system32\nmgfaxkg.ini
    C:\WINDOWS\system32\nwxumhwo.ini
    C:\WINDOWS\system32\nyxnxoxk.dll
    C:\WINDOWS\system32\onununkq.ini
    C:\WINDOWS\system32\proilrsw.ini
    C:\WINDOWS\system32\pvlaphau.ini
    C:\WINDOWS\system32\qwlhqhqj.ini
    C:\WINDOWS\system32\rxyybrxt.ini
    C:\WINDOWS\system32\ttjfbjmt.ini
    C:\WINDOWS\system32\tuisykrj.ini
    C:\WINDOWS\system32\uaqtvjvo.ini
    C:\WINDOWS\system32\ufcogjpf.ini
    C:\WINDOWS\system32\vlujlbyh.ini
    C:\WINDOWS\system32\wuhyyjti.ini
    C:\WINDOWS\system32\xbdvxqok.ini
    C:\WINDOWS\system32\xfyikcvj.ini
    C:\WINDOWS\system32\xmpyymvf.ini
    C:\WINDOWS\system32\yjdntnbx.ini
    C:\xcrashdump.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-13 19:14 . 2008-10-13 19:14 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-12 16:15 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
    2008-10-12 16:15 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    2008-10-12 16:14 . 2008-10-12 16:15 <REP> d-------- C:\Program Files\iTunes
    2008-10-12 16:14 . 2008-10-12 16:14 <REP> d-------- C:\Program Files\iPod
    2008-10-12 16:14 . 2008-10-12 16:15 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-12 16:12 . 2008-10-12 16:12 <REP> d-------- C:\Program Files\Bonjour
    2008-10-12 13:48 . 2008-10-12 13:48 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-10-12 13:48 . 2008-10-12 13:48 <REP> d-------- C:\Program Files\Free
    2008-10-04 19:00 . 2008-10-05 23:17 <REP> d-------- C:\WINDOWS\SxsCaPendDel
    2008-10-04 13:21 . 2008-10-04 13:21 33,832 --a------ C:\WINDOWS\system32\evkfvkic.exe
    2008-10-04 13:16 . 2008-10-04 13:24 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-10-04 13:16 . 2008-10-04 13:16 33,832 --a------ C:\WINDOWS\system32\yncpazsd.exe
    2008-10-04 13:11 . 2008-10-04 13:11 33,832 --a------ C:\WINDOWS\system32\vhywquza.exe
    2008-10-04 13:11 . 2008-10-04 13:11 33,832 --a------ C:\WINDOWS\system32\pkolbgry.exe
    2008-10-04 13:07 . 2008-10-04 13:07 33,832 --a------ C:\WINDOWS\system32\zprtxyzw.exe
    2008-10-04 13:07 . 2008-10-04 13:07 33,832 --a------ C:\WINDOWS\system32\tjciqbgw.exe
    2008-10-04 13:06 . 2008-10-04 13:06 33,832 --a------ C:\WINDOWS\system32\ssgalbdi.exe
    2008-09-28 09:44 . 2008-09-28 09:44 122 ---hs---- C:\WINDOWS\system32\sbkonoqe.ini
    2008-09-26 12:29 . 2008-09-26 12:29 122 ---hs---- C:\WINDOWS\system32\djtqmhnv.ini
    2008-09-24 18:28 . 2008-09-24 18:28 13,036 -rahs---- C:\WINDOWS\system32\antinul.vbe
    2008-09-17 12:21 . 2008-09-17 12:21 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Soulseek

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-13 20:29 --------- d-----w C:\Program Files\Navilog1
    2008-10-13 16:36 --------- d-----w C:\Program Files\eMule
    2008-10-12 14:11 --------- d-----w C:\Program Files\QuickTime
    2008-10-12 14:11 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-10-11 13:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-11 13:42 --------- d-----w C:\Program Files\SAGEM
    2008-10-04 10:56 --------- d-----w C:\Program Files\Java
    2008-09-17 10:07 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-16 10:05 --------- d-----w C:\Program Files\Windows Live
    2008-09-16 08:37 --------- d-----w C:\Program Files\Azureus
    2008-09-08 10:55 --------- dc----w C:\Documents and Settings\Prodencio\Application Data\Azureus
    2008-08-27 22:24 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-08-26 18:42 --------- d-----w C:\Program Files\Soulseek-Test
    2008-08-22 22:45 --------- d-----w C:\Program Files\Apple Software Update
    2007-04-01 21:12 420 -c--a-w C:\Documents and Settings\Prodencio\Application Data\wklnhst.dat
    2007-01-12 19:11 10,240 --sha-w C:\WINDOWS\rnapxs\Rnapxs.dat
    2004-08-05 12:00 4,096 --sha-w C:\WINDOWS\system32\1112.dat
    2007-04-09 21:54 3,037,472 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2007-04-09 21:54 28,192 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-16 68856]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
    "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "EPSON Stylus C42 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-02-19 74240]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 122941]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-07-27 962661]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"= 0 (0x0)
    "DisableRegistryTools"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFolderOptions"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\wscript.exe C:\\WINDOWS\\system32\\antinul.vbe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.dvsd"= dvc.dll
    "VIDC.SP54"= SP5X_32.DLL
    "VIDC.SP55"= SP5X_32.DLL
    "VIDC.SP56"= SP5X_32.DLL
    "VIDC.SP57"= SP5X_32.DLL
    "VIDC.SP58"= SP5X_32.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192]
    S2 Ca536av;DigitalCam Pro Video Camera Device;C:\WINDOWS\system32\Drivers\Ca536av.sys [2004-05-22 517131]
    S3 Philipscam1;Caméra numérique Philips 645 ; Vidéo;C:\WINDOWS\system32\DRIVERS\philcam1.sys [ ]
    S3 USBCamera;DigitalCam Pro Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 11048]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13799ddf-6fe0-11db-9308-00904ba6b04c}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ca7de94-8046-11dd-9783-00904ba6b04c}]
    \Shell\AutoRun\command - E:\q83iwmgf.bat
    \Shell\explore\Command - E:\q83iwmgf.bat
    \Shell\open\Command - E:\q83iwmgf.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{310a049c-8bac-11db-934b-00904ba6b04c}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38efaecc-d7f7-11db-9417-00904ba6b04c}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e3234aa-15a9-11dc-949e-00904ba6b04c}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60026712-4a6a-11dc-9537-4d6564696130}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfd3b82a-6f6e-11db-9307-00904ba6b04c}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6628658-4cde-11dc-954b-4d6564696130}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34]

    2008-09-05 C:\WINDOWS\Tasks\Norton Security Scan.job
    - C:\Program Files\Norton Security Scan\Nss.exe []

    2008-10-13 C:\WINDOWS\Tasks\User_Feed_Synchronization-{80B250DC-8F7C-4AFD-9823-7AD79BE581E1}.job
    - C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 17:58]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-WINSOS VERIFY - C:\Program Files\WINSOS\WINSOS.EXE
    HKLM-Run-YSearchProtection - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    Notify-75b5e9e1448 - C:\WINDOWS\System32\compstui32.dll



    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-14 00:11:57
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?7?7?1??????? ???B?????????????hLC? ??????

    Recherche de fichiers cachés ...


    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\wscript.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\HPQ\shared\hpqwmi.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\update\update.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-14 0:27:23 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-13 22:26:18

    Avant-CF: 22 420 062 208 octets libres
    Après-CF: 22,438,055,936 octets libres

    590 --- E O F --- 2008-09-17 23:49:42
    14 Octobre 2008 21:10:28

    bonsoir

    1

    Télécharge Flash Disinfector
    Connectes tes supports amovibles sur ton PC. (lecteur mp3, DD externe, clé USB...)
    Connecte tous les périphériques externes ( DD , USB , ..... )
    Double clique sur Flash Disinfector et laisse toi guider


    2

    Copie (Ctrl+C) le texte ci-dessous :
    KILLALL::

    File::
    C:\WINDOWS\system32\evkfvkic.exe
    C:\WINDOWS\system32\yncpazsd.exe
    C:\WINDOWS\system32\vhywquza.exe
    C:\WINDOWS\system32\pkolbgry.exe
    C:\WINDOWS\system32\zprtxyzw.exe
    C:\WINDOWS\system32\tjciqbgw.exe
    C:\WINDOWS\system32\ssgalbdi.exe
    C:\WINDOWS\system32\sbkonoqe.ini
    C:\WINDOWS\system32\djtqmhnv.ini
    C:\WINDOWS\system32\antinul.vbe
    C:\WINDOWS\system32\1112.dat
    E:\q83iwmgf.bat
    C:\WINDOWS\Tasks\User_Feed_Synchronization-{80B250DC-8F7C-4AFD-9823-7AD79BE581E1}.job



    Folder::
    C:\WINDOWS\SxsCaPendDel
    C:\WINDOWS\rnapxs


    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"=""
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13799ddf-6fe0-11db-9308-00904ba6b04c}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ca7de94-8046-11dd-9783-00904ba6b04c}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{310a049c-8bac-11db-934b-00904ba6b04c}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38efaecc-d7f7-11db-9417-00904ba6b04c}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e3234aa-15a9-11dc-949e-00904ba6b04c}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60026712-4a6a-11dc-9537-4d6564696130}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfd3b82a-6f6e-11db-9307-00904ba6b04c}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6628658-4cde-11dc-954b-4d6564696130}]



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    3

    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\WINDOWS\system32\wscript.exe

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.


    4

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
    * Poste le rapport de scan.
    14 Octobre 2008 22:26:40

    bonsoir! voici le rapport:


    ComboFix 08-10-14.03 - Prodencio 2008-10-14 22:00:15.2 - NTFSx86
    Lancé depuis: C:\Documents and Settings\Prodencio\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\Prodencio\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\1112.dat
    C:\WINDOWS\system32\antinul.vbe
    C:\WINDOWS\system32\djtqmhnv.ini
    C:\WINDOWS\system32\evkfvkic.exe
    C:\WINDOWS\system32\pkolbgry.exe
    C:\WINDOWS\system32\sbkonoqe.ini
    C:\WINDOWS\system32\ssgalbdi.exe
    C:\WINDOWS\system32\tjciqbgw.exe
    C:\WINDOWS\system32\vhywquza.exe
    C:\WINDOWS\system32\yncpazsd.exe
    C:\WINDOWS\system32\zprtxyzw.exe
    C:\WINDOWS\Tasks\User_Feed_Synchronization-{80B250DC-8F7C-4AFD-9823-7AD79BE581E1}.job
    E:\q83iwmgf.bat
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\rnapxs
    C:\WINDOWS\rnapxs\Rnapxs.dat
    C:\WINDOWS\SxsCaPendDel
    C:\WINDOWS\system32\1112.dat
    C:\WINDOWS\system32\antinul.vbe
    C:\WINDOWS\system32\djtqmhnv.ini
    C:\WINDOWS\system32\evkfvkic.exe
    C:\WINDOWS\system32\pkolbgry.exe
    C:\WINDOWS\system32\sbkonoqe.ini
    C:\WINDOWS\system32\ssgalbdi.exe
    C:\WINDOWS\system32\tjciqbgw.exe
    C:\WINDOWS\system32\vhywquza.exe
    C:\WINDOWS\system32\yncpazsd.exe
    C:\WINDOWS\system32\zprtxyzw.exe
    C:\WINDOWS\Tasks\User_Feed_Synchronization-{80B250DC-8F7C-4AFD-9823-7AD79BE581E1}.job
    D:\autorun.inf
    E:\autorun.inf . . . . impossible à supprimer

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-14 13:46 . 2008-10-14 13:47 <REP> d----c--- C:\Documents and Settings\Prodencio\Application Data\vlc
    2008-10-14 11:15 . 2008-10-14 11:15 <REP> d-------- C:\WINDOWS\system32\fr
    2008-10-14 11:15 . 2008-10-14 11:16 <REP> d-------- C:\WINDOWS\l2schemas
    2008-10-14 11:08 . 2008-10-14 11:17 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-10-14 10:50 . 2008-10-14 10:50 <REP> d-------- C:\WINDOWS\EHome
    2008-10-14 01:20 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
    2008-10-14 01:20 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
    2008-10-14 01:20 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
    2008-10-14 01:20 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
    2008-10-13 19:14 . 2008-10-13 19:14 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-12 16:15 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
    2008-10-12 16:15 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    2008-10-12 16:14 . 2008-10-12 16:15 <REP> d-------- C:\Program Files\iTunes
    2008-10-12 16:14 . 2008-10-12 16:14 <REP> d-------- C:\Program Files\iPod
    2008-10-12 16:14 . 2008-10-12 16:15 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-12 16:12 . 2008-10-12 16:12 <REP> d-------- C:\Program Files\Bonjour
    2008-10-12 13:48 . 2008-10-12 13:48 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-10-12 13:48 . 2008-10-12 13:48 <REP> d-------- C:\Program Files\Free
    2008-09-17 12:21 . 2008-09-17 12:21 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Soulseek
    2008-09-16 12:30 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-09-16 12:30 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-09-16 12:22 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-09-16 12:19 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-14 16:31 --------- d-----w C:\Program Files\eMule
    2008-10-13 20:29 --------- d-----w C:\Program Files\Navilog1
    2008-10-12 14:11 --------- d-----w C:\Program Files\QuickTime
    2008-10-12 14:11 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-10-11 13:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-11 13:42 --------- d-----w C:\Program Files\SAGEM
    2008-10-04 10:56 --------- d-----w C:\Program Files\Java
    2008-09-17 10:07 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-16 10:05 --------- d-----w C:\Program Files\Windows Live
    2008-09-16 08:37 --------- d-----w C:\Program Files\Azureus
    2008-09-08 10:55 --------- dc----w C:\Documents and Settings\Prodencio\Application Data\Azureus
    2008-08-27 22:24 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-08-26 18:42 --------- d-----w C:\Program Files\Soulseek-Test
    2008-08-22 22:45 --------- d-----w C:\Program Files\Apple Software Update
    2007-04-01 21:12 420 -c--a-w C:\Documents and Settings\Prodencio\Application Data\wklnhst.dat
    2007-04-09 21:54 3,037,472 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2007-04-09 21:54 28,192 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-14_ 0.25.41.90 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-05-08 12:14:51 203,008 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP2QFE\rmcast.sys
    + 2008-05-08 14:02:52 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3GDR\rmcast.sys
    + 2008-05-08 13:58:17 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys
    + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\updspapi.dll
    + 2008-07-07 20:18:27 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
    + 2008-07-07 20:28:20 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
    + 2008-07-07 20:24:11 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
    + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
    + 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
    + 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
    + 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
    + 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
    + 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
    + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
    + 2008-06-14 18:03:13 272,768 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
    + 2008-06-14 17:33:37 272,768 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
    + 2008-06-14 17:40:19 272,768 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
    + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll
    + 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
    + 2007-11-30 11:19:10 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll
    + 2008-05-07 04:55:47 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
    + 2008-05-07 05:11:24 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
    + 2008-05-07 05:04:59 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
    + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
    + 2006-08-16 12:13:24 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
    + 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
    + 2008-06-20 17:37:01 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
    + 2008-06-20 17:37:01 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    + 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    + 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
    + 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
    + 2008-06-20 17:47:22 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
    + 2008-06-20 17:47:22 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    + 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    + 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
    + 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
    + 2008-06-20 17:44:02 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
    + 2008-06-20 17:44:02 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    + 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    + 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
    + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
    + 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
    + 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
    + 2008-06-24 16:30:27 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
    + 2008-06-24 16:44:02 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
    + 2008-06-24 16:53:52 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
    + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
    + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
    + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
    + 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\$NtUninstallKB950762_0$\rmcast.sys
    + 2007-11-30 12:39:29 234,872 -c----w C:\WINDOWS\$NtUninstallKB950762_0$\spuninst\spuninst.exe
    + 2007-11-30 12:39:31 406,392 -c----w C:\WINDOWS\$NtUninstallKB950762_0$\spuninst\updspapi.dll
    + 2007-11-30 11:19:06 234,872 -c----w C:\WINDOWS\$NtUninstallKB951376-v2_0$\spuninst\spuninst.exe
    + 2007-11-30 11:19:10 406,392 -c----w C:\WINDOWS\$NtUninstallKB951376-v2_0$\spuninst\updspapi.dll
    + 2007-10-29 22:43:32 1,293,824 -c----w C:\WINDOWS\$NtUninstallKB951698_0$\quartz.dll
    + 2007-11-30 11:19:06 234,872 -c----w C:\WINDOWS\$NtUninstallKB951698_0$\spuninst\spuninst.exe
    + 2007-11-30 12:39:31 406,392 -c----w C:\WINDOWS\$NtUninstallKB951698_0$\spuninst\updspapi.dll
    - 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
    + 2008-04-14 02:33:18 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
    - 2004-08-05 12:00:00 1,852,416 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
    + 2008-04-14 02:33:18 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
    - 2004-08-05 12:00:00 450,048 -c--a-w C:\WINDOWS\AppPatch\AcLayers.dll
    + 2008-04-14 02:33:18 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
    - 2004-08-05 12:00:00 137,728 -c--a-w C:\WINDOWS\AppPatch\AcLua.dll
    + 2008-04-14 02:33:18 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
    - 2004-08-05 12:00:00 244,736 -c--a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
    + 2008-04-14 02:33:18 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
    - 2004-08-05 12:00:00 116,224 -c--a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
    + 2008-04-14 02:33:18 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
    - 2006-10-16 12:47:51 997,992 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
    + 2008-10-13 23:36:01 1,000,848 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
    - 2006-10-16 12:47:52 1,100,392 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
    + 2008-10-13 23:37:57 1,103,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
    - 2006-10-16 12:47:52 141,928 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
    + 2008-10-13 23:37:58 144,784 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
    - 2006-10-16 13:06:50 88,776 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
    + 2008-10-13 23:38:04 91,488 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
    - 2006-10-16 13:06:50 101,064 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
    + 2008-10-13 23:38:03 103,776 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
    - 2006-10-16 12:47:53 408,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
    + 2008-10-13 23:38:14 411,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
    - 2006-10-16 12:47:53 35,448 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
    + 2008-10-13 23:38:12 38,304 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
    - 2006-10-16 12:47:52 461,416 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
    + 2008-10-13 23:37:32 464,272 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
    - 2006-10-16 12:47:53 223,856 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
    + 2008-10-13 23:38:18 226,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
    - 2006-10-16 12:47:53 211,568 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
    + 2008-10-13 23:38:19 214,424 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
    - 2006-10-16 12:47:52 20,080 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
    + 2008-10-13 23:37:41 22,928 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
    - 2006-10-16 12:47:53 662,120 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
    + 2008-10-13 23:38:27 664,968 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
    - 2006-10-16 12:47:52 371,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
    + 2008-10-13 23:37:39 374,152 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
    - 2006-10-16 12:47:53 64,088 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
    + 2008-10-13 23:36:31 66,936 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
    - 2006-10-16 12:47:53 223,800 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
    + 2008-10-13 23:36:11 226,656 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
    + 2008-06-14 17:33:37 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
    - 2007-06-13 13:22:28 1,037,312 ----a-w C:\WINDOWS\explorer.exe
    + 2008-04-14 02:34:03 1,037,824 ----a-w C:\WINDOWS\explorer.exe
    - 2004-08-05 12:00:00 34,816 -c--a-w C:\WINDOWS\Help\sniffpol.dll
    + 2008-04-14 02:33:41 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
    - 2004-08-05 12:00:00 33,280 -c--a-w C:\WINDOWS\Help\sstub.dll
    + 2008-04-14 02:33:46 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
    - 2004-08-05 12:00:00 279,040 -c--a-w C:\WINDOWS\Help\tshoot.dll
    + 2008-04-14 02:33:46 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
    - 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
    + 2008-04-14 02:34:06 10,752 ----a-w C:\WINDOWS\hh.exe
    + 2008-03-01 12:58:06 124,928 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
    + 2008-03-01 12:58:06 347,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
    + 2008-03-01 12:58:06 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
    + 2008-03-01 12:58:06 133,120 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
    + 2008-03-01 12:58:06 63,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
    + 2008-02-29 08:56:41 70,656 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
    + 2008-03-01 12:58:06 153,088 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
    + 2008-03-01 12:58:06 230,400 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
    + 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
    + 2008-03-01 12:58:07 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
    + 2008-03-01 12:58:07 384,512 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
    + 2008-03-01 12:58:08 6,066,176 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
    + 2008-03-01 12:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
    + 2008-03-01 12:58:08 267,776 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
    + 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
    + 2008-02-29 08:57:05 625,664 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
    + 2008-03-01 12:58:08 27,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
    + 2008-03-01 12:58:08 459,264 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
    + 2008-03-01 12:58:08 52,224 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
    + 2008-03-01 16:28:10 3,591,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
    + 2008-03-01 12:58:09 478,208 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
    + 2008-03-01 12:58:10 193,024 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
    + 2008-03-01 12:58:10 671,232 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
    + 2008-03-01 12:58:10 102,912 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
    + 2008-03-01 12:58:10 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
    + 2008-03-01 12:58:10 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
    + 2008-03-01 12:58:10 1,159,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
    + 2008-03-01 12:58:11 233,472 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
    + 2008-03-01 12:58:11 826,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
    - 2004-08-05 12:00:00 175,104 -c--a-w C:\WINDOWS\ime\CHSIME\APPLETS\PINTLCSA.DLL
    + 2008-04-14 02:32:16 175,104 ----a-w C:\WINDOWS\ime\CHSIME\APPLETS\pintlcsa.dll
    - 2004-08-05 12:00:00 53,760 -c--a-w C:\WINDOWS\ime\CHSIME\APPLETS\PINTLCSD.DLL
    + 2008-04-14 02:32:16 53,760 ----a-w C:\WINDOWS\ime\CHSIME\APPLETS\pintlcsd.dll
    - 2004-08-05 12:00:00 97,792 -c--a-w C:\WINDOWS\ime\CHTIME\Applets\CHTMBX.DLL
    + 2008-04-14 02:31:03 97,792 ----a-w C:\WINDOWS\ime\CHTIME\Applets\chtmbx.dll
    - 2004-08-05 12:00:00 56,320 -c--a-w C:\WINDOWS\ime\CHTIME\Applets\CHTSKDIC.DLL
    + 2008-04-14 02:31:03 56,320 ----a-w C:\WINDOWS\ime\CHTIME\Applets\chtskdic.dll
    - 2004-08-05 12:00:00 173,568 -c--a-w C:\WINDOWS\ime\CHTIME\Applets\CHTSKF.DLL
    + 2008-04-14 02:31:03 173,568 ----a-w C:\WINDOWS\ime\CHTIME\Applets\chtskf.dll
    - 2004-08-05 12:00:00 13,463,552 -c--a-w C:\WINDOWS\ime\IMJP8_1\APPLETS\hwxjpn.dll
    + 2008-04-14 02:31:30 13,463,552 ----a-w C:\WINDOWS\ime\IMJP8_1\APPLETS\hwxjpn.dll
    - 2004-08-05 12:00:00 315,452 -c--a-w C:\WINDOWS\ime\IMJP8_1\APPLETS\imskf.dll
    + 2008-04-14 02:31:34 315,455 ----a-w C:\WINDOWS\ime\IMJP8_1\APPLETS\imskf.dll
    - 2004-08-05 12:00:00 426,041 -c--a-w C:\WINDOWS\ime\IMJP8_1\APPLETS\voicepad.dll
    + 2008-04-14 02:32:46 426,041 ----a-w C:\WINDOWS\ime\IMJP8_1\APPLETS\voicepad.dll
    - 2004-08-05 12:00:00 86,073 -c--a-w C:\WINDOWS\ime\IMJP8_1\APPLETS\voicesub.dll
    + 2008-04-14 02:32:46 86,073 ----a-w C:\WINDOWS\ime\IMJP8_1\APPLETS\voicesub.dll
    - 2004-08-05 12:00:00 368,696 -c--a-w C:\WINDOWS\ime\IMJP8_1\imjpcic.dll
    + 2008-04-14 02:31:33 368,696 ----a-w C:\WINDOWS\ime\IMJP8_1\imjpcic.dll
    - 2004-08-05 12:00:00 716,856 -c--a-w C:\WINDOWS\ime\IMJP8_1\imjpcus.dll
    + 2008-04-14 02:31:33 716,856 ----a-w C:\WINDOWS\ime\IMJP8_1\imjpcus.dll
    - 2004-08-05 12:00:00 81,976 -c--a-w C:\WINDOWS\ime\IMJP8_1\imjpdct.dll
    + 2008-04-14 02:31:33 81,976 ----a-w C:\WINDOWS\ime\IMJP8_1\imjpdct.dll
    - 2004-08-05 12:00:00 274,489 -c--a-w C:\WINDOWS\ime\IMJP8_1\imjputyc.dll
    + 2008-04-14 02:31:34 274,489 ----a-w C:\WINDOWS\ime\IMJP8_1\imjputyc.dll
    - 2004-08-05 12:00:00 86,016 -c--a-w C:\WINDOWS\ime\IMKR6_1\Applets\imekrmbx.dll
    + 2008-04-14 02:31:33 86,016 ----a-w C:\WINDOWS\ime\IMKR6_1\Applets\imekrmbx.dll
    - 2004-08-05 12:00:00 106,496 ----a-w C:\WINDOWS\ime\IMKR6_1\imekrcic.dll
    + 2008-04-14 02:31:33 106,496 ----a-w C:\WINDOWS\ime\IMKR6_1\imekrcic.dll
    - 2004-08-05 12:00:00 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll
    + 2008-04-14 02:33:30 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll
    - 2004-08-05 12:00:00 102,456 -c--a-w C:\WINDOWS\ime\SHARED\imlang.dll
    + 2008-04-14 02:31:34 102,456 ----a-w C:\WINDOWS\ime\SHARED\imlang.dll
    - 2004-08-05 12:00:00 15,872 -c--a-w C:\WINDOWS\ime\SHARED\RES\PADRS404.DLL
    + 2008-04-14 02:32:16 15,872 ----a-w C:\WINDOWS\ime\SHARED\RES\padrs404.dll
    - 2004-08-05 12:00:00 15,360 -c--a-w C:\WINDOWS\ime\SHARED\RES\padrs804.dll
    + 2008-04-14 02:32:16 15,360 ----a-w C:\WINDOWS\ime\SHARED\RES\padrs804.dll
    - 2004-08-05 12:00:00 130,048 ----a-w C:\WINDOWS\ime\SOFTKBD.DLL
    + 2008-04-14 02:33:41 130,048 ----a-w C:\WINDOWS\ime\softkbd.dll
    - 2004-08-05 12:00:00 62,976 -c--a-w C:\WINDOWS\ime\SPGRMR.dll
    + 2008-04-13 16:43:18 62,976 ----a-w C:\WINDOWS\ime\spgrmr.dll
    - 2004-08-05 12:00:00 272,384 ----a-w C:\WINDOWS\ime\SPTIP.dll
    + 2008-04-14 02:33:46 272,384 ----a-w C:\WINDOWS\ime\sptip.dll
    + 2006-10-16 12:47:51 997,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\ACCESS.DLL
    + 2003-07-15 04:57:34 38,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
    + 2003-07-15 04:53:06 94,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\AW.DLL
    + 2003-07-14 20:53:22 46,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
    + 2003-07-15 04:56:54 14,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
    + 2003-07-15 04:57:14 98,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
    + 2006-10-16 12:47:52 1,100,392 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\EXCELPIA.DLL
    + 2003-07-15 04:41:44 13,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
    + 2002-10-07 15:49:36 192,573 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\FORM.DLL
    + 2006-10-16 12:47:52 371,296 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\FORMSPIA.DLL
    + 2003-07-15 04:40:12 179,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
    + 2006-10-16 12:47:52 141,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\GRAPHPIA.DLL
    + 2003-07-15 04:45:14 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\INLAUNCH.DLL
    + 2003-06-18 23:31:10 252,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
    + 2003-07-15 04:57:14 124,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL
    + 2003-07-15 05:12:22 47,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL
    + 2003-07-15 04:56:14 40,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSE7.EXE
    + 2003-07-15 04:51:44 87,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
    + 2003-07-15 04:52:52 17,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
    + 2003-07-14 20:57:16 120,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
    + 2003-07-15 04:52:52 27,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
    + 2003-07-15 04:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
    + 2003-07-15 04:56:16 54,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL
    + 2003-07-11 08:15:48 1,292,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
    + 2003-07-15 09:18:52 376,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
    + 2003-07-14 20:52:54 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
    + 2003-07-15 04:52:52 35,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
    + 2003-07-15 04:53:00 55,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSOSVABW.DLL
    + 2003-07-15 04:53:20 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
    + 2003-07-15 04:46:16 42,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
    + 2003-07-15 04:45:12 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
    + 2003-07-15 04:45:12 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
    + 2003-06-18 23:31:54 788,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL
    + 2003-06-18 23:31:50 16,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
    + 2003-06-19 22:05:52 128,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE
    + 2003-06-19 22:05:50 364,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
    + 2003-07-15 05:02:42 637,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE
    + 2003-07-15 04:52:58 41,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
    + 2006-10-16 12:47:52 20,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSTAGPIA.DLL
    + 2003-07-15 05:00:54 145,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
    + 2003-07-15 04:57:10 56,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\NAME.DLL
    + 2003-07-15 04:56:52 13,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
    + 2003-06-18 23:31:58 6,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL
    + 2006-10-16 12:47:53 223,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
    + 2003-07-15 09:14:26 242,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
    + 2006-10-16 12:47:53 35,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OLCTLPIA.DLL
    + 2003-07-15 05:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
    + 2003-07-15 05:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL_0002
    + 2003-07-15 04:44:34 102,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
    + 2006-10-16 12:47:53 408,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OUTLPIA.DLL
    + 2003-07-15 04:43:16 49,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
    + 2006-10-16 12:47:52 461,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OWC11PIA.DLL
    + 2003-07-15 09:18:44 93,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
    + 2006-10-16 12:47:53 223,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\PPTPIA.DLL
    + 2002-10-07 16:11:00 167,997 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\PSOM.DLL
    + 2006-10-16 12:47:53 211,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\PUBPIA.DLL
    + 2003-07-15 04:40:16 51,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL
    + 2003-05-09 03:54:00 77,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
    + 2003-07-15 04:57:08 40,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
    + 2002-10-07 15:49:42 81,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL
    + 2003-07-21 17:46:38 390,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
    + 2003-07-15 04:57:18 349,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE
    + 2003-07-15 04:44:16 66,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
    + 2003-07-14 20:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
    + 2003-07-15 04:53:14 11,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
    + 2002-10-07 15:53:04 106,561 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL
    + 2002-10-07 15:50:44 241,729 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL
    + 2002-10-07 15:51:04 180,289 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL
    + 2002-10-07 15:51:14 147,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL
    + 2002-10-07 15:51:20 102,467 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL
    + 2002-10-07 15:50:04 118,847 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL
    + 2002-10-07 15:49:56 81,983 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL
    + 2002-10-07 15:51:44 221,252 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL
    + 2003-07-15 04:57:40 59,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE
    + 2006-10-16 12:47:53 64,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
    + 2006-10-16 12:47:53 662,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\WORDPIA.DLL
    + 2002-10-07 16:03:34 1,794,113 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL
    + 2003-04-30 17:52:32 1,581,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL
    + 2003-01-17 20:03:34 59,466 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT
    + 2007-03-22 17:07:56 91,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
    + 2001-06-05 14:13:22 289,926 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT
    + 2001-06-05 14:13:22 34,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT
    + 2007-04-19 12:09:30 167,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
    + 2007-04-19 11:53:52 127,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
    + 2001-06-05 14:13:24 18,844 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\JFONT.DAT
    + 2001-06-05 14:13:26 65,536 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT
    + 2005-02-04 00:59:20 346,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\METCONV.DLL
    + 2005-05-04 07:06:27 465,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
    + 2005-05-04 07:06:30 1,411,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
    + 2005-05-04 07:06:24 199,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
    + 2001-10-23 06:13:42 53,260 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT
    + 2001-06-05 14:13:26 40,972 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT
    + 2007-04-19 11:53:44 106,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
    + 2007-05-31 11:35:22 6,420,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
    + 2007-03-22 17:07:10 41,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
    + 2007-03-22 17:07:54 78,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
    + 2007-03-22 17:22:02 103,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
    - 2008-05-19 02:31:43 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2008-10-14 07:39:30 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
    - 2008-05-19 02:31:43 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2008-10-14 07:39:30 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2008-05-19 02:31:43 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2008-10-14 07:39:30 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2008-05-19 02:31:42 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2008-10-14 07:39:30 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2008-05-19 02:31:43 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2008-10-14 07:39:30 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2008-05-19 02:31:43 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2008-10-14 07:39:30 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2008-05-19 02:31:44 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2008-10-14 07:39:30 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2008-05-19 02:31:44 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2008-10-14 07:39:30 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2008-05-19 02:31:43 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2008-10-14 07:39:30 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2008-05-19 02:31:42 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2008-10-14 07:39:30 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2008-05-19 02:31:44 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2008-10-14 07:39:30 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2008-05-19 02:31:42 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2008-10-14 07:39:30 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2008-05-19 02:31:42 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2008-10-14 07:39:30 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2008-09-16 10:26:46 29,926 ----a-r C:\WINDOWS\Installer\{BADF6744-3787-48F6-B8C9-4C4995401D65}\MsblIco.Exe
    + 2008-10-14 10:14:49 29,926 ----a-r C:\WINDOWS\Installer\{BADF6744-3787-48F6-B8C9-4C4995401D65}\MsblIco.Exe
    + 2008-01-18 15:13:09 2,247 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscdsbl.bat
    + 2007-12-12 10:33:51 18,917 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscinst.vbs
    + 2007-10-30 10:06:46 13,801 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscuinst.vbs
    + 2008-04-14 02:33:06 25,600 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscupdc.dll
    - 2004-08-05 12:00:00 24,064 -c--a-w C:\WINDOWS\msagent\agentanm.dll
    + 2008-04-14 02:33:18 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll
    - 2004-08-05 12:00:00 214,016 -c--a-w C:\WINDOWS\msagent\agentctl.dll
    + 2008-04-14 02:33:18 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll
    - 2006-10-12 13:55:58 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
    + 2008-04-14 02:33:18 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
    - 2007-03-09 14:00:38 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
    + 2008-04-14 02:33:18 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
    - 2004-08-05 12:00:00 49,152 -c--a-w C:\WINDOWS\msagent\agentmpx.dll
    + 2008-04-14 02:33:18 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll
    - 2004-08-05 12:00:00 24,064 -c--a-w C:\WINDOWS\msagent\agentpsh.dll
    + 2008-04-14 02:33:18 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll
    - 2004-08-05 12:00:00 44,032 -c--a-w C:\WINDOWS\msagent\agentsr.dll
    + 2008-04-14 02:33:18 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll
    - 2006-10-12 11:54:07 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
    + 2008-04-14 02:33:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
    - 2004-08-05 12:00:00 24,064 -c--a-w C:\WINDOWS\msagent\agtintl.dll
    + 2008-04-14 02:33:19 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll
    - 2004-08-05 12:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0401.dll
    + 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0401.dll
    - 2004-08-05 12:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0404.dll
    + 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0404.dll
    - 2004-08-05 12:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0405.dll
    + 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0405.dll
    - 2004-08-05 12:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0406.dll
    + 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0406.dll
    - 2004-08-05 12:00:00 21,504 -c--a-w C:\WINDOWS\msagent\intl\agt0407.dll
    + 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt0407.dll
    - 2004-08-05 12:00:00 22,016 -c--a-w C:\WINDOWS\msagent\intl\agt0408.dll
    + 2007-04-02 18:26:00 22,016 ----a-w C:\WINDOWS\msagent\intl\agt0408.dll
    - 2004-08-05 12:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0409.dll
    + 2008-04-13 17:32:28 19,968 ----a-w C:\WINDOWS\msagent\intl\agt0409.dll
    - 2004-08-05 12:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt040b.dll
    + 2007-04-02 18:26:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040b.dll
    - 2004-08-05 12:00:00 21,504 -c--a-w C:\WINDOWS\msagent\intl\agt040c.dll
    + 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt040c.dll
    - 2004-08-05 12:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt040d.dll
    + 2007-04-02 18:26:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040d.dll
    - 2004-08-05 12:00:00 19,968 -c--a-w C:\WINDOWS\msagent\intl\agt040e.dll
    + 2007-04-02 18:26:00 19,968 ----a-w C:\WINDOWS\msagent\intl\agt040e.dll
    - 2004-08-05 12:00:00 20,992 -c--a-w C:\WINDOWS\msagent\intl\agt0410.dll
    + 2007-04-02 18:26:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0410.dll
    - 2004-08-05 12:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0411.dll
    + 2007-04-02 18:26:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0411.dll
    - 2004-08-05 12:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0412.dll
    + 2007-04-02 18:26:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0412.dll
    - 2004-08-05 12:00:00 20,992 -c--a-w C:\WINDOWS\msagent\intl\agt0413.dll
    + 2007-04-02 18:26:01 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0413.dll
    - 2004-08-05 12:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0414.dll
    + 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0414.dll
    - 2004-08-05 12:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0415.dll
    + 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0415.dll
    - 2004-08-05 12:00:00 20,480 -c--a-w C:\WINDOWS\msagent\intl\agt0416.dll
    + 2007-04-02 18:26:01 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0416.dll
    - 2004-08-05 12:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0419.dll
    + 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0419.dll
    - 2004-08-05 12:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt041d.dll
    + 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041d.dll
    - 2004-08-05 12:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt041f.dll
    + 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041f.dll
    - 2004-08-05 12:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0804.dll
    + 2007-04-02 18:26:02 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0804.dll
    - 2004-08-05 12:00:00 20,992 -c--a-w C:\WINDOWS\msagent\intl\agt0816.dll
    + 2007-04-02 18:26:02 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0816.dll
    - 2004-08-05 12:00:00 20,480 -c--a-w C:\WINDOWS\msagent\intl\agt0c0a.dll
    + 2007-04-02 18:26:02 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0c0a.dll
    - 2004-08-05 12:00:00 39,936 -c--a-w C:\WINDOWS\msagent\mslwvtts.dll
    + 2008-04-14 02:33:32 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll
    - 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
    + 2008-04-14 02:33:22 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
    - 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
    + 2008-04-13 18:53:32 558,080 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
    - 2004-08-05 12:00:00 70,656 ----a-w C:\WINDOWS\NOTEPAD.EXE
    + 2008-04-14 02:34:15 70,656 ----a-w C:\WINDOWS\notepad.exe
    - 2004-08-05 12:00:00 768,512 -c--a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
    + 2008-04-14 02:34:06 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
    - 2004-08-05 12:00:00 743,936 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
    + 2008-04-14 02:34:06 744,448 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
    - 2004-08-05 12:00:00 18,944 -c--a-w C:\WINDOWS\pchealth\helpctr\binaries\HscUpd.exe
    + 2008-04-14 02:34:06 18,432 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe
    - 2004-08-05 12:00:00 160,768 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
    + 2008-04-14 02:34:12 172,544 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
    - 2004-08-05 12:00:00 381,952 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll
    + 2008-04-14 02:33:32 382,464 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll
    - 2004-08-05 12:00:00 102,400 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchshell.dll
    + 2008-04-14 02:33:38 102,912 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchshell.dll
    - 2004-08-05 12:00:00 38,912 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
    + 2008-04-14 02:33:38 38,400 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
    - 2006-09-21 08:40:30 79,431 -c--a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
    + 2008-10-14 09:20:09 79,431 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
    - 2006-09-21 08:40:30 5,034 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
    + 2008-10-14 09:20:09 5,340 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
    - 2004-08-05 12:00:00 151,040 -c--a-w C:\WINDOWS\pchealth\UploadLB\Binaries\UploadM.exe
    + 2008-04-14 02:34:26 151,040 ----a-w C:\WINDOWS\pchealth\UploadLB\Binaries\uploadm.exe
    - 2004-08-05 12:00:00 151,552 -c--a-w C:\WINDOWS\PeerNet\sqldb20.dll
    + 2008-04-14 02:33:46 151,552 ----a-w C:\WINDOWS\PeerNet\sqldb20.dll
    - 2004-08-05 12:00:00 462,848 -c--a-w C:\WINDOWS\PeerNet\sqlqp20.dll
    + 2008-04-14 02:33:46 462,848 ----a-w C:\WINDOWS\PeerNet\sqlqp20.dll
    - 2004-08-05 12:00:00 110,592 -c--a-w C:\WINDOWS\PeerNet\sqlse20.dll
    + 2008-04-14 02:33:46 110,592 ----a-w C:\WINDOWS\PeerNet\sqlse20.dll
    - 2004-08-05 12:00:00 153,088 ----a-w C:\WINDOWS\regedit.exe
    + 2008-04-14 02:34:19 153,088 ----a-w C:\WINDOWS\regedit.exe
    + 2008-04-13 18:46:18 53,376 ------w C:\WINDOWS\ServicePackFiles\i386\1394bus.sys
    + 2008-04-13 18:40:50 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\4mmdat.sys
    + 2008-04-13 18:46:20 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\61883.sys
    + 2008-04-14 02:33:18 100,352 ------w C:\WINDOWS\ServicePackFiles\i386\6to4svc.dll
    + 2008-04-14 02:33:18 136,192 ------w C:\WINDOWS\ServicePackFiles\i386\aaclient.dll
    + 2004-08-03 20:32:22 231,552 ------w C:\WINDOWS\ServicePackFiles\i386\ac97ali.sys
    + 2004-08-03 20:32:32 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\ac97via.sys
    + 2008-04-14 02:33:18 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\acadproc.dll
    + 2008-04-14 02:33:53 190,464 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe
    + 2008-04-14 02:33:18 1,852,928 ------w C:\WINDOWS\ServicePackFiles\i386\acgenral.dll
    + 2008-04-14 02:33:18 451,072 ------w C:\WINDOWS\ServicePackFiles\i386\aclayers.dll
    + 2008-04-14 02:33:18 141,312 ------w C:\WINDOWS\ServicePackFiles\i386\aclua.dll
    + 2008-04-14 02:33:18 120,320 ------w C:\WINDOWS\ServicePackFiles\i386\aclui.dll
    + 2008-04-14 01:52:42 188,672 ------w C:\WINDOWS\ServicePackFiles\i386\acpi.sys
    + 2008-04-14 02:33:18 245,248 ------w C:\WINDOWS\ServicePackFiles\i386\acspecfc.dll
    + 2008-04-14 02:33:18 193,536 ------w C:\WINDOWS\ServicePackFiles\i386\activeds.dll
    + 2008-04-14 02:33:53 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe
    + 2008-04-14 02:33:18 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\actxprxy.dll
    + 2008-04-14 02:33:18 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\acxtrnal.dll
    + 2008-04-14 02:33:18 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\admin.dll
    + 2008-04-14 02:33:53 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe
    + 2004-08-03 20:32:24 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\admjoy.sys
    + 2008-04-14 02:33:18 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\admparse.dll
    + 2008-04-14 02:33:18 175,616 ------w C:\WINDOWS\ServicePackFiles\i386\adsldp.dll
    + 2008-04-14 02:33:18 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\adsldpc.dll
    + 2008-04-14 02:33:18 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\adsmsext.dll
    + 2008-04-14 02:33:18 263,680 ------w C:\WINDOWS\ServicePackFiles\i386\adsnt.dll
    + 2008-04-14 02:33:18 4,255 ------w C:\WINDOWS\ServicePackFiles\i386\adv01nt5.dll
    + 2008-04-14 02:33:18 3,967 ------w C:\WINDOWS\ServicePackFiles\i386\adv02nt5.dll
    + 2008-04-14 02:33:18 3,615 ------w C:\WINDOWS\ServicePackFiles\i386\adv05nt5.dll
    + 2008-04-14 02:33:18 3,647 ------w C:\WINDOWS\ServicePackFiles\i386\adv07nt5.dll
    + 2008-04-14 02:33:18 3,135 ------w C:\WINDOWS\ServicePackFiles\i386\adv08nt5.dll
    + 2008-04-14 02:33:18 3,711 ------w C:\WINDOWS\ServicePackFiles\i386\adv09nt5.dll
    + 2008-04-14 02:33:18 3,775 ------w C:\WINDOWS\ServicePackFiles\i386\adv11nt5.dll
    + 2008-04-14 02:33:18 685,568 ------w C:\WINDOWS\ServicePackFiles\i386\advapi32.dll
    + 2008-04-14 02:33:18 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\advpack.dll
    + 2008-04-13 16:39:23 142,592 ------w C:\WINDOWS\ServicePackFiles\i386\aec.sys
    + 2008-04-13 19:19:23 138,112 ------w C:\WINDOWS\ServicePackFiles\i386\afd.sys
    + 2008-04-14 02:33:18 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentanm.dll
    + 2008-04-14 02:33:18 214,016 ------w C:\WINDOWS\ServicePackFiles\i386\agentctl.dll
    + 2008-04-14 02:33:18 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\agentdp2.dll
    + 2008-04-14 02:33:18 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\agentdpv.dll
    + 2008-04-14 02:33:18 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\agentmpx.dll
    + 2008-04-14 02:33:18 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentpsh.dll
    + 2008-04-14 02:33:18 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\agentsr.dll
    + 2008-04-14 02:33:53 256,512 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe
    + 2008-04-13 18:36:38 42,368 ------w C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    + 2008-04-13 18:36:39 44,928 ------w C:\WINDOWS\ServicePackFiles\i386\agpcpq.sys
    + 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0401.dll
    + 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0404.dll
    + 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0405.dll
    + 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0406.dll
    + 2007-04-02 18:26:00 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\agt0407.dll
    + 2007-04-02 18:26:00 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\agt0408.dll
    + 2008-04-13 17:32:28 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\agt0409.dll
    + 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt040b.dll
    + 2007-04-02 18:26:00 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\agt040c.dll
    + 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt040d.dll
    + 2007-04-02 18:26:00 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\agt040e.dll
    + 2007-04-02 18:26:00 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0410.dll
    + 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0411.dll
    + 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0412.dll
    + 2007-04-02 18:26:01 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0413.dll
    + 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0414.dll
    + 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0415.dll
    + 2007-04-02 18:26:01 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\agt0416.dll
    + 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0419.dll
    + 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt041d.dll
    + 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt041f.dll
    + 2007-04-02 18:26:02 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0804.dll
    + 2007-04-02 18:26:02 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0816.dll
    + 2007-04-02 18:26:02 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\agt0c0a.dll
    + 2008-04-14 02:33:19 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agtintl.dll
    + 2008-04-14 02:33:53 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
    + 2008-04-14 02:33:53 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe
    + 2008-04-13 18:36:38 42,752 ------w C:\WINDOWS\ServicePackFiles\i386\alim1541.sys
    + 2008-04-14 02:33:19 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\alrsvc.dll
    + 2008-04-13 18:36:39 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\amdagp.sys
    + 2008-04-14 01:54:28 41,472 ------w C:\WINDOWS\ServicePackFiles\i386\amdk6.sys
    + 2008-04-14 01:54:29 41,856 ------w C:\WINDOWS\ServicePackFiles\i386\amdk7.sys
    + 2008-04-14 02:33:19 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\amstream.dll
    + 2004-08-03 20:31:20 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\an983.sys
    + 2008-04-14 02:33:19 125,952 ------w C:\WINDOWS\ServicePackFiles\i386\apphelp.dll
    + 2008-04-14 02:33:19 334,336 ------w C:\WINDOWS\ServicePackFiles\i386\aqueue.dll
    + 2008-04-13 18:51:25 60,800 ------w C:\WINDOWS\ServicePackFiles\i386\arp1394.sys
    + 2008-04-14 02:33:19 65,024 ------w C:\WINDOWS\ServicePackFiles\i386\asycfilt.dll
    + 2008-04-13 18:57:27 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
    + 2008-04-14 02:33:53 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe
    + 2008-04-13 18:40:30 96,512 ------w C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    + 2004-08-03 20:29:30 56,623 ------w C:\WINDOWS\ServicePackFiles\i386\ati1btxx.sys
    + 2004-08-03 20:29:30 11,615 ------w C:\WINDOWS\ServicePackFiles\i386\ati1mdxx.sys
    + 2004-08-03 20:29:30 12,047 ------w C:\WINDOWS\ServicePackFiles\i386\ati1pdxx.sys
    + 2004-08-03 20:29:32 30,671 ------w C:\WINDOWS\ServicePackFiles\i386\ati1raxx.sys
    + 2004-08-03 20:29:32 63,663 ------w C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys
    + 2004-08-03 20:29:32 26,367 ------w C:\WINDOWS\ServicePackFiles\i386\ati1snxx.sys
    + 2004-08-03 20:29:32 21,343 ------w C:\WINDOWS\ServicePackFiles\i386\ati1ttxx.sys
    + 2004-08-03 20:29:32 36,463 ------w C:\WINDOWS\ServicePackFiles\i386\ati1tuxx.sys
    + 2004-08-03 20:29:32 29,455 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xbxx.sys
    + 2004-08-03 20:29:32 34,735 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xsxx.sys
    + 2008-04-14 02:33:19 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\ati2cqag.dll
    + 2008-04-14 02:33:19 377,984 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvaa.dll
    + 2008-04-14 02:33:19 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvag.dll
    + 2004-08-03 22:38:42 327,168 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys
    + 2004-08-03 22:38:44 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtag.sys
    + 2008-04-14 02:33:19 870,784 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d1ag.dll
    + 2008-04-14 02:33:19 1,057,760 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d2ag.dll
    + 2008-04-14 02:33:19 1,888,992 ------w C:\WINDOWS\ServicePackFiles\i386\ati3duag.dll
    + 2004-08-03 20:29:28 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\atinbtxx.sys
    + 2004-08-03 20:29:30 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinmdxx.sys
    + 2004-08-03 20:29:30 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\atinpdxx.sys
    + 2004-08-03 20:29:30 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\atinraxx.sys
    + 2004-08-03 20:29:32 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\atinrvxx.sys
    + 2004-08-03 20:29:32 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\atinsnxx.sys
    + 2004-08-03 20:29:32 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinttxx.sys
    + 2004-08-03 20:29:32 73,216 ------w C:\WINDOWS\ServicePackFiles\i386\atintuxx.sys
    + 2004-08-03 20:29:32 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\atinxbxx.sys
    + 2004-08-03 20:29:32 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys
    + 2008-04-14 02:33:19 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativtmxx.dll
    + 2008-04-14 02:33:19 516,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativvaxx.dll
    + 2008-04-14 02:33:19 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\atl.dll
    + 2008-04-14 02:33:53 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe
    + 2008-04-13 18:51:25 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\atmarpc.sys
    + 2008-04-14 02:31:00 285,696 ------w C:\WINDOWS\ServicePackFiles\i386\atmfd.dll
    + 2008-04-13 18:51:30 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\atmlane.sys
    + 2008-04-14 02:33:19 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\atmlib.dll
    + 2008-04-14 02:33:53 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\attrib.exe
    + 2008-04-14 02:33:19 21,183 ------w C:\WINDOWS\ServicePackFiles\i386\atv01nt5.dll
    + 2008-04-14 02:33:19 11,359 ------w C:\WINDOWS\ServicePackFiles\i386\atv02nt5.dll
    + 2008-04-14 02:33:19 25,471 ------w C:\WINDOWS\ServicePackFiles\i386\atv04nt5.dll
    + 2008-04-14 02:33:19 14,143 ------w C:\WINDOWS\ServicePackFiles\i386\atv06nt5.dll
    + 2008-04-14 02:33:19 17,279 ------w C:\WINDOWS\ServicePackFiles\i386\atv10nt5.dll
    + 2008-04-14 02:33:19 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll
    + 2008-04-14 02:33:53 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe
    + 2008-04-14 02:33:19 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\author.dll
    + 2008-04-14 02:33:53 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe
    + 2008-04-14 02:33:19 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\authz.dll
    + 2008-04-14 02:33:53 625,152 ------w C:\WINDOWS\ServicePackFiles\i386\autochk.exe
    + 2008-04-14 02:33:53 638,976 ------w C:\WINDOWS\ServicePackFiles\i386\autoconv.exe
    + 2008-04-14 02:33:54 616,960 ------w C:\WINDOWS\ServicePackFiles\i386\autofmt.exe
    + 2008-04-14 02:33:54 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\autolfn.exe
    + 2008-04-13 18:46:20 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\avc.sys
    + 2008-04-13 18:46:07 13,696 ------w C:\WINDOWS\ServicePackFiles\i386\avcstrm.sys
    + 2008-04-14 02:33:19 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\avifil32.dll
    + 2008-04-14 02:33:19 233,472 ------w C:\WINDOWS\ServicePackFiles\i386\azroles.dll
    + 2008-04-14 02:33:19 52,736 ------w C:\WINDOWS\ServicePackFiles\i386\basesrv.dll
    + 2008-04-14 02:33:19 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\batmeter.dll
    + 2008-04-14 02:33:19 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\batt.dll
    + 2008-04-13 18:36:32 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\battc.sys
    + 2008-04-13 18:46:21 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\bdasup.sys
    + 2008-04-14 02:33:19 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\bidispl.dll
    + 2008-04-14 02:33:19 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx2.dll
    + 2008-04-14 02:33:19 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx3.dll
    + 2008-04-14 02:33:19 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx4.dll
    + 2008-04-14 02:33:55 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe
    + 2008-04-13 18:53:23 71,552 ------w C:\WINDOWS\ServicePackFiles\i386\bridge.sys
    + 2008-04-14 01:57:48 70,144 ------w C:\WINDOWS\ServicePackFiles\i386\browselc.dll
    + 2008-04-14 02:33:20 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\browser.dll
    + 2008-04-14 02:33:20 1,025,024 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll
    + 2008-04-14 02:33:20 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\browsewm.dll
    + 2008-04-14 02:33:20 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthci.dll
    + 2008-04-13 18:46:33 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthenum.sys
    + 2008-04-13 18:46:33 37,888 ------w C:\WINDOWS\ServicePackFiles\i386\bthmodem.sys
    + 2008-04-13 18:51:34 101,120 ------w C:\WINDOWS\ServicePackFiles\i386\bthpan.sys
    + 2008-04-14 01:58:00 273,664 ------w C:\WINDOWS\ServicePackFiles\i386\bthport.sys
    + 2008-04-13 18:46:31 36,480 ------w C:\WINDOWS\ServicePackFiles\i386\bthprint.sys
    + 2008-04-14 02:33:20 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\bthserv.dll
    + 2008-04-13 18:46:29 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\bthusb.sys
    + 2008-04-14 02:33:20 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\btpanui.dll
    + 2008-04-14 02:33:20 218,112 ------w C:\WINDOWS\ServicePackFiles\i386\c_g18030.dll
    + 2008-04-14 02:33:20 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\cabinet.dll
    + 2008-04-14 02:33:20 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\cabview.dll
    + 2008-04-14 02:33:55 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\cacls.exe
    + 2008-04-14 02:33:20 385,024 ------w C:\WINDOWS\ServicePackFiles\i386\callcont.dll
    + 2008-04-14 02:33:20 121,856 ------w C:\WINDOWS\ServicePackFiles\i386\camext30.dll
    + 2008-04-14 02:33:20 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\camocx.dll
    + 2008-04-14 02:33:20 153,600 ------w C:\WINDOWS\ServicePackFiles\i386\capesnpn.dll
    + 2008-04-14 02:33:20 226,304 ------w C:\WINDOWS\ServicePackFiles\i386\catsrv.dll
    + 2008-04-14 02:33:20 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvps.dll
    + 2008-04-14 02:33:20 625,664 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll
    + 2008-04-13 18:46:23 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\ccdecode.sys
    + 2008-04-13 19:14:21 63,744 ------w C:\WINDOWS\ServicePackFiles\i386\cdfs.sys
    + 2008-04-14 02:33:20 152,064 ------w C:\WINDOWS\ServicePackFiles\i386\cdfview.dll
    + 2008-04-14 02:33:20 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\cdm.dll
    + 2008-04-14 02:33:20 2,091,520 ------w C:\WINDOWS\ServicePackFiles\i386\cdosys.dll
    + 2008-04-13 18:40:46 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
    + 2008-04-14 02:33:20 200,192 ------w C:\WINDOWS\ServicePackFiles\i386\certcli.dll
    + 2008-04-14 02:33:20 467,968 ------w C:\WINDOWS\ServicePackFiles\i386\certmgr.dll
    + 2008-04-14 02:33:20 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\cfgbkend.dll
    + 2008-04-14 02:31:03 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\cfgmgr32.dll
    + 2008-04-14 02:33:56 188,480 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe
    + 2008-04-14 02:33:20 15,423 ------w C:\WINDOWS\ServicePackFiles\i386\ch7xxnt5.dll
    + 2008-04-13 18:40:58 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\changer.sys
    + 2008-04-14 02:33:20 148,480 ------w C:\WINDOWS\ServicePackFiles\i386\cic.dll
    + 2008-04-14 02:33:20 1,359,360 ------w C:\WINDOWS\ServicePackFiles\i386\cimwin32.dll
    + 2008-04-14 02:33:20 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\ciodm.dll
    + 2008-04-14 02:33:57 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\cisvc.exe
    + 2008-04-13 19:16:22 49,536 ------w C:\WINDOWS\ServicePackFiles\i386\classpnp.sys
    + 2008-04-14 02:33:21 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll
    + 2008-04-14 02:33:21 498,688 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll
    + 2008-04-14 02:33:57 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
    + 2008-04-14 02:33:21 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.dll
    + 2008-04-14 02:33:57 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe
    + 2008-04-14 02:33:57 104,448 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe
    + 2008-04-14 02:33:57 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe
    + 2008-04-14 02:33:21 58,368 ------w C:\
    14 Octobre 2008 22:34:07

    c'est fait, l'avez- vous reçu?
    14 Octobre 2008 22:52:11

    en espérant que j'ai cliqué sur la bonne image voici le résultat car je n'ai pas vu l'adresse indiquée plus haut:




    Fichier wscript.exe reçu le 2008.10.14 22:39:31 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.10.15.0 2008.10.14 -
    AntiVir 7.8.1.34 2008.10.14 -
    Authentium 5.1.0.4 2008.10.14 -
    Avast 4.8.1248.0 2008.10.14 -
    AVG 8.0.0.161 2008.10.14 -
    BitDefender 7.2 2008.10.14 -
    CAT-QuickHeal 9.50 2008.10.14 -
    ClamAV 0.93.1 2008.10.14 -
    DrWeb 4.44.0.09170 2008.10.14 -
    eSafe 7.0.17.0 2008.10.12 -
    eTrust-Vet 31.6.6148 2008.10.14 -
    Ewido 4.0 2008.10.14 -
    F-Prot 4.4.4.56 2008.10.14 -
    F-Secure 8.0.14332.0 2008.10.14 -
    Fortinet 3.113.0.0 2008.10.14 -
    GData 19 2008.10.14 -
    Ikarus T3.1.1.34.0 2008.10.14 -
    K7AntiVirus 7.10.493 2008.10.14 -
    Kaspersky 7.0.0.125 2008.10.14 -
    McAfee 5405 2008.10.14 -
    Microsoft 1.4005 2008.10.14 -
    NOD32 3522 2008.10.14 -
    Norman 5.80.02 2008.10.14 -
    Panda 9.0.0.4 2008.10.14 -
    PCTools 4.4.2.0 2008.10.14 -
    Prevx1 V2 2008.10.14 -
    Rising 20.66.12.00 2008.10.14 -
    SecureWeb-Gateway 6.7.6 2008.10.14 -
    Sophos 4.34.0 2008.10.14 -
    Sunbelt 3.1.1722.1 2008.10.14 -
    Symantec 10 2008.10.14 -
    TheHacker 6.3.1.0.110 2008.10.14 -
    TrendMicro 8.700.0.1004 2008.10.14 -
    VBA32 3.12.8.6 2008.10.14 -
    ViRobot 2008.10.14.1419 2008.10.14 -
    VirusBuster 4.5.11.0 2008.10.14 -
    Information additionnelle
    File size: 155648 bytes
    MD5...: cea8f7e45b7b098f5fb085bb6a6a4432
    SHA1..: 36632da9b915460f45ffdf040c459bc4ab9cb05a
    SHA256: 2f68aef4c0396fbd6591295465a00bb101471ffa720e55bf0d63f65d3aef69b1
    SHA512: e7e664239af18a7dfe244cc29c9db79c1fa154f2706f2414f63a68d2f3de18d1<br>813a5c8e30b141729a45ce31ebb95b65f88424ad7bbe473a8c4d650315be3f84
    PEiD..: -
    TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1002eba<br>timedatestamp.....: 0x481bbc56 (Sat May 03 01:13:58 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x171e8 0x18000 6.21 44dedba5637e9a0c070fb8db2dca2c65<br>.data 0x19000 0x4d8 0x1000 0.33 85af0fa9999f45b6129df2a2135feb46<br>.rsrc 0x1a000 0x94d0 0xa000 4.01 9c7c2695f5459a03ecb33f26cb650a08<br>.reloc 0x24000 0x1338 0x2000 4.80 938ac263965504d44803ed31b108e12b<br><br>( 7 imports ) <br>> ADVAPI32.dll: RegCreateKeyA, RegCloseKey, RegSetValueA, RegOpenKeyA, RegQueryValueA, RegDeleteKeyA, RegSetValueExW, RegQueryValueExW, RegCreateKeyExW, RegCreateKeyExA, RegOpenKeyExW, ImpersonateLoggedOnUser, RegisterEventSourceW, GetUserNameW, LookupAccountNameW, ReportEventW, DeregisterEventSource, IsTextUnicode, RegQueryValueExA, RegEnumKeyExA, RegOpenKeyExA, RegSetValueExA<br>> KERNEL32.dll: GetCommandLineA, lstrlenW, GetCommandLineW, HeapAlloc, HeapFree, GetProcessHeap, GetProcAddress, SearchPathW, FindResourceW, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, GetVersionExW, GetLocaleInfoW, CreateFileMappingW, LoadLibraryExW, FindResourceExW, LoadResource, SetLastError, CreateFileW, GetFileSize, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, GetPrivateProfileIntW, GetPrivateProfileIntA, GetPrivateProfileStringW, GetPrivateProfileStringA, GetFullPathNameW, GetFullPathNameA, GetLocaleInfoA, LoadLibraryExA, LoadLibraryW, HeapReAlloc, GetStdHandle, GetConsoleMode, GetSystemDirectoryA, GetTempPathA, GetTempFileNameA, CreateFileA, WriteFile, FlushFileBuffers, GetUserDefaultLCID, GetCPInfo, GetFileAttributesW, FindFirstFileW, GetFileAttributesA, FindFirstFileA, FindClose, GetACP, CreateEventA, CreateThread, CloseHandle, SetEvent, FormatMessageW, LocalAlloc, LocalFree, FormatMessageA, GetVersionExA, GetModuleFileNameW, LoadLibraryA, FreeLibrary, lstrlenA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, RtlUnwind, OutputDebugStringA, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCurrentThreadId, InterlockedIncrement, InterlockedCompareExchange, InterlockedExchange, InterlockedDecrement, ExitProcess, GetModuleHandleA, GetStartupInfoA, GetLastError, WideCharToMultiByte, MultiByteToWideChar, GetModuleFileNameA<br>> USER32.dll: GetMessageA, DispatchMessageA, GetActiveWindow, MessageBoxW, PostThreadMessageA, GetParent, TranslateMessage, PeekMessageA, MsgWaitForMultipleObjects, SendMessageA, PostMessageA, LoadStringW, LoadStringA, CharNextA, GetClassInfoA, RegisterClassA, CreateWindowExA, GetWindowLongA, SetWindowLongA, SetTimer, DefWindowProcA, PostQuitMessage, KillTimer, EnumThreadWindows, IsWindowVisible, GetClassNameA<br>> msvcrt.dll: __mb_cur_max, _vsnwprintf, _errno, _vsnprintf, memcpy, memmove, malloc, free, mbtowc, isleadbyte, _snprintf, _itoa, wctomb, ferror, _swab, wcsrchr, _itow, __badioinfo, __pioinfo, _fileno, _lseeki64, _write, _isatty, __3@YAXPAX@Z, wcsncmp, _wcsicmp, _wcsnicmp, _iob, __2@YAPAXI@Z, memset, _endthread, _beginthread, bsearch<br>> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>> ole32.dll: CLSIDFromProgID, MkParseDisplayName, CoGetClassObject, CoRegisterMessageFilter, CoInitializeSecurity, CreateFileMoniker, CreateBindCtx, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoUninitialize, CoInitialize, CoCreateInstance, CoRevokeClassObject, CoRegisterClassObject, StringFromCLSID, CoGetMalloc, CLSIDFromString<br>> VERSION.dll: VerQueryValueW, GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeW, GetFileVersionInfoW<br><br>( 0 exports ) <br>
    ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=cea8f7e45b7...

    15 Octobre 2008 02:15:09

    re!

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Wednesday, October 15, 2008
    Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Tuesday, October 14, 2008 21:42:12
    Records in database: 1311959
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\

    Scan statistics:
    Files scanned: 85554
    Threat name: 3
    Infected objects: 3
    Suspicious objects: 0
    Duration of the scan: 02:49:46


    File name / Threat name / Threats count
    C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll Infected: not-a-virus:AdTool.Win32.Zango.aq 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\compstui32.dll.zip Infected: Trojan-Downloader.Win32.Agent.ahba 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\nyxnxoxk.dll.vir Infected: Trojan.Win32.Monder.rgd 1

    The selected area was scanned.
    15 Octobre 2008 22:35:33

    re

    supprime le fichier en gras:
    C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll

    pour le rapport ComboFix, il me faut le lien sendspace pour que je puisse télécharger le rapport ;O)



    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS