Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virtumonde.dll is bothering me.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virtumonde.dll is bothering me.

Unread postby kovantchine » May 17th, 2008, 8:37 am

Spybot detects VIRTUMONDE.DLL and cannot get rid of it.
SmitFraudFix did not work.
I would greatly appreciate help to get rid of it.
Thanks.

Hijackthis has been renamed Pierre before running it :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:31:05, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
D:\Telechargements\Pierre.exe
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {0FF7E643-8F79-481A-9F36-6EA47CCFED4E} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {30FE5A18-F286-4318-B9FA-5636C8C6FEB8} - C:\WINDOWS\system32\nnnnLDuS.dll (file missing)
O2 - BHO: (no name) - {3AA596DD-8B8B-471B-AFFC-2C86B95C1F88} - C:\WINDOWS\system32\khfFuUMd.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6584C510-924B-486A-A1A0-E380DE08C2DB} - C:\WINDOWS\system32\rqRKBUlj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7D1AFF86-5860-4CE0-A09C-80B244E60C5E} - C:\WINDOWS\system32\urqnOEUK.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [48a0f49f] rundll32.exe "C:\WINDOWS\system32\gsntkfoq.dll",b
O4 - HKLM\..\Run: [BM4b93c703] Rundll32.exe "C:\WINDOWS\system32\yecrydfm.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1150] command /c del "C:\WINDOWS\system32\khfFuUMd.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8983] cmd /c del "C:\WINDOWS\system32\khfFuUMd.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5206] command /c del "C:\WINDOWS\system32\urqnOEUK.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5986] cmd /c del "C:\WINDOWS\system32\urqnOEUK.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: rqRKBUlj - C:\WINDOWS\SYSTEM32\rqRKBUlj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9200 bytes
User avatar
kovantchine
Active Member
 
Posts: 11
Joined: May 17th, 2008, 8:02 am
Advertisement
Register to Remove

Re: Virtumonde.dll is bothering me.

Unread postby Rodav » May 17th, 2008, 2:10 pm

Hello! :hello2: and welcome to the Malware Removal forums.
I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.
As I am still training, everything that I post to you, must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts. While it shouldn't be too long, you can be assured you will get the best possible advice.

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Virtumonde.dll is bothering me.

Unread postby Rodav » May 17th, 2008, 4:59 pm

Step 1:
Disable Spybot's TeaTimer. This is a two step process.
Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.


Step 2:
We will begin with ComboFix.exe, which can be downloaded from one of the following links.
Link 1
Link 2
Link 3

Please visit this webpage for instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt


Step 3:
Run HijackThis, do a system scan and in your next reply please post:
  • The ComboFix report (C:\ComboFix.txt)
  • The new HijackThis log
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Virtumonde.dll is bothering me.

Unread postby kovantchine » May 18th, 2008, 7:07 am

Thank ou for your help.
I've had a bit of bother with the Recovery Console which does not appear in explorer but shows up when booting XP.
I could exactly match your instructions regarding Spybot, therefore I removed it for the moment.
The Combofix ran OK.
The required reports are below (I could not join 2 files !).
Combofix report is in french, if it is a problem, I can translate it.
I wonder what your diagnostic will be.
Regards.

ComboFix 08-05-15.3 - Rocher 2008-05-18 12:36:43.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.642 [GMT 2:00]
Endroit: C:\Documents and Settings\Rocher\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\apcotyvo.dll
C:\WINDOWS\system32\awttuuvU.dll
C:\WINDOWS\system32\ciqdfndj.exe
C:\WINDOWS\system32\dipwaieb.ini
C:\WINDOWS\system32\dMUuFfhk.ini
C:\WINDOWS\system32\dMUuFfhk.ini2
C:\WINDOWS\system32\exduqocq.ini
C:\WINDOWS\system32\eyjtxlhk.exe
C:\WINDOWS\system32\gqdrkhvo.exe
C:\WINDOWS\system32\iifcAqQH.dll
C:\WINDOWS\system32\iuudruhb.ini
C:\WINDOWS\system32\joluseia.exe
C:\WINDOWS\system32\klesahua.exe
C:\WINDOWS\system32\KUEOnqru.ini
C:\WINDOWS\system32\KUEOnqru.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nbarhdyj.dll
C:\WINDOWS\system32\qofktnsg.ini
C:\WINDOWS\system32\qoutewth.ini
C:\WINDOWS\system32\rsglxuim.ini
C:\WINDOWS\system32\rvxxctpa.exe
C:\WINDOWS\system32\secuwwei.ini
C:\WINDOWS\system32\ssslnkjl.dll
C:\WINDOWS\system32\SuDLnnnn.ini
C:\WINDOWS\system32\SuDLnnnn.ini2
C:\WINDOWS\system32\ualjmvpp.ini
C:\WINDOWS\system32\uincbpth.ini
C:\WINDOWS\system32\vbxnsynd.exe
C:\WINDOWS\system32\ybrmdoxn.ini
C:\WINDOWS\system32\ycacikvx.exe
D:\\SCURIT~1\KeyPass\Database.kdb
D:\\SCURIT~1\Mozbackup\Firefox 2.0.0.14 (fr) - 2008-05-03.pcv
D:\\SCURIT~1\Mozbackup\Thunderbird 2.0.0.14 (fr) - 2008-05-03.pcv

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
.

2008-05-18 12:36 . 2008-05-18 12:36 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-17 15:09 . 2008-05-17 15:09 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-17 12:38 . 2008-05-17 12:45 3,900 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-17 11:02 . 2008-05-17 11:02 <REP> d-------- C:\Documents and Settings\Rocher\Application Data\McAfee
2008-05-14 14:58 . 2008-05-16 18:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-14 14:47 . 2008-05-17 13:35 1,252 --a------ C:\WINDOWS\wininit.ini
2008-05-14 14:21 . 2008-05-18 12:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-14 14:21 . 2008-05-18 12:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-09 15:52 . 2006-10-11 15:57 5,456 -ra------ C:\WINDOWS\system32\e100b325.din
2008-05-09 15:52 . 2006-01-12 13:52 1,904 --------- C:\WINDOWS\system32\SetupBD.din
2008-05-05 09:02 . 2008-05-16 17:53 109,737 --a------ C:\WINDOWS\BM4b93c703.xml
2008-05-01 19:23 . 2008-05-01 19:23 <REP> d--h----- C:\WINDOWS\PIF
2008-04-24 16:14 . 2008-04-24 16:14 <REP> d-------- C:\Documents and Settings\Rocher\Application Data\PCF-VLC
2008-04-21 13:10 . 2008-05-16 23:56 <REP> d-------- C:\Documents and Settings\Rocher\Application Data\Azureus
2008-04-21 13:10 . 2008-04-21 13:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-21 13:09 . 2008-04-21 13:09 <REP> d-------- C:\Program Files\Azureus

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 10:05 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-18 09:28 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-17 09:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-16 20:21 --------- d-----w C:\Program Files\eMule
2008-05-16 18:57 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-05-14 17:22 --------- d-----w C:\Program Files\JkDefrag
2008-05-14 14:48 --------- d-----w C:\Program Files\MediaCoder
2008-05-14 13:08 --------- d-----w C:\Program Files\FairUse Wizard 2
2008-05-12 10:09 28,928 ----a-w C:\Documents and Settings\Rocher\Application Data\GDIPFONTCACHEV1.DAT
2008-05-11 09:57 --------- d-----w C:\Documents and Settings\Rocher\Application Data\gtk-2.0
2008-05-09 18:08 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-05-09 13:53 --------- d-----w C:\Program Files\Intel
2008-05-09 13:29 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-05-09 13:18 --------- d-----w C:\Program Files\Winamp
2008-05-09 13:18 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2008-05-09 10:23 --------- d-----w C:\Documents and Settings\Rocher\Application Data\OpenOffice.org2
2008-05-03 16:22 --------- d-----w C:\Program Files\McAfee
2008-04-16 10:30 --------- d-----w C:\Documents and Settings\Rocher\Application Data\Winamp
2008-04-10 17:49 --------- d-----w C:\Program Files\DivX
2008-04-10 15:47 --------- d-----w C:\Program Files\ZNsoft Corporation
2008-04-03 10:27 --------- d-----w C:\Documents and Settings\Rocher\Application Data\Participatory Culture Foundation
2008-04-03 10:26 --------- d-----w C:\Program Files\Participatory Culture Foundation
2008-04-02 15:50 --------- d-----w C:\Program Files\Kit ADSL
2008-04-02 15:47 --------- d-----w C:\Program Files\Lavalys
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-30 16:06 --------- d-----w C:\Documents and Settings\Rocher\Application Data\Audacity
2008-03-29 17:55 --------- d-----w C:\Program Files\JagoClient
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 11:11 --------- d-----w C:\Program Files\Java
2008-03-12 10:10 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-12 10:10 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-10-14 16:44 769,536 ----a-w C:\Documents and Settings\Rocher\Application Data\sfdnwin.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30FE5A18-F286-4318-B9FA-5636C8C6FEB8}]
C:\WINDOWS\system32\nnnnLDuS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AA596DD-8B8B-471B-AFFC-2C86B95C1F88}]
C:\WINDOWS\system32\khfFuUMd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D1AFF86-5860-4CE0-A09C-80B244E60C5E}]
C:\WINDOWS\system32\urqnOEUK.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"Eraser"="C:\Program Files\Eraser\eraser.exe" [2007-07-28 23:05 277328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 23:57 36640]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 13:48 1388544]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2007-04-05 15:29 684118]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
"48a0f49f"="C:\WINDOWS\system32\gsntkfoq.dll" [ ]
"BM4b93c703"="C:\WINDOWS\system32\yecrydfm.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRKBUlj]
rqRKBUlj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=

R0 aac;Adaptec RAID Miniport Driver;C:\WINDOWS\system32\drivers\aac.sys [2004-04-12 08:42]
S0 aaccin;aaccin;C:\WINDOWS\system32\drivers\aaccin.dll [2004-04-12 08:42]
S3 optousb;OPTO ELECTRONICS optousb;C:\WINDOWS\system32\DRIVERS\optousb.sys [2006-10-18 19:14]
S3 optovcm;OPTO ELECTRONICS optovcm;C:\WINDOWS\system32\DRIVERS\optovcm.sys [2006-10-19 15:46]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-30 20:20:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-14 23:05:35 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-09-25 15:29:20 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 12:40:36
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\FICHIE~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\FICHIE~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-18 12:41:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-18 10:41:34

Pre-Run: 33,377,050,624 octets libres
Post-Run: 33,288,097,792 octets libres

229 --- E O F --- 2008-05-17 13:09:03


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:53, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Telechargements\Pierre.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {30FE5A18-F286-4318-B9FA-5636C8C6FEB8} - C:\WINDOWS\system32\nnnnLDuS.dll (file missing)
O2 - BHO: (no name) - {3AA596DD-8B8B-471B-AFFC-2C86B95C1F88} - C:\WINDOWS\system32\khfFuUMd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7D1AFF86-5860-4CE0-A09C-80B244E60C5E} - C:\WINDOWS\system32\urqnOEUK.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [48a0f49f] rundll32.exe "C:\WINDOWS\system32\gsntkfoq.dll",b
O4 - HKLM\..\Run: [BM4b93c703] Rundll32.exe "C:\WINDOWS\system32\yecrydfm.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.consoclicker.com
O16 - DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} (TNSClickerb.Clicker) - http://www.consoclicker.com/TNSClickrb.CAB
O20 - Winlogon Notify: rqRKBUlj - rqRKBUlj.dll (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7897 bytes
User avatar
kovantchine
Active Member
 
Posts: 11
Joined: May 17th, 2008, 8:02 am

Re: Virtumonde.dll is bothering me.

Unread postby Rodav » May 19th, 2008, 4:08 pm

I've had a bit of bother with the Recovery Console which does not appear in explorer but shows up when booting XP.
The Recovery Console installed just fine, if your machine was to crash, selecting the Recovery Console from the Boot Menu would attempt to repair it. Hopefully you will never need to use it, but it's nice to know it's there.

I could exactly match your instructions regarding Spybot, therefore I removed it for the moment.
That's fine you can reinstall when we have finished cleaning your machine.


P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

eMule
Azureus


I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

If you wish to keep them, please do not use them until your computer is cleaned.


Step 1:
1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
File::
C:\WINDOWS\system32\nnnnLDuS.dll
C:\WINDOWS\system32\khfFuUMd.dll
C:\WINDOWS\system32\urqnOEUK.dll
C:\WINDOWS\system32\rqRKBUlj.dll
C:\WINDOWS\system32\gsntkfoq.dll
C:\WINDOWS\system32\yecrydfm.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30FE5A18-F286-4318-B9FA-5636C8C6FEB8}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AA596DD-8B8B-471B-AFFC-2C86B95C1F88}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D1AFF86-5860-4CE0-A09C-80B244E60C5E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"48a0f49f"=-
"BM4b93c703"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRKBUlj]



Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Step 1:
Run HijackThis, do a system scan and in your next reply please post:
  • The ComboFix report (C:\ComboFix.txt)
  • The new HijackThis log
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Virtumonde.dll is bothering me.

Unread postby kovantchine » May 19th, 2008, 5:05 pm

Emule and Azureus removed. McAfee protection stopped.
ComboFix seems to have vacuum cleaned D:\

Here are the results

ComboFix 08-05-15.3 - Rocher 2008-05-19 22:45:09.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.622 [GMT 2:00]
Endroit: C:\Documents and Settings\Rocher\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rocher\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\system32\gsntkfoq.dll
C:\WINDOWS\system32\khfFuUMd.dll
C:\WINDOWS\system32\nnnnLDuS.dll
C:\WINDOWS\system32\rqRKBUlj.dll
C:\WINDOWS\system32\urqnOEUK.dll
C:\WINDOWS\system32\yecrydfm.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\\SCURIT~1\Achats\Commande Show Room 2001.pdf
D:\\SCURIT~1\Achats\Facture CDFolie.pdf
D:\\SCURIT~1\Achats\Neuf\Facture 200207.pdf
D:\\SCURIT~1\Achats\Neuf\Facture 200407.pdf
D:\\SCURIT~1\Achats\Neuf\Facture 200607.pdf
D:\\SCURIT~1\Achats\Neuf\Facture 200807.pdf
D:\\SCURIT~1\Achats\Neuf\Facture 201007.pdf
D:\\SCURIT~1\Achats\Neuf\Facture 201207.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 01 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 01 08.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 02 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 02 08.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 03 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 03 08.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 04 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 05 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 06 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 07 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 08 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 09 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 10 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 11 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 12 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation Fiscale 2007.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation Oct 2006 Sep 2007.pdf
D:\\SCURIT~1\Administrations\C107.doc
D:\\SCURIT~1\Administrations\CESU\Attestation 12 08.pdf
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007.htm
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\bandeau.js
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\boutonsgeneriques.js
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\btnActionGch1_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\btnActionGchImpr_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cd_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cd2_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cg_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cg2_btn_action_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cg2_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\coi_bg_clair_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\coi_hd_dark_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\commun.css
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\dialogue.js
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\fond_btn_action.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\fond_clair_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\fond_quitter.jpg
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\informations.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\logo1.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\nav_info_Application.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\posteUsagerPart.css
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\puc_target_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\puce_outils_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\puce_part_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\titre_part2.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007.htm
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\bandeau.js
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\boutonsgeneriques.js
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\btnActionGch1_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\btnActionGchImpr_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\cg2_btn_action_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\coi_bg_clair_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\coi_hd_dark_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\commun.css
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\dialogue.js
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\fond_btn_action.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\fond_clair_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\fond_quitter.jpg
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\informations.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\logo1.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\nav_info_Application.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\posteUsagerPart.css
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\puc_target_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\titre_part2.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007.htm
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\bandeau.js
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\boutonsgeneriques.js
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\btnActionGch1_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\btnActionGchImpr_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cd_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cd2_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cg_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cg2_btn_action_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cg2_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\coi_bg_clair_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\coi_hd_dark_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\commun.css
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\dialogue.js
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\fond_btn_action.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\fond_clair_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\fond_quitter.jpg
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\informations.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\logo1.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\nav_info_Application.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\posteUsagerPart.css
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\puc_target_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\puce_outils_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\puce_part_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\titre_part2.gif
D:\\SCURIT~1\Administrations\Impots\Redevance TV Pierre 2007.doc
D:\\SCURIT~1\Administrations\Impots\Rocher IR 2006 1.jpg
D:\\SCURIT~1\Administrations\Impots\Rocher IR 2006 2.jpg
D:\\SCURIT~1\Administrations\La Poste\Tarifs_au_depart_de_France_Metropolitaine_a_compter_du_15_janvier_2007.pdf
D:\\SCURIT~1\Beatrice\Candidature Offre N° 5192231 pour Mme TARJUS.eml
D:\\SCURIT~1\Beatrice\CV\CV 12102007.doc
D:\\SCURIT~1\Beatrice\lettre du 13 10 07.odt
D:\\SCURIT~1\Beatrice\Motivation 30 10 07.doc
D:\\SCURIT~1\Beatrice\poemes noel 2007.doc
D:\\SCURIT~1\Beatrice\poemes noel 2007.odt
D:\\SCURIT~1\Beatrice\Thumbs.db
D:\\SCURIT~1\CRCA\111 1 & 2.xls
D:\\SCURIT~1\CRCA\111 1 a 7 2008.xls
D:\\SCURIT~1\CRCA\111 7 a 12 2007.xls
D:\\SCURIT~1\CRCA\200.xls
D:\\SCURIT~1\CRCA\271.xls
D:\\SCURIT~1\CRCA\Archives\2003.7z
D:\\SCURIT~1\CRCA\Archives\2004.7z
D:\\SCURIT~1\CRCA\Archives\2005.7z
D:\\SCURIT~1\CRCA\Archives\2006.7z
D:\\SCURIT~1\CRCA\Archives\2007.7z
D:\\SCURIT~1\CRCA\CIC.xls
D:\\SCURIT~1\CRCA\CIN 2007.xls
D:\\SCURIT~1\CRCA\DEA.xls
D:\\SCURIT~1\CRCA\Finances 2008.xls
D:\\SCURIT~1\CRCA\Open.xls
D:\\SCURIT~1\CRCA\PEA.xls
D:\\SCURIT~1\CRCA\ThisWorkbook.cls
D:\\SCURIT~1\KeyPass\Database.kdb
D:\\SCURIT~1\Mozbackup\Firefox 2.0.0.14 (fr) - 2008-05-03.pcv
D:\\SCURIT~1\Mozbackup\Thunderbird 2.0.0.14 (fr) - 2008-05-03.pcv
D:\\SCURIT~1\Pierre(HijackThis).exe
D:\\SCURIT~1\Pierre\Divorce\Budget 10 12 07.xls
D:\\SCURIT~1\Pierre\Divorce\CIPAV 2006.tif
D:\\SCURIT~1\Pierre\Divorce\CIPC S & A 2006.tif
D:\\SCURIT~1\Pierre\Divorce\CRAM 2006.tif
D:\\SCURIT~1\Pierre\Divorce\CSG 2006 1.jpg
D:\\SCURIT~1\Pierre\Divorce\CSG 2006 2.jpg
D:\\SCURIT~1\Pierre\Divorce\Echéancier Prêt CMB.rtf
D:\\SCURIT~1\Pierre\Divorce\IRCANTEC 2006.tif
D:\\SCURIT~1\Pierre\Divorce\K.Le Bihan 02 05 08.doc
D:\\SCURIT~1\Pierre\Divorce\Livret Famille 1.tif
D:\\SCURIT~1\Pierre\Divorce\Livret Famille 2.tif
D:\\SCURIT~1\Pierre\Divorce\Livret Famille 3.tif
D:\\SCURIT~1\Pierre\Divorce\MSA 2006.tif
D:\\SCURIT~1\Pierre\Divorce\PIECES TRANSMISES.doc
D:\\SCURIT~1\Pierre\Divorce\Pret CMB.gif
D:\\SCURIT~1\Pierre\Divorce\Prêt CMB.xls
D:\\SCURIT~1\Pierre\Divorce\Rocher IR 2006 1.jpg
D:\\SCURIT~1\Pierre\Divorce\Rocher IR 2006 2.jpg
D:\\SCURIT~1\Pierre\Thumbs.db

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))))))))
.

2008-05-18 16:15 . 2001-08-17 21:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-05-18 16:15 . 2001-08-17 21:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-05-18 16:15 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-05-18 16:15 . 2001-08-23 17:47 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-05-18 16:15 . 2001-08-23 17:47 54,272 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2008-05-18 16:15 . 2001-08-17 20:10 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys
2008-05-18 16:15 . 2001-08-23 17:05 35,402 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-05-18 16:15 . 2004-08-04 00:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-05-18 16:15 . 2004-08-03 22:29 25,471 --a--c--- C:\WINDOWS\system32\dllcache\watv10nt.sys
2008-05-18 16:15 . 2004-08-03 22:29 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2008-05-18 16:15 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-05-18 16:13 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-18 16:12 . 2001-08-23 17:47 216,576 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
2008-05-18 16:11 . 2001-08-23 17:47 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-18 16:10 . 2001-08-23 17:46 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-05-18 16:09 . 2001-08-23 16:57 286,848 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-05-18 16:08 . 2001-08-23 17:47 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2008-05-18 16:07 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-05-18 16:06 . 2001-08-23 17:46 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-05-18 16:05 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-05-18 16:04 . 2004-08-04 00:54 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-05-18 16:03 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-18 16:02 . 2004-08-04 00:54 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-05-18 16:01 . 2004-08-04 00:53 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-05-18 16:00 . 2001-08-17 22:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-05-18 15:59 . 2004-08-04 00:54 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-05-18 15:58 . 2004-08-04 00:47 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-05-18 15:57 . 2004-08-04 00:54 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-05-18 15:56 . 2001-08-23 17:03 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-05-18 15:55 . 2001-08-17 21:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-05-18 15:54 . 2001-08-23 17:47 242,688 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-05-18 15:53 . 2001-08-23 17:47 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-05-18 15:52 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-05-18 15:51 . 2001-08-17 21:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-05-18 15:50 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-05-18 15:49 . 2001-08-17 20:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2008-05-18 15:48 . 2001-08-23 17:16 630,016 --a--c--- C:\WINDOWS\system32\dllcache\eqn.sys
2008-05-18 15:47 . 2001-08-23 17:13 634,166 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-05-18 15:46 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-05-18 15:45 . 2001-08-23 17:04 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-05-18 15:44 . 2001-08-23 17:03 715,466 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
2008-05-18 15:43 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-05-18 15:42 . 2004-08-04 00:54 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-18 15:41 . 2001-08-23 17:46 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-05-18 15:41 . 2004-08-03 23:10 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys
2008-05-18 15:41 . 2001-08-17 22:06 11,264 --a--c--- C:\WINDOWS\system32\dllcache\1394vdbg.sys
2008-05-18 12:36 . 2008-05-18 12:36 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-17 15:09 . 2008-05-17 15:09 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-17 12:38 . 2008-05-17 12:45 3,900 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-17 11:02 . 2008-05-17 11:02 <REP> d-------- C:\Documents and Settings\Rocher\Application Data\McAfee
2008-05-14 14:58 . 2008-05-16 18:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-14 14:47 . 2008-05-17 13:35 1,252 --a------ C:\WINDOWS\wininit.ini
2008-05-14 14:21 . 2008-05-19 16:58 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-14 14:21 . 2008-05-19 17:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-09 15:52 . 2006-10-11 15:57 5,456 -ra------ C:\WINDOWS\system32\e100b325.din
2008-05-09 15:52 . 2006-01-12 13:52 1,904 --------- C:\WINDOWS\system32\SetupBD.din
2008-05-05 09:02 . 2008-05-16 17:53 109,737 --a------ C:\WINDOWS\BM4b93c703.xml
2008-05-01 19:23 . 2008-05-01 19:23 <REP> d--h----- C:\WINDOWS\PIF
2008-04-24 16:14 . 2008-04-24 16:14 <REP> d-------- C:\Documents and Settings\Rocher\Application Data\PCF-VLC
2008-04-21 13:10 . 2008-05-16 23:56 <REP> d-------- C:\Documents and Settings\Rocher\Application Data\Azureus
2008-04-21 13:10 . 2008-04-21 13:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-21 13:09 . 2008-05-19 22:36 <REP> d-------- C:\Program Files\Azureus

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 20:36 --------- d-----w C:\Program Files\eMule
2008-05-19 18:53 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-18 10:05 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-17 09:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-16 18:57 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-05-14 17:22 --------- d-----w C:\Program Files\JkDefrag
2008-05-14 14:48 --------- d-----w C:\Program Files\MediaCoder
2008-05-14 13:08 --------- d-----w C:\Program Files\FairUse Wizard 2
2008-05-12 10:09 28,928 ----a-w C:\Documents and Settings\Rocher\Application Data\GDIPFONTCACHEV1.DAT
2008-05-11 09:57 --------- d-----w C:\Documents and Settings\Rocher\Application Data\gtk-2.0
2008-05-09 18:08 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-05-09 13:53 --------- d-----w C:\Program Files\Intel
2008-05-09 13:29 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-05-09 13:18 --------- d-----w C:\Program Files\Winamp
2008-05-09 13:18 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2008-05-09 10:23 --------- d-----w C:\Documents and Settings\Rocher\Application Data\OpenOffice.org2
2008-05-03 16:22 --------- d-----w C:\Program Files\McAfee
2008-04-16 10:30 --------- d-----w C:\Documents and Settings\Rocher\Application Data\Winamp
2008-04-10 17:49 --------- d-----w C:\Program Files\DivX
2008-04-10 15:47 --------- d-----w C:\Program Files\ZNsoft Corporation
2008-04-03 10:27 --------- d-----w C:\Documents and Settings\Rocher\Application Data\Participatory Culture Foundation
2008-04-03 10:26 --------- d-----w C:\Program Files\Participatory Culture Foundation
2008-04-02 15:50 --------- d-----w C:\Program Files\Kit ADSL
2008-04-02 15:47 --------- d-----w C:\Program Files\Lavalys
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-30 16:06 --------- d-----w C:\Documents and Settings\Rocher\Application Data\Audacity
2008-03-29 17:55 --------- d-----w C:\Program Files\JagoClient
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 11:11 --------- d-----w C:\Program Files\Java
2008-03-12 10:10 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-12 10:10 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-10-14 16:44 769,536 ----a-w C:\Documents and Settings\Rocher\Application Data\sfdnwin.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-18_12.41.22.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-18 10:40:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 11:32:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2003-08-19 18:36:16 65,536 ----a-w C:\WINDOWS\system32\a3d.dll
+ 2001-08-23 15:46:58 98,304 ----a-w C:\WINDOWS\system32\a3d.dll
- 2008-05-18 07:35:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-19 16:12:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-18 07:35:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-05-19 16:12:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-05-18 07:35:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-19 16:12:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2001-08-17 19:28:00 762,780 -c--a-w C:\WINDOWS\system32\dllcache\3cwmcru.sys
+ 2001-08-23 15:46:44 689,216 -c--a-w C:\WINDOWS\system32\dllcache\3dfxvs.dll
+ 2001-08-17 18:48:32 148,352 -c--a-w C:\WINDOWS\system32\dllcache\3dfxvsm.sys
+ 2004-08-03 21:00:04 12,288 -c--a-w C:\WINDOWS\system32\dllcache\4mmdat.sys
+ 2004-08-03 21:10:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\61883.sys
+ 2001-08-23 15:46:44 38,400 -c--a-w C:\WINDOWS\system32\dllcache\8514a.dll
+ 2001-08-23 15:46:58 98,304 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
+ 2001-08-23 15:46:58 462,848 -c--a-w C:\WINDOWS\system32\dllcache\a3dapi.dll
+ 2001-08-17 19:52:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\abp480n5.sys
+ 2004-08-03 20:32:22 231,552 -c--a-w C:\WINDOWS\system32\dllcache\ac97ali.sys
+ 2001-08-17 18:20:04 96,256 -c--a-w C:\WINDOWS\system32\dllcache\ac97intc.sys
+ 2001-08-17 18:20:16 297,728 -c--a-w C:\WINDOWS\system32\dllcache\ac97sis.sys
+ 2004-08-03 20:32:32 84,480 -c--a-w C:\WINDOWS\system32\dllcache\ac97via.sys
+ 2001-08-23 15:46:58 61,952 -c--a-w C:\WINDOWS\system32\dllcache\acerscad.dll
+ 2004-08-05 12:00:00 188,672 -c--a-w C:\WINDOWS\system32\dllcache\acpi.sys
+ 2004-08-05 12:00:00 12,032 -c--a-w C:\WINDOWS\system32\dllcache\acpiec.sys
+ 2001-08-17 19:53:02 7,424 -c--a-w C:\WINDOWS\system32\dllcache\adicvls.sys
+ 2001-08-17 18:11:18 20,160 -c--a-w C:\WINDOWS\system32\dllcache\adm8511.sys
+ 2001-08-17 18:19:10 584,448 -c--a-w C:\WINDOWS\system32\dllcache\adm8810.sys
+ 2001-08-17 18:19:14 553,984 -c--a-w C:\WINDOWS\system32\dllcache\adm8820.sys
+ 2001-08-17 18:19:14 747,392 -c--a-w C:\WINDOWS\system32\dllcache\adm8830.sys
+ 2004-08-03 20:32:24 10,880 -c--a-w C:\WINDOWS\system32\dllcache\admjoy.sys
+ 2001-08-17 18:11:16 46,112 -c--a-w C:\WINDOWS\system32\dllcache\adptsf50.sys
+ 2001-08-17 20:07:32 101,888 -c--a-w C:\WINDOWS\system32\dllcache\adpu160m.sys
+ 2004-08-03 22:54:22 4,255 -c--a-w C:\WINDOWS\system32\dllcache\adv01nt5.dll
+ 2004-08-03 22:54:22 3,967 -c--a-w C:\WINDOWS\system32\dllcache\adv02nt5.dll
+ 2004-08-03 22:54:22 3,615 -c--a-w C:\WINDOWS\system32\dllcache\adv05nt5.dll
+ 2004-08-03 22:54:22 3,647 -c--a-w C:\WINDOWS\system32\dllcache\adv07nt5.dll
+ 2004-08-03 22:54:22 3,135 -c--a-w C:\WINDOWS\system32\dllcache\adv08nt5.dll
+ 2004-08-03 22:54:22 3,711 -c--a-w C:\WINDOWS\system32\dllcache\adv09nt5.dll
+ 2004-08-03 22:54:22 3,775 -c--a-w C:\WINDOWS\system32\dllcache\adv11nt5.dll
+ 2006-02-15 00:22:26 142,464 -c--a-w C:\WINDOWS\system32\dllcache\aec.sys
+ 2004-08-05 12:00:00 42,368 -c--a-w C:\WINDOWS\system32\dllcache\agp440.sys
+ 2004-08-05 12:00:00 44,928 -c--a-w C:\WINDOWS\system32\dllcache\agpcpq.sys
+ 2001-08-17 19:52:02 12,800 -c--a-w C:\WINDOWS\system32\dllcache\aha154x.sys
+ 2001-08-17 20:07:36 55,168 -c--a-w C:\WINDOWS\system32\dllcache\aic78u2.sys
+ 2001-08-17 20:07:38 56,960 -c--a-w C:\WINDOWS\system32\dllcache\aic78xx.sys
+ 2001-08-17 18:11:18 27,678 -c--a-w C:\WINDOWS\system32\dllcache\ali5261.sys
+ 2001-08-17 19:49:02 26,624 -c--a-w C:\WINDOWS\system32\dllcache\alifir.sys
+ 2001-08-17 19:51:56 5,248 -c--a-w C:\WINDOWS\system32\dllcache\aliide.sys
+ 2004-08-05 12:00:00 42,752 -c--a-w C:\WINDOWS\system32\dllcache\alim1541.sys
+ 2001-08-17 18:11:20 16,969 -c--a-w C:\WINDOWS\system32\dllcache\amb8002.sys
+ 2004-08-05 12:00:00 43,008 -c--a-w C:\WINDOWS\system32\dllcache\amdagp.sys
+ 2004-08-05 12:00:00 41,216 -c--a-w C:\WINDOWS\system32\dllcache\amdk6.sys
+ 2004-08-05 12:00:00 41,600 -c--a-w C:\WINDOWS\system32\dllcache\amdk7.sys
+ 2001-08-17 19:52:04 12,032 -c--a-w C:\WINDOWS\system32\dllcache\amsint.sys
+ 2004-08-03 20:31:20 36,224 -c--a-w C:\WINDOWS\system32\dllcache\an983.sys
+ 2001-08-17 19:47:22 6,272 -c--a-w C:\WINDOWS\system32\dllcache\apmbatt.sys
+ 2004-08-05 12:00:00 60,800 -c--a-w C:\WINDOWS\system32\dllcache\arp1394.sys
+ 2001-08-17 19:52:00 26,496 -c--a-w C:\WINDOWS\system32\dllcache\asc.sys
+ 2001-08-17 19:52:04 22,400 -c--a-w C:\WINDOWS\system32\dllcache\asc3350p.sys
+ 2001-08-17 19:51:58 14,848 -c--a-w C:\WINDOWS\system32\dllcache\asc3550.sys
+ 2001-08-17 18:12:34 97,354 -c--a-w C:\WINDOWS\system32\dllcache\aspndis3.sys
+ 2004-08-05 12:00:00 95,360 -c--a-w C:\WINDOWS\system32\dllcache\atapi.sys
+ 2001-08-23 15:46:44 96,128 -c--a-w C:\WINDOWS\system32\dllcache\ati.dll
+ 2001-08-23 14:59:32 77,824 -c--a-w C:\WINDOWS\system32\dllcache\ati.sys
+ 2004-08-03 20:29:30 56,623 -c--a-w C:\WINDOWS\system32\dllcache\ati1btxx.sys
+ 2004-08-03 20:29:30 11,615 -c--a-w C:\WINDOWS\system32\dllcache\ati1mdxx.sys
+ 2004-08-03 20:29:30 12,047 -c--a-w C:\WINDOWS\system32\dllcache\ati1pdxx.sys
+ 2004-08-03 20:29:32 30,671 -c--a-w C:\WINDOWS\system32\dllcache\ati1raxx.sys
+ 2004-08-03 20:29:32 63,663 -c--a-w C:\WINDOWS\system32\dllcache\ati1rvxx.sys
+ 2004-08-03 20:29:32 26,367 -c--a-w C:\WINDOWS\system32\dllcache\ati1snxx.sys
+ 2004-08-03 20:29:32 21,343 -c--a-w C:\WINDOWS\system32\dllcache\ati1ttxx.sys
+ 2004-08-03 20:29:32 36,463 -c--a-w C:\WINDOWS\system32\dllcache\ati1tuxx.sys
+ 2004-08-03 20:29:32 29,455 -c--a-w C:\WINDOWS\system32\dllcache\ati1xbxx.sys
+ 2004-08-03 20:29:32 34,735 -c--a-w C:\WINDOWS\system32\dllcache\ati1xsxx.sys
+ 2004-08-03 22:54:22 229,376 -c--a-w C:\WINDOWS\system32\dllcache\ati2cqag.dll
+ 2004-08-03 22:54:22 377,984 -c--a-w C:\WINDOWS\system32\dllcache\ati2dvaa.dll
+ 2004-08-03 22:54:22 201,728 -c--a-w C:\WINDOWS\system32\dllcache\ati2dvag.dll
+ 2004-08-03 22:38:42 327,168 -c--a-w C:\WINDOWS\system32\dllcache\ati2mtaa.sys
+ 2004-08-03 22:38:44 701,440 -c--a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
+ 2004-08-03 22:54:22 870,784 -c--a-w C:\WINDOWS\system32\dllcache\ati3d1ag.dll
+ 2001-08-17 18:49:04 46,464 -c--a-w C:\WINDOWS\system32\dllcache\atibt829.sys
+ 2001-08-23 15:46:44 382,592 -c--a-w C:\WINDOWS\system32\dllcache\atidrab.dll
+ 2001-08-23 15:46:44 137,216 -c--a-w C:\WINDOWS\system32\dllcache\atidrae.dll
+ 2001-08-23 15:46:44 268,160 -c--a-w C:\WINDOWS\system32\dllcache\atidvai.dll
+ 2001-08-23 15:47:26 37,376 -c--a-w C:\WINDOWS\system32\dllcache\atievxx.exe
+ 2001-08-23 14:59:36 289,920 -c--a-w C:\WINDOWS\system32\dllcache\atimpab.sys
+ 2001-08-23 14:59:36 75,392 -c--a-w C:\WINDOWS\system32\dllcache\atimpae.sys
+ 2001-08-23 14:59:38 281,728 -c--a-w C:\WINDOWS\system32\dllcache\atimtai.sys
+ 2004-08-03 20:29:28 57,856 -c--a-w C:\WINDOWS\system32\dllcache\atinbtxx.sys
+ 2004-08-03 20:29:30 13,824 -c--a-w C:\WINDOWS\system32\dllcache\atinmdxx.sys
+ 2004-08-03 20:29:30 14,336 -c--a-w C:\WINDOWS\system32\dllcache\atinpdxx.sys
+ 2004-08-03 20:29:30 52,224 -c--a-w C:\WINDOWS\system32\dllcache\atinraxx.sys
+ 2004-08-03 20:29:32 104,960 -c--a-w C:\WINDOWS\system32\dllcache\atinrvxx.sys
+ 2004-08-03 20:29:32 28,672 -c--a-w C:\WINDOWS\system32\dllcache\atinsnxx.sys
+ 2004-08-03 20:29:32 13,824 -c--a-w C:\WINDOWS\system32\dllcache\atinttxx.sys
+ 2004-08-03 20:29:32 73,216 -c--a-w C:\WINDOWS\system32\dllcache\atintuxx.sys
+ 2004-08-03 20:29:32 31,744 -c--a-w C:\WINDOWS\system32\dllcache\atinxbxx.sys
+ 2004-08-03 20:29:32 63,488 -c--a-w C:\WINDOWS\system32\dllcache\atinxsxx.sys
+ 2001-08-17 18:49:36 10,240 -c--a-w C:\WINDOWS\system32\dllcache\atipcxxx.sys
+ 2001-08-23 15:46:44 104,832 -c--a-w C:\WINDOWS\system32\dllcache\atiraged.dll
+ 2001-08-23 14:59:40 70,784 -c--a-w C:\WINDOWS\system32\dllcache\atiragem.sys
+ 2001-08-17 18:49:12 49,920 -c--a-w C:\WINDOWS\system32\dllcache\atirtcap.sys
+ 2001-08-17 18:49:18 26,880 -c--a-w C:\WINDOWS\system32\dllcache\atirtsnd.sys
+ 2001-08-17 18:49:22 17,152 -c--a-w C:\WINDOWS\system32\dllcache\atitunep.sys
+ 2001-08-17 18:49:28 17,152 -c--a-w C:\WINDOWS\system32\dllcache\atitvsnd.sys
+ 2001-08-17 18:49:38 9,472 -c--a-w C:\WINDOWS\system32\dllcache\ativmdcd.sys
+ 2004-08-03 22:54:22 32,768 -c--a-w C:\WINDOWS\system32\dllcache\ativtmxx.dll
+ 2001-08-17 18:49:44 19,456 -c--a-w C:\WINDOWS\system32\dllcache\ativttxx.sys
+ 2004-08-03 22:54:22 516,768 -c--a-w C:\WINDOWS\system32\dllcache\ativvaxx.dll
+ 2001-08-17 18:49:48 26,624 -c--a-w C:\WINDOWS\system32\dllcache\ativxbar.sys
+ 2001-08-17 18:49:34 23,552 -c--a-w C:\WINDOWS\system32\dllcache\atixbar.sys
+ 2004-08-03 22:54:22 21,183 -c--a-w C:\WINDOWS\system32\dllcache\atv01nt5.dll
+ 2004-08-03 22:54:22 11,359 -c--a-w C:\WINDOWS\system32\dllcache\atv02nt5.dll
+ 2004-08-03 22:54:22 25,471 -c--a-w C:\WINDOWS\system32\dllcache\atv04nt5.dll
+ 2004-08-03 22:54:22 14,143 -c--a-w C:\WINDOWS\system32\dllcache\atv06nt5.dll
+ 2004-08-03 22:54:22 17,279 -c--a-w C:\WINDOWS\system32\dllcache\atv10nt5.dll
+ 2001-08-17 21:59:44 3,072 -c--a-w C:\WINDOWS\system32\dllcache\audstub.sys
+ 2004-08-03 21:10:12 38,912 -c--a-w C:\WINDOWS\system32\dllcache\avc.sys
+ 2001-08-17 20:01:12 36,096 -c--a-w C:\WINDOWS\system32\dllcache\avcaudio.sys
+ 2004-08-03 21:10:00 13,696 -c--a-w C:\WINDOWS\system32\dllcache\avcstrm.sys
+ 2001-08-23 15:46:58 87,552 -c--a-w C:\WINDOWS\system32\dllcache\avmcoxp.dll
+ 2001-08-23 15:46:58 144,384 -c--a-w C:\WINDOWS\system32\dllcache\avmenum.dll
+ 2001-08-17 18:13:48 37,568 -c--a-w C:\WINDOWS\system32\dllcache\avmwan.sys
+ 2001-08-17 18:19:16 36,992 -c--a-w C:\WINDOWS\system32\dllcache\aztw2320.sys
+ 2001-08-17 18:13:56 89,952 -c--a-w C:\WINDOWS\system32\dllcache\b1cbase.sys
+ 2001-08-23 15:00:08 97,248 -c--a-w C:\WINDOWS\system32\dllcache\b57xp32.sys
+ 2001-08-23 15:46:44 342,336 -c--a-w C:\WINDOWS\system32\dllcache\banshee.dll
+ 2001-08-17 18:48:28 36,128 -c--a-w C:\WINDOWS\system32\dllcache\banshee.sys
+ 2001-08-17 19:57:54 14,080 -c--a-w C:\WINDOWS\system32\dllcache\battc.sys
+ 2001-08-17 18:11:28 66,557 -c--a-w C:\WINDOWS\system32\dllcache\bcm42u.sys
+ 2001-08-17 18:11:26 54,271 -c--a-w C:\WINDOWS\system32\dllcache\bcm42xx5.sys
+ 2001-08-17 18:11:30 26,568 -c--a-w C:\WINDOWS\system32\dllcache\bcm4e5.sys
+ 2004-08-03 21:10:14 11,776 -c--a-w C:\WINDOWS\system32\dllcache\bdasup.sys
+ 2001-08-23 15:46:58 105,472 -c--a-w C:\WINDOWS\system32\dllcache\binlsvc.dll
+ 2001-08-23 15:46:58 19,456 -c--a-w C:\WINDOWS\system32\dllcache\brbidiif.dll
+ 2001-08-23 15:46:58 9,728 -c--a-w C:\WINDOWS\system32\dllcache\brcoinst.dll
+ 2001-08-23 15:46:58 12,800 -c--a-w C:\WINDOWS\system32\dllcache\brevif.dll
+ 2001-08-17 19:12:12 2,944 -c--a-w C:\WINDOWS\system32\dllcache\brfilt.sys
+ 2001-08-17 19:12:22 12,160 -c--a-w C:\WINDOWS\system32\dllcache\brfiltlo.sys
+ 2001-08-17 19:12:24 3,968 -c--a-w C:\WINDOWS\system32\dllcache\brfiltup.sys
+ 2001-08-23 15:46:58 15,360 -c--a-w C:\WINDOWS\system32\dllcache\brmfbidi.dll
+ 2001-08-23 15:46:58 81,920 -c--a-w C:\WINDOWS\system32\dllcache\brmfcwia.dll
+ 2001-08-23 15:46:58 29,696 -c--a-w C:\WINDOWS\system32\dllcache\brmflpt.dll
+ 2001-08-23 15:47:30 32,256 -c--a-w C:\WINDOWS\system32\dllcache\brmfrsmg.exe
+ 2001-08-23 15:46:58 41,472 -c--a-w C:\WINDOWS\system32\dllcache\brmfusb.dll
+ 2001-08-17 19:12:24 3,168 -c--a-w C:\WINDOWS\system32\dllcache\brparimg.sys
+ 2001-08-23 15:01:54 39,808 -c--a-w C:\WINDOWS\system32\dllcache\brparwdm.sys
+ 2001-08-23 15:46:58 5,120 -c--a-w C:\WINDOWS\system32\dllcache\brscnrsm.dll
+ 2001-08-23 15:46:58 9,728 -c--a-w C:\WINDOWS\system32\dllcache\brserif.dll
+ 2001-08-17 19:12:20 60,416 -c--a-w C:\WINDOWS\system32\dllcache\brserwdm.sys
+ 2001-08-17 19:12:20 11,008 -c--a-w C:\WINDOWS\system32\dllcache\brusbmdm.sys
+ 2001-08-17 19:12:22 10,368 -c--a-w C:\WINDOWS\system32\dllcache\brusbscn.sys
+ 2001-08-17 18:11:24 31,529 -c--a-w C:\WINDOWS\system32\dllcache\brzwlan.sys
+ 2004-08-05 12:00:00 20,992 -c--a-w C:\WINDOWS\system32\dllcache\bthci.dll
+ 2004-08-03 21:10:40 17,024 -c--a-w C:\WINDOWS\system32\dllcache\bthenum.sys
+ 2004-08-03 21:10:40 38,016 -c--a-w C:\WINDOWS\system32\dllcache\bthmodem.sys
+ 2004-08-03 20:58:40 100,992 -c--a-w C:\WINDOWS\system32\dllcache\bthpan.sys
+ 2004-08-03 22:40:30 274,944 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
+ 2004-08-03 21:10:38 35,456 -c--a-w C:\WINDOWS\system32\dllcache\bthprint.sys
+ 2004-08-05 12:00:00 30,208 -c--a-w C:\WINDOWS\system32\dllcache\bthserv.dll
+ 2004-08-03 21:10:36 18,944 -c--a-w C:\WINDOWS\system32\dllcache\bthusb.sys
+ 2001-08-23 15:02:02 14,080 -c--a-w C:\WINDOWS\system32\dllcache\bulltlp3.sys
+ 2001-08-17 20:05:48 314,752 -c--a-w C:\WINDOWS\system32\dllcache\camdro21.sys
+ 2001-08-17 20:04:46 223,232 -c--a-w C:\WINDOWS\system32\dllcache\camdrv21.sys
+ 2001-08-17 20:04:48 171,264 -c--a-w C:\WINDOWS\system32\dllcache\camdrv30.sys
+ 2001-08-23 15:47:00 74,240 -c--a-w C:\WINDOWS\system32\dllcache\camexo20.dll
+ 2001-08-23 15:47:00 236,032 -c--a-w C:\WINDOWS\system32\dllcache\camext20.dll
+ 2001-08-23 15:47:00 119,296 -c--a-w C:\WINDOWS\system32\dllcache\camext30.dll
+ 2001-08-17 18:12:16 37,916 -c--a-w C:\WINDOWS\system32\dllcache\cb102.sys
+ 2001-08-17 18:12:42 39,680 -c--a-w C:\WINDOWS\system32\dllcache\cb325.sys
+ 2001-08-17 18:13:14 46,108 -c--a-w C:\WINDOWS\system32\dllcache\cben5.sys
+ 2004-08-05 12:00:00 13,952 -c--a-w C:\WINDOWS\system32\dllcache\cbidf2k.sys
+ 2004-08-03 21:10:18 17,024 -c--a-w C:\WINDOWS\system32\dllcache\ccdecode.sys
+ 2001-08-17 19:52:06 7,680 -c--a-w C:\WINDOWS\system32\dllcache\cd20xrnt.sys
+ 2004-08-05 12:00:00 18,688 -c--a-w C:\WINDOWS\system32\dllcache\cdaudio.sys
+ 2004-08-05 12:00:00 49,536 -c--a-w C:\WINDOWS\system32\dllcache\cdrom.sys
+ 2001-08-23 15:03:18 21,530 -c--a-w C:\WINDOWS\system32\dllcache\ce2n5.sys
+ 2001-08-23 15:03:18 27,164 -c--a-w C:\WINDOWS\system32\dllcache\ce3n5.sys
+ 2001-08-23 15:03:18 22,556 -c--a-w C:\WINDOWS\system32\dllcache\cem28n5.sys
+ 2001-08-23 15:03:20 22,556 -c--a-w C:\WINDOWS\system32\dllcache\cem33n5.sys
+ 2001-08-23 15:03:20 49,182 -c--a-w C:\WINDOWS\system32\dllcache\cem56n5.sys
+ 2004-08-03 22:54:24 15,423 -c--a-w C:\WINDOWS\system32\dllcache\ch7xxnt5.dll
+ 2004-08-03 21:00:14 8,192 -c--a-w C:\WINDOWS\system32\dllcache\changer.sys
+ 2001-08-23 15:04:06 272,640 -c--a-w C:\WINDOWS\system32\dllcache\cinemclc.sys
+ 2004-08-05 12:00:00 262,528 -c--a-w C:\WINDOWS\system32\dllcache\cinemst2.sys
+ 2001-08-23 15:46:44 91,264 -c--a-w C:\WINDOWS\system32\dllcache\cirrus.dll
+ 2001-08-17 19:57:16 45,696 -c--a-w C:\WINDOWS\system32\dllcache\cirrus.sys
+ 2001-08-23 15:46:44 111,232 -c--a-w C:\WINDOWS\system32\dllcache\cl5465.dll
+ 2001-08-23 15:46:44 170,880 -c--a-w C:\WINDOWS\system32\dllcache\cl546x.dll
+ 2001-08-17 19:57:36 248,064 -c--a-w C:\WINDOWS\system32\dllcache\cl546xm.sys
+ 2004-08-03 21:07:40 14,080 -c--a-w C:\WINDOWS\system32\dllcache\cmbatt.sys
+ 2001-08-23 15:04:40 20,864 -c--a-w C:\WINDOWS\system32\dllcache\cmbp0wdm.sys
+ 2001-08-23 15:04:44 6,656 -c--a-w C:\WINDOWS\system32\dllcache\cmdide.sys
+ 2004-08-05 12:00:00 50,688 -c--a-w C:\WINDOWS\system32\dllcache\cnbjmon.dll
+ 2001-08-23 15:47:00 44,544 -c--a-w C:\WINDOWS\system32\dllcache\cnusd.dll
+ 2001-08-17 18:11:42 39,936 -c--a-w C:\WINDOWS\system32\dllcache\cnxt1803.sys
+ 2001-08-17 19:58:00 9,344 -c--a-w C:\WINDOWS\system32\dllcache\compbatt.sys
+ 2001-08-17 19:52:06 14,976 -c--a-w C:\WINDOWS\system32\dllcache\cpqarray.sys
+ 2004-08-05 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\cpqdap01.sys
+ 2001-08-23 15:07:28 21,533 -c--a-w C:\WINDOWS\system32\dllcache\cpqndis5.sys
+ 2001-08-23 15:07:28 61,194 -c--a-w C:\WINDOWS\system32\dllcache\cpqtrnd5.sys
+ 2001-08-23 15:47:00 216,576 -c--a-w C:\WINDOWS\system32\dllcache\cpscan.dll
+ 2001-08-17 18:19:18 42,112 -c--a-w C:\WINDOWS\system32\dllcache\crtaud.sys
+ 2004-08-05 12:00:00 40,704 -c--a-w C:\WINDOWS\system32\dllcache\crusoe.sys
+ 2001-08-23 15:47:00 175,104 -c--a-w C:\WINDOWS\system32\dllcache\csamsp.dll
+ 2001-08-17 18:19:28 6,912 -c--a-w C:\WINDOWS\system32\dllcache\ctlfacem.sys
+ 2001-08-17 18:19:20 3,712 -c--a-w C:\WINDOWS\system32\dllcache\ctljystk.sys
+ 2001-08-17 18:19:20 96,256 -c--a-w C:\WINDOWS\system32\dllcache\ctlsb16.sys
+ 2004-08-03 22:54:24 252,416 -c--a-w C:\WINDOWS\system32\dllcache\ctmasetp.dll
+ 2001-08-23 15:47:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\ctwdm32.dll
- 2007-08-13 16:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2004-08-05 12:00:00 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2001-08-17 18:19:24 3,072 -c--a-w C:\WINDOWS\system32\dllcache\cwbase.sys
+ 2001-08-17 18:19:26 3,072 -c--a-w C:\WINDOWS\system32\dllcache\cwbmidi.sys
+ 2001-08-17 18:19:28 72,832 -c--a-w C:\WINDOWS\system32\dllcache\cwbwdm.sys
+ 2001-08-17 18:19:30 3,584 -c--a-w C:\WINDOWS\system32\dllcache\cwcosnt5.sys
+ 2001-08-17 18:19:36 111,872 -c--a-w C:\WINDOWS\system32\dllcache\cwcspud.sys
+ 2001-08-17 18:19:48 93,952 -c--a-w C:\WINDOWS\system32\dllcache\cwcwdm.sys
+ 2004-08-03 20:32:26 48,640 -c--a-w C:\WINDOWS\system32\dllcache\cwrwdm.sys
+ 2001-08-23 15:08:38 17,536 -c--a-w C:\WINDOWS\system32\dllcache\cyclad-z.sys
+ 2001-08-23 15:08:38 15,104 -c--a-w C:\WINDOWS\system32\dllcache\cyclom-y.sys
+ 2001-08-23 15:47:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\cyycoins.dll
+ 2001-08-23 15:08:40 50,944 -c--a-w C:\WINDOWS\system32\dllcache\cyyport.sys
+ 2001-08-23 15:47:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\cyyports.dll
+ 2001-08-23 15:47:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\cyzcoins.dll
+ 2001-08-23 15:08:42 50,688 -c--a-w C:\WINDOWS\system32\dllcache\cyzport.sys
+ 2001-08-23 15:47:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\cyzports.dll
+ 2001-08-23 15:08:44 117,760 -c--a-w C:\WINDOWS\system32\dllcache\d100ib5.sys
+ 2001-08-17 19:52:16 179,584 -c--a-w C:\WINDOWS\system32\dllcache\dac2w2k.sys
+ 2001-08-17 19:52:16 14,720 -c--a-w C:\WINDOWS\system32\dllcache\dac960nt.sys
+ 2001-08-23 15:47:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\dc210_32.dll
+ 2001-08-23 15:47:00 82,432 -c--a-w C:\WINDOWS\system32\dllcache\dc210usd.dll
+ 2001-08-17 18:12:02 63,208 -c--a-w C:\WINDOWS\system32\dllcache\dc21x4.sys
+ 2001-08-23 15:47:00 87,552 -c--a-w C:\WINDOWS\system32\dllcache\dc240usd.dll
+ 2001-08-23 15:47:00 112,128 -c--a-w C:\WINDOWS\system32\dllcache\dc260usd.dll
+ 2001-08-17 19:52:58 7,424 -c--a-w C:\WINDOWS\system32\dllcache\ddsmc.sys
+ 2001-08-17 18:11:44 20,928 -c--a-w C:\WINDOWS\system32\dllcache\defpa.sys
+ 2001-08-23 15:47:00 256,512 -c--a-w C:\WINDOWS\system32\dllcache\devcon32.dll
+ 2001-08-23 15:47:34 24,064 -c--a-w C:\WINDOWS\system32\dllcache\devldr32.exe
+ 2001-08-17 18:11:48 24,648 -c--a-w C:\WINDOWS\system32\dllcache\dfe650.sys
+ 2001-08-17 18:11:48 24,649 -c--a-w C:\WINDOWS\system32\dllcache\dfe650d.sys
+ 2001-08-23 15:09:48 29,691 -c--a-w C:\WINDOWS\system32\dllcache\dgapci.sys
+ 2001-08-23 15:47:00 422,429 -c--a-w C:\WINDOWS\system32\dllcache\dgconfig.dll
+ 2001-08-17 18:13:48 164,923 -c--a-w C:\WINDOWS\system32\dllcache\diapi2.sys
+ 2001-08-23 15:47:02 32,256 -c--a-w C:\WINDOWS\system32\dllcache\diapi2NT.dll
+ 2001-08-23 15:47:02 65,622 -c--a-w C:\WINDOWS\system32\dllcache\digiasyn.dll
+ 2001-08-23 15:10:10 37,927 -c--a-w C:\WINDOWS\system32\dllcache\digiasyn.sys
+ 2001-08-23 15:47:02 135,252 -c--a-w C:\WINDOWS\system32\dllcache\digidbp.dll
+ 2001-08-23 15:10:10 103,492 -c--a-w C:\WINDOWS\system32\dllcache\digidxb.sys
+ 2001-08-23 15:10:12 90,685 -c--a-w C:\WINDOWS\system32\dllcache\digifep5.sys
+ 2001-08-23 15:47:02 229,462 -c--a-w C:\WINDOWS\system32\dllcache\digifwrk.dll
+ 2001-08-23 15:47:02 159,828 -c--a-w C:\WINDOWS\system32\dllcache\digihlc.dll
+ 2001-08-23 15:47:02 102,484 -c--a-w C:\WINDOWS\system32\dllcache\digiinf.dll
+ 2001-08-23 15:47:02 41,046 -c--a-w C:\WINDOWS\system32\dllcache\digiisdn.dll
+ 2001-08-17 18:14:44 21,606 -c--a-w C:\WINDOWS\system32\dllcache\digiisdn.sys
+ 2001-08-23 15:47:02 110,621 -c--a-w C:\WINDOWS\system32\dllcache\digirlpt.dll
+ 2001-08-23 15:10:16 42,656 -c--a-w C:\WINDOWS\system32\dllcache\digirlpt.sys
+ 2001-08-23 15:47:34 622,621 -c--a-w C:\WINDOWS\system32\dllcache\digiview.exe
+ 2001-08-17 18:13:52 91,305 -c--a-w C:\WINDOWS\system32\dllcache\dimaint.sys
+ 2004-08-05 12:00:00 36,352 -c--a-w C:\WINDOWS\system32\dllcache\disk.sys
+ 2001-08-23 15:47:02 6,729 -c--a-w C:\WINDOWS\system32\dllcache\disrvci.dll
+ 2001-08-23 15:47:02 31,817 -c--a-w C:\WINDOWS\system32\dllcache\disrvpp.dll
+ 2001-08-23 15:47:02 38,985 -c--a-w C:\WINDOWS\system32\dllcache\disrvsu.dll
+ 2001-08-23 15:47:34 236,060 -c--a-w C:\WINDOWS\system32\dllcache\ditrace.exe
+ 2001-08-23 15:47:02 6,216 -c--a-w C:\WINDOWS\system32\dllcache\divaci.dll
+ 2001-08-23 15:47:02 37,962 -c--a-w C:\WINDOWS\system32\dllcache\divaprop.dll
+ 2001-08-23 15:47:02 29,768 -c--a-w C:\WINDOWS\system32\dllcache\divasu.dll
+ 2001-08-17 18:11:44 26,698 -c--a-w C:\WINDOWS\system32\dllcache\dlh5xnd5.sys
+ 2004-08-03 21:00:06 8,320 -c--a-w C:\WINDOWS\system32\dllcache\dlttape.sys
+ 2001-08-17 18:11:42 29,696 -c--a-w C:\WINDOWS\system32\dllcache\dm9pci5.sys
+ 2004-08-03 21:07:40 52,864 -c--a-w C:\WINDOWS\system32\dllcache\dmusic.sys
+ 2004-08-05 12:00:00 58,880 -c--a-w C:\WINDOWS\system32\dllcache\dmutil.dll
+ 2004-08-03 20:58:30 207,360 -c--a-w C:\WINDOWS\system32\dllcache\dot4.sys
+ 2001-08-17 19:47:32 12,928 -c--a-w C:\WINDOWS\system32\dllcache\dot4prt.sys
+ 2001-08-17 19:47:32 8,704 -c--a-w C:\WINDOWS\system32\dllcache\dot4scan.sys
+ 2001-08-23 15:11:02 24,064 -c--a-w C:\WINDOWS\system32\dllcache\dot4usb.sys
+ 2001-08-17 18:12:32 28,062 -c--a-w C:\WINDOWS\system32\dllcache\dp83820.sys
+ 2001-08-17 20:07:44 20,192 -c--a-w C:\WINDOWS\system32\dllcache\dpti2o.sys
+ 2004-08-05 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\drmkaud.sys
+ 2001-08-17 18:20:18 334,208 -c--a-w C:\WINDOWS\system32\dllcache\ds1wdm.sys
+ 2004-08-05 12:00:00 59,392 -c--a-w C:\WINDOWS\system32\dllcache\dvdplay.exe
+ 2004-08-05 12:00:00 71,040 -c--a-w C:\WINDOWS\system32\dllcache\dxg.sys
+ 2001-08-23 15:12:50 51,743 -c--a-w C:\WINDOWS\system32\dllcache\e1000nt5.sys
+ 2001-08-17 18:12:12 19,594 -c--a-w C:\WINDOWS\system32\dllcache\e100isa4.sys
+ 2001-08-23 15:13:26 44,615 -c--a-w C:\WINDOWS\system32\dllcache\el515.sys
+ 2001-08-17 18:10:56 55,999 -c--a-w C:\WINDOWS\system32\dllcache\el556nd5.sys
+ 2001-08-17 18:10:56 24,653 -c--a-w C:\WINDOWS\system32\dllcache\el574nd4.sys
+ 2001-08-17 18:10:58 69,692 -c--a-w C:\WINDOWS\system32\dllcache\el575nd5.sys
+ 2001-08-17 18:10:52 26,141 -c--a-w C:\WINDOWS\system32\dllcache\el589nd5.sys
+ 2001-08-17 18:11:00 69,194 -c--a-w C:\WINDOWS\system32\dllcache\el656cd5.sys
+ 2001-08-17 18:11:00 77,386 -c--a-w C:\WINDOWS\system32\dllcache\el656nd5.sys
+ 2001-08-23 15:13:30 241,238 -c--a-w C:\WINDOWS\system32\dllcache\el656se5.sys
+ 2001-08-17 18:11:06 66,591 -c--a-w C:\WINDOWS\system32\dllcache\el90xbc5.sys
+ 2001-08-23 15:13:30 153,631 -c--a-w C:\WINDOWS\system32\dllcache\el90xnd5.sys
+ 2001-08-23 15:13:30 455,711 -c--a-w C:\WINDOWS\system32\dllcache\el985n51.sys
+ 2001-08-17 18:11:04 70,174 -c--a-w C:\WINDOWS\system32\dllcache\el98xn5.sys
+ 2001-08-23 15:13:32 175,104 -c--a-w C:\WINDOWS\system32\dllcache\el99xn51.sys
+ 2001-08-17 19:53:02 7,296 -c--a-w C:\WINDOWS\system32\dllcache\elmsmc.sys
+ 2001-08-17 18:10:52 25,159 -c--a-w C:\WINDOWS\system32\dllcache\elnk3.sys
+ 2001-08-17 18:10:54 19,996 -c--a-w C:\WINDOWS\system32\dllcache\em556n4.sys
+ 2001-08-17 18:19:26 283,904 -c--a-w C:\WINDOWS\system32\dllcache\emu10k1m.sys
+ 2001-08-17 19:46:40 6,400 -c--a-w C:\WINDOWS\system32\dllcache\enum1394.sys
+ 2001-08-17 19:50:20 144,896 -c--a-w C:\WINDOWS\system32\dllcache\epcfw2k.sys
+ 2001-08-17 18:12:08 18,503 -c--a-w C:\WINDOWS\system32\dllcache\epro4.sys
+ 2001-08-17 19:50:20 114,944 -c--a-w C:\WINDOWS\system32\dllcache\epstw2k.sys
+ 2001-08-23 15:47:34 53,760 -c--a-w C:\WINDOWS\system32\dllcache\eqndiag.exe
+ 2001-08-23 15:47:34 51,712 -c--a-w C:\WINDOWS\system32\dllcache\eqnlogr.exe
+ 2001-08-23 15:47:34 62,464 -c--a-w C:\WINDOWS\system32\dllcache\eqnloop.exe
+ 2001-08-17 18:19:38 37,120 -c--a-w C:\WINDOWS\system32\dllcache\es1370mp.sys
+ 2001-08-17 18:19:34 40,704 -c--a-w C:\WINDOWS\system32\dllcache\es1371mp.sys
+ 2001-08-17 18:19:58 72,192 -c--a-w C:\WINDOWS\system32\dllcache\es1969.sys
+ 2001-08-17 18:19:48 174,464 -c--a-w C:\WINDOWS\system32\dllcache\es198x.sys
+ 2001-08-23 15:16:04 596,319 -c--a-w C:\WINDOWS\system32\dllcache\es56cvmp.sys
+ 2001-08-23 15:16:06 594,910 -c--a-w C:\WINDOWS\system32\dllcache\es56hpi.sys
+ 2001-08-23 15:16:06 348,222 -c--a-w C:\WINDOWS\system32\dllcache\es56tpi.sys
+ 2001-08-17 18:19:56 63,360 -c--a-w C:\WINDOWS\system32\dllcache\ess.sys
+ 2004-08-03 20:32:28 137,088 -c--a-w C:\WINDOWS\system32\dllcache\essm2e.sys
+ 2001-08-23 15:47:04 43,008 -c--a-w C:\WINDOWS\system32\dllcache\esucm.dll
+ 2001-08-23 15:47:04 34,816 -c--a-w C:\WINDOWS\system32\dllcache\esuimg.dll
+ 2001-08-23 15:47:04 46,080 -c--a-w C:\WINDOWS\system32\dllcache\esuni.dll
+ 2001-08-23 15:47:04 46,080 -c--a-w C:\WINDOWS\system32\dllcache\esunib.dll
+ 2001-08-17 18:12:08 16,998 -c--a-w C:\WINDOWS\system32\dllcache\ex10.sys
+ 2001-08-17 19:52:48 7,040 -c--a-w C:\WINDOWS\system32\dllcache\exabyte2.sys
+ 2001-08-17 18:11:54 12,362 -c--a-w C:\WINDOWS\system32\dllcache\f3ab18xi.sys
+ 2001-08-17 18:11:56 11,850 -c--a-w C:\WINDOWS\system32\dllcache\f3ab18xj.sys
+ 2001-08-17 18:12:32 16,074 -c--a-w C:\WINDOWS\system32\dllcache\fa312nd5.sys
+ 2001-08-17 18:12:32 24,618 -c--a-w C:\WINDOWS\system32\dllcache\fa410nd5.sys
+ 2004-08-05 12:00:00 27,392 -c--a-w C:\WINDOWS\system32\dllcache\fdc.sys
+ 2001-08-17 18:10:54 22,090 -c--a-w C:\WINDOWS\system32\dllcache\fem556n5.sys
+ 2001-08-17 18:13:08 27,165 -c--a-w C:\WINDOWS\system32\dllcache\fetnd5.sys
+ 2004-08-05 12:00:00 20,480 -c--a-w C:\WINDOWS\system32\dllcache\flpydisk.sys
+ 2001-08-23 15:47:04 72,192 -c--a-w C:\WINDOWS\system32\dllcache\fnfilter.dll
+ 2004-08-03 20:31:24 34,173 -c--a-w C:\WINDOWS\system32\dllcache\forehe.sys
+ 2001-08-17 18:14:24 444,416 -c--a-w C:\WINDOWS\system32\dllcache\fpcibase.sys
+ 2001-08-17 18:14:44 441,728 -c--a-w C:\WINDOWS\system32\dllcache\fpcmbase.sys
+ 2001-08-17 18:15:02 442,240 -c--a-w C:\WINDOWS\system32\dllcache\fpnpbase.sys
+ 2004-08-05 12:00:00 193,024 -c--a-w C:\WINDOWS\system32\dllcache\fsquirt.exe
+ 2004-08-05 12:00:00 12,416 -c--a-w C:\WINDOWS\system32\dllcache\fsvga.sys
+ 2004-08-05 12:00:00 126,080 -c--a-w C:\WINDOWS\system32\dllcache\ftdisk.sys
+ 2001-08-17 18:15:38 455,296 -c--a-w C:\WINDOWS\system32\dllcache\fusbbase.sys
+ 2001-08-23 15:47:04 92,672 -c--a-w C:\WINDOWS\system32\dllcache\fuusd.dll
+ 2001-08-17 18:15:56 454,912 -c--a-w C:\WINDOWS\system32\dllcache\fxusbase.sys
+ 2001-08-23 15:46:44 470,144 -c--a-w C:\WINDOWS\system32\dllcache\g200d.dll
+ 2001-08-23 15:18:04 320,512 -c--a-w C:\WINDOWS\system32\dllcache\g200m.sys
+ 2001-08-23 15:18:06 322,560 -c--a-w C:\WINDOWS\system32\dllcache\g400m.sys
+ 2004-08-05 12:00:00 46,464 -c--a-w C:\WINDOWS\system32\dllcache\gagp30kx.sys
+ 2004-08-03 21:08:22 10,624 -c--a-w C:\WINDOWS\system32\dllcache\gameenum.sys
+ 2004-08-03 21:08:30 59,136 -c--a-w C:\WINDOWS\system32\dllcache\gckernel.sys
+ 2001-08-23 15:18:36 17,664 -c--a-w C:\WINDOWS\system32\dllcache\gpr400.sys
+ 2001-08-23 15:18:40 82,560 -c--a-w C:\WINDOWS\system32\dllcache\grclass.sys
+ 2004-08-03 22:40:16 28,672 -c--a-w C:\WINDOWS\system32\dllcache\grserial.sys
+ 2004-08-05 12:00:00 7,168 -c--a-w C:\WINDOWS\system32\dllcache\hccoin.dll
+ 2001-08-23 15:19:04 908,000 -c--a-w C:\WINDOWS\system32\dllcache\hcf_msft.sys
+ 2004-08-05 12:00:00 20,992 -c--a-w C:\WINDOWS\system32\dllcache\hid.dll
+ 2001-08-17 19:58:00 19,200 -c--a-w C:\WINDOWS\system32\dllcache\hidbatt.sys
+ 2004-08-03 22:40:42 25,856 -c--a-w C:\WINDOWS\system32\dllcache\hidbth.sys
+ 2004-08-05 12:00:00 36,224 -c--a-w C:\WINDOWS\system32\dllcache\hidclass.sys
+ 2001-08-17 20:02:32 8,576 -c--a-w C:\WINDOWS\system32\dllcache\hidgame.sys
+ 2004-08-03 21:08:20 15,104 -c--a-w C:\WINDOWS\system32\dllcache\hidir.sys
+ 2004-08-05 12:00:00 24,960 -c--a-w C:\WINDOWS\system32\dllcache\hidparse.sys
+ 2004-08-03 22:54:28 21,504 -c--a-w C:\WINDOWS\system32\dllcache\hidserv.dll
+ 2001-08-17 20:02:50 2,688 -c--a-w C:\WINDOWS\system32\dllcache\hidswvd.sys
+ 2004-08-05 12:00:00 9,600 -c--a-w C:\WINDOWS\system32\dllcache\hidusb.sys
+ 2001-08-23 15:47:04 119,296 -c--a-w C:\WINDOWS\system32\dllcache\hpdigwia.dll
+ 2001-08-23 15:47:04 83,968 -c--a-w C:\WINDOWS\system32\dllcache\hpgt21.dll
+ 2001-08-23 15:47:04 123,392 -c--a-w C:\WINDOWS\system32\dllcache\hpgt21tk.dll
+ 2001-08-23 15:47:04 89,088 -c--a-w C:\WINDOWS\system32\dllcache\hpgt33.dll
+ 2001-08-23 15:47:04 48,128 -c--a-w C:\WINDOWS\system32\dllcache\hpgt33tk.dll
+ 2001-08-23 15:47:04 101,376 -c--a-w C:\WINDOWS\system32\dllcache\hpgt34.dll
+ 2001-08-23 15:47:04 126,976 -c--a-w C:\WINDOWS\system32\dllcache\hpgt34tk.dll
+ 2001-08-23 15:47:04 93,696 -c--a-w C:\WINDOWS\system32\dllcache\hpgt42.dll
+ 2001-08-23 15:47:04 31,232 -c--a-w C:\WINDOWS\system32\dllcache\hpgt42tk.dll
+ 2001-08-23 15:47:04 165,888 -c--a-w C:\WINDOWS\system32\dllcache\hpgt53.dll
+ 2001-08-23 15:47:04 68,608 -c--a-w C:\WINDOWS\system32\dllcache\hpgt53tk.dll
+ 2001-08-23 15:47:04 32,768 -c--a-w C:\WINDOWS\system32\dllcache\hpgtmcro.dll
+ 2001-08-17 20:07:44 25,952 -c--a-w C:\WINDOWS\system32\dllcache\hpn.sys
+ 2001-08-23 15:47:04 324,608 -c--a-w C:\WINDOWS\system32\dllcache\hpojwia.dll
+ 2001-08-23 15:47:04 13,312 -c--a-w C:\WINDOWS\system32\dllcache\hpsjmcro.dll
+ 2001-08-17 19:52:50 5,760 -c--a-w C:\WINDOWS\system32\dllcache\hpt4qic.sys
+ 2001-08-23 15:47:04 19,456 -c--a-w C:\WINDOWS\system32\dllcache\hr1w.dll
+ 2001-08-17 19:28:04 150,239 -c--a-w C:\WINDOWS\system32\dllcache\hsf_amos.sys
+ 2001-08-17 19:28:04 67,167 -c--a-w C:\WINDOWS\system32\dllcache\hsf_bsc2.sys
+ 2001-08-17 19:28:06 289,887 -c--a-w C:\WINDOWS\system32\dllcache\hsf_fall.sys
+ 2001-08-17 19:28:06 199,711 -c--a-w C:\WINDOWS\system32\dllcache\hsf_faxx.sys
+ 2001-08-17 19:28:06 115,807 -c--a-w C:\WINDOWS\system32\dllcache\hsf_fsks.sys
+ 2001-08-23 15:47:04 9,759 -c--a-w C:\WINDOWS\system32\dllcache\hsf_inst.dll
+ 2001-08-17 19:28:08 391,199 -c--a-w C:\WINDOWS\system32\dllcache\hsf_k56k.sys
+ 2001-08-17 19:28:10 57,471 -c--a-w C:\WINDOWS\system32\dllcache\hsf_samp.sys
+ 2001-08-17 19:28:10 44,863 -c--a-w C:\WINDOWS\system32\dllcache\hsf_soar.sys
+ 2001-08-17 19:28:10 73,279 -c--a-w C:\WINDOWS\system32\dllcache\hsf_spkp.sys
+ 2001-08-17 19:28:12 50,751 -c--a-w C:\WINDOWS\system32\dllcache\hsf_tone.sys
+ 2001-08-17 19:28:12 488,383 -c--a-w C:\WINDOWS\system32\dllcache\hsf_v124.sys
+ 2004-08-03 20:41:48 220,032 -c--a-w C:\WINDOWS\system32\dllcache\hsfbs2s2.sys
+ 2004-08-03 22:54:28 32,285 -c--a-w C:\WINDOWS\system32\dllcache\hsfcisp2.dll
+ 2004-08-03 20:41:50 685,056 -c--a-w C:\WINDOWS\system32\dllcache\hsfcxts2.sys
+ 2006-03-17 00:33:10 262,784 -c--a-w C:\WINDOWS\system32\dllcache\http.sys
+ 2004-08-03 21:00:52 8,192 -c--a-w C:\WINDOWS\system32\dllcache\i2omgmt.sys
+ 2004-08-03 21:00:52 18,560 -c--a-w C:\WINDOWS\system32\dllcache\i2omp.sys
+ 2001-08-23 15:46:46 353,184 -c--a-w C:\WINDOWS\system32\dllcache\i740dnt5.dll
+ 2001-08-17 18:49:06 58,592 -c--a-w C:\WINDOWS\system32\dllcache\i740nt5.sys
+ 2004-08-05 12:00:00 54,400 -c--a-w C:\WINDOWS\system32\dllcache\i8042prt.sys
+ 2004-08-03 22:54:28 702,845 -c--a-w C:\WINDOWS\system32\dllcache\i81xdnt5.dll
+ 2004-08-03 20:29:38 161,020 -c--a-w C:\WINDOWS\system32\dllcache\i81xnt5.sys
+ 2001-08-17 18:11:58 28,700 -c--a-w C:\WINDOWS\system32\dllcache\ibmexmp.sys
+ 2001-08-23 15:45:26 10,240 -c--a-w C:\WINDOWS\system32\dllcache\ibmsgnet.dll
+ 2001-08-17 18:12:00 100,936 -c--a-w C:\WINDOWS\system32\dllcache\ibmtok.sys
+ 2001-08-17 18:12:02 109,085 -c--a-w C:\WINDOWS\system32\dllcache\ibmtrp.sys
+ 2001-08-17 20:06:46 38,528 -c--a-w C:\WINDOWS\system32\dllcache\ibmvcap.sys
+ 2001-08-17 20:05:44 141,056 -c--a-w C:\WINDOWS\system32\dllcache\icam3.sys
+ 2001-08-23 15:47:04 27,136 -c--a-w C:\WINDOWS\system32\dllcache\icam3ext.dll
+ 2001-08-23 15:47:04 92,160 -c--a-w C:\WINDOWS\system32\dllcache\icam4com.dll
+ 2001-08-23 15:47:04 63,488 -c--a-w C:\WINDOWS\system32\dllcache\icam4ext.dll
+ 2001-08-17 20:06:02 154,496 -c--a-w C:\WINDOWS\system32\dllcache\icam4usb.sys
+ 2001-08-23 15:47:04 45,056 -c--a-w C:\WINDOWS\system32\dllcache\icam5com.dll
+ 2001-08-23 15:47:04 20,992 -c--a-w C:\WINDOWS\system32\dllcache\icam5ext.dll
+ 2001-08-17 20:06:20 100,992 -c--a-w C:\WINDOWS\system32\dllcache\icam5usb.sys
+ 2004-08-05 12:00:00 41,856 -c--a-w C:\WINDOWS\system32\dllcache\imapi.sys
+ 2001-08-17 19:52:08 16,000 -c--a-w C:\WINDOWS\system32\dllcache\ini910u.sys
+ 2001-08-23 14:57:12 13,824 -c--a-w C:\WINDOWS\system32\dllcache\inport.sys
+ 2004-08-05 12:00:00 5,504 -c--a-w C:\WINDOWS\system32\dllcache\intelide.sys
+ 2004-08-05 12:00:00 40,320 -c--a-w C:\WINDOWS\system32\dllcache\intelppm.sys
+ 2001-08-17 19:50:56 38,784 -c--a-w C:\WINDOWS\system32\dllcache\io8.sys
+ 2001-08-23 15:47:04 90,200 -c--a-w C:\WINDOWS\system32\dllcache\io8ports.dll
+ 2001-08-17 18:12:12 45,632 -c--a-w C:\WINDOWS\system32\dllcache\ip5515.sys
+ 2004-08-03 21:00:54 87,424 -c--a-w C:\WINDOWS\system32\dllcache\irda.sys
+ 2004-08-03 22:54:54 154,112 -c--a-w C:\WINDOWS\system32\dllcache\irftp.exe
+ 2001-08-17 19:49:04 23,552 -c--a-w C:\WINDOWS\system32\dllcache\irmk7.sys
+ 2004-08-03 22:54:30 28,160 -c--a-w C:\WINDOWS\system32\dllcache\irmon.dll
+ 2001-08-17 19:51:32 18,688 -c--a-w C:\WINDOWS\system32\dllcache\irsir.sys
+ 2001-08-17 19:49:10 26,624 -c--a-w C:\WINDOWS\system32\dllcache\irstusb.sys
+ 2004-08-05 12:00:00 36,224 -c--a-w C:\WINDOWS\system32\dllcache\isapnp.sys
+ 2004-08-05 12:00:00 47,616 -c--a-w C:\WINDOWS\system32\dllcache\iyuv_32.dll
+ 2004-08-05 12:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101b.dll
+ 2004-08-05 12:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101c.dll
+ 2004-08-05 12:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbd103.dll
+ 2004-08-05 12:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd106.dll
+ 2004-08-05 12:00:00 25,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
+ 2004-08-03 22:45:14 14,848 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys
+ 2004-08-05 12:00:00 8,704 -c--a-w C:\WINDOWS\system32\dllcache\kbdjpn.dll
+ 2004-08-05 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\kbdkor.dll
+ 2001-08-23 15:47:06 46,080 -c--a-w C:\WINDOWS\system32\dllcache\kdsui.dll
+ 2001-08-23 15:47:06 37,888 -c--a-w C:\WINDOWS\system32\dllcache\kousd.dll
+ 2001-08-17 18:12:14 19,016 -c--a-w C:\WINDOWS\system32\dllcache\ktc111.sys
+ 2001-08-23 14:59:46 26,922 -c--a-w C:\WINDOWS\system32\dllcache\lanepic5.sys
+ 2004-08-03 20:59:34 34,688 -c--a-w C:\WINDOWS\system32\dllcache\lbrtfdc.sys
+ 2001-08-23 15:00:10 16,384 -c--a-w C:\WINDOWS\system32\dllcache\lit220p.sys
+ 2001-08-17 18:11:52 25,065 -c--a-w C:\WINDOWS\system32\dllcache\lmndis3.sys
+ 2001-08-17 18:12:20 20,573 -c--a-w C:\WINDOWS\system32\dllcache\lne100.sys
+ 2001-08-17 18:12:24 70,730 -c--a-w C:\WINDOWS\system32\dllcache\lne100tx.sys
+ 2001-08-17 19:53:42 4,992 -c--a-w C:\WINDOWS\system32\dllcache\loop.sys
+ 2001-08-23 15:00:48 728,554 -c--a-w C:\WINDOWS\system32\dllcache\ltck000c.sys
+ 2004-08-03 22:46:46 607,452 -c--a-w C:\WINDOWS\system32\dllcache\ltmdmnt.sys
+ 2001-08-23 15:00:50 577,514 -c--a-w C:\WINDOWS\system32\dllcache\ltmdmntl.sys
+ 2004-08-03 22:46:50 422,528 -c--a-w C:\WINDOWS\system32\dllcache\ltmdmntt.sys
+ 2004-08-03 21:00:08 7,040 -c--a-w C:\WINDOWS\system32\dllcache\ltotape.sys
+ 2001-08-17 19:28:12 797,500 -c--a-w C:\WINDOWS\system32\dllcache\ltsmt.sys
+ 2004-08-03 20:39:32 20,864 -c--a-w C:\WINDOWS\system32\dllcache\lwadihid.sys
+ 2001-08-17 18:49:20 22,848 -c--a-w C:\WINDOWS\system32\dllcache\lwusbhid.sys
+ 2001-08-23 15:47:06 58,880 -c--a-w C:\WINDOWS\system32\dllcache\m3091dc.dll
+ 2001-08-23 15:47:06 59,392 -c--a-w C:\WINDOWS\system32\dllcache\m3092dc.dll
+ 2001-08-17 18:19:58 48,768 -c--a-w C:\WINDOWS\system32\dllcache\maestro.sys
+ 2001-08-17 19:52:50 7,424 -c--a-w C:\WINDOWS\system32\dllcache\mammoth.sys
+ 2001-08-23 15:02:28 165,066 -c--a-w C:\WINDOWS\system32\dllcache\mdgndis5.sys
+ 2004-08-05 12:00:00 147,968 -c--a-w C:\WINDOWS\system32\dllcache\mdwmdmsp.dll
+ 2001-08-17 19:58:04 8,320 -c--a-w C:\WINDOWS\system32\dllcache\memcard.sys
+ 2001-08-23 15:47:06 47,616 -c--a-w C:\WINDOWS\system32\dllcache\memgrp.dll
+ 2004-08-03 21:00:50 26,112 -c--a-w C:\WINDOWS\system32\dllcache\memstpci.sys
+ 2004-08-05 12:00:00 63,744 -c--a-w C:\WINDOWS\system32\dllcache\mf.sys
+ 2001-08-23 15:46:46 235,648 -c--a-w C:\WINDOWS\system32\dllcache\mgaud.dll
- 2005-07-25 23:46:57 7,680 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
+ 2004-08-05 12:00:00 7,680 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
+ 2001-08-17 19:52:50 6,528 -c--a-w C:\WINDOWS\system32\dllcache\miniqic.sys
+ 2004-08-05 12:00:00 30,336 -c--a-w C:\WINDOWS\system32\dllcache\modem.sys
+ 2001-08-17 19:57:38 16,128 -c--a-w C:\WINDOWS\system32\dllcache\modemcsa.sys
+ 2004-08-05 12:00:00 23,680 -c--a-w C:\WINDOWS\system32\dllcache\mouclass.sys
+ 2004-08-05 12:00:00 12,288 -c--a-w C:\WINDOWS\system32\dllcache\mouhid.sys
+ 2004-08-03 21:10:14 15,360 -c--a-w C:\WINDOWS\system32\dllcache\mpe.sys
+ 2001-08-17 19:52:12 17,280 -c--a-w C:\WINDOWS\system32\dllcache\mraid35x.sys
+ 2004-08-03 21:10:00 51,328 -c--a-w C:\WINDOWS\system32\dllcache\msdv.sys
+ 2001-08-17 19:48:36 6,016 -c--a-w C:\WINDOWS\system32\dllcache\msfsio.sys
+ 2001-08-17 20:02:40 35,200 -c--a-w C:\WINDOWS\system32\dllcache\msgame.sys
+ 2004-08-03 21:00:48 22,016 -c--a-w C:\WINDOWS\system32\dllcache\msircomm.sys
+ 2004-08-05 12:00:00 7,552 -c--a-w C:\WINDOWS\system32\dllcache\mskssrv.sys
+ 2001-08-17 20:00:04 2,944 -c--a-w C:\WINDOWS\system32\dllcache\msmpu401.sys
+ 2004-08-05 12:00:00 5,376 -c--a-w C:\WINDOWS\system32\dllcache\mspclock.sys
+ 2004-08-05 12:00:00 4,992 -c--a-w C:\WINDOWS\system32\dllcache\mspqm.sys
+ 2001-08-17 19:48:50 12,416 -c--a-w C:\WINDOWS\system32\dllcache\msriffwv.sys
+ 2004-08-05 12:00:00 15,488 -c--a-w C:\WINDOWS\system32\dllcache\mssmbios.sys
+ 2004-08-03 21:10:00 49,024 -c--a-w C:\WINDOWS\system32\dllcache\mstape.sys
+ 2004-08-03 20:58:40 5,504 -c--a-w C:\WINDOWS\system32\dllcache\mstee.sys
+ 2004-08-05 12:00:00 17,408 -c--a-w C:\WINDOWS\system32\dllcache\msyuv.dll
+ 2004-08-03 20:41:40 126,686 -c--a-w C:\WINDOWS\system32\dllcache\mtlmnt5.sys
+ 2004-08-03 20:41:38 1,309,184 -c--a-w C:\WINDOWS\system32\dllcache\mtlstrm.sys
+ 2004-08-03 20:29:38 452,736 -c--a-w C:\WINDOWS\system32\dllcache\mtxparhm.sys
+ 2001-08-17 18:50:04 103,296 -c--a-w C:\WINDOWS\system32\dllcache\mtxvideo.sys
+ 2004-08-03 21:04:52 12,672 -c--a-w C:\WINDOWS\system32\dllcache\mutohpen.sys
+ 2001-08-23 15:08:58 22,144 -c--a-w C:\WINDOWS\system32\dllcache\mxcard.sys
+ 2001-08-23 15:47:14 19,968 -c--a-w C:\WINDOWS\system32\dllcache\mxicfg.dll
+ 2001-08-17 19:49:32 19,968 -c--a-w C:\WINDOWS\system32\dllcache\mxnic.sys
+ 2001-08-23 15:47:14 7,168 -c--a-w C:\WINDOWS\system32\dllcache\mxport.dll
+ 2001-08-23 15:09:00 76,928 -c--a-w C:\WINDOWS\system32\dllcache\mxport.sys
+ 2001-08-23 15:09:02 53,791 -c--a-w C:\WINDOWS\system32\dllcache\n1000nt5.sys
+ 2001-08-23 15:09:02 131,072 -c--a-w C:\WINDOWS\system32\dllcache\n100325.sys
+ 2001-08-23 15:46:46 35,392 -c--a-w C:\WINDOWS\system32\dllcache\n9i128.dll
+ 2001-08-17 18:50:06 13,664 -c--a-w C:\WINDOWS\system32\dllcache\n9i128.sys
+ 2001-08-23 15:46:46 59,104 -c--a-w C:\WINDOWS\system32\dllcache\n9i128v2.dll
+ 2001-08-17 18:50:08 33,088 -c--a-w C:\WINDOWS\system32\dllcache\n9i128v2.sys
+ 2001-08-17 18:50:10 27,936 -c--a-w C:\WINDOWS\system32\dllcache\n9i3d.sys
+ 2001-08-23 15:46:46 91,488 -c--a-w C:\WINDOWS\system32\dllcache\n9i3disp.dll
+ 2004-08-03 21:10:30 85,376 -c--a-w C:\WINDOWS\system32\dllcache\nabtsfec.sys
+ 2004-08-03 21:10:14 10,880 -c--a-w C:\WINDOWS\system32\dllcache\ndisip.sys
+ 2004-08-05 12:00:00 12,928 -c--a-w C:\WINDOWS\system32\dllcache\ndisuio.sys
+ 2001-08-17 19:49:14 15,872 -c--a-w C:\WINDOWS\system32\dllcache\ne2000.sys
+ 2001-08-23 15:46:46 60,480 -c--a-w C:\WINDOWS\system32\dllcache\neo20xx.dll
+ 2001-08-17 18:50:04 39,264 -c--a-w C:\WINDOWS\system32\dllcache\neo20xx.sys
+ 2001-08-23 15:10:08 66,302 -c--a-w C:\WINDOWS\system32\dllcache\netflx3.sys
+ 2001-08-17 18:12:20 32,840 -c--a-w C:\WINDOWS\system32\dllcache\ngrpci.sys
+ 2004-08-05 12:00:00 61,824 -c--a-w C:\WINDOWS\system32\dllcache\nic1394.sys
+ 2004-08-05 12:00:00 12,032 -c--a-w C:\WINDOWS\system32\dllcache\nikedrv.sys
+ 2001-08-17 18:20:08 126,080 -c--a-w C:\WINDOWS\system32\dllcache\nm5a2wdm.sys
+ 2001-08-17 18:20:08 87,040 -c--a-w C:\WINDOWS\system32\dllcache\nm6wdm.sys
+ 2004-08-03 21:00:52 28,672 -c--a-w C:\WINDOWS\system32\dllcache\nscirda.sys
+ 2001-08-17 19:53:02 7,552 -c--a-w C:\WINDOWS\system32\dllcache\nsmmc.sys
+ 2001-08-23 15:11:48 9,472 -c--a-w C:\WINDOWS\system32\dllcache\ntapm.sys
+ 2001-08-17 18:49:04 51,552 -c--a-w C:\WINDOWS\system32\dllcache\ntgrip.sys
+ 2004-08-03 20:41:40 180,360 -c--a-w C:\WINDOWS\system32\dllcache\ntmtlfax.sys
+ 2001-08-23 15:46:46 123,776 -c--a-w C:\WINDOWS\system32\dllcache\nv3.dll
+ 2001-08-17 18:50:18 198,144 -c--a-w C:\WINDOWS\system32\dllcache\nv3.sys
+ 2004-08-03 20:29:56 1,897,408 -c--a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
+ 2004-08-03 21:10:10 61,056 -c--a-w C:\WINDOWS\system32\dllcache\ohci1394.sys
+ 2001-08-17 18:20:16 54,528 -c--a-w C:\WINDOWS\system32\dllcache\opl3sax.sys
+ 2004-08-05 12:00:00 3,456 -c--a-w C:\WINDOWS\system32\dllcache\oprghdlr.sys
+ 2001-08-17 18:12:36 27,209 -c--a-w C:\WINDOWS\system32\dllcache\otc06x5.sys
+ 2001-08-23 15:15:04 44,297 -c--a-w C:\WINDOWS\system32\dllcache\otceth5.sys
+ 2001-08-23 15:15:04 54,954 -c--a-w C:\WINDOWS\system32\dllcache\otcsercb.sys
+ 2001-08-17 20:05:04 25,088 -c--a-w C:\WINDOWS\system32\dllcache\ovca.sys
+ 2001-08-17 20:05:12 48,000 -c--a-w C:\WINDOWS\system32\dllcache\ovcam2.sys
+ 2001-08-17 20:05:16 28,032 -c--a-w C:\WINDOWS\system32\dllcache\ovcd.sys
+ 2001-08-17 20:05:20 31,872 -c--a-w C:\WINDOWS\system32\dllcache\ovce.sys
+ 2001-08-23 15:47:16 116,736 -c--a-w C:\WINDOWS\system32\dllcache\ovcodec2.dll
+ 2001-08-23 15:47:16 20,480 -c--a-w C:\WINDOWS\system32\dllcache\ovcomc.dll
+ 2001-08-23 15:47:42 39,424 -c--a-w C:\WINDOWS\system32\dllcache\ovcoms.exe
+ 2001-08-17 20:05:06 25,216 -c--a-w C:\WINDOWS\system32\dllcache\ovsound2.sys
+ 2001-08-23 15:47:16 44,544 -c--a-w C:\WINDOWS\system32\dllcache\ovui2.dll
+ 2001-08-23 15:47:16 42,496 -c--a-w C:\WINDOWS\system32\dllcache\ovui2rc.dll
+ 2004-08-05 12:00:00 46,720 -c--a-w C:\WINDOWS\system32\dllcache\p3.sys
+ 2004-08-05 12:00:00 157,696 -c--a-w C:\WINDOWS\system32\dllcache\paqsp.dll
+ 2004-08-05 12:00:00 80,384 -c--a-w C:\WINDOWS\system32\dllcache\parport.sys
+ 2001-08-17 18:12:18 30,495 -c--a-w C:\WINDOWS\system32\dllcache\pc100nds.sys
+ 2004-08-03 20:31:24 29,502 -c--a-w C:\WINDOWS\system32\dllcache\pca200e.sys
+ 2004-08-05 12:00:00 68,608 -c--a-w C:\WINDOWS\system32\dllcache\pci.sys
+ 2004-08-05 12:00:00 3,328 -c--a-w C:\WINDOWS\system32\dllcache\pciide.sys
+ 2004-08-05 12:00:00 25,088 -c--a-w C:\WINDOWS\system32\dllcache\pciidex.sys
+ 2004-08-05 12:00:00 120,320 -c--a-w C:\WINDOWS\system32\dllcache\pcmcia.sys
+ 2001-08-17 18:12:18 26,153 -c--a-w C:\WINDOWS\system32\dllcache\pcmlm56.sys
+ 2001-08-17 18:11:22 30,282 -c--a-w C:\WINDOWS\system32\dllcache\pcntn5hl.sys
+ 2001-08-17 18:11:20 29,769 -c--a-w C:\WINDOWS\system32\dllcache\pcntn5m.sys
+ 2001-08-17 18:11:22 35,328 -c--a-w C:\WINDOWS\system32\dllcache\pcntpci5.sys
+ 2001-08-23 15:47:42 86,016 -c--a-w C:\WINDOWS\system32\dllcache\pctspk.exe
+ 2004-08-03 20:06:18 169,984 -c--a-w C:\WINDOWS\system32\dllcache\pcx500.sys
+ 2001-08-17 20:07:40 27,296 -c--a-w C:\WINDOWS\system32\dllcache\perc2.sys
+ 2001-08-17 20:07:42 5,504 -c--a-w C:\WINDOWS\system32\dllcache\perc2hib.sys
+ 2004-08-03 21:06:56 27,904 -c--a-w C:\WINDOWS\system32\dllcache\perm2.sys
+ 2004-08-03 22:53:40 211,712 -c--a-w C:\WINDOWS\system32\dllcache\perm2dll.dll
+ 2004-08-03 21:06:58 28,032 -c--a-w C:\WINDOWS\system32\dllcache\perm3.sys
+ 2001-08-23 15:47:16 16,896 -c--a-w C:\WINDOWS\system32\dllcache\philcam1.dll
+ 2001-08-17 20:04:50 75,776 -c--a-w C:\WINDOWS\system32\dllcache\philcam1.sys
+ 2001-08-17 20:04:08 173,696 -c--a-w C:\WINDOWS\system32\dllcache\philcam2.sys
+ 2001-08-17 20:04:04 92,416 -c--a-w C:\WINDOWS\system32\dllcache\phildec.sys
+ 2001-08-17 20:07:20 19,840 -c--a-w C:\WINDOWS\system32\dllcache\philtune.sys
+ 2001-08-23 15:47:16 121,344 -c--a-w C:\WINDOWS\system32\dllcache\phvfwext.dll
+ 2004-08-05 12:00:00 35,328 -c--a-w C:\WINDOWS\system32\dllcache\pid.dll
+ 2004-08-05 12:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\pjlmon.dll
+ 2001-08-17 19:53:04 7,168 -c--a-w C:\WINDOWS\system32\dllcache\pnrmc.sys
+ 2001-08-17 19:53:14 7,552 -c--a-w C:\WINDOWS\system32\dllcache\powerfil.sys
+ 2001-08-17 19:53:22 17,792 -c--a-w C:\WINDOWS\system32\dllcache\ppa.sys
+ 2004-08-03 21:00:18 17,664 -c--a-w C:\WINDOWS\system32\dllcache\ppa3.sys
+ 2004-08-05 12:00:00 39,552 -c--a-w C:\WINDOWS\system32\dllcache\processr.sys
+ 2001-08-23 15:17:32 16,512 -c--a-w C:\WINDOWS\system32\dllcache\pscr.sys
+ 2001-08-23 15:47:16 35,328 -c--a-w C:\WINDOWS\system32\dllcache\psisload.dll
+ 2001-08-23 15:47:16 5,632 -c--a-w C:\WINDOWS\system32\dllcache\ptpusb.dll
+ 2004-08-03 22:54:38 159,232 -c--a-w C:\WINDOWS\system32\dllcache\ptpusd.dll
+ 2001-08-17 19:28:12 128,286 -c--a-w C:\WINDOWS\system32\dllcache\ptserli.sys
+ 2001-08-17 19:28:14 112,574 -c--a-w C:\WINDOWS\system32\dllcache\ptserlp.sys
+ 2001-08-17 19:28:14 130,942 -c--a-w C:\WINDOWS\system32\dllcache\ptserlv.sys
+ 2004-08-03 21:00:06 6,016 -c--a-w C:\WINDOWS\system32\dllcache\qic157.sys
+ 2001-08-17 19:52:20 40,320 -c--a-w C:\WINDOWS\system32\dllcache\ql1080.sys
+ 2001-08-17 19:52:16 33,152 -c--a-w C:\WINDOWS\system32\dllcache\ql10wnt.sys
+ 2001-08-17 19:52:20 45,312 -c--a-w C:\WINDOWS\system32\dllcache\ql12160.sys
+ 2001-08-17 19:52:16 40,448 -c--a-w C:\WINDOWS\system32\dllcache\ql1240.sys
+ 2001-08-17 19:52:18 49,024 -c--a-w C:\WINDOWS\system32\dllcache\ql1280.sys
+ 2001-08-17 19:53:32 3,328 -c--a-w C:\WINDOWS\system32\dllcache\qv2kux.sys
+ 2001-08-23 15:47:16 41,984 -c--a-w C:\WINDOWS\system32\dllcache\qvusd.dll
+ 2001-08-23 15:18:16 715,530 -c--a-w C:\WINDOWS\system32\dllcache\r2mdmkxx.sys
+ 2001-08-17 19:51:32 19,584 -c--a-w C:\WINDOWS\system32\dllcache\rasirda.sys
+ 2004-08-03 21:01:16 196,864 -c--a-w C:\WINDOWS\system32\dllcache\rdpdr.sys
+ 2004-08-03 20:41:40 13,776 -c--a-w C:\WINDOWS\system32\dllcache\recagent.sys
+ 2004-08-04 00:39:44 58,496 -c--a-w C:\WINDOWS\system32\dllcache\redbook.sys
+ 2001-08-23 15:47:16 86,097 -c--a-w C:\WINDOWS\system32\dllcache\reslog32.dll
+ 2004-08-03 21:10:40 59,648 -c--a-w C:\WINDOWS\system32\dllcache\rfcomm.sys
+ 2004-08-05 12:00:00 12,032 -c--a-w C:\WINDOWS\system32\dllcache\rio8drv.sys
+ 2004-08-05 12:00:00 12,032 -c--a-w C:\WINDOWS\system32\dllcache\riodrv.sys
+ 2001-08-17 18:12:36 37,563 -c--a-w C:\WINDOWS\system32\dllcache\rlnet5.sys
+ 2004-08-03 21:04:32 30,080 -c--a-w C:\WINDOWS\system32\dllcache\rndismpx.sys
+ 2004-08-03 22:40:28 79,360 -c--a-w C:\WINDOWS\system32\dllcache\rocket.sys
+ 2001-08-17 18:19:20 3,840 -c--a-w C:\WINDOWS\system32\dllcache\rpfun.sys
+ 2001-08-23 15:47:16 10,240 -c--a-w C:\WINDOWS\system32\dllcache\rsmgrstr.dll
+ 2001-08-17 18:19:22 30,720 -c--a-w C:\WINDOWS\system32\dllcache\rthwcls.sys
+ 2001-08-17 18:12:40 19,017 -c--a-w C:\WINDOWS\system32\dllcache\rtl8029.sys
+ 2004-08-03 20:31:34 20,992 -c--a-w C:\WINDOWS\system32\dllcache\rtl8139.sys
+ 2001-08-23 15:47:16 25,088 -c--a-w C:\WINDOWS\system32\dllcache\rw430ext.dll
+ 2001-08-23 15:47:16 26,624 -c--a-w C:\WINDOWS\system32\dllcache\rw450ext.dll
+ 2001-08-23 15:47:16 81,408 -c--a-w C:\WINDOWS\system32\dllcache\rwia430.dll
+ 2001-08-23 15:47:16 83,968 -c--a-w C:\WINDOWS\system32\dllcache\rwia450.dll
+ 2004-08-03 20:29:52 166,912 -c--a-w C:\WINDOWS\system32\dllcache\s3gnbm.sys
+ 2001-08-17 19:57:46 65,664 -c--a-w C:\WINDOWS\system32\dllcache\s3legacy.sys
+ 2001-08-17 18:50:34 166,720 -c--a-w C:\WINDOWS\system32\dllcache\s3m.sys
+ 2001-08-23 15:46:46 182,272 -c--a-w C:\WINDOWS\system32\dllcache\s3mt3d.dll
+ 2001-08-17 18:50:40 41,216 -c--a-w C:\WINDOWS\system32\dllcache\s3mt3d.sys
+ 2001-08-23 15:46:46 62,496 -c--a-w C:\WINDOWS\system32\dllcache\s3mtrio.dll
+ 2001-08-23 15:46:46 210,496 -c--a-w C:\WINDOWS\system32\dllcache\s3mvirge.dll
+ 2001-08-23 15:46:48 179,264 -c--a-w C:\WINDOWS\system32\dllcache\s3sav3d.dll
+ 2001-08-17 18:50:22 61,504 -c--a-w C:\WINDOWS\system32\dllcache\s3sav3dm.sys
+ 2001-08-23 15:46:48 198,400 -c--a-w C:\WINDOWS\system32\dllcache\s3sav4.dll
+ 2001-08-17 18:50:28 77,824 -c--a-w C:\WINDOWS\system32\dllcache\s3sav4m.sys
+ 2001-08-23 15:46:48 245,632 -c--a-w C:\WINDOWS\system32\dllcache\s3savmx.dll
+ 2001-08-17 18:50:34 75,392 -c--a-w C:\WINDOWS\system32\dllcache\s3savmxm.sys
+ 2004-08-03 20:59:58 43,136 -c--a-w C:\WINDOWS\system32\dllcache\sbp2port.sys
+ 2001-08-23 15:20:20 24,064 -c--a-w C:\WINDOWS\system32\dllcache\sccmn50m.sys
+ 2001-08-17 19:51:14 23,936 -c--a-w C:\WINDOWS\system32\dllcache\sccmusbm.sys
+ 2001-08-23 15:20:30 16,768 -c--a-w C:\WINDOWS\system32\dllcache\scmstcs.sys
+ 2001-08-23 15:20:32 17,536 -c--a-w C:\WINDOWS\system32\dllcache\scr111.sys
+ 2004-08-05 12:00:00 96,256 -c--a-w C:\WINDOWS\system32\dllcache\scsiport.sys
+ 2001-08-17 19:52:34 11,648 -c--a-w C:\WINDOWS\system32\dllcache\scsiprnt.sys
+ 2001-08-17 19:53:26 10,880 -c--a-w C:\WINDOWS\system32\dllcache\scsiscan.sys
+ 2004-08-05 12:00:00 67,584 -c--a-w C:\WINDOWS\system32\dllcache\sdbus.sys
+ 2004-08-05 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\sdhcinst.dll
+ 2001-08-17 19:53:10 6,912 -c--a-w C:\WINDOWS\system32\dllcache\seaddsmc.sys
+ 2004-08-05 12:00:00 15,488 -c--a-w C:\WINDOWS\system32\dllcache\serenum.sys
+ 2004-08-05 12:00:00 66,560 -c--a-w C:\WINDOWS\system32\dllcache\serial.sys
+ 2001-08-23 15:20:50 18,432 -c--a-w C:\WINDOWS\system32\dllcache\sermouse.sys
+ 2001-08-23 15:20:50 6,912 -c--a-w C:\WINDOWS\system32\dllcache\serscan.sys
+ 2004-08-05 12:00:00 11,136 -c--a-w C:\WINDOWS\system32\dllcache\sffdisk.sys
+ 2004-08-05 12:00:00 10,240 -c--a-w C:\WINDOWS\system32\dllcache\sffp_sd.sys
+ 2004-08-05 12:00:00 11,392 -c--a-w C:\WINDOWS\system32\dllcache\sfloppy.sys
+ 2001-08-17 18:19:34 36,480 -c--a-w C:\WINDOWS\system32\dllcache\sfmanm.sys
+ 2001-08-17 18:51:04 98,080 -c--a-w C:\WINDOWS\system32\dllcache\sgiulnt5.sys
+ 2001-07-21 20:29:20 18,400 -c--a-w C:\WINDOWS\system32\dllcache\sgsmld.sys
+ 2001-08-23 15:21:04 161,664 -c--a-w C:\WINDOWS\system32\dllcache\sgsmusb.sys
+ 2004-08-03 22:54:40 3,901 -c--a-w C:\WINDOWS\system32\dllcache\siint5.dll
+ 2001-08-17 18:50:46 101,760 -c--a-w C:\WINDOWS\system32\dllcache\sis300ip.sys
+ 2001-08-23 15:46:48 252,032 -c--a-w C:\WINDOWS\system32\dllcache\sis300iv.dll
+ 2001-08-17 18:50:56 68,608 -c--a-w C:\WINDOWS\system32\dllcache\sis6306p.sys
+ 2001-08-23 15:46:48 150,144 -c--a-w C:\WINDOWS\system32\dllcache\sis6306v.dll
+ 2004-08-05 12:00:00 41,088 -c--a-w C:\WINDOWS\system32\dllcache\sisagp.sys
+ 2001-08-17 18:50:48 104,064 -c--a-w C:\WINDOWS\system32\dllcache\sisgrp.sys
+ 2001-08-23 15:47:18 238,592 -c--a-w C:\WINDOWS\system32\dllcache\sisgrv.dll
+ 2004-08-03 20:31:36 32,768 -c--a-w C:\WINDOWS\system32\dllcache\sisnic.sys
+ 2001-08-17 18:50:56 50,432 -c--a-w C:\WINDOWS\system32\dllcache\sisv.sys
+ 2001-08-23 15:46:48 157,696 -c--a-w C:\WINDOWS\system32\dllcache\sisv256.dll
+ 2001-08-23 15:21:34 95,114 -c--a-w C:\WINDOWS\system32\dllcache\sk98xwin.sys
+ 2001-08-17 18:12:52 91,294 -c--a-w C:\WINDOWS\system32\dllcache\skfpwin.sys
+ 2004-08-03 20:31:42 63,547 -c--a-w C:\WINDOWS\system32\dllcache\sla30nd5.sys
+ 2004-08-03 22:54:40 73,832 -c--a-w C:\WINDOWS\system32\dllcache\slcoinst.dll
+ 2004-08-03 22:54:40 286,792 -c--a-w C:\WINDOWS\system32\dllcache\slextspk.dll
+ 2004-08-03 22:54:40 188,508 -c--a-w C:\WINDOWS\system32\dllcache\slgen.dll
+ 2004-08-03 21:10:18 11,136 -c--a-w C:\WINDOWS\system32\dllcache\slip.sys
+ 2004-08-03 20:41:42 129,535 -c--a-w C:\WINDOWS\system32\dllcache\slnt7554.sys
+ 2004-08-03 20:41:46 95,424 -c--a-w C:\WINDOWS\system32\dllcache\slnthal.sys
+ 2004-08-03 22:55:02 32,866 -c--a-w C:\WINDOWS\system32\dllcache\slrundll.exe
+ 2004-08-03 22:55:02 73,796 -c--a-w C:\WINDOWS\system32\dllcache\slserv.exe
+ 2004-08-03 20:41:46 13,240 -c--a-w C:\WINDOWS\system32\dllcache\slwdmsup.sys
+ 2001-08-23 15:47:18 28,160 -c--a-w C:\WINDOWS\system32\dllcache\sm91w.dll
+ 2001-08-23 15:47:18 28,672 -c--a-w C:\WINDOWS\system32\dllcache\sma0w.dll
+ 2001-08-23 15:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\smb0w.dll
+ 2001-08-23 15:47:18 45,568 -c--a-w C:\WINDOWS\system32\dllcache\smb3w.dll
+ 2004-08-03 21:07:38 6,016 -c--a-w C:\WINDOWS\system32\dllcache\smbali.sys
+ 2004-08-03 21:07:36 16,128 -c--a-w C:\WINDOWS\system32\dllcache\smbbatt.sys
+ 2004-08-03 21:07:36 6,912 -c--a-w C:\WINDOWS\system32\dllcache\smbclass.sys
+ 2001-08-17 19:57:56 6,784 -c--a-w C:\WINDOWS\system32\dllcache\smbhc.sys
+ 2001-08-17 18:12:46 24,576 -c--a-w C:\WINDOWS\system32\dllcache\smc8000n.sys
+ 2001-08-23 15:21:42 36,937 -c--a-w C:\WINDOWS\system32\dllcache\smcirda.sys
+ 2001-08-17 18:12:48 25,034 -c--a-w C:\WINDOWS\system32\dllcache\smcpwr2n.sys
+ 2001-08-23 15:46:48 147,200 -c--a-w C:\WINDOWS\system32\dllcache\smidispb.dll
+ 2001-08-17 18:51:00 58,368 -c--a-w C:\WINDOWS\system32\dllcache\smiminib.sys
+ 2001-08-17 19:53:14 7,040 -c--a-w C:\WINDOWS\system32\dllcache\snyaitmc.sys
+ 2004-08-03 21:00:06 7,552 -c--a-w C:\WINDOWS\system32\dllcache\sonyait.sys
+ 2004-08-05 12:00:00 25,472 -c--a-w C:\WINDOWS\system32\dllcache\sonydcam.sys
+ 2001-08-17 19:53:04 9,600 -c--a-w C:\WINDOWS\system32\dllcache\sonymc.sys
+ 2001-08-17 18:51:20 20,752 -c--a-w C:\WINDOWS\system32\dllcache\sonync.sys
+ 2001-08-17 18:51:22 37,040 -c--a-w C:\WINDOWS\system32\dllcache\sonypi.sys
+ 2001-08-17 19:56:16 7,552 -c--a-w C:\WINDOWS\system32\dllcache\sonypvu1.sys
+ 2001-08-17 20:07:44 19,072 -c--a-w C:\WINDOWS\system32\dllcache\sparrow.sys
+ 2001-08-23 15:47:18 106,584 -c--a-w C:\WINDOWS\system32\dllcache\spdports.dll
+ 2001-08-17 19:51:00 61,824 -c--a-w C:\WINDOWS\system32\dllcache\speed.sys
+ 2004-08-05 12:00:00 69,632 -c--a-w C:\WINDOWS\system32\dllcache\spnike.dll
+ 2004-08-05 12:00:00 70,656 -c--a-w C:\WINDOWS\system32\dllcache\sprio600.dll
+ 2004-08-05 12:00:00 72,192 -c--a-w C:\WINDOWS\system32\dllcache\sprio800.dll
+ 2001-08-23 15:47:18 24,660 -c--a-w C:\WINDOWS\system32\dllcache\spxupchk.dll
+ 2001-08-23 15:47:20 99,840 -c--a-w C:\WINDOWS\system32\dllcache\srusd.dll
+ 2001-08-17 18:11:08 48,736 -c--a-w C:\WINDOWS\system32\dllcache\srwlnd5.sys
+ 2001-08-23 14:57:46 17,024 -c--a-w C:\WINDOWS\system32\dllcache\stcusb.sys
+ 2001-08-23 15:47:20 53,248 -c--a-w C:\WINDOWS\system32\dllcache\stlncoin.dll
+ 2001-08-23 15:47:20 155,648 -c--a-w C:\WINDOWS\system32\dllcache\stlnprop.dll
+ 2004-08-04 00:54:44 76,800 -c--a-w C:\WINDOWS\system32\dllcache\storprop.dll
+ 2004-08-05 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\streamci.dll
+ 2004-08-03 21:10:14 15,360 -c--a-w C:\WINDOWS\system32\dllcache\streamip.sys
+ 2001-08-23 15:47:20 41,472 -c--a-w C:\WINDOWS\system32\dllcache\sw_effct.dll
+ 2001-08-23 15:47:20 53,760 -c--a-w C:\WINDOWS\system32\dllcache\sw_wheel.dll
+ 2004-08-05 12:00:00 4,352 -c--a-w C:\WINDOWS\system32\dllcache\swenum.sys
+ 2004-08-05 12:00:00 54,272 -c--a-w C:\WINDOWS\system32\dllcache\swmidi.sys
+ 2001-08-23 15:47:20 10,240 -c--a-w C:\WINDOWS\system32\dllcache\swpdflt2.dll
+ 2001-08-23 15:47:20 10,240 -c--a-w C:\WINDOWS\system32\dllcache\swpidflt.dll
+ 2001-08-17 20:02:56 3,968 -c--a-w C:\WINDOWS\system32\dllcache\swusbflt.sys
+ 2001-08-17 19:50:58 103,936 -c--a-w C:\WINDOWS\system32\dllcache\sx.sys
+ 2001-08-23 15:47:20 94,293 -c--a-w C:\WINDOWS\system32\dllcache\sxports.dll
+ 2001-08-17 20:07:40 28,384 -c--a-w C:\WINDOWS\system32\dllcache\sym_hi.sys
+ 2001-08-17 20:07:42 30,688 -c--a-w C:\WINDOWS\system32\dllcache\sym_u3.sys
+ 2001-08-17 20:07:34 16,256 -c--a-w C:\WINDOWS\system32\dllcache\symc810.sys
+ 2001-08-17 20:07:36 32,640 -c--a-w C:\WINDOWS\system32\dllcache\symc8xx.sys
+ 2004-08-05 12:00:00 60,800 -c--a-w C:\WINDOWS\system32\dllcache\sysaudio.sys
+ 2001-08-17 18:50:12 36,640 -c--a-w C:\WINDOWS\system32\dllcache\t2r4mini.sys
+ 2001-08-17 19:52:54 7,040 -c--a-w C:\WINDOWS\system32\dllcache\tandqic.sys
+ 2001-08-17 19:49:46 30,464 -c--a-w C:\WINDOWS\system32\dllcache\tbatm155.sys
+ 2001-08-17 18:13:00 37,961 -c--a-w C:\WINDOWS\system32\dllcache\tdk100b.sys
+ 2001-08-17 18:13:00 17,129 -c--a-w C:\WINDOWS\system32\dllcache\tdkcd31.sys
+ 2004-08-03 22:55:12 40,840 -c--a-w C:\WINDOWS\system32\dllcache\termdd.sys
+ 2004-08-03 21:00:06 149,376 -c--a-w C:\WINDOWS\system32\dllcache\tffsport.sys
+ 2001-08-23 15:46:48 81,408 -c--a-w C:\WINDOWS\system32\dllcache\tgiul50.dll
+ 2001-08-17 18:51:10 138,528 -c--a-w C:\WINDOWS\system32\dllcache\tgiulnt5.sys
+ 2001-08-17 18:14:26 123,995 -c--a-w C:\WINDOWS\system32\dllcache\tjisdn.sys
+ 2001-08-17 18:10:26 28,232 -c--a-w C:\WINDOWS\system32\dllcache\tos4mo.sys
+ 2004-08-05 12:00:00 51,712 -c--a-w C:\WINDOWS\system32\dllcache\tosdvd.sys
+ 2001-08-17 20:01:52 241,664 -c--a-w C:\WINDOWS\system32\dllcache\tosdvd02.sys
+ 2001-08-17 20:02:00 230,912 -c--a-w C:\WINDOWS\system32\dllcache\tosdvd03.sys
+ 2001-08-23 15:00:46 4,992 -c--a-w C:\WINDOWS\system32\dllcache\toside.sys
+ 2001-08-23 15:47:20 31,744 -c--a-w C:\WINDOWS\system32\dllcache\tp4.dll
+ 2004-08-03 22:55:02 82,432 -c--a-w C:\WINDOWS\system32\dllcache\tp4mon.exe
+ 2001-08-23 15:46:22 43,520 -c--a-w C:\WINDOWS\system32\dllcache\tp4res.dll
+ 2001-08-17 18:12:12 34,375 -c--a-w C:\WINDOWS\system32\dllcache\tpro4.sys
+ 2001-08-23 15:46:48 315,520 -c--a-w C:\WINDOWS\system32\dllcache\trid3d.dll
+ 2001-08-17 18:51:16 222,336 -c--a-w C:\WINDOWS\system32\dllcache\trid3dm.sys
+ 2001-08-23 15:46:48 440,576 -c--a-w C:\WINDOWS\system32\dllcache\tridkb.dll
+ 2001-08-17 18:51:16 159,232 -c--a-w C:\WINDOWS\system32\dllcache\tridkbm.sys
+ 2001-08-17 18:51:22 166,784 -c--a-w C:\WINDOWS\system32\dllcache\tridxpm.sys
+ 2004-08-05 12:00:00 21,376 -c--a-w C:\WINDOWS\system32\dllcache\tsbvcap.sys
+ 2004-08-05 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\tsbyuv.dll
+ 2004-08-05 12:00:00 12,416 -c--a-w C:\WINDOWS\system32\dllcache\tunmp.sys
+ 2001-08-17 19:48:14 11,520 -c--a-w C:\WINDOWS\system32\dllcache\twotrack.sys
+ 2004-08-05 12:00:00 44,672 -c--a-w C:\WINDOWS\system32\dllcache\uagp35.sys
+ 2001-08-17 19:52:22 36,736 -c--a-w C:\WINDOWS\system32\dllcache\ultra.sys
+ 2001-08-23 15:47:20 212,480 -c--a-w C:\WINDOWS\system32\dllcache\um54scan.dll
+ 2001-08-23 15:47:20 47,616 -c--a-w C:\WINDOWS\system32\dllcache\umaxcam.dll
+ 2001-08-23 15:47:20 50,688 -c--a-w C:\WINDOWS\system32\dllcache\umaxp60.dll
+ 2001-08-17 19:58:12 22,912 -c--a-w C:\WINDOWS\system32\dllcache\umaxpcls.sys
+ 2001-08-23 15:47:20 50,688 -c--a-w C:\WINDOWS\system32\dllcache\umaxscan.dll
+ 2001-08-23 15:47:20 70,144 -c--a-w C:\WINDOWS\system32\dllcache\umaxu12.dll
+ 2001-08-23 15:47:20 27,136 -c--a-w C:\WINDOWS\system32\dllcache\umaxu22.dll
+ 2001-08-23 15:47:20 28,672 -c--a-w C:\WINDOWS\system32\dllcache\umaxu40.dll
+ 2001-08-23 15:47:20 94,720 -c--a-w C:\WINDOWS\system32\dllcache\umaxud32.dll
+ 2004-08-03 22:43:18 32,384 -c--a-w C:\WINDOWS\system32\dllcache\usb101et.sys
+ 2004-08-03 21:04:34 12,672 -c--a-w C:\WINDOWS\system32\dllcache\usb8023x.sys
+ 2004-08-03 21:07:56 59,264 -c--a-w C:\WINDOWS\system32\dllcache\usbaudio.sys
+ 2004-08-05 12:00:00 23,808 -c--a-w C:\WINDOWS\system32\dllcache\usbcamd.sys
+ 2004-08-05 12:00:00 23,936 -c--a-w C:\WINDOWS\system32\dllcache\usbcamd2.sys
+ 2004-08-05 12:00:00 31,616 -c--a-w C:\WINDOWS\system32\dllcache\usbccgp.sys
+ 2004-08-05 12:00:00 4,736 -c--a-w C:\WINDOWS\system32\dllcache\usbd.sys
+ 2004-08-05 12:00:00 26,624 -c--a-w C:\WINDOWS\system32\dllcache\usbehci.sys
+ 2004-08-05 12:00:00 57,600 -c--a-w C:\WINDOWS\system32\dllcache\usbhub.sys
+ 2004-08-05 12:00:00 16,000 -c--a-w C:\WINDOWS\system32\dllcache\usbintel.sys
+ 2004-08-03 21:08:38 17,024 -c--a-w C:\WINDOWS\system32\dllcache\usbohci.sys
+ 2004-08-05 12:00:00 142,976 -c--a-w C:\WINDOWS\system32\dllcache\usbport.sys
+ 2004-08-03 21:01:26 25,856 -c--a-w C:\WINDOWS\system32\dllcache\usbprint.sys
+ 2004-08-03 20:58:46 15,104 -c--a-w C:\WINDOWS\system32\dllcache\usbscan.sys
+ 2004-08-03 21:08:44 25,600 -c--a-w C:\WINDOWS\system32\dllcache\usbser.sys
+ 2004-08-05 12:00:00 26,496 -c--a-w C:\WINDOWS\system32\dllcache\usbstor.sys
+ 2004-08-05 12:00:00 20,480 -c--a-w C:\WINDOWS\system32\dllcache\usbuhci.sys
+ 2004-08-05 12:00:00 77,312 -c--a-w C:\WINDOWS\system32\dllcache\usbui.dll
+ 2004-08-03 21:10:12 78,464 -c--a-w C:\WINDOWS\system32\dllcache\usbvideo.sys
+ 2001-08-17 19:28:16 793,598 -c--a-w C:\WINDOWS\system32\dllcache\usr1806.sys
+ 2001-08-17 19:28:18 794,399 -c--a-w C:\WINDOWS\system32\dllcache\usr1806v.sys
+ 2001-08-17 19:28:24 224,802 -c--a-w C:\WINDOWS\system32\dllcache\usr1807a.sys
+ 2004-08-05 12:00:00 61,500 -c--a-w C:\WINDOWS\system32\dllcache\usrcntra.dll
+ 2004-08-05 12:00:00 69,699 -c--a-w C:\WINDOWS\system32\dllcache\usrcoina.dll
+ 2004-08-05 12:00:00 77,890 -c--a-w C:\WINDOWS\system32\dllcache\usrdpa.dll
+ 2004-08-05 12:00:00 323,641 -c--a-w C:\WINDOWS\system32\dllcache\usrdtea.dll
+ 2004-08-05 12:00:00 86,073 -c--a-w C:\WINDOWS\system32\dllcache\usrfaxa.dll
+ 2004-08-05 12:00:00 53,305 -c--a-w C:\WINDOWS\system32\dllcache\usrlbva.dll
+ 2004-08-05 12:00:00 77,891 -c--a-w C:\WINDOWS\system32\dllcache\usrmlnka.exe
+ 2001-08-17 19:28:24 7,556 -c--a-w C:\WINDOWS\system32\dllcache\usroslba.sys
+ 2001-08-17 19:28:26 113,762 -c--a-w C:\WINDOWS\system32\dllcache\usrpda.sys
+ 2004-08-05 12:00:00 61,508 -c--a-w C:\WINDOWS\system32\dllcache\usrprbda.exe
+ 2004-08-05 12:00:00 77,883 -c--a-w C:\WINDOWS\system32\dllcache\usrrtosa.dll
+ 2004-08-05 12:00:00 49,211 -c--a-w C:\WINDOWS\system32\dllcache\usrsdpia.dll
+ 2004-08-05 12:00:00 69,700 -c--a-w C:\WINDOWS\system32\dllcache\usrshuta.exe
+ 2004-08-05 12:00:00 41,019 -c--a-w C:\WINDOWS\system32\dllcache\usrsvpia.dll
+ 2001-08-17 19:28:14 765,884 -c--a-w C:\WINDOWS\system32\dllcache\usrti.sys
+ 2004-08-05 12:00:00 102,457 -c--a-w C:\WINDOWS\system32\dllcache\usrv42a.dll
+ 2004-08-05 12:00:00 49,209 -c--a-w C:\WINDOWS\system32\dllcache\usrv80a.dll
+ 2004-08-05 12:00:00 45,116 -c--a-w C:\WINDOWS\system32\dllcache\usrvoica.dll
+ 2004-08-05 12:00:00 49,211 -c--a-w C:\WINDOWS\system32\dllcache\usrvpa.dll
+ 2001-08-17 19:28:26 687,999 -c--a-w C:\WINDOWS\system32\dllcache\usrwdxjs.sys
+ 2004-08-03 22:54:44 11,325 -c--a-w C:\WINDOWS\system32\dllcache\vchnt5.dll
+ 2004-08-05 12:00:00 58,112 -c--a-w C:\WINDOWS\system32\dllcache\vdmindvd.sys
+ 2004-08-03 22:54:44 54,784 -c--a-w C:\WINDOWS\system32\dllcache\vfwwdm32.dll
+ 2004-08-05 12:00:00 42,240 -c--a-w C:\WINDOWS\system32\dllcache\viaagp.sys
+ 2004-08-03 20:59:44 5,376 -c--a-w C:\WINDOWS\system32\dllcache\viaide.sys
+ 2001-08-17 19:49:04 24,576 -c--a-w C:\WINDOWS\system32\dllcache\viairda.sys
+ 2001-08-17 18:14:12 249,402 -c--a-w C:\WINDOWS\system32\dllcache\vinwm.sys
+ 2001-08-17 19:28:14 604,253 -c--a-w C:\WINDOWS\system32\dllcache\vmodem.sys
+ 2001-08-17 19:28:16 397,502 -c--a-w C:\WINDOWS\system32\dllcache\vpctcom.sys
+ 2001-08-17 19:28:16 64,605 -c--a-w C:\WINDOWS\system32\dllcache\vvoice.sys
+ 2001-08-17 18:13:08 19,528 -c--a-w C:\WINDOWS\system32\dllcache\w840nd.sys
+ 2001-08-17 18:13:08 19,016 -c--a-w C:\WINDOWS\system32\dllcache\w926nd.sys
+ 2001-08-17 18:13:12 16,925 -c--a-w C:\WINDOWS\system32\dllcache\w940nd.sys
+ 2004-08-03 21:04:54 13,568 -c--a-w C:\WINDOWS\system32\dllcache\wacompen.sys
+ 2004-08-03 20:29:38 12,415 -c--a-w C:\WINDOWS\system32\dllcache\wadv01nt.sys
+ 2004-08-03 20:29:38 12,127 -c--a-w C:\WINDOWS\system32\dllcache\wadv02nt.sys
+ 2004-08-03 20:29:38 11,775 -c--a-w C:\WINDOWS\system32\dllcache\wadv05nt.sys
+ 2004-08-03 20:29:40 11,807 -c--a-w C:\WINDOWS\system32\dllcache\wadv07nt.sys
+ 2004-08-03 20:29:40 11,295 -c--a-w C:\WINDOWS\system32\dllcache\wadv08nt.sys
+ 2004-08-03 20:29:42 11,871 -c--a-w C:\WINDOWS\system32\dllcache\wadv09nt.sys
+ 2004-08-03 20:29:42 11,935 -c--a-w C:\WINDOWS\system32\dllcache\wadv11nt.sys
+ 2004-08-03 20:29:42 29,311 -c--a-w C:\WINDOWS\system32\dllcache\watv01nt.sys
+ 2004-08-03 20:29:44 19,551 -c--a-w C:\WINDOWS\system32\dllcache\watv02nt.sys
+ 2004-08-03 20:29:44 33,599 -c--a-w C:\WINDOWS\system32\dllcache\watv04nt.sys
+ 2004-08-03 20:29:46 22,271 -c--a-w C:\WINDOWS\system32\dllcache\watv06nt.sys
+ 2004-08-05 12:00:00 3,200 -c--a-w C:\WINDOWS\system32\dllcache\wowfax.dll
+ 2004-08-05 12:00:00 14,336 -c--a-w C:\WINDOWS\system32\dllcache\wowfaxui.dll
+ 2004-08-05 12:00:00 108,032 -c--a-w C:\WINDOWS\system32\dllcache\wshbth.dll
+ 2004-08-03 22:54:48 8,192 -c--a-w C:\WINDOWS\system32\dllcache\wshirda.dll
+ 2004-08-03 20:29:48 12,063 -c--a-w C:\WINDOWS\system32\dllcache\wsiintxx.sys
+ 2004-08-03 21:10:22 19,328 -c--a-w C:\WINDOWS\system32\dllcache\wstcodec.sys
+ 2004-08-03 20:29:50 19,455 -c--a-w C:\WINDOWS\system32\dllcache\wvchntxx.sys
+ 2004-08-05 12:00:00 51,712 -c--a-w C:\WINDOWS\system32\dllcache\wzcsapi.dll
+ 2004-08-05 12:00:00 359,936 -c--a-w C:\WINDOWS\system32\dllcache\wzcsvc.dll
+ 2001-08-17 18:11:14 16,970 -c--a-w C:\WINDOWS\system32\dllcache\xem336n5.sys
+ 2001-08-23 15:47:50 99,865 -c--a-w C:\WINDOWS\system32\dllcache\xlog.exe
+ 2001-08-23 15:47:50 4,608 -c--a-w C:\WINDOWS\system32\dllcache\xrxflnch.exe
+ 2001-08-23 15:47:50 27,648 -c--a-w C:\WINDOWS\system32\dllcache\xrxftplt.exe
+ 2001-08-23 15:47:24 17,408 -c--a-w C:\WINDOWS\system32\dllcache\xrxscnui.dll
+ 2001-08-23 15:47:24 23,040 -c--a-w C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
+ 2004-08-03 22:54:48 116,736 -c--a-w C:\WINDOWS\system32\dllcache\xrxwiadr.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"Eraser"="C:\Program Files\Eraser\eraser.exe" [2007-07-28 23:05 277328]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 23:57 36640]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 13:48 1388544]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2007-04-05 15:29 684118]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=

R0 aac;Adaptec RAID Miniport Driver;C:\WINDOWS\system32\drivers\aac.sys [2004-04-12 08:42]
S0 aaccin;aaccin;C:\WINDOWS\system32\drivers\aaccin.dll [2004-04-12 08:42]
S3 optousb;OPTO ELECTRONICS optousb;C:\WINDOWS\system32\DRIVERS\optousb.sys [2006-10-18 19:14]
S3 optovcm;OPTO ELECTRONICS optovcm;C:\WINDOWS\system32\DRIVERS\optovcm.sys [2006-10-19 15:46]

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-30 20:20:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-14 23:05:35 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-09-25 15:29:20 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 22:47:15
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-19 22:47:51
ComboFix-quarantined-files.txt 2008-05-19 20:47:48

Pre-Run: 32,672,866,304 octets libres
Post-Run: 32,462,946,304 octets libres

1216 --- E O F --- 2008-05-17 13:09:03


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:54, on 19/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Telechargements\Hijackthis\Pierre.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.consoclicker.com
O16 - DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} (TNSClickerb.Clicker) - http://www.consoclicker.com/TNSClickrb.CAB
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7826 bytes
User avatar
kovantchine
Active Member
 
Posts: 11
Joined: May 17th, 2008, 8:02 am

Re: Virtumonde.dll is bothering me.

Unread postby Rodav » May 20th, 2008, 7:24 am

Hi kovantchine,

Could you tell exactly what the folder on your D: drive means D:\\SCURIT~1\ ?

The folder will begin with the letters SCURIT and is at least 9 characters long. I would like to know exactly what the folder is called please and if it means anything in English.

I would also like to know if you have redirected your 'My Documents' folder to Drive D.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Virtumonde.dll is bothering me.

Unread postby kovantchine » May 20th, 2008, 5:01 pm

Bonjour,
Thanks for your help.

Could you tell exactly what the folder on your D: drive means D:\\SCURIT~1\ ?

This folder has a french name : "D:\Sécurité\" meaning Security where I save Keypass data, MozBackup...

I would also like to know if you have redirected your 'My Documents' folder to Drive D

Yes, My Documents is redirected to D:

Are the quarantined files definitely lost ? Some of them are very precious : Impot is Tax, CRCA a Bank !
User avatar
kovantchine
Active Member
 
Posts: 11
Joined: May 17th, 2008, 8:02 am

Re: Virtumonde.dll is bothering me.

Unread postby kovantchine » May 20th, 2008, 5:11 pm

Addendum to the previous reply : D:\Sécurité\ contained Zip files.
User avatar
kovantchine
Active Member
 
Posts: 11
Joined: May 17th, 2008, 8:02 am

Re: Virtumonde.dll is bothering me.

Unread postby Rodav » May 21st, 2008, 3:57 am

Hi kovantchine,

Thanks for answering my questions.

Are the quarantined files definitely lost ?
No we should be able to restore them. :) This is a small example of why we encourage people not to run the specialist tools we use on their own, in case something like this happened.


Step 1:
1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
DeQuarantine::
C:\Qoobox\Quarantine\D\Sécurité

Quit::


Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\DeQuarantine_log.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Step 2:
I see you have added www.consoclicker.com to your Trusted Zone, while it seems to be a legitimate site having it there offers no more benefits than having it out of it. The Trusted Zone has the lowest security and allows scripts and applications from sites in this zone to run freely, so as such it is my recommendation that you would not add any website to it.
I have added the Trusted Zone line to be fixed with HijackThis in Red you can do so if you wish.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O15 - Trusted Zone: http://www.consoclicker.com


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application and Restart your computer.


Step 3:
Older versions of Java have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel > Add/Remove Programs.
  • Check any item with Java Runtime Environment, JRE, J2SE, or Java Webstart in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all installed versions of Java.
  • Reboot your computer once all Java components are removed.
Then download the latest version of Java Runtime Environment(JRE) and install it to your computer.


Step 4:
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply.


Step 5:
Run HijackThis, do a system scan and in your next reply please post:
  • The ComboFix report (C:\DeQuarantine_log.txt)
  • The online Kaspersky scan results
  • The new HijackThis scan
Also please let me know if your files got restored OK and how your computer is running.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Virtumonde.dll is bothering me.

Unread postby kovantchine » May 21st, 2008, 6:34 am

Hello,
I had to rename Quarantine\funny name with Quarantine\Securite (no french accents) and it all went OK.
The Kapersky report does not appear too cheerful.
Here are the logs.

ComboFix 08-05-15.3 - Rocher 2008-05-19 22:45:09.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.622 [GMT 2:00]
Endroit: C:\Documents and Settings\Rocher\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rocher\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\system32\gsntkfoq.dll
C:\WINDOWS\system32\khfFuUMd.dll
C:\WINDOWS\system32\nnnnLDuS.dll
C:\WINDOWS\system32\rqRKBUlj.dll
C:\WINDOWS\system32\urqnOEUK.dll
C:\WINDOWS\system32\yecrydfm.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\\SCURIT~1\Achats\Commande Show Room 2001.pdf
D:\\SCURIT~1\Achats\Facture CDFolie.pdf
D:\\SCURIT~1\Achats\Neuf\Facture 200207.pdf
D:\\SCURIT~1\Achats\Neuf\Facture 200407.pdf
D:\\SCURIT~1\Achats\Neuf\Facture 200607.pdf
D:\\SCURIT~1\Achats\Neuf\Facture 200807.pdf
D:\\SCURIT~1\Achats\Neuf\Facture 201007.pdf
D:\\SCURIT~1\Achats\Neuf\Facture 201207.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 01 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 01 08.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 02 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 02 08.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 03 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 03 08.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 04 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 05 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 06 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 07 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 08 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 09 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 10 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 11 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation 12 07.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation Fiscale 2007.pdf
D:\\SCURIT~1\Administrations\ASSEDIC\Attestation Oct 2006 Sep 2007.pdf
D:\\SCURIT~1\Administrations\C107.doc
D:\\SCURIT~1\Administrations\CESU\Attestation 12 08.pdf
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007.htm
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\bandeau.js
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\boutonsgeneriques.js
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\btnActionGch1_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\btnActionGchImpr_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cd_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cd2_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cg_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cg2_btn_action_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cg2_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\coi_bg_clair_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\coi_hd_dark_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\commun.css
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\dialogue.js
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\fond_btn_action.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\fond_clair_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\fond_quitter.jpg
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\informations.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\logo1.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\nav_info_Application.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\posteUsagerPart.css
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\puc_target_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\puce_outils_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\puce_part_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\titre_part2.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007.htm
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\bandeau.js
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\boutonsgeneriques.js
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\btnActionGch1_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\btnActionGchImpr_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\cg2_btn_action_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\coi_bg_clair_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\coi_hd_dark_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\commun.css
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\dialogue.js
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\fond_btn_action.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\fond_clair_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\fond_quitter.jpg
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\informations.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\logo1.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\nav_info_Application.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\posteUsagerPart.css
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\puc_target_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TF Gouville 2007_fichiers\titre_part2.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007.htm
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\bandeau.js
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\boutonsgeneriques.js
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\btnActionGch1_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\btnActionGchImpr_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cd_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cd2_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cg_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cg2_btn_action_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cg2_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\coi_bg_clair_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\coi_hd_dark_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\commun.css
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\dialogue.js
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\fond_btn_action.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\fond_clair_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\fond_quitter.jpg
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\informations.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\logo1.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\nav_info_Application.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\posteUsagerPart.css
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\puc_target_part.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\puce_outils_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\puce_part_off.gif
D:\\SCURIT~1\Administrations\Impots\Paiement TH Gouville 2007_fichiers\titre_part2.gif
D:\\SCURIT~1\Administrations\Impots\Redevance TV Pierre 2007.doc
D:\\SCURIT~1\Administrations\Impots\Rocher IR 2006 1.jpg
D:\\SCURIT~1\Administrations\Impots\Rocher IR 2006 2.jpg
D:\\SCURIT~1\Administrations\La Poste\Tarifs_au_depart_de_France_Metropolitaine_a_compter_du_15_janvier_2007.pdf
D:\\SCURIT~1\Beatrice\Candidature Offre N° 5192231 pour Mme TARJUS.eml
D:\\SCURIT~1\Beatrice\CV\CV 12102007.doc
D:\\SCURIT~1\Beatrice\lettre du 13 10 07.odt
D:\\SCURIT~1\Beatrice\Motivation 30 10 07.doc
D:\\SCURIT~1\Beatrice\poemes noel 2007.doc
D:\\SCURIT~1\Beatrice\poemes noel 2007.odt
D:\\SCURIT~1\Beatrice\Thumbs.db
D:\\SCURIT~1\CRCA\111 1 & 2.xls
D:\\SCURIT~1\CRCA\111 1 a 7 2008.xls
D:\\SCURIT~1\CRCA\111 7 a 12 2007.xls
D:\\SCURIT~1\CRCA\200.xls
D:\\SCURIT~1\CRCA\271.xls
D:\\SCURIT~1\CRCA\Archives\2003.7z
D:\\SCURIT~1\CRCA\Archives\2004.7z
D:\\SCURIT~1\CRCA\Archives\2005.7z
D:\\SCURIT~1\CRCA\Archives\2006.7z
D:\\SCURIT~1\CRCA\Archives\2007.7z
D:\\SCURIT~1\CRCA\CIC.xls
D:\\SCURIT~1\CRCA\CIN 2007.xls
D:\\SCURIT~1\CRCA\DEA.xls
D:\\SCURIT~1\CRCA\Finances 2008.xls
D:\\SCURIT~1\CRCA\Open.xls
D:\\SCURIT~1\CRCA\PEA.xls
D:\\SCURIT~1\CRCA\ThisWorkbook.cls
D:\\SCURIT~1\KeyPass\Database.kdb
D:\\SCURIT~1\Mozbackup\Firefox 2.0.0.14 (fr) - 2008-05-03.pcv
D:\\SCURIT~1\Mozbackup\Thunderbird 2.0.0.14 (fr) - 2008-05-03.pcv
D:\\SCURIT~1\Pierre(HijackThis).exe
D:\\SCURIT~1\Pierre\Divorce\Budget 10 12 07.xls
D:\\SCURIT~1\Pierre\Divorce\CIPAV 2006.tif
D:\\SCURIT~1\Pierre\Divorce\CIPC S & A 2006.tif
D:\\SCURIT~1\Pierre\Divorce\CRAM 2006.tif
D:\\SCURIT~1\Pierre\Divorce\CSG 2006 1.jpg
D:\\SCURIT~1\Pierre\Divorce\CSG 2006 2.jpg
D:\\SCURIT~1\Pierre\Divorce\Echéancier Prêt CMB.rtf
D:\\SCURIT~1\Pierre\Divorce\IRCANTEC 2006.tif
D:\\SCURIT~1\Pierre\Divorce\K.Le Bihan 02 05 08.doc
D:\\SCURIT~1\Pierre\Divorce\Livret Famille 1.tif
D:\\SCURIT~1\Pierre\Divorce\Livret Famille 2.tif
D:\\SCURIT~1\Pierre\Divorce\Livret Famille 3.tif
D:\\SCURIT~1\Pierre\Divorce\MSA 2006.tif
D:\\SCURIT~1\Pierre\Divorce\PIECES TRANSMISES.doc
D:\\SCURIT~1\Pierre\Divorce\Pret CMB.gif
D:\\SCURIT~1\Pierre\Divorce\Prêt CMB.xls
D:\\SCURIT~1\Pierre\Divorce\Rocher IR 2006 1.jpg
D:\\SCURIT~1\Pierre\Divorce\Rocher IR 2006 2.jpg
D:\\SCURIT~1\Pierre\Thumbs.db

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))))))))
.

2008-05-18 16:15 . 2001-08-17 21:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-05-18 16:15 . 2001-08-17 21:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-05-18 16:15 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-05-18 16:15 . 2001-08-23 17:47 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-05-18 16:15 . 2001-08-23 17:47 54,272 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2008-05-18 16:15 . 2001-08-17 20:10 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys
2008-05-18 16:15 . 2001-08-23 17:05 35,402 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-05-18 16:15 . 2004-08-04 00:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-05-18 16:15 . 2004-08-03 22:29 25,471 --a--c--- C:\WINDOWS\system32\dllcache\watv10nt.sys
2008-05-18 16:15 . 2004-08-03 22:29 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2008-05-18 16:15 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-05-18 16:13 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-18 16:12 . 2001-08-23 17:47 216,576 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
2008-05-18 16:11 . 2001-08-23 17:47 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-18 16:10 . 2001-08-23 17:46 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-05-18 16:09 . 2001-08-23 16:57 286,848 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-05-18 16:08 . 2001-08-23 17:47 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2008-05-18 16:07 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-05-18 16:06 . 2001-08-23 17:46 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-05-18 16:05 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-05-18 16:04 . 2004-08-04 00:54 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-05-18 16:03 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-18 16:02 . 2004-08-04 00:54 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-05-18 16:01 . 2004-08-04 00:53 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-05-18 16:00 . 2001-08-17 22:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-05-18 15:59 . 2004-08-04 00:54 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-05-18 15:58 . 2004-08-04 00:47 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-05-18 15:57 . 2004-08-04 00:54 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-05-18 15:56 . 2001-08-23 17:03 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-05-18 15:55 . 2001-08-17 21:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-05-18 15:54 . 2001-08-23 17:47 242,688 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-05-18 15:53 . 2001-08-23 17:47 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-05-18 15:52 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-05-18 15:51 . 2001-08-17 21:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-05-18 15:50 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-05-18 15:49 . 2001-08-17 20:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2008-05-18 15:48 . 2001-08-23 17:16 630,016 --a--c--- C:\WINDOWS\system32\dllcache\eqn.sys
2008-05-18 15:47 . 2001-08-23 17:13 634,166 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-05-18 15:46 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-05-18 15:45 . 2001-08-23 17:04 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-05-18 15:44 . 2001-08-23 17:03 715,466 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
2008-05-18 15:43 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-05-18 15:42 . 2004-08-04 00:54 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-18 15:41 . 2001-08-23 17:46 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-05-18 15:41 . 2004-08-03 23:10 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys
2008-05-18 15:41 . 2001-08-17 22:06 11,264 --a--c--- C:\WINDOWS\system32\dllcache\1394vdbg.sys
2008-05-18 12:36 . 2008-05-18 12:36 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-17 15:09 . 2008-05-17 15:09 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-17 12:38 . 2008-05-17 12:45 3,900 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-17 11:02 . 2008-05-17 11:02 <REP> d-------- C:\Documents and Settings\Rocher\Application Data\McAfee
2008-05-14 14:58 . 2008-05-16 18:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-14 14:47 . 2008-05-17 13:35 1,252 --a------ C:\WINDOWS\wininit.ini
2008-05-14 14:21 . 2008-05-19 16:58 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-14 14:21 . 2008-05-19 17:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-09 15:52 . 2006-10-11 15:57 5,456 -ra------ C:\WINDOWS\system32\e100b325.din
2008-05-09 15:52 . 2006-01-12 13:52 1,904 --------- C:\WINDOWS\system32\SetupBD.din
2008-05-05 09:02 . 2008-05-16 17:53 109,737 --a------ C:\WINDOWS\BM4b93c703.xml
2008-05-01 19:23 . 2008-05-01 19:23 <REP> d--h----- C:\WINDOWS\PIF
2008-04-24 16:14 . 2008-04-24 16:14 <REP> d-------- C:\Documents and Settings\Rocher\Application Data\PCF-VLC
2008-04-21 13:10 . 2008-05-16 23:56 <REP> d-------- C:\Documents and Settings\Rocher\Application Data\Azureus
2008-04-21 13:10 . 2008-04-21 13:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-21 13:09 . 2008-05-19 22:36 <REP> d-------- C:\Program Files\Azureus

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 20:36 --------- d-----w C:\Program Files\eMule
2008-05-19 18:53 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-18 10:05 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-17 09:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-16 18:57 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-05-14 17:22 --------- d-----w C:\Program Files\JkDefrag
2008-05-14 14:48 --------- d-----w C:\Program Files\MediaCoder
2008-05-14 13:08 --------- d-----w C:\Program Files\FairUse Wizard 2
2008-05-12 10:09 28,928 ----a-w C:\Documents and Settings\Rocher\Application Data\GDIPFONTCACHEV1.DAT
2008-05-11 09:57 --------- d-----w C:\Documents and Settings\Rocher\Application Data\gtk-2.0
2008-05-09 18:08 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-05-09 13:53 --------- d-----w C:\Program Files\Intel
2008-05-09 13:29 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-05-09 13:18 --------- d-----w C:\Program Files\Winamp
2008-05-09 13:18 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2008-05-09 10:23 --------- d-----w C:\Documents and Settings\Rocher\Application Data\OpenOffice.org2
2008-05-03 16:22 --------- d-----w C:\Program Files\McAfee
2008-04-16 10:30 --------- d-----w C:\Documents and Settings\Rocher\Application Data\Winamp
2008-04-10 17:49 --------- d-----w C:\Program Files\DivX
2008-04-10 15:47 --------- d-----w C:\Program Files\ZNsoft Corporation
2008-04-03 10:27 --------- d-----w C:\Documents and Settings\Rocher\Application Data\Participatory Culture Foundation
2008-04-03 10:26 --------- d-----w C:\Program Files\Participatory Culture Foundation
2008-04-02 15:50 --------- d-----w C:\Program Files\Kit ADSL
2008-04-02 15:47 --------- d-----w C:\Program Files\Lavalys
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-30 16:06 --------- d-----w C:\Documents and Settings\Rocher\Application Data\Audacity
2008-03-29 17:55 --------- d-----w C:\Program Files\JagoClient
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 11:11 --------- d-----w C:\Program Files\Java
2008-03-12 10:10 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-12 10:10 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-10-14 16:44 769,536 ----a-w C:\Documents and Settings\Rocher\Application Data\sfdnwin.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-18_12.41.22.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-18 10:40:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 11:32:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2003-08-19 18:36:16 65,536 ----a-w C:\WINDOWS\system32\a3d.dll
+ 2001-08-23 15:46:58 98,304 ----a-w C:\WINDOWS\system32\a3d.dll
- 2008-05-18 07:35:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-19 16:12:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-18 07:35:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-05-19 16:12:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-05-18 07:35:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-19 16:12:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2001-08-17 19:28:00 762,780 -c--a-w C:\WINDOWS\system32\dllcache\3cwmcru.sys
+ 2001-08-23 15:46:44 689,216 -c--a-w C:\WINDOWS\system32\dllcache\3dfxvs.dll
+ 2001-08-17 18:48:32 148,352 -c--a-w C:\WINDOWS\system32\dllcache\3dfxvsm.sys
+ 2004-08-03 21:00:04 12,288 -c--a-w C:\WINDOWS\system32\dllcache\4mmdat.sys
+ 2004-08-03 21:10:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\61883.sys
+ 2001-08-23 15:46:44 38,400 -c--a-w C:\WINDOWS\system32\dllcache\8514a.dll
+ 2001-08-23 15:46:58 98,304 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
+ 2001-08-23 15:46:58 462,848 -c--a-w C:\WINDOWS\system32\dllcache\a3dapi.dll
+ 2001-08-17 19:52:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\abp480n5.sys
+ 2004-08-03 20:32:22 231,552 -c--a-w C:\WINDOWS\system32\dllcache\ac97ali.sys
+ 2001-08-17 18:20:04 96,256 -c--a-w C:\WINDOWS\system32\dllcache\ac97intc.sys
+ 2001-08-17 18:20:16 297,728 -c--a-w C:\WINDOWS\system32\dllcache\ac97sis.sys
+ 2004-08-03 20:32:32 84,480 -c--a-w C:\WINDOWS\system32\dllcache\ac97via.sys
+ 2001-08-23 15:46:58 61,952 -c--a-w C:\WINDOWS\system32\dllcache\acerscad.dll
+ 2004-08-05 12:00:00 188,672 -c--a-w C:\WINDOWS\system32\dllcache\acpi.sys
+ 2004-08-05 12:00:00 12,032 -c--a-w C:\WINDOWS\system32\dllcache\acpiec.sys
+ 2001-08-17 19:53:02 7,424 -c--a-w C:\WINDOWS\system32\dllcache\adicvls.sys
+ 2001-08-17 18:11:18 20,160 -c--a-w C:\WINDOWS\system32\dllcache\adm8511.sys
+ 2001-08-17 18:19:10 584,448 -c--a-w C:\WINDOWS\system32\dllcache\adm8810.sys
+ 2001-08-17 18:19:14 553,984 -c--a-w C:\WINDOWS\system32\dllcache\adm8820.sys
+ 2001-08-17 18:19:14 747,392 -c--a-w C:\WINDOWS\system32\dllcache\adm8830.sys
+ 2004-08-03 20:32:24 10,880 -c--a-w C:\WINDOWS\system32\dllcache\admjoy.sys
+ 2001-08-17 18:11:16 46,112 -c--a-w C:\WINDOWS\system32\dllcache\adptsf50.sys
+ 2001-08-17 20:07:32 101,888 -c--a-w C:\WINDOWS\system32\dllcache\adpu160m.sys
+ 2004-08-03 22:54:22 4,255 -c--a-w C:\WINDOWS\system32\dllcache\adv01nt5.dll
+ 2004-08-03 22:54:22 3,967 -c--a-w C:\WINDOWS\system32\dllcache\adv02nt5.dll
+ 2004-08-03 22:54:22 3,615 -c--a-w C:\WINDOWS\system32\dllcache\adv05nt5.dll
+ 2004-08-03 22:54:22 3,647 -c--a-w C:\WINDOWS\system32\dllcache\adv07nt5.dll
+ 2004-08-03 22:54:22 3,135 -c--a-w C:\WINDOWS\system32\dllcache\adv08nt5.dll
+ 2004-08-03 22:54:22 3,711 -c--a-w C:\WINDOWS\system32\dllcache\adv09nt5.dll
+ 2004-08-03 22:54:22 3,775 -c--a-w C:\WINDOWS\system32\dllcache\adv11nt5.dll
+ 2006-02-15 00:22:26 142,464 -c--a-w C:\WINDOWS\system32\dllcache\aec.sys
+ 2004-08-05 12:00:00 42,368 -c--a-w C:\WINDOWS\system32\dllcache\agp440.sys
+ 2004-08-05 12:00:00 44,928 -c--a-w C:\WINDOWS\system32\dllcache\agpcpq.sys
+ 2001-08-17 19:52:02 12,800 -c--a-w C:\WINDOWS\system32\dllcache\aha154x.sys
+ 2001-08-17 20:07:36 55,168 -c--a-w C:\WINDOWS\system32\dllcache\aic78u2.sys
+ 2001-08-17 20:07:38 56,960 -c--a-w C:\WINDOWS\system32\dllcache\aic78xx.sys
+ 2001-08-17 18:11:18 27,678 -c--a-w C:\WINDOWS\system32\dllcache\ali5261.sys
+ 2001-08-17 19:49:02 26,624 -c--a-w C:\WINDOWS\system32\dllcache\alifir.sys
+ 2001-08-17 19:51:56 5,248 -c--a-w C:\WINDOWS\system32\dllcache\aliide.sys
+ 2004-08-05 12:00:00 42,752 -c--a-w C:\WINDOWS\system32\dllcache\alim1541.sys
+ 2001-08-17 18:11:20 16,969 -c--a-w C:\WINDOWS\system32\dllcache\amb8002.sys
+ 2004-08-05 12:00:00 43,008 -c--a-w C:\WINDOWS\system32\dllcache\amdagp.sys
+ 2004-08-05 12:00:00 41,216 -c--a-w C:\WINDOWS\system32\dllcache\amdk6.sys
+ 2004-08-05 12:00:00 41,600 -c--a-w C:\WINDOWS\system32\dllcache\amdk7.sys
+ 2001-08-17 19:52:04 12,032 -c--a-w C:\WINDOWS\system32\dllcache\amsint.sys
+ 2004-08-03 20:31:20 36,224 -c--a-w C:\WINDOWS\system32\dllcache\an983.sys
+ 2001-08-17 19:47:22 6,272 -c--a-w C:\WINDOWS\system32\dllcache\apmbatt.sys
+ 2004-08-05 12:00:00 60,800 -c--a-w C:\WINDOWS\system32\dllcache\arp1394.sys
+ 2001-08-17 19:52:00 26,496 -c--a-w C:\WINDOWS\system32\dllcache\asc.sys
+ 2001-08-17 19:52:04 22,400 -c--a-w C:\WINDOWS\system32\dllcache\asc3350p.sys
+ 2001-08-17 19:51:58 14,848 -c--a-w C:\WINDOWS\system32\dllcache\asc3550.sys
+ 2001-08-17 18:12:34 97,354 -c--a-w C:\WINDOWS\system32\dllcache\aspndis3.sys
+ 2004-08-05 12:00:00 95,360 -c--a-w C:\WINDOWS\system32\dllcache\atapi.sys
+ 2001-08-23 15:46:44 96,128 -c--a-w C:\WINDOWS\system32\dllcache\ati.dll
+ 2001-08-23 14:59:32 77,824 -c--a-w C:\WINDOWS\system32\dllcache\ati.sys
+ 2004-08-03 20:29:30 56,623 -c--a-w C:\WINDOWS\system32\dllcache\ati1btxx.sys
+ 2004-08-03 20:29:30 11,615 -c--a-w C:\WINDOWS\system32\dllcache\ati1mdxx.sys
+ 2004-08-03 20:29:30 12,047 -c--a-w C:\WINDOWS\system32\dllcache\ati1pdxx.sys
+ 2004-08-03 20:29:32 30,671 -c--a-w C:\WINDOWS\system32\dllcache\ati1raxx.sys
+ 2004-08-03 20:29:32 63,663 -c--a-w C:\WINDOWS\system32\dllcache\ati1rvxx.sys
+ 2004-08-03 20:29:32 26,367 -c--a-w C:\WINDOWS\system32\dllcache\ati1snxx.sys
+ 2004-08-03 20:29:32 21,343 -c--a-w C:\WINDOWS\system32\dllcache\ati1ttxx.sys
+ 2004-08-03 20:29:32 36,463 -c--a-w C:\WINDOWS\system32\dllcache\ati1tuxx.sys
+ 2004-08-03 20:29:32 29,455 -c--a-w C:\WINDOWS\system32\dllcache\ati1xbxx.sys
+ 2004-08-03 20:29:32 34,735 -c--a-w C:\WINDOWS\system32\dllcache\ati1xsxx.sys
+ 2004-08-03 22:54:22 229,376 -c--a-w C:\WINDOWS\system32\dllcache\ati2cqag.dll
+ 2004-08-03 22:54:22 377,984 -c--a-w C:\WINDOWS\system32\dllcache\ati2dvaa.dll
+ 2004-08-03 22:54:22 201,728 -c--a-w C:\WINDOWS\system32\dllcache\ati2dvag.dll
+ 2004-08-03 22:38:42 327,168 -c--a-w C:\WINDOWS\system32\dllcache\ati2mtaa.sys
+ 2004-08-03 22:38:44 701,440 -c--a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
+ 2004-08-03 22:54:22 870,784 -c--a-w C:\WINDOWS\system32\dllcache\ati3d1ag.dll
+ 2001-08-17 18:49:04 46,464 -c--a-w C:\WINDOWS\system32\dllcache\atibt829.sys
+ 2001-08-23 15:46:44 382,592 -c--a-w C:\WINDOWS\system32\dllcache\atidrab.dll
+ 2001-08-23 15:46:44 137,216 -c--a-w C:\WINDOWS\system32\dllcache\atidrae.dll
+ 2001-08-23 15:46:44 268,160 -c--a-w C:\WINDOWS\system32\dllcache\atidvai.dll
+ 2001-08-23 15:47:26 37,376 -c--a-w C:\WINDOWS\system32\dllcache\atievxx.exe
+ 2001-08-23 14:59:36 289,920 -c--a-w C:\WINDOWS\system32\dllcache\atimpab.sys
+ 2001-08-23 14:59:36 75,392 -c--a-w C:\WINDOWS\system32\dllcache\atimpae.sys
+ 2001-08-23 14:59:38 281,728 -c--a-w C:\WINDOWS\system32\dllcache\atimtai.sys
+ 2004-08-03 20:29:28 57,856 -c--a-w C:\WINDOWS\system32\dllcache\atinbtxx.sys
+ 2004-08-03 20:29:30 13,824 -c--a-w C:\WINDOWS\system32\dllcache\atinmdxx.sys
+ 2004-08-03 20:29:30 14,336 -c--a-w C:\WINDOWS\system32\dllcache\atinpdxx.sys
+ 2004-08-03 20:29:30 52,224 -c--a-w C:\WINDOWS\system32\dllcache\atinraxx.sys
+ 2004-08-03 20:29:32 104,960 -c--a-w C:\WINDOWS\system32\dllcache\atinrvxx.sys
+ 2004-08-03 20:29:32 28,672 -c--a-w C:\WINDOWS\system32\dllcache\atinsnxx.sys
+ 2004-08-03 20:29:32 13,824 -c--a-w C:\WINDOWS\system32\dllcache\atinttxx.sys
+ 2004-08-03 20:29:32 73,216 -c--a-w C:\WINDOWS\system32\dllcache\atintuxx.sys
+ 2004-08-03 20:29:32 31,744 -c--a-w C:\WINDOWS\system32\dllcache\atinxbxx.sys
+ 2004-08-03 20:29:32 63,488 -c--a-w C:\WINDOWS\system32\dllcache\atinxsxx.sys
+ 2001-08-17 18:49:36 10,240 -c--a-w C:\WINDOWS\system32\dllcache\atipcxxx.sys
+ 2001-08-23 15:46:44 104,832 -c--a-w C:\WINDOWS\system32\dllcache\atiraged.dll
+ 2001-08-23 14:59:40 70,784 -c--a-w C:\WINDOWS\system32\dllcache\atiragem.sys
+ 2001-08-17 18:49:12 49,920 -c--a-w C:\WINDOWS\system32\dllcache\atirtcap.sys
+ 2001-08-17 18:49:18 26,880 -c--a-w C:\WINDOWS\system32\dllcache\atirtsnd.sys
+ 2001-08-17 18:49:22 17,152 -c--a-w C:\WINDOWS\system32\dllcache\atitunep.sys
+ 2001-08-17 18:49:28 17,152 -c--a-w C:\WINDOWS\system32\dllcache\atitvsnd.sys
+ 2001-08-17 18:49:38 9,472 -c--a-w C:\WINDOWS\system32\dllcache\ativmdcd.sys
+ 2004-08-03 22:54:22 32,768 -c--a-w C:\WINDOWS\system32\dllcache\ativtmxx.dll
+ 2001-08-17 18:49:44 19,456 -c--a-w C:\WINDOWS\system32\dllcache\ativttxx.sys
+ 2004-08-03 22:54:22 516,768 -c--a-w C:\WINDOWS\system32\dllcache\ativvaxx.dll
+ 2001-08-17 18:49:48 26,624 -c--a-w C:\WINDOWS\system32\dllcache\ativxbar.sys
+ 2001-08-17 18:49:34 23,552 -c--a-w C:\WINDOWS\system32\dllcache\atixbar.sys
+ 2004-08-03 22:54:22 21,183 -c--a-w C:\WINDOWS\system32\dllcache\atv01nt5.dll
+ 2004-08-03 22:54:22 11,359 -c--a-w C:\WINDOWS\system32\dllcache\atv02nt5.dll
+ 2004-08-03 22:54:22 25,471 -c--a-w C:\WINDOWS\system32\dllcache\atv04nt5.dll
+ 2004-08-03 22:54:22 14,143 -c--a-w C:\WINDOWS\system32\dllcache\atv06nt5.dll
+ 2004-08-03 22:54:22 17,279 -c--a-w C:\WINDOWS\system32\dllcache\atv10nt5.dll
+ 2001-08-17 21:59:44 3,072 -c--a-w C:\WINDOWS\system32\dllcache\audstub.sys
+ 2004-08-03 21:10:12 38,912 -c--a-w C:\WINDOWS\system32\dllcache\avc.sys
+ 2001-08-17 20:01:12 36,096 -c--a-w C:\WINDOWS\system32\dllcache\avcaudio.sys
+ 2004-08-03 21:10:00 13,696 -c--a-w C:\WINDOWS\system32\dllcache\avcstrm.sys
+ 2001-08-23 15:46:58 87,552 -c--a-w C:\WINDOWS\system32\dllcache\avmcoxp.dll
+ 2001-08-23 15:46:58 144,384 -c--a-w C:\WINDOWS\system32\dllcache\avmenum.dll
+ 2001-08-17 18:13:48 37,568 -c--a-w C:\WINDOWS\system32\dllcache\avmwan.sys
+ 2001-08-17 18:19:16 36,992 -c--a-w C:\WINDOWS\system32\dllcache\aztw2320.sys
+ 2001-08-17 18:13:56 89,952 -c--a-w C:\WINDOWS\system32\dllcache\b1cbase.sys
+ 2001-08-23 15:00:08 97,248 -c--a-w C:\WINDOWS\system32\dllcache\b57xp32.sys
+ 2001-08-23 15:46:44 342,336 -c--a-w C:\WINDOWS\system32\dllcache\banshee.dll
+ 2001-08-17 18:48:28 36,128 -c--a-w C:\WINDOWS\system32\dllcache\banshee.sys
+ 2001-08-17 19:57:54 14,080 -c--a-w C:\WINDOWS\system32\dllcache\battc.sys
+ 2001-08-17 18:11:28 66,557 -c--a-w C:\WINDOWS\system32\dllcache\bcm42u.sys
+ 2001-08-17 18:11:26 54,271 -c--a-w C:\WINDOWS\system32\dllcache\bcm42xx5.sys
+ 2001-08-17 18:11:30 26,568 -c--a-w C:\WINDOWS\system32\dllcache\bcm4e5.sys
+ 2004-08-03 21:10:14 11,776 -c--a-w C:\WINDOWS\system32\dllcache\bdasup.sys
+ 2001-08-23 15:46:58 105,472 -c--a-w C:\WINDOWS\system32\dllcache\binlsvc.dll
+ 2001-08-23 15:46:58 19,456 -c--a-w C:\WINDOWS\system32\dllcache\brbidiif.dll
+ 2001-08-23 15:46:58 9,728 -c--a-w C:\WINDOWS\system32\dllcache\brcoinst.dll
+ 2001-08-23 15:46:58 12,800 -c--a-w C:\WINDOWS\system32\dllcache\brevif.dll
+ 2001-08-17 19:12:12 2,944 -c--a-w C:\WINDOWS\system32\dllcache\brfilt.sys
+ 2001-08-17 19:12:22 12,160 -c--a-w C:\WINDOWS\system32\dllcache\brfiltlo.sys
+ 2001-08-17 19:12:24 3,968 -c--a-w C:\WINDOWS\system32\dllcache\brfiltup.sys
+ 2001-08-23 15:46:58 15,360 -c--a-w C:\WINDOWS\system32\dllcache\brmfbidi.dll
+ 2001-08-23 15:46:58 81,920 -c--a-w C:\WINDOWS\system32\dllcache\brmfcwia.dll
+ 2001-08-23 15:46:58 29,696 -c--a-w C:\WINDOWS\system32\dllcache\brmflpt.dll
+ 2001-08-23 15:47:30 32,256 -c--a-w C:\WINDOWS\system32\dllcache\brmfrsmg.exe
+ 2001-08-23 15:46:58 41,472 -c--a-w C:\WINDOWS\system32\dllcache\brmfusb.dll
+ 2001-08-17 19:12:24 3,168 -c--a-w C:\WINDOWS\system32\dllcache\brparimg.sys
+ 2001-08-23 15:01:54 39,808 -c--a-w C:\WINDOWS\system32\dllcache\brparwdm.sys
+ 2001-08-23 15:46:58 5,120 -c--a-w C:\WINDOWS\system32\dllcache\brscnrsm.dll
+ 2001-08-23 15:46:58 9,728 -c--a-w C:\WINDOWS\system32\dllcache\brserif.dll
+ 2001-08-17 19:12:20 60,416 -c--a-w C:\WINDOWS\system32\dllcache\brserwdm.sys
+ 2001-08-17 19:12:20 11,008 -c--a-w C:\WINDOWS\system32\dllcache\brusbmdm.sys
+ 2001-08-17 19:12:22 10,368 -c--a-w C:\WINDOWS\system32\dllcache\brusbscn.sys
+ 2001-08-17 18:11:24 31,529 -c--a-w C:\WINDOWS\system32\dllcache\brzwlan.sys
+ 2004-08-05 12:00:00 20,992 -c--a-w C:\WINDOWS\system32\dllcache\bthci.dll
+ 2004-08-03 21:10:40 17,024 -c--a-w C:\WINDOWS\system32\dllcache\bthenum.sys
+ 2004-08-03 21:10:40 38,016 -c--a-w C:\WINDOWS\system32\dllcache\bthmodem.sys
+ 2004-08-03 20:58:40 100,992 -c--a-w C:\WINDOWS\system32\dllcache\bthpan.sys
+ 2004-08-03 22:40:30 274,944 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
+ 2004-08-03 21:10:38 35,456 -c--a-w C:\WINDOWS\system32\dllcache\bthprint.sys
+ 2004-08-05 12:00:00 30,208 -c--a-w C:\WINDOWS\system32\dllcache\bthserv.dll
+ 2004-08-03 21:10:36 18,944 -c--a-w C:\WINDOWS\system32\dllcache\bthusb.sys
+ 2001-08-23 15:02:02 14,080 -c--a-w C:\WINDOWS\system32\dllcache\bulltlp3.sys
+ 2001-08-17 20:05:48 314,752 -c--a-w C:\WINDOWS\system32\dllcache\camdro21.sys
+ 2001-08-17 20:04:46 223,232 -c--a-w C:\WINDOWS\system32\dllcache\camdrv21.sys
+ 2001-08-17 20:04:48 171,264 -c--a-w C:\WINDOWS\system32\dllcache\camdrv30.sys
+ 2001-08-23 15:47:00 74,240 -c--a-w C:\WINDOWS\system32\dllcache\camexo20.dll
+ 2001-08-23 15:47:00 236,032 -c--a-w C:\WINDOWS\system32\dllcache\camext20.dll
+ 2001-08-23 15:47:00 119,296 -c--a-w C:\WINDOWS\system32\dllcache\camext30.dll
+ 2001-08-17 18:12:16 37,916 -c--a-w C:\WINDOWS\system32\dllcache\cb102.sys
+ 2001-08-17 18:12:42 39,680 -c--a-w C:\WINDOWS\system32\dllcache\cb325.sys
+ 2001-08-17 18:13:14 46,108 -c--a-w C:\WINDOWS\system32\dllcache\cben5.sys
+ 2004-08-05 12:00:00 13,952 -c--a-w C:\WINDOWS\system32\dllcache\cbidf2k.sys
+ 2004-08-03 21:10:18 17,024 -c--a-w C:\WINDOWS\system32\dllcache\ccdecode.sys
+ 2001-08-17 19:52:06 7,680 -c--a-w C:\WINDOWS\system32\dllcache\cd20xrnt.sys
+ 2004-08-05 12:00:00 18,688 -c--a-w C:\WINDOWS\system32\dllcache\cdaudio.sys
+ 2004-08-05 12:00:00 49,536 -c--a-w C:\WINDOWS\system32\dllcache\cdrom.sys
+ 2001-08-23 15:03:18 21,530 -c--a-w C:\WINDOWS\system32\dllcache\ce2n5.sys
+ 2001-08-23 15:03:18 27,164 -c--a-w C:\WINDOWS\system32\dllcache\ce3n5.sys
+ 2001-08-23 15:03:18 22,556 -c--a-w C:\WINDOWS\system32\dllcache\cem28n5.sys
+ 2001-08-23 15:03:20 22,556 -c--a-w C:\WINDOWS\system32\dllcache\cem33n5.sys
+ 2001-08-23 15:03:20 49,182 -c--a-w C:\WINDOWS\system32\dllcache\cem56n5.sys
+ 2004-08-03 22:54:24 15,423 -c--a-w C:\WINDOWS\system32\dllcache\ch7xxnt5.dll
+ 2004-08-03 21:00:14 8,192 -c--a-w C:\WINDOWS\system32\dllcache\changer.sys
+ 2001-08-23 15:04:06 272,640 -c--a-w C:\WINDOWS\system32\dllcache\cinemclc.sys
+ 2004-08-05 12:00:00 262,528 -c--a-w C:\WINDOWS\system32\dllcache\cinemst2.sys
+ 2001-08-23 15:46:44 91,264 -c--a-w C:\WINDOWS\system32\dllcache\cirrus.dll
+ 2001-08-17 19:57:16 45,696 -c--a-w C:\WINDOWS\system32\dllcache\cirrus.sys
+ 2001-08-23 15:46:44 111,232 -c--a-w C:\WINDOWS\system32\dllcache\cl5465.dll
+ 2001-08-23 15:46:44 170,880 -c--a-w C:\WINDOWS\system32\dllcache\cl546x.dll
+ 2001-08-17 19:57:36 248,064 -c--a-w C:\WINDOWS\system32\dllcache\cl546xm.sys
+ 2004-08-03 21:07:40 14,080 -c--a-w C:\WINDOWS\system32\dllcache\cmbatt.sys
+ 2001-08-23 15:04:40 20,864 -c--a-w C:\WINDOWS\system32\dllcache\cmbp0wdm.sys
+ 2001-08-23 15:04:44 6,656 -c--a-w C:\WINDOWS\system32\dllcache\cmdide.sys
+ 2004-08-05 12:00:00 50,688 -c--a-w C:\WINDOWS\system32\dllcache\cnbjmon.dll
+ 2001-08-23 15:47:00 44,544 -c--a-w C:\WINDOWS\system32\dllcache\cnusd.dll
+ 2001-08-17 18:11:42 39,936 -c--a-w C:\WINDOWS\system32\dllcache\cnxt1803.sys
+ 2001-08-17 19:58:00 9,344 -c--a-w C:\WINDOWS\system32\dllcache\compbatt.sys
+ 2001-08-17 19:52:06 14,976 -c--a-w C:\WINDOWS\system32\dllcache\cpqarray.sys
+ 2004-08-05 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\cpqdap01.sys
+ 2001-08-23 15:07:28 21,533 -c--a-w C:\WINDOWS\system32\dllcache\cpqndis5.sys
+ 2001-08-23 15:07:28 61,194 -c--a-w C:\WINDOWS\system32\dllcache\cpqtrnd5.sys
+ 2001-08-23 15:47:00 216,576 -c--a-w C:\WINDOWS\system32\dllcache\cpscan.dll
+ 2001-08-17 18:19:18 42,112 -c--a-w C:\WINDOWS\system32\dllcache\crtaud.sys
+ 2004-08-05 12:00:00 40,704 -c--a-w C:\WINDOWS\system32\dllcache\crusoe.sys
+ 2001-08-23 15:47:00 175,104 -c--a-w C:\WINDOWS\system32\dllcache\csamsp.dll
+ 2001-08-17 18:19:28 6,912 -c--a-w C:\WINDOWS\system32\dllcache\ctlfacem.sys
+ 2001-08-17 18:19:20 3,712 -c--a-w C:\WINDOWS\system32\dllcache\ctljystk.sys
+ 2001-08-17 18:19:20 96,256 -c--a-w C:\WINDOWS\system32\dllcache\ctlsb16.sys
+ 2004-08-03 22:54:24 252,416 -c--a-w C:\WINDOWS\system32\dllcache\ctmasetp.dll
+ 2001-08-23 15:47:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\ctwdm32.dll
- 2007-08-13 16:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2004-08-05 12:00:00 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2001-08-17 18:19:24 3,072 -c--a-w C:\WINDOWS\system32\dllcache\cwbase.sys
+ 2001-08-17 18:19:26 3,072 -c--a-w C:\WINDOWS\system32\dllcache\cwbmidi.sys
+ 2001-08-17 18:19:28 72,832 -c--a-w C:\WINDOWS\system32\dllcache\cwbwdm.sys
+ 2001-08-17 18:19:30 3,584 -c--a-w C:\WINDOWS\system32\dllcache\cwcosnt5.sys
+ 2001-08-17 18:19:36 111,872 -c--a-w C:\WINDOWS\system32\dllcache\cwcspud.sys
+ 2001-08-17 18:19:48 93,952 -c--a-w C:\WINDOWS\system32\dllcache\cwcwdm.sys
+ 2004-08-03 20:32:26 48,640 -c--a-w C:\WINDOWS\system32\dllcache\cwrwdm.sys
+ 2001-08-23 15:08:38 17,536 -c--a-w C:\WINDOWS\system32\dllcache\cyclad-z.sys
+ 2001-08-23 15:08:38 15,104 -c--a-w C:\WINDOWS\system32\dllcache\cyclom-y.sys
+ 2001-08-23 15:47:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\cyycoins.dll
+ 2001-08-23 15:08:40 50,944 -c--a-w C:\WINDOWS\system32\dllcache\cyyport.sys
+ 2001-08-23 15:47:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\cyyports.dll
+ 2001-08-23 15:47:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\cyzcoins.dll
+ 2001-08-23 15:08:42 50,688 -c--a-w C:\WINDOWS\system32\dllcache\cyzport.sys
+ 2001-08-23 15:47:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\cyzports.dll
+ 2001-08-23 15:08:44 117,760 -c--a-w C:\WINDOWS\system32\dllcache\d100ib5.sys
+ 2001-08-17 19:52:16 179,584 -c--a-w C:\WINDOWS\system32\dllcache\dac2w2k.sys
+ 2001-08-17 19:52:16 14,720 -c--a-w C:\WINDOWS\system32\dllcache\dac960nt.sys
+ 2001-08-23 15:47:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\dc210_32.dll
+ 2001-08-23 15:47:00 82,432 -c--a-w C:\WINDOWS\system32\dllcache\dc210usd.dll
+ 2001-08-17 18:12:02 63,208 -c--a-w C:\WINDOWS\system32\dllcache\dc21x4.sys
+ 2001-08-23 15:47:00 87,552 -c--a-w C:\WINDOWS\system32\dllcache\dc240usd.dll
+ 2001-08-23 15:47:00 112,128 -c--a-w C:\WINDOWS\system32\dllcache\dc260usd.dll
+ 2001-08-17 19:52:58 7,424 -c--a-w C:\WINDOWS\system32\dllcache\ddsmc.sys
+ 2001-08-17 18:11:44 20,928 -c--a-w C:\WINDOWS\system32\dllcache\defpa.sys
+ 2001-08-23 15:47:00 256,512 -c--a-w C:\WINDOWS\system32\dllcache\devcon32.dll
+ 2001-08-23 15:47:34 24,064 -c--a-w C:\WINDOWS\system32\dllcache\devldr32.exe
+ 2001-08-17 18:11:48 24,648 -c--a-w C:\WINDOWS\system32\dllcache\dfe650.sys
+ 2001-08-17 18:11:48 24,649 -c--a-w C:\WINDOWS\system32\dllcache\dfe650d.sys
+ 2001-08-23 15:09:48 29,691 -c--a-w C:\WINDOWS\system32\dllcache\dgapci.sys
+ 2001-08-23 15:47:00 422,429 -c--a-w C:\WINDOWS\system32\dllcache\dgconfig.dll
+ 2001-08-17 18:13:48 164,923 -c--a-w C:\WINDOWS\system32\dllcache\diapi2.sys
+ 2001-08-23 15:47:02 32,256 -c--a-w C:\WINDOWS\system32\dllcache\diapi2NT.dll
+ 2001-08-23 15:47:02 65,622 -c--a-w C:\WINDOWS\system32\dllcache\digiasyn.dll
+ 2001-08-23 15:10:10 37,927 -c--a-w C:\WINDOWS\system32\dllcache\digiasyn.sys
+ 2001-08-23 15:47:02 135,252 -c--a-w C:\WINDOWS\system32\dllcache\digidbp.dll
+ 2001-08-23 15:10:10 103,492 -c--a-w C:\WINDOWS\system32\dllcache\digidxb.sys
+ 2001-08-23 15:10:12 90,685 -c--a-w C:\WINDOWS\system32\dllcache\digifep5.sys
+ 2001-08-23 15:47:02 229,462 -c--a-w C:\WINDOWS\system32\dllcache\digifwrk.dll
+ 2001-08-23 15:47:02 159,828 -c--a-w C:\WINDOWS\system32\dllcache\digihlc.dll
+ 2001-08-23 15:47:02 102,484 -c--a-w C:\WINDOWS\system32\dllcache\digiinf.dll
+ 2001-08-23 15:47:02 41,046 -c--a-w C:\WINDOWS\system32\dllcache\digiisdn.dll
+ 2001-08-17 18:14:44 21,606 -c--a-w C:\WINDOWS\system32\dllcache\digiisdn.sys
+ 2001-08-23 15:47:02 110,621 -c--a-w C:\WINDOWS\system32\dllcache\digirlpt.dll
+ 2001-08-23 15:10:16 42,656 -c--a-w C:\WINDOWS\system32\dllcache\digirlpt.sys
+ 2001-08-23 15:47:34 622,621 -c--a-w C:\WINDOWS\system32\dllcache\digiview.exe
+ 2001-08-17 18:13:52 91,305 -c--a-w C:\WINDOWS\system32\dllcache\dimaint.sys
+ 2004-08-05 12:00:00 36,352 -c--a-w C:\WINDOWS\system32\dllcache\disk.sys
+ 2001-08-23 15:47:02 6,729 -c--a-w C:\WINDOWS\system32\dllcache\disrvci.dll
+ 2001-08-23 15:47:02 31,817 -c--a-w C:\WINDOWS\system32\dllcache\disrvpp.dll
+ 2001-08-23 15:47:02 38,985 -c--a-w C:\WINDOWS\system32\dllcache\disrvsu.dll
+ 2001-08-23 15:47:34 236,060 -c--a-w C:\WINDOWS\system32\dllcache\ditrace.exe
+ 2001-08-23 15:47:02 6,216 -c--a-w C:\WINDOWS\system32\dllcache\divaci.dll
+ 2001-08-23 15:47:02 37,962 -c--a-w C:\WINDOWS\system32\dllcache\divaprop.dll
+ 2001-08-23 15:47:02 29,768 -c--a-w C:\WINDOWS\system32\dllcache\divasu.dll
+ 2001-08-17 18:11:44 26,698 -c--a-w C:\WINDOWS\system32\dllcache\dlh5xnd5.sys
+ 2004-08-03 21:00:06 8,320 -c--a-w C:\WINDOWS\system32\dllcache\dlttape.sys
+ 2001-08-17 18:11:42 29,696 -c--a-w C:\WINDOWS\system32\dllcache\dm9pci5.sys
+ 2004-08-03 21:07:40 52,864 -c--a-w C:\WINDOWS\system32\dllcache\dmusic.sys
+ 2004-08-05 12:00:00 58,880 -c--a-w C:\WINDOWS\system32\dllcache\dmutil.dll
+ 2004-08-03 20:58:30 207,360 -c--a-w C:\WINDOWS\system32\dllcache\dot4.sys
+ 2001-08-17 19:47:32 12,928 -c--a-w C:\WINDOWS\system32\dllcache\dot4prt.sys
+ 2001-08-17 19:47:32 8,704 -c--a-w C:\WINDOWS\system32\dllcache\dot4scan.sys
+ 2001-08-23 15:11:02 24,064 -c--a-w C:\WINDOWS\system32\dllcache\dot4usb.sys
+ 2001-08-17 18:12:32 28,062 -c--a-w C:\WINDOWS\system32\dllcache\dp83820.sys
+ 2001-08-17 20:07:44 20,192 -c--a-w C:\WINDOWS\system32\dllcache\dpti2o.sys
+ 2004-08-05 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\drmkaud.sys
+ 2001-08-17 18:20:18 334,208 -c--a-w C:\WINDOWS\system32\dllcache\ds1wdm.sys
+ 2004-08-05 12:00:00 59,392 -c--a-w C:\WINDOWS\system32\dllcache\dvdplay.exe
+ 2004-08-05 12:00:00 71,040 -c--a-w C:\WINDOWS\system32\dllcache\dxg.sys
+ 2001-08-23 15:12:50 51,743 -c--a-w C:\WINDOWS\system32\dllcache\e1000nt5.sys
+ 2001-08-17 18:12:12 19,594 -c--a-w C:\WINDOWS\system32\dllcache\e100isa4.sys
+ 2001-08-23 15:13:26 44,615 -c--a-w C:\WINDOWS\system32\dllcache\el515.sys
+ 2001-08-17 18:10:56 55,999 -c--a-w C:\WINDOWS\system32\dllcache\el556nd5.sys
+ 2001-08-17 18:10:56 24,653 -c--a-w C:\WINDOWS\system32\dllcache\el574nd4.sys
+ 2001-08-17 18:10:58 69,692 -c--a-w C:\WINDOWS\system32\dllcache\el575nd5.sys
+ 2001-08-17 18:10:52 26,141 -c--a-w C:\WINDOWS\system32\dllcache\el589nd5.sys
+ 2001-08-17 18:11:00 69,194 -c--a-w C:\WINDOWS\system32\dllcache\el656cd5.sys
+ 2001-08-17 18:11:00 77,386 -c--a-w C:\WINDOWS\system32\dllcache\el656nd5.sys
+ 2001-08-23 15:13:30 241,238 -c--a-w C:\WINDOWS\system32\dllcache\el656se5.sys
+ 2001-08-17 18:11:06 66,591 -c--a-w C:\WINDOWS\system32\dllcache\el90xbc5.sys
+ 2001-08-23 15:13:30 153,631 -c--a-w C:\WINDOWS\system32\dllcache\el90xnd5.sys
+ 2001-08-23 15:13:30 455,711 -c--a-w C:\WINDOWS\system32\dllcache\el985n51.sys
+ 2001-08-17 18:11:04 70,174 -c--a-w C:\WINDOWS\system32\dllcache\el98xn5.sys
+ 2001-08-23 15:13:32 175,104 -c--a-w C:\WINDOWS\system32\dllcache\el99xn51.sys
+ 2001-08-17 19:53:02 7,296 -c--a-w C:\WINDOWS\system32\dllcache\elmsmc.sys
+ 2001-08-17 18:10:52 25,159 -c--a-w C:\WINDOWS\system32\dllcache\elnk3.sys
+ 2001-08-17 18:10:54 19,996 -c--a-w C:\WINDOWS\system32\dllcache\em556n4.sys
+ 2001-08-17 18:19:26 283,904 -c--a-w C:\WINDOWS\system32\dllcache\emu10k1m.sys
+ 2001-08-17 19:46:40 6,400 -c--a-w C:\WINDOWS\system32\dllcache\enum1394.sys
+ 2001-08-17 19:50:20 144,896 -c--a-w C:\WINDOWS\system32\dllcache\epcfw2k.sys
+ 2001-08-17 18:12:08 18,503 -c--a-w C:\WINDOWS\system32\dllcache\epro4.sys
+ 2001-08-17 19:50:20 114,944 -c--a-w C:\WINDOWS\system32\dllcache\epstw2k.sys
+ 2001-08-23 15:47:34 53,760 -c--a-w C:\WINDOWS\system32\dllcache\eqndiag.exe
+ 2001-08-23 15:47:34 51,712 -c--a-w C:\WINDOWS\system32\dllcache\eqnlogr.exe
+ 2001-08-23 15:47:34 62,464 -c--a-w C:\WINDOWS\system32\dllcache\eqnloop.exe
+ 2001-08-17 18:19:38 37,120 -c--a-w C:\WINDOWS\system32\dllcache\es1370mp.sys
+ 2001-08-17 18:19:34 40,704 -c--a-w C:\WINDOWS\system32\dllcache\es1371mp.sys
+ 2001-08-17 18:19:58 72,192 -c--a-w C:\WINDOWS\system32\dllcache\es1969.sys
+ 2001-08-17 18:19:48 174,464 -c--a-w C:\WINDOWS\system32\dllcache\es198x.sys
+ 2001-08-23 15:16:04 596,319 -c--a-w C:\WINDOWS\system32\dllcache\es56cvmp.sys
+ 2001-08-23 15:16:06 594,910 -c--a-w C:\WINDOWS\system32\dllcache\es56hpi.sys
+ 2001-08-23 15:16:06 348,222 -c--a-w C:\WINDOWS\system32\dllcache\es56tpi.sys
+ 2001-08-17 18:19:56 63,360 -c--a-w C:\WINDOWS\system32\dllcache\ess.sys
+ 2004-08-03 20:32:28 137,088 -c--a-w C:\WINDOWS\system32\dllcache\essm2e.sys
+ 2001-08-23 15:47:04 43,008 -c--a-w C:\WINDOWS\system32\dllcache\esucm.dll
+ 2001-08-23 15:47:04 34,816 -c--a-w C:\WINDOWS\system32\dllcache\esuimg.dll
+ 2001-08-23 15:47:04 46,080 -c--a-w C:\WINDOWS\system32\dllcache\esuni.dll
+ 2001-08-23 15:47:04 46,080 -c--a-w C:\WINDOWS\system32\dllcache\esunib.dll
+ 2001-08-17 18:12:08 16,998 -c--a-w C:\WINDOWS\system32\dllcache\ex10.sys
+ 2001-08-17 19:52:48 7,040 -c--a-w C:\WINDOWS\system32\dllcache\exabyte2.sys
+ 2001-08-17 18:11:54 12,362 -c--a-w C:\WINDOWS\system32\dllcache\f3ab18xi.sys
+ 2001-08-17 18:11:56 11,850 -c--a-w C:\WINDOWS\system32\dllcache\f3ab18xj.sys
+ 2001-08-17 18:12:32 16,074 -c--a-w C:\WINDOWS\system32\dllcache\fa312nd5.sys
+ 2001-08-17 18:12:32 24,618 -c--a-w C:\WINDOWS\system32\dllcache\fa410nd5.sys
+ 2004-08-05 12:00:00 27,392 -c--a-w C:\WINDOWS\system32\dllcache\fdc.sys
+ 2001-08-17 18:10:54 22,090 -c--a-w C:\WINDOWS\system32\dllcache\fem556n5.sys
+ 2001-08-17 18:13:08 27,165 -c--a-w C:\WINDOWS\system32\dllcache\fetnd5.sys
+ 2004-08-05 12:00:00 20,480 -c--a-w C:\WINDOWS\system32\dllcache\flpydisk.sys
+ 2001-08-23 15:47:04 72,192 -c--a-w C:\WINDOWS\system32\dllcache\fnfilter.dll
+ 2004-08-03 20:31:24 34,173 -c--a-w C:\WINDOWS\system32\dllcache\forehe.sys
+ 2001-08-17 18:14:24 444,416 -c--a-w C:\WINDOWS\system32\dllcache\fpcibase.sys
+ 2001-08-17 18:14:44 441,728 -c--a-w C:\WINDOWS\system32\dllcache\fpcmbase.sys
+ 2001-08-17 18:15:02 442,240 -c--a-w C:\WINDOWS\system32\dllcache\fpnpbase.sys
+ 2004-08-05 12:00:00 193,024 -c--a-w C:\WINDOWS\system32\dllcache\fsquirt.exe
+ 2004-08-05 12:00:00 12,416 -c--a-w C:\WINDOWS\system32\dllcache\fsvga.sys
+ 2004-08-05 12:00:00 126,080 -c--a-w C:\WINDOWS\system32\dllcache\ftdisk.sys
+ 2001-08-17 18:15:38 455,296 -c--a-w C:\WINDOWS\system32\dllcache\fusbbase.sys
+ 2001-08-23 15:47:04 92,672 -c--a-w C:\WINDOWS\system32\dllcache\fuusd.dll
+ 2001-08-17 18:15:56 454,912 -c--a-w C:\WINDOWS\system32\dllcache\fxusbase.sys
+ 2001-08-23 15:46:44 470,144 -c--a-w C:\WINDOWS\system32\dllcache\g200d.dll
+ 2001-08-23 15:18:04 320,512 -c--a-w C:\WINDOWS\system32\dllcache\g200m.sys
+ 2001-08-23 15:18:06 322,560 -c--a-w C:\WINDOWS\system32\dllcache\g400m.sys
+ 2004-08-05 12:00:00 46,464 -c--a-w C:\WINDOWS\system32\dllcache\gagp30kx.sys
+ 2004-08-03 21:08:22 10,624 -c--a-w C:\WINDOWS\system32\dllcache\gameenum.sys
+ 2004-08-03 21:08:30 59,136 -c--a-w C:\WINDOWS\system32\dllcache\gckernel.sys
+ 2001-08-23 15:18:36 17,664 -c--a-w C:\WINDOWS\system32\dllcache\gpr400.sys
+ 2001-08-23 15:18:40 82,560 -c--a-w C:\WINDOWS\system32\dllcache\grclass.sys
+ 2004-08-03 22:40:16 28,672 -c--a-w C:\WINDOWS\system32\dllcache\grserial.sys
+ 2004-08-05 12:00:00 7,168 -c--a-w C:\WINDOWS\system32\dllcache\hccoin.dll
+ 2001-08-23 15:19:04 908,000 -c--a-w C:\WINDOWS\system32\dllcache\hcf_msft.sys
+ 2004-08-05 12:00:00 20,992 -c--a-w C:\WINDOWS\system32\dllcache\hid.dll
+ 2001-08-17 19:58:00 19,200 -c--a-w C:\WINDOWS\system32\dllcache\hidbatt.sys
+ 2004-08-03 22:40:42 25,856 -c--a-w C:\WINDOWS\system32\dllcache\hidbth.sys
+ 2004-08-05 12:00:00 36,224 -c--a-w C:\WINDOWS\system32\dllcache\hidclass.sys
+ 2001-08-17 20:02:32 8,576 -c--a-w C:\WINDOWS\system32\dllcache\hidgame.sys
+ 2004-08-03 21:08:20 15,104 -c--a-w C:\WINDOWS\system32\dllcache\hidir.sys
+ 2004-08-05 12:00:00 24,960 -c--a-w C:\WINDOWS\system32\dllcache\hidparse.sys
+ 2004-08-03 22:54:28 21,504 -c--a-w C:\WINDOWS\system32\dllcache\hidserv.dll
+ 2001-08-17 20:02:50 2,688 -c--a-w C:\WINDOWS\system32\dllcache\hidswvd.sys
+ 2004-08-05 12:00:00 9,600 -c--a-w C:\WINDOWS\system32\dllcache\hidusb.sys
+ 2001-08-23 15:47:04 119,296 -c--a-w C:\WINDOWS\system32\dllcache\hpdigwia.dll
+ 2001-08-23 15:47:04 83,968 -c--a-w C:\WINDOWS\system32\dllcache\hpgt21.dll
+ 2001-08-23 15:47:04 123,392 -c--a-w C:\WINDOWS\system32\dllcache\hpgt21tk.dll
+ 2001-08-23 15:47:04 89,088 -c--a-w C:\WINDOWS\system32\dllcache\hpgt33.dll
+ 2001-08-23 15:47:04 48,128 -c--a-w C:\WINDOWS\system32\dllcache\hpgt33tk.dll
+ 2001-08-23 15:47:04 101,376 -c--a-w C:\WINDOWS\system32\dllcache\hpgt34.dll
+ 2001-08-23 15:47:04 126,976 -c--a-w C:\WINDOWS\system32\dllcache\hpgt34tk.dll
+ 2001-08-23 15:47:04 93,696 -c--a-w C:\WINDOWS\system32\dllcache\hpgt42.dll
+ 2001-08-23 15:47:04 31,232 -c--a-w C:\WINDOWS\system32\dllcache\hpgt42tk.dll
+ 2001-08-23 15:47:04 165,888 -c--a-w C:\WINDOWS\system32\dllcache\hpgt53.dll
+ 2001-08-23 15:47:04 68,608 -c--a-w C:\WINDOWS\system32\dllcache\hpgt53tk.dll
+ 2001-08-23 15:47:04 32,768 -c--a-w C:\WINDOWS\system32\dllcache\hpgtmcro.dll
+ 2001-08-17 20:07:44 25,952 -c--a-w C:\WINDOWS\system32\dllcache\hpn.sys
+ 2001-08-23 15:47:04 324,608 -c--a-w C:\WINDOWS\system32\dllcache\hpojwia.dll
+ 2001-08-23 15:47:04 13,312 -c--a-w C:\WINDOWS\system32\dllcache\hpsjmcro.dll
+ 2001-08-17 19:52:50 5,760 -c--a-w C:\WINDOWS\system32\dllcache\hpt4qic.sys
+ 2001-08-23 15:47:04 19,456 -c--a-w C:\WINDOWS\system32\dllcache\hr1w.dll
+ 2001-08-17 19:28:04 150,239 -c--a-w C:\WINDOWS\system32\dllcache\hsf_amos.sys
+ 2001-08-17 19:28:04 67,167 -c--a-w C:\WINDOWS\system32\dllcache\hsf_bsc2.sys
+ 2001-08-17 19:28:06 289,887 -c--a-w C:\WINDOWS\system32\dllcache\hsf_fall.sys
+ 2001-08-17 19:28:06 199,711 -c--a-w C:\WINDOWS\system32\dllcache\hsf_faxx.sys
+ 2001-08-17 19:28:06 115,807 -c--a-w C:\WINDOWS\system32\dllcache\hsf_fsks.sys
+ 2001-08-23 15:47:04 9,759 -c--a-w C:\WINDOWS\system32\dllcache\hsf_inst.dll
+ 2001-08-17 19:28:08 391,199 -c--a-w C:\WINDOWS\system32\dllcache\hsf_k56k.sys
+ 2001-08-17 19:28:10 57,471 -c--a-w C:\WINDOWS\system32\dllcache\hsf_samp.sys
+ 2001-08-17 19:28:10 44,863 -c--a-w C:\WINDOWS\system32\dllcache\hsf_soar.sys
+ 2001-08-17 19:28:10 73,279 -c--a-w C:\WINDOWS\system32\dllcache\hsf_spkp.sys
+ 2001-08-17 19:28:12 50,751 -c--a-w C:\WINDOWS\system32\dllcache\hsf_tone.sys
+ 2001-08-17 19:28:12 488,383 -c--a-w C:\WINDOWS\system32\dllcache\hsf_v124.sys
+ 2004-08-03 20:41:48 220,032 -c--a-w C:\WINDOWS\system32\dllcache\hsfbs2s2.sys
+ 2004-08-03 22:54:28 32,285 -c--a-w C:\WINDOWS\system32\dllcache\hsfcisp2.dll
+ 2004-08-03 20:41:50 685,056 -c--a-w C:\WINDOWS\system32\dllcache\hsfcxts2.sys
+ 2006-03-17 00:33:10 262,784 -c--a-w C:\WINDOWS\system32\dllcache\http.sys
+ 2004-08-03 21:00:52 8,192 -c--a-w C:\WINDOWS\system32\dllcache\i2omgmt.sys
+ 2004-08-03 21:00:52 18,560 -c--a-w C:\WINDOWS\system32\dllcache\i2omp.sys
+ 2001-08-23 15:46:46 353,184 -c--a-w C:\WINDOWS\system32\dllcache\i740dnt5.dll
+ 2001-08-17 18:49:06 58,592 -c--a-w C:\WINDOWS\system32\dllcache\i740nt5.sys
+ 2004-08-05 12:00:00 54,400 -c--a-w C:\WINDOWS\system32\dllcache\i8042prt.sys
+ 2004-08-03 22:54:28 702,845 -c--a-w C:\WINDOWS\system32\dllcache\i81xdnt5.dll
+ 2004-08-03 20:29:38 161,020 -c--a-w C:\WINDOWS\system32\dllcache\i81xnt5.sys
+ 2001-08-17 18:11:58 28,700 -c--a-w C:\WINDOWS\system32\dllcache\ibmexmp.sys
+ 2001-08-23 15:45:26 10,240 -c--a-w C:\WINDOWS\system32\dllcache\ibmsgnet.dll
+ 2001-08-17 18:12:00 100,936 -c--a-w C:\WINDOWS\system32\dllcache\ibmtok.sys
+ 2001-08-17 18:12:02 109,085 -c--a-w C:\WINDOWS\system32\dllcache\ibmtrp.sys
+ 2001-08-17 20:06:46 38,528 -c--a-w C:\WINDOWS\system32\dllcache\ibmvcap.sys
+ 2001-08-17 20:05:44 141,056 -c--a-w C:\WINDOWS\system32\dllcache\icam3.sys
+ 2001-08-23 15:47:04 27,136 -c--a-w C:\WINDOWS\system32\dllcache\icam3ext.dll
+ 2001-08-23 15:47:04 92,160 -c--a-w C:\WINDOWS\system32\dllcache\icam4com.dll
+ 2001-08-23 15:47:04 63,488 -c--a-w C:\WINDOWS\system32\dllcache\icam4ext.dll
+ 2001-08-17 20:06:02 154,496 -c--a-w C:\WINDOWS\system32\dllcache\icam4usb.sys
+ 2001-08-23 15:47:04 45,056 -c--a-w C:\WINDOWS\system32\dllcache\icam5com.dll
+ 2001-08-23 15:47:04 20,992 -c--a-w C:\WINDOWS\system32\dllcache\icam5ext.dll
+ 2001-08-17 20:06:20 100,992 -c--a-w C:\WINDOWS\system32\dllcache\icam5usb.sys
+ 2004-08-05 12:00:00 41,856 -c--a-w C:\WINDOWS\system32\dllcache\imapi.sys
+ 2001-08-17 19:52:08 16,000 -c--a-w C:\WINDOWS\system32\dllcache\ini910u.sys
+ 2001-08-23 14:57:12 13,824 -c--a-w C:\WINDOWS\system32\dllcache\inport.sys
+ 2004-08-05 12:00:00 5,504 -c--a-w C:\WINDOWS\system32\dllcache\intelide.sys
+ 2004-08-05 12:00:00 40,320 -c--a-w C:\WINDOWS\system32\dllcache\intelppm.sys
+ 2001-08-17 19:50:56 38,784 -c--a-w C:\WINDOWS\system32\dllcache\io8.sys
+ 2001-08-23 15:47:04 90,200 -c--a-w C:\WINDOWS\system32\dllcache\io8ports.dll
+ 2001-08-17 18:12:12 45,632 -c--a-w C:\WINDOWS\system32\dllcache\ip5515.sys
+ 2004-08-03 21:00:54 87,424 -c--a-w C:\WINDOWS\system32\dllcache\irda.sys
+ 2004-08-03 22:54:54 154,112 -c--a-w C:\WINDOWS\system32\dllcache\irftp.exe
+ 2001-08-17 19:49:04 23,552 -c--a-w C:\WINDOWS\system32\dllcache\irmk7.sys
+ 2004-08-03 22:54:30 28,160 -c--a-w C:\WINDOWS\system32\dllcache\irmon.dll
+ 2001-08-17 19:51:32 18,688 -c--a-w C:\WINDOWS\system32\dllcache\irsir.sys
+ 2001-08-17 19:49:10 26,624 -c--a-w C:\WINDOWS\system32\dllcache\irstusb.sys
+ 2004-08-05 12:00:00 36,224 -c--a-w C:\WINDOWS\system32\dllcache\isapnp.sys
+ 2004-08-05 12:00:00 47,616 -c--a-w C:\WINDOWS\system32\dllcache\iyuv_32.dll
+ 2004-08-05 12:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101b.dll
+ 2004-08-05 12:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101c.dll
+ 2004-08-05 12:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbd103.dll
+ 2004-08-05 12:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd106.dll
+ 2004-08-05 12:00:00 25,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
+ 2004-08-03 22:45:14 14,848 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys
+ 2004-08-05 12:00:00 8,704 -c--a-w C:\WINDOWS\system32\dllcache\kbdjpn.dll
+ 2004-08-05 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\kbdkor.dll
+ 2001-08-23 15:47:06 46,080 -c--a-w C:\WINDOWS\system32\dllcache\kdsui.dll
+ 2001-08-23 15:47:06 37,888 -c--a-w C:\WINDOWS\system32\dllcache\kousd.dll
+ 2001-08-17 18:12:14 19,016 -c--a-w C:\WINDOWS\system32\dllcache\ktc111.sys
+ 2001-08-23 14:59:46 26,922 -c--a-w C:\WINDOWS\system32\dllcache\lanepic5.sys
+ 2004-08-03 20:59:34 34,688 -c--a-w C:\WINDOWS\system32\dllcache\lbrtfdc.sys
+ 2001-08-23 15:00:10 16,384 -c--a-w C:\WINDOWS\system32\dllcache\lit220p.sys
+ 2001-08-17 18:11:52 25,065 -c--a-w C:\WINDOWS\system32\dllcache\lmndis3.sys
+ 2001-08-17 18:12:20 20,573 -c--a-w C:\WINDOWS\system32\dllcache\lne100.sys
+ 2001-08-17 18:12:24 70,730 -c--a-w C:\WINDOWS\system32\dllcache\lne100tx.sys
+ 2001-08-17 19:53:42 4,992 -c--a-w C:\WINDOWS\system32\dllcache\loop.sys
+ 2001-08-23 15:00:48 728,554 -c--a-w C:\WINDOWS\system32\dllcache\ltck000c.sys
+ 2004-08-03 22:46:46 607,452 -c--a-w C:\WINDOWS\system32\dllcache\ltmdmnt.sys
+ 2001-08-23 15:00:50 577,514 -c--a-w C:\WINDOWS\system32\dllcache\ltmdmntl.sys
+ 2004-08-03 22:46:50 422,528 -c--a-w C:\WINDOWS\system32\dllcache\ltmdmntt.sys
+ 2004-08-03 21:00:08 7,040 -c--a-w C:\WINDOWS\system32\dllcache\ltotape.sys
+ 2001-08-17 19:28:12 797,500 -c--a-w C:\WINDOWS\system32\dllcache\ltsmt.sys
+ 2004-08-03 20:39:32 20,864 -c--a-w C:\WINDOWS\system32\dllcache\lwadihid.sys
+ 2001-08-17 18:49:20 22,848 -c--a-w C:\WINDOWS\system32\dllcache\lwusbhid.sys
+ 2001-08-23 15:47:06 58,880 -c--a-w C:\WINDOWS\system32\dllcache\m3091dc.dll
+ 2001-08-23 15:47:06 59,392 -c--a-w C:\WINDOWS\system32\dllcache\m3092dc.dll
+ 2001-08-17 18:19:58 48,768 -c--a-w C:\WINDOWS\system32\dllcache\maestro.sys
+ 2001-08-17 19:52:50 7,424 -c--a-w C:\WINDOWS\system32\dllcache\mammoth.sys
+ 2001-08-23 15:02:28 165,066 -c--a-w C:\WINDOWS\system32\dllcache\mdgndis5.sys
+ 2004-08-05 12:00:00 147,968 -c--a-w C:\WINDOWS\system32\dllcache\mdwmdmsp.dll
+ 2001-08-17 19:58:04 8,320 -c--a-w C:\WINDOWS\system32\dllcache\memcard.sys
+ 2001-08-23 15:47:06 47,616 -c--a-w C:\WINDOWS\system32\dllcache\memgrp.dll
+ 2004-08-03 21:00:50 26,112 -c--a-w C:\WINDOWS\system32\dllcache\memstpci.sys
+ 2004-08-05 12:00:00 63,744 -c--a-w C:\WINDOWS\system32\dllcache\mf.sys
+ 2001-08-23 15:46:46 235,648 -c--a-w C:\WINDOWS\system32\dllcache\mgaud.dll
- 2005-07-25 23:46:57 7,680 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
+ 2004-08-05 12:00:00 7,680 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
+ 2001-08-17 19:52:50 6,528 -c--a-w C:\WINDOWS\system32\dllcache\miniqic.sys
+ 2004-08-05 12:00:00 30,336 -c--a-w C:\WINDOWS\system32\dllcache\modem.sys
+ 2001-08-17 19:57:38 16,128 -c--a-w C:\WINDOWS\system32\dllcache\modemcsa.sys
+ 2004-08-05 12:00:00 23,680 -c--a-w C:\WINDOWS\system32\dllcache\mouclass.sys
+ 2004-08-05 12:00:00 12,288 -c--a-w C:\WINDOWS\system32\dllcache\mouhid.sys
+ 2004-08-03 21:10:14 15,360 -c--a-w C:\WINDOWS\system32\dllcache\mpe.sys
+ 2001-08-17 19:52:12 17,280 -c--a-w C:\WINDOWS\system32\dllcache\mraid35x.sys
+ 2004-08-03 21:10:00 51,328 -c--a-w C:\WINDOWS\system32\dllcache\msdv.sys
+ 2001-08-17 19:48:36 6,016 -c--a-w C:\WINDOWS\system32\dllcache\msfsio.sys
+ 2001-08-17 20:02:40 35,200 -c--a-w C:\WINDOWS\system32\dllcache\msgame.sys
+ 2004-08-03 21:00:48 22,016 -c--a-w C:\WINDOWS\system32\dllcache\msircomm.sys
+ 2004-08-05 12:00:00 7,552 -c--a-w C:\WINDOWS\system32\dllcache\mskssrv.sys
+ 2001-08-17 20:00:04 2,944 -c--a-w C:\WINDOWS\system32\dllcache\msmpu401.sys
+ 2004-08-05 12:00:00 5,376 -c--a-w C:\WINDOWS\system32\dllcache\mspclock.sys
+ 2004-08-05 12:00:00 4,992 -c--a-w C:\WINDOWS\system32\dllcache\mspqm.sys
+ 2001-08-17 19:48:50 12,416 -c--a-w C:\WINDOWS\system32\dllcache\msriffwv.sys
+ 2004-08-05 12:00:00 15,488 -c--a-w C:\WINDOWS\system32\dllcache\mssmbios.sys
+ 2004-08-03 21:10:00 49,024 -c--a-w C:\WINDOWS\system32\dllcache\mstape.sys
+ 2004-08-03 20:58:40 5,504 -c--a-w C:\WINDOWS\system32\dllcache\mstee.sys
+ 2004-08-05 12:00:00 17,408 -c--a-w C:\WINDOWS\system32\dllcache\msyuv.dll
+ 2004-08-03 20:41:40 126,686 -c--a-w C:\WINDOWS\system32\dllcache\mtlmnt5.sys
+ 2004-08-03 20:41:38 1,309,184 -c--a-w C:\WINDOWS\system32\dllcache\mtlstrm.sys
+ 2004-08-03 20:29:38 452,736 -c--a-w C:\WINDOWS\system32\dllcache\mtxparhm.sys
+ 2001-08-17 18:50:04 103,296 -c--a-w C:\WINDOWS\system32\dllcache\mtxvideo.sys
+ 2004-08-03 21:04:52 12,672 -c--a-w C:\WINDOWS\system32\dllcache\mutohpen.sys
+ 2001-08-23 15:08:58 22,144 -c--a-w C:\WINDOWS\system32\dllcache\mxcard.sys
+ 2001-08-23 15:47:14 19,968 -c--a-w C:\WINDOWS\system32\dllcache\mxicfg.dll
+ 2001-08-17 19:49:32 19,968 -c--a-w C:\WINDOWS\system32\dllcache\mxnic.sys
+ 2001-08-23 15:47:14 7,168 -c--a-w C:\WINDOWS\system32\dllcache\mxport.dll
+ 2001-08-23 15:09:00 76,928 -c--a-w C:\WINDOWS\system32\dllcache\mxport.sys
+ 2001-08-23 15:09:02 53,791 -c--a-w C:\WINDOWS\system32\dllcache\n1000nt5.sys
+ 2001-08-23 15:09:02 131,072 -c--a-w C:\WINDOWS\system32\dllcache\n100325.sys
+ 2001-08-23 15:46:46 35,392 -c--a-w C:\WINDOWS\system32\dllcache\n9i128.dll
+ 2001-08-17 18:50:06 13,664 -c--a-w C:\WINDOWS\system32\dllcache\n9i128.sys
+ 2001-08-23 15:46:46 59,104 -c--a-w C:\WINDOWS\system32\dllcache\n9i128v2.dll
+ 2001-08-17 18:50:08 33,088 -c--a-w C:\WINDOWS\system32\dllcache\n9i128v2.sys
+ 2001-08-17 18:50:10 27,936 -c--a-w C:\WINDOWS\system32\dllcache\n9i3d.sys
+ 2001-08-23 15:46:46 91,488 -c--a-w C:\WINDOWS\system32\dllcache\n9i3disp.dll
+ 2004-08-03 21:10:30 85,376 -c--a-w C:\WINDOWS\system32\dllcache\nabtsfec.sys
+ 2004-08-03 21:10:14 10,880 -c--a-w C:\WINDOWS\system32\dllcache\ndisip.sys
+ 2004-08-05 12:00:00 12,928 -c--a-w C:\WINDOWS\system32\dllcache\ndisuio.sys
+ 2001-08-17 19:49:14 15,872 -c--a-w C:\WINDOWS\system32\dllcache\ne2000.sys
+ 2001-08-23 15:46:46 60,480 -c--a-w C:\WINDOWS\system32\dllcache\neo20xx.dll
+ 2001-08-17 18:50:04 39,264 -c--a-w C:\WINDOWS\system32\dllcache\neo20xx.sys
+ 2001-08-23 15:10:08 66,302 -c--a-w C:\WINDOWS\system32\dllcache\netflx3.sys
+ 2001-08-17 18:12:20 32,840 -c--a-w C:\WINDOWS\system32\dllcache\ngrpci.sys
+ 2004-08-05 12:00:00 61,824 -c--a-w C:\WINDOWS\system32\dllcache\nic1394.sys
+ 2004-08-05 12:00:00 12,032 -c--a-w C:\WINDOWS\system32\dllcache\nikedrv.sys
+ 2001-08-17 18:20:08 126,080 -c--a-w C:\WINDOWS\system32\dllcache\nm5a2wdm.sys
+ 2001-08-17 18:20:08 87,040 -c--a-w C:\WINDOWS\system32\dllcache\nm6wdm.sys
+ 2004-08-03 21:00:52 28,672 -c--a-w C:\WINDOWS\system32\dllcache\nscirda.sys
+ 2001-08-17 19:53:02 7,552 -c--a-w C:\WINDOWS\system32\dllcache\nsmmc.sys
+ 2001-08-23 15:11:48 9,472 -c--a-w C:\WINDOWS\system32\dllcache\ntapm.sys
+ 2001-08-17 18:49:04 51,552 -c--a-w C:\WINDOWS\system32\dllcache\ntgrip.sys
+ 2004-08-03 20:41:40 180,360 -c--a-w C:\WINDOWS\system32\dllcache\ntmtlfax.sys
+ 2001-08-23 15:46:46 123,776 -c--a-w C:\WINDOWS\system32\dllcache\nv3.dll
+ 2001-08-17 18:50:18 198,144 -c--a-w C:\WINDOWS\system32\dllcache\nv3.sys
+ 2004-08-03 20:29:56 1,897,408 -c--a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
+ 2004-08-03 21:10:10 61,056 -c--a-w C:\WINDOWS\system32\dllcache\ohci1394.sys
+ 2001-08-17 18:20:16 54,528 -c--a-w C:\WINDOWS\system32\dllcache\opl3sax.sys
+ 2004-08-05 12:00:00 3,456 -c--a-w C:\WINDOWS\system32\dllcache\oprghdlr.sys
+ 2001-08-17 18:12:36 27,209 -c--a-w C:\WINDOWS\system32\dllcache\otc06x5.sys
+ 2001-08-23 15:15:04 44,297 -c--a-w C:\WINDOWS\system32\dllcache\otceth5.sys
+ 2001-08-23 15:15:04 54,954 -c--a-w C:\WINDOWS\system32\dllcache\otcsercb.sys
+ 2001-08-17 20:05:04 25,088 -c--a-w C:\WINDOWS\system32\dllcache\ovca.sys
+ 2001-08-17 20:05:12 48,000 -c--a-w C:\WINDOWS\system32\dllcache\ovcam2.sys
+ 2001-08-17 20:05:16 28,032 -c--a-w C:\WINDOWS\system32\dllcache\ovcd.sys
+ 2001-08-17 20:05:20 31,872 -c--a-w C:\WINDOWS\system32\dllcache\ovce.sys
+ 2001-08-23 15:47:16 116,736 -c--a-w C:\WINDOWS\system32\dllcache\ovcodec2.dll
+ 2001-08-23 15:47:16 20,480 -c--a-w C:\WINDOWS\system32\dllcache\ovcomc.dll
+ 2001-08-23 15:47:42 39,424 -c--a-w C:\WINDOWS\system32\dllcache\ovcoms.exe
+ 2001-08-17 20:05:06 25,216 -c--a-w C:\WINDOWS\system32\dllcache\ovsound2.sys
+ 2001-08-23 15:47:16 44,544 -c--a-w C:\WINDOWS\system32\dllcache\ovui2.dll
+ 2001-08-23 15:47:16 42,496 -c--a-w C:\WINDOWS\system32\dllcache\ovui2rc.dll
+ 2004-08-05 12:00:00 46,720 -c--a-w C:\WINDOWS\system32\dllcache\p3.sys
+ 2004-08-05 12:00:00 157,696 -c--a-w C:\WINDOWS\system32\dllcache\paqsp.dll
+ 2004-08-05 12:00:00 80,384 -c--a-w C:\WINDOWS\system32\dllcache\parport.sys
+ 2001-08-17 18:12:18 30,495 -c--a-w C:\WINDOWS\system32\dllcache\pc100nds.sys
+ 2004-08-03 20:31:24 29,502 -c--a-w C:\WINDOWS\system32\dllcache\pca200e.sys
+ 2004-08-05 12:00:00 68,608 -c--a-w C:\WINDOWS\system32\dllcache\pci.sys
+ 2004-08-05 12:00:00 3,328 -c--a-w C:\WINDOWS\system32\dllcache\pciide.sys
+ 2004-08-05 12:00:00 25,088 -c--a-w C:\WINDOWS\system32\dllcache\pciidex.sys
+ 2004-08-05 12:00:00 120,320 -c--a-w C:\WINDOWS\system32\dllcache\pcmcia.sys
+ 2001-08-17 18:12:18 26,153 -c--a-w C:\WINDOWS\system32\dllcache\pcmlm56.sys
+ 2001-08-17 18:11:22 30,282 -c--a-w C:\WINDOWS\system32\dllcache\pcntn5hl.sys
+ 2001-08-17 18:11:20 29,769 -c--a-w C:\WINDOWS\system32\dllcache\pcntn5m.sys
+ 2001-08-17 18:11:22 35,328 -c--a-w C:\WINDOWS\system32\dllcache\pcntpci5.sys
+ 2001-08-23 15:47:42 86,016 -c--a-w C:\WINDOWS\system32\dllcache\pctspk.exe
+ 2004-08-03 20:06:18 169,984 -c--a-w C:\WINDOWS\system32\dllcache\pcx500.sys
+ 2001-08-17 20:07:40 27,296 -c--a-w C:\WINDOWS\system32\dllcache\perc2.sys
+ 2001-08-17 20:07:42 5,504 -c--a-w C:\WINDOWS\system32\dllcache\perc2hib.sys
+ 2004-08-03 21:06:56 27,904 -c--a-w C:\WINDOWS\system32\dllcache\perm2.sys
+ 2004-08-03 22:53:40 211,712 -c--a-w C:\WINDOWS\system32\dllcache\perm2dll.dll
+ 2004-08-03 21:06:58 28,032 -c--a-w C:\WINDOWS\system32\dllcache\perm3.sys
+ 2001-08-23 15:47:16 16,896 -c--a-w C:\WINDOWS\system32\dllcache\philcam1.dll
+ 2001-08-17 20:04:50 75,776 -c--a-w C:\WINDOWS\system32\dllcache\philcam1.sys
+ 2001-08-17 20:04:08 173,696 -c--a-w C:\WINDOWS\system32\dllcache\philcam2.sys
+ 2001-08-17 20:04:04 92,416 -c--a-w C:\WINDOWS\system32\dllcache\phildec.sys
+ 2001-08-17 20:07:20 19,840 -c--a-w C:\WINDOWS\system32\dllcache\philtune.sys
+ 2001-08-23 15:47:16 121,344 -c--a-w C:\WINDOWS\system32\dllcache\phvfwext.dll
+ 2004-08-05 12:00:00 35,328 -c--a-w C:\WINDOWS\system32\dllcache\pid.dll
+ 2004-08-05 12:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\pjlmon.dll
+ 2001-08-17 19:53:04 7,168 -c--a-w C:\WINDOWS\system32\dllcache\pnrmc.sys
+ 2001-08-17 19:53:14 7,552 -c--a-w C:\WINDOWS\system32\dllcache\powerfil.sys
+ 2001-08-17 19:53:22 17,792 -c--a-w C:\WINDOWS\system32\dllcache\ppa.sys
+ 2004-08-03 21:00:18 17,664 -c--a-w C:\WINDOWS\system32\dllcache\ppa3.sys
+ 2004-08-05 12:00:00 39,552 -c--a-w C:\WINDOWS\system32\dllcache\processr.sys
+ 2001-08-23 15:17:32 16,512 -c--a-w C:\WINDOWS\system32\dllcache\pscr.sys
+ 2001-08-23 15:47:16 35,328 -c--a-w C:\WINDOWS\system32\dllcache\psisload.dll
+ 2001-08-23 15:47:16 5,632 -c--a-w C:\WINDOWS\system32\dllcache\ptpusb.dll
+ 2004-08-03 22:54:38 159,232 -c--a-w C:\WINDOWS\system32\dllcache\ptpusd.dll
+ 2001-08-17 19:28:12 128,286 -c--a-w C:\WINDOWS\system32\dllcache\ptserli.sys
+ 2001-08-17 19:28:14 112,574 -c--a-w C:\WINDOWS\system32\dllcache\ptserlp.sys
+ 2001-08-17 19:28:14 130,942 -c--a-w C:\WINDOWS\system32\dllcache\ptserlv.sys
+ 2004-08-03 21:00:06 6,016 -c--a-w C:\WINDOWS\system32\dllcache\qic157.sys
+ 2001-08-17 19:52:20 40,320 -c--a-w C:\WINDOWS\system32\dllcache\ql1080.sys
+ 2001-08-17 19:52:16 33,152 -c--a-w C:\WINDOWS\system32\dllcache\ql10wnt.sys
+ 2001-08-17 19:52:20 45,312 -c--a-w C:\WINDOWS\system32\dllcache\ql12160.sys
+ 2001-08-17 19:52:16 40,448 -c--a-w C:\WINDOWS\system32\dllcache\ql1240.sys
+ 2001-08-17 19:52:18 49,024 -c--a-w C:\WINDOWS\system32\dllcache\ql1280.sys
+ 2001-08-17 19:53:32 3,328 -c--a-w C:\WINDOWS\system32\dllcache\qv2kux.sys
+ 2001-08-23 15:47:16 41,984 -c--a-w C:\WINDOWS\system32\dllcache\qvusd.dll
+ 2001-08-23 15:18:16 715,530 -c--a-w C:\WINDOWS\system32\dllcache\r2mdmkxx.sys
+ 2001-08-17 19:51:32 19,584 -c--a-w C:\WINDOWS\system32\dllcache\rasirda.sys
+ 2004-08-03 21:01:16 196,864 -c--a-w C:\WINDOWS\system32\dllcache\rdpdr.sys
+ 2004-08-03 20:41:40 13,776 -c--a-w C:\WINDOWS\system32\dllcache\recagent.sys
+ 2004-08-04 00:39:44 58,496 -c--a-w C:\WINDOWS\system32\dllcache\redbook.sys
+ 2001-08-23 15:47:16 86,097 -c--a-w C:\WINDOWS\system32\dllcache\reslog32.dll
+ 2004-08-03 21:10:40 59,648 -c--a-w C:\WINDOWS\system32\dllcache\rfcomm.sys
+ 2004-08-05 12:00:00 12,032 -c--a-w C:\WINDOWS\system32\dllcache\rio8drv.sys
+ 2004-08-05 12:00:00 12,032 -c--a-w C:\WINDOWS\system32\dllcache\riodrv.sys
+ 2001-08-17 18:12:36 37,563 -c--a-w C:\WINDOWS\system32\dllcache\rlnet5.sys
+ 2004-08-03 21:04:32 30,080 -c--a-w C:\WINDOWS\system32\dllcache\rndismpx.sys
+ 2004-08-03 22:40:28 79,360 -c--a-w C:\WINDOWS\system32\dllcache\rocket.sys
+ 2001-08-17 18:19:20 3,840 -c--a-w C:\WINDOWS\system32\dllcache\rpfun.sys
+ 2001-08-23 15:47:16 10,240 -c--a-w C:\WINDOWS\system32\dllcache\rsmgrstr.dll
+ 2001-08-17 18:19:22 30,720 -c--a-w C:\WINDOWS\system32\dllcache\rthwcls.sys
+ 2001-08-17 18:12:40 19,017 -c--a-w C:\WINDOWS\system32\dllcache\rtl8029.sys
+ 2004-08-03 20:31:34 20,992 -c--a-w C:\WINDOWS\system32\dllcache\rtl8139.sys
+ 2001-08-23 15:47:16 25,088 -c--a-w C:\WINDOWS\system32\dllcache\rw430ext.dll
+ 2001-08-23 15:47:16 26,624 -c--a-w C:\WINDOWS\system32\dllcache\rw450ext.dll
+ 2001-08-23 15:47:16 81,408 -c--a-w C:\WINDOWS\system32\dllcache\rwia430.dll
+ 2001-08-23 15:47:16 83,968 -c--a-w C:\WINDOWS\system32\dllcache\rwia450.dll
+ 2004-08-03 20:29:52 166,912 -c--a-w C:\WINDOWS\system32\dllcache\s3gnbm.sys
+ 2001-08-17 19:57:46 65,664 -c--a-w C:\WINDOWS\system32\dllcache\s3legacy.sys
+ 2001-08-17 18:50:34 166,720 -c--a-w C:\WINDOWS\system32\dllcache\s3m.sys
+ 2001-08-23 15:46:46 182,272 -c--a-w C:\WINDOWS\system32\dllcache\s3mt3d.dll
+ 2001-08-17 18:50:40 41,216 -c--a-w C:\WINDOWS\system32\dllcache\s3mt3d.sys
+ 2001-08-23 15:46:46 62,496 -c--a-w C:\WINDOWS\system32\dllcache\s3mtrio.dll
+ 2001-08-23 15:46:46 210,496 -c--a-w C:\WINDOWS\system32\dllcache\s3mvirge.dll
+ 2001-08-23 15:46:48 179,264 -c--a-w C:\WINDOWS\system32\dllcache\s3sav3d.dll
+ 2001-08-17 18:50:22 61,504 -c--a-w C:\WINDOWS\system32\dllcache\s3sav3dm.sys
+ 2001-08-23 15:46:48 198,400 -c--a-w C:\WINDOWS\system32\dllcache\s3sav4.dll
+ 2001-08-17 18:50:28 77,824 -c--a-w C:\WINDOWS\system32\dllcache\s3sav4m.sys
+ 2001-08-23 15:46:48 245,632 -c--a-w C:\WINDOWS\system32\dllcache\s3savmx.dll
+ 2001-08-17 18:50:34 75,392 -c--a-w C:\WINDOWS\system32\dllcache\s3savmxm.sys
+ 2004-08-03 20:59:58 43,136 -c--a-w C:\WINDOWS\system32\dllcache\sbp2port.sys
+ 2001-08-23 15:20:20 24,064 -c--a-w C:\WINDOWS\system32\dllcache\sccmn50m.sys
+ 2001-08-17 19:51:14 23,936 -c--a-w C:\WINDOWS\system32\dllcache\sccmusbm.sys
+ 2001-08-23 15:20:30 16,768 -c--a-w C:\WINDOWS\system32\dllcache\scmstcs.sys
+ 2001-08-23 15:20:32 17,536 -c--a-w C:\WINDOWS\system32\dllcache\scr111.sys
+ 2004-08-05 12:00:00 96,256 -c--a-w C:\WINDOWS\system32\dllcache\scsiport.sys
+ 2001-08-17 19:52:34 11,648 -c--a-w C:\WINDOWS\system32\dllcache\scsiprnt.sys
+ 2001-08-17 19:53:26 10,880 -c--a-w C:\WINDOWS\system32\dllcache\scsiscan.sys
+ 2004-08-05 12:00:00 67,584 -c--a-w C:\WINDOWS\system32\dllcache\sdbus.sys
+ 2004-08-05 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\sdhcinst.dll
+ 2001-08-17 19:53:10 6,912 -c--a-w C:\WINDOWS\system32\dllcache\seaddsmc.sys
+ 2004-08-05 12:00:00 15,488 -c--a-w C:\WINDOWS\system32\dllcache\serenum.sys
+ 2004-08-05 12:00:00 66,560 -c--a-w C:\WINDOWS\system32\dllcache\serial.sys
+ 2001-08-23 15:20:50 18,432 -c--a-w C:\WINDOWS\system32\dllcache\sermouse.sys
+ 2001-08-23 15:20:50 6,912 -c--a-w C:\WINDOWS\system32\dllcache\serscan.sys
+ 2004-08-05 12:00:00 11,136 -c--a-w C:\WINDOWS\system32\dllcache\sffdisk.sys
+ 2004-08-05 12:00:00 10,240 -c--a-w C:\WINDOWS\system32\dllcache\sffp_sd.sys
+ 2004-08-05 12:00:00 11,392 -c--a-w C:\WINDOWS\system32\dllcache\sfloppy.sys
+ 2001-08-17 18:19:34 36,480 -c--a-w C:\WINDOWS\system32\dllcache\sfmanm.sys
+ 2001-08-17 18:51:04 98,080 -c--a-w C:\WINDOWS\system32\dllcache\sgiulnt5.sys
+ 2001-07-21 20:29:20 18,400 -c--a-w C:\WINDOWS\system32\dllcache\sgsmld.sys
+ 2001-08-23 15:21:04 161,664 -c--a-w C:\WINDOWS\system32\dllcache\sgsmusb.sys
+ 2004-08-03 22:54:40 3,901 -c--a-w C:\WINDOWS\system32\dllcache\siint5.dll
+ 2001-08-17 18:50:46 101,760 -c--a-w C:\WINDOWS\system32\dllcache\sis300ip.sys
+ 2001-08-23 15:46:48 252,032 -c--a-w C:\WINDOWS\system32\dllcache\sis300iv.dll
+ 2001-08-17 18:50:56 68,608 -c--a-w C:\WINDOWS\system32\dllcache\sis6306p.sys
+ 2001-08-23 15:46:48 150,144 -c--a-w C:\WINDOWS\system32\dllcache\sis6306v.dll
+ 2004-08-05 12:00:00 41,088 -c--a-w C:\WINDOWS\system32\dllcache\sisagp.sys
+ 2001-08-17 18:50:48 104,064 -c--a-w C:\WINDOWS\system32\dllcache\sisgrp.sys
+ 2001-08-23 15:47:18 238,592 -c--a-w C:\WINDOWS\system32\dllcache\sisgrv.dll
+ 2004-08-03 20:31:36 32,768 -c--a-w C:\WINDOWS\system32\dllcache\sisnic.sys
+ 2001-08-17 18:50:56 50,432 -c--a-w C:\WINDOWS\system32\dllcache\sisv.sys
+ 2001-08-23 15:46:48 157,696 -c--a-w C:\WINDOWS\system32\dllcache\sisv256.dll
+ 2001-08-23 15:21:34 95,114 -c--a-w C:\WINDOWS\system32\dllcache\sk98xwin.sys
+ 2001-08-17 18:12:52 91,294 -c--a-w C:\WINDOWS\system32\dllcache\skfpwin.sys
+ 2004-08-03 20:31:42 63,547 -c--a-w C:\WINDOWS\system32\dllcache\sla30nd5.sys
+ 2004-08-03 22:54:40 73,832 -c--a-w C:\WINDOWS\system32\dllcache\slcoinst.dll
+ 2004-08-03 22:54:40 286,792 -c--a-w C:\WINDOWS\system32\dllcache\slextspk.dll
+ 2004-08-03 22:54:40 188,508 -c--a-w C:\WINDOWS\system32\dllcache\slgen.dll
+ 2004-08-03 21:10:18 11,136 -c--a-w C:\WINDOWS\system32\dllcache\slip.sys
+ 2004-08-03 20:41:42 129,535 -c--a-w C:\WINDOWS\system32\dllcache\slnt7554.sys
+ 2004-08-03 20:41:46 95,424 -c--a-w C:\WINDOWS\system32\dllcache\slnthal.sys
+ 2004-08-03 22:55:02 32,866 -c--a-w C:\WINDOWS\system32\dllcache\slrundll.exe
+ 2004-08-03 22:55:02 73,796 -c--a-w C:\WINDOWS\system32\dllcache\slserv.exe
+ 2004-08-03 20:41:46 13,240 -c--a-w C:\WINDOWS\system32\dllcache\slwdmsup.sys
+ 2001-08-23 15:47:18 28,160 -c--a-w C:\WINDOWS\system32\dllcache\sm91w.dll
+ 2001-08-23 15:47:18 28,672 -c--a-w C:\WINDOWS\system32\dllcache\sma0w.dll
+ 2001-08-23 15:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\smb0w.dll
+ 2001-08-23 15:47:18 45,568 -c--a-w C:\WINDOWS\system32\dllcache\smb3w.dll
+ 2004-08-03 21:07:38 6,016 -c--a-w C:\WINDOWS\system32\dllcache\smbali.sys
+ 2004-08-03 21:07:36 16,128 -c--a-w C:\WINDOWS\system32\dllcache\smbbatt.sys
+ 2004-08-03 21:07:36 6,912 -c--a-w C:\WINDOWS\system32\dllcache\smbclass.sys
+ 2001-08-17 19:57:56 6,784 -c--a-w C:\WINDOWS\system32\dllcache\smbhc.sys
+ 2001-08-17 18:12:46 24,576 -c--a-w C:\WINDOWS\system32\dllcache\smc8000n.sys
+ 2001-08-23 15:21:42 36,937 -c--a-w C:\WINDOWS\system32\dllcache\smcirda.sys
+ 2001-08-17 18:12:48 25,034 -c--a-w C:\WINDOWS\system32\dllcache\smcpwr2n.sys
+ 2001-08-23 15:46:48 147,200 -c--a-w C:\WINDOWS\system32\dllcache\smidispb.dll
+ 2001-08-17 18:51:00 58,368 -c--a-w C:\WINDOWS\system32\dllcache\smiminib.sys
+ 2001-08-17 19:53:14 7,040 -c--a-w C:\WINDOWS\system32\dllcache\snyaitmc.sys
+ 2004-08-03 21:00:06 7,552 -c--a-w C:\WINDOWS\system32\dllcache\sonyait.sys
+ 2004-08-05 12:00:00 25,472 -c--a-w C:\WINDOWS\system32\dllcache\sonydcam.sys
+ 2001-08-17 19:53:04 9,600 -c--a-w C:\WINDOWS\system32\dllcache\sonymc.sys
+ 2001-08-17 18:51:20 20,752 -c--a-w C:\WINDOWS\system32\dllcache\sonync.sys
+ 2001-08-17 18:51:22 37,040 -c--a-w C:\WINDOWS\system32\dllcache\sonypi.sys
+ 2001-08-17 19:56:16 7,552 -c--a-w C:\WINDOWS\system32\dllcache\sonypvu1.sys
+ 2001-08-17 20:07:44 19,072 -c--a-w C:\WINDOWS\system32\dllcache\sparrow.sys
+ 2001-08-23 15:47:18 106,584 -c--a-w C:\WINDOWS\system32\dllcache\spdports.dll
+ 2001-08-17 19:51:00 61,824 -c--a-w C:\WINDOWS\system32\dllcache\speed.sys
+ 2004-08-05 12:00:00 69,632 -c--a-w C:\WINDOWS\system32\dllcache\spnike.dll
+ 2004-08-05 12:00:00 70,656 -c--a-w C:\WINDOWS\system32\dllcache\sprio600.dll
+ 2004-08-05 12:00:00 72,192 -c--a-w C:\WINDOWS\system32\dllcache\sprio800.dll
+ 2001-08-23 15:47:18 24,660 -c--a-w C:\WINDOWS\system32\dllcache\spxupchk.dll
+ 2001-08-23 15:47:20 99,840 -c--a-w C:\WINDOWS\system32\dllcache\srusd.dll
+ 2001-08-17 18:11:08 48,736 -c--a-w C:\WINDOWS\system32\dllcache\srwlnd5.sys
+ 2001-08-23 14:57:46 17,024 -c--a-w C:\WINDOWS\system32\dllcache\stcusb.sys
+ 2001-08-23 15:47:20 53,248 -c--a-w C:\WINDOWS\system32\dllcache\stlncoin.dll
+ 2001-08-23 15:47:20 155,648 -c--a-w C:\WINDOWS\system32\dllcache\stlnprop.dll
+ 2004-08-04 00:54:44 76,800 -c--a-w C:\WINDOWS\system32\dllcache\storprop.dll
+ 2004-08-05 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\streamci.dll
+ 2004-08-03 21:10:14 15,360 -c--a-w C:\WINDOWS\system32\dllcache\streamip.sys
+ 2001-08-23 15:47:20 41,472 -c--a-w C:\WINDOWS\system32\dllcache\sw_effct.dll
+ 2001-08-23 15:47:20 53,760 -c--a-w C:\WINDOWS\system32\dllcache\sw_wheel.dll
+ 2004-08-05 12:00:00 4,352 -c--a-w C:\WINDOWS\system32\dllcache\swenum.sys
+ 2004-08-05 12:00:00 54,272 -c--a-w C:\WINDOWS\system32\dllcache\swmidi.sys
+ 2001-08-23 15:47:20 10,240 -c--a-w C:\WINDOWS\system32\dllcache\swpdflt2.dll
+ 2001-08-23 15:47:20 10,240 -c--a-w C:\WINDOWS\system32\dllcache\swpidflt.dll
+ 2001-08-17 20:02:56 3,968 -c--a-w C:\WINDOWS\system32\dllcache\swusbflt.sys
+ 2001-08-17 19:50:58 103,936 -c--a-w C:\WINDOWS\system32\dllcache\sx.sys
+ 2001-08-23 15:47:20 94,293 -c--a-w C:\WINDOWS\system32\dllcache\sxports.dll
+ 2001-08-17 20:07:40 28,384 -c--a-w C:\WINDOWS\system32\dllcache\sym_hi.sys
+ 2001-08-17 20:07:42 30,688 -c--a-w C:\WINDOWS\system32\dllcache\sym_u3.sys
+ 2001-08-17 20:07:34 16,256 -c--a-w C:\WINDOWS\system32\dllcache\symc810.sys
+ 2001-08-17 20:07:36 32,640 -c--a-w C:\WINDOWS\system32\dllcache\symc8xx.sys
+ 2004-08-05 12:00:00 60,800 -c--a-w C:\WINDOWS\system32\dllcache\sysaudio.sys
+ 2001-08-17 18:50:12 36,640 -c--a-w C:\WINDOWS\system32\dllcache\t2r4mini.sys
+ 2001-08-17 19:52:54 7,040 -c--a-w C:\WINDOWS\system32\dllcache\tandqic.sys
+ 2001-08-17 19:49:46 30,464 -c--a-w C:\WINDOWS\system32\dllcache\tbatm155.sys
+ 2001-08-17 18:13:00 37,961 -c--a-w C:\WINDOWS\system32\dllcache\tdk100b.sys
+ 2001-08-17 18:13:00 17,129 -c--a-w C:\WINDOWS\system32\dllcache\tdkcd31.sys
+ 2004-08-03 22:55:12 40,840 -c--a-w C:\WINDOWS\system32\dllcache\termdd.sys
+ 2004-08-03 21:00:06 149,376 -c--a-w C:\WINDOWS\system32\dllcache\tffsport.sys
+ 2001-08-23 15:46:48 81,408 -c--a-w C:\WINDOWS\system32\dllcache\tgiul50.dll
+ 2001-08-17 18:51:10 138,528 -c--a-w C:\WINDOWS\system32\dllcache\tgiulnt5.sys
+ 2001-08-17 18:14:26 123,995 -c--a-w C:\WINDOWS\system32\dllcache\tjisdn.sys
+ 2001-08-17 18:10:26 28,232 -c--a-w C:\WINDOWS\system32\dllcache\tos4mo.sys
+ 2004-08-05 12:00:00 51,712 -c--a-w C:\WINDOWS\system32\dllcache\tosdvd.sys
+ 2001-08-17 20:01:52 241,664 -c--a-w C:\WINDOWS\system32\dllcache\tosdvd02.sys
+ 2001-08-17 20:02:00 230,912 -c--a-w C:\WINDOWS\system32\dllcache\tosdvd03.sys
+ 2001-08-23 15:00:46 4,992 -c--a-w C:\WINDOWS\system32\dllcache\toside.sys
+ 2001-08-23 15:47:20 31,744 -c--a-w C:\WINDOWS\system32\dllcache\tp4.dll
+ 2004-08-03 22:55:02 82,432 -c--a-w C:\WINDOWS\system32\dllcache\tp4mon.exe
+ 2001-08-23 15:46:22 43,520 -c--a-w C:\WINDOWS\system32\dllcache\tp4res.dll
+ 2001-08-17 18:12:12 34,375 -c--a-w C:\WINDOWS\system32\dllcache\tpro4.sys
+ 2001-08-23 15:46:48 315,520 -c--a-w C:\WINDOWS\system32\dllcache\trid3d.dll
+ 2001-08-17 18:51:16 222,336 -c--a-w C:\WINDOWS\system32\dllcache\trid3dm.sys
+ 2001-08-23 15:46:48 440,576 -c--a-w C:\WINDOWS\system32\dllcache\tridkb.dll
+ 2001-08-17 18:51:16 159,232 -c--a-w C:\WINDOWS\system32\dllcache\tridkbm.sys
+ 2001-08-17 18:51:22 166,784 -c--a-w C:\WINDOWS\system32\dllcache\tridxpm.sys
+ 2004-08-05 12:00:00 21,376 -c--a-w C:\WINDOWS\system32\dllcache\tsbvcap.sys
+ 2004-08-05 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\tsbyuv.dll
+ 2004-08-05 12:00:00 12,416 -c--a-w C:\WINDOWS\system32\dllcache\tunmp.sys
+ 2001-08-17 19:48:14 11,520 -c--a-w C:\WINDOWS\system32\dllcache\twotrack.sys
+ 2004-08-05 12:00:00 44,672 -c--a-w C:\WINDOWS\system32\dllcache\uagp35.sys
+ 2001-08-17 19:52:22 36,736 -c--a-w C:\WINDOWS\system32\dllcache\ultra.sys
+ 2001-08-23 15:47:20 212,480 -c--a-w C:\WINDOWS\system32\dllcache\um54scan.dll
+ 2001-08-23 15:47:20 47,616 -c--a-w C:\WINDOWS\system32\dllcache\umaxcam.dll
+ 2001-08-23 15:47:20 50,688 -c--a-w C:\WINDOWS\system32\dllcache\umaxp60.dll
+ 2001-08-17 19:58:12 22,912 -c--a-w C:\WINDOWS\system32\dllcache\umaxpcls.sys
+ 2001-08-23 15:47:20 50,688 -c--a-w C:\WINDOWS\system32\dllcache\umaxscan.dll
+ 2001-08-23 15:47:20 70,144 -c--a-w C:\WINDOWS\system32\dllcache\umaxu12.dll
+ 2001-08-23 15:47:20 27,136 -c--a-w C:\WINDOWS\system32\dllcache\umaxu22.dll
+ 2001-08-23 15:47:20 28,672 -c--a-w C:\WINDOWS\system32\dllcache\umaxu40.dll
+ 2001-08-23 15:47:20 94,720 -c--a-w C:\WINDOWS\system32\dllcache\umaxud32.dll
+ 2004-08-03 22:43:18 32,384 -c--a-w C:\WINDOWS\system32\dllcache\usb101et.sys
+ 2004-08-03 21:04:34 12,672 -c--a-w C:\WINDOWS\system32\dllcache\usb8023x.sys
+ 2004-08-03 21:07:56 59,264 -c--a-w C:\WINDOWS\system32\dllcache\usbaudio.sys
+ 2004-08-05 12:00:00 23,808 -c--a-w C:\WINDOWS\system32\dllcache\usbcamd.sys
+ 2004-08-05 12:00:00 23,936 -c--a-w C:\WINDOWS\system32\dllcache\usbcamd2.sys
+ 2004-08-05 12:00:00 31,616 -c--a-w C:\WINDOWS\system32\dllcache\usbccgp.sys
+ 2004-08-05 12:00:00 4,736 -c--a-w C:\WINDOWS\system32\dllcache\usbd.sys
+ 2004-08-05 12:00:00 26,624 -c--a-w C:\WINDOWS\system32\dllcache\usbehci.sys
+ 2004-08-05 12:00:00 57,600 -c--a-w C:\WINDOWS\system32\dllcache\usbhub.sys
+ 2004-08-05 12:00:00 16,000 -c--a-w C:\WINDOWS\system32\dllcache\usbintel.sys
+ 2004-08-03 21:08:38 17,024 -c--a-w C:\WINDOWS\system32\dllcache\usbohci.sys
+ 2004-08-05 12:00:00 142,976 -c--a-w C:\WINDOWS\system32\dllcache\usbport.sys
+ 2004-08-03 21:01:26 25,856 -c--a-w C:\WINDOWS\system32\dllcache\usbprint.sys
+ 2004-08-03 20:58:46 15,104 -c--a-w C:\WINDOWS\system32\dllcache\usbscan.sys
+ 2004-08-03 21:08:44 25,600 -c--a-w C:\WINDOWS\system32\dllcache\usbser.sys
+ 2004-08-05 12:00:00 26,496 -c--a-w C:\WINDOWS\system32\dllcache\usbstor.sys
+ 2004-08-05 12:00:00 20,480 -c--a-w C:\WINDOWS\system32\dllcache\usbuhci.sys
+ 2004-08-05 12:00:00 77,312 -c--a-w C:\WINDOWS\system32\dllcache\usbui.dll
+ 2004-08-03 21:10:12 78,464 -c--a-w C:\WINDOWS\system32\dllcache\usbvideo.sys
+ 2001-08-17 19:28:16 793,598 -c--a-w C:\WINDOWS\system32\dllcache\usr1806.sys
+ 2001-08-17 19:28:18 794,399 -c--a-w C:\WINDOWS\system32\dllcache\usr1806v.sys
+ 2001-08-17 19:28:24 224,802 -c--a-w C:\WINDOWS\system32\dllcache\usr1807a.sys
+ 2004-08-05 12:00:00 61,500 -c--a-w C:\WINDOWS\system32\dllcache\usrcntra.dll
+ 2004-08-05 12:00:00 69,699 -c--a-w C:\WINDOWS\system32\dllcache\usrcoina.dll
+ 2004-08-05 12:00:00 77,890 -c--a-w C:\WINDOWS\system32\dllcache\usrdpa.dll
+ 2004-08-05 12:00:00 323,641 -c--a-w C:\WINDOWS\system32\dllcache\usrdtea.dll
+ 2004-08-05 12:00:00 86,073 -c--a-w C:\WINDOWS\system32\dllcache\usrfaxa.dll
+ 2004-08-05 12:00:00 53,305 -c--a-w C:\WINDOWS\system32\dllcache\usrlbva.dll
+ 2004-08-05 12:00:00 77,891 -c--a-w C:\WINDOWS\system32\dllcache\usrmlnka.exe
+ 2001-08-17 19:28:24 7,556 -c--a-w C:\WINDOWS\system32\dllcache\usroslba.sys
+ 2001-08-17 19:28:26 113,762 -c--a-w C:\WINDOWS\system32\dllcache\usrpda.sys
+ 2004-08-05 12:00:00 61,508 -c--a-w C:\WINDOWS\system32\dllcache\usrprbda.exe
+ 2004-08-05 12:00:00 77,883 -c--a-w C:\WINDOWS\system32\dllcache\usrrtosa.dll
+ 2004-08-05 12:00:00 49,211 -c--a-w C:\WINDOWS\system32\dllcache\usrsdpia.dll
+ 2004-08-05 12:00:00 69,700 -c--a-w C:\WINDOWS\system32\dllcache\usrshuta.exe
+ 2004-08-05 12:00:00 41,019 -c--a-w C:\WINDOWS\system32\dllcache\usrsvpia.dll
+ 2001-08-17 19:28:14 765,884 -c--a-w C:\WINDOWS\system32\dllcache\usrti.sys
+ 2004-08-05 12:00:00 102,457 -c--a-w C:\WINDOWS\system32\dllcache\usrv42a.dll
+ 2004-08-05 12:00:00 49,209 -c--a-w C:\WINDOWS\system32\dllcache\usrv80a.dll
+ 2004-08-05 12:00:00 45,116 -c--a-w C:\WINDOWS\system32\dllcache\usrvoica.dll
+ 2004-08-05 12:00:00 49,211 -c--a-w C:\WINDOWS\system32\dllcache\usrvpa.dll
+ 2001-08-17 19:28:26 687,999 -c--a-w C:\WINDOWS\system32\dllcache\usrwdxjs.sys
+ 2004-08-03 22:54:44 11,325 -c--a-w C:\WINDOWS\system32\dllcache\vchnt5.dll
+ 2004-08-05 12:00:00 58,112 -c--a-w C:\WINDOWS\system32\dllcache\vdmindvd.sys
+ 2004-08-03 22:54:44 54,784 -c--a-w C:\WINDOWS\system32\dllcache\vfwwdm32.dll
+ 2004-08-05 12:00:00 42,240 -c--a-w C:\WINDOWS\system32\dllcache\viaagp.sys
+ 2004-08-03 20:59:44 5,376 -c--a-w C:\WINDOWS\system32\dllcache\viaide.sys
+ 2001-08-17 19:49:04 24,576 -c--a-w C:\WINDOWS\system32\dllcache\viairda.sys
+ 2001-08-17 18:14:12 249,402 -c--a-w C:\WINDOWS\system32\dllcache\vinwm.sys
+ 2001-08-17 19:28:14 604,253 -c--a-w C:\WINDOWS\system32\dllcache\vmodem.sys
+ 2001-08-17 19:28:16 397,502 -c--a-w C:\WINDOWS\system32\dllcache\vpctcom.sys
+ 2001-08-17 19:28:16 64,605 -c--a-w C:\WINDOWS\system32\dllcache\vvoice.sys
+ 2001-08-17 18:13:08 19,528 -c--a-w C:\WINDOWS\system32\dllcache\w840nd.sys
+ 2001-08-17 18:13:08 19,016 -c--a-w C:\WINDOWS\system32\dllcache\w926nd.sys
+ 2001-08-17 18:13:12 16,925 -c--a-w C:\WINDOWS\system32\dllcache\w940nd.sys
+ 2004-08-03 21:04:54 13,568 -c--a-w C:\WINDOWS\system32\dllcache\wacompen.sys
+ 2004-08-03 20:29:38 12,415 -c--a-w C:\WINDOWS\system32\dllcache\wadv01nt.sys
+ 2004-08-03 20:29:38 12,127 -c--a-w C:\WINDOWS\system32\dllcache\wadv02nt.sys
+ 2004-08-03 20:29:38 11,775 -c--a-w C:\WINDOWS\system32\dllcache\wadv05nt.sys
+ 2004-08-03 20:29:40 11,807 -c--a-w C:\WINDOWS\system32\dllcache\wadv07nt.sys
+ 2004-08-03 20:29:40 11,295 -c--a-w C:\WINDOWS\system32\dllcache\wadv08nt.sys
+ 2004-08-03 20:29:42 11,871 -c--a-w C:\WINDOWS\system32\dllcache\wadv09nt.sys
+ 2004-08-03 20:29:42 11,935 -c--a-w C:\WINDOWS\system32\dllcache\wadv11nt.sys
+ 2004-08-03 20:29:42 29,311 -c--a-w C:\WINDOWS\system32\dllcache\watv01nt.sys
+ 2004-08-03 20:29:44 19,551 -c--a-w C:\WINDOWS\system32\dllcache\watv02nt.sys
+ 2004-08-03 20:29:44 33,599 -c--a-w C:\WINDOWS\system32\dllcache\watv04nt.sys
+ 2004-08-03 20:29:46 22,271 -c--a-w C:\WINDOWS\system32\dllcache\watv06nt.sys
+ 2004-08-05 12:00:00 3,200 -c--a-w C:\WINDOWS\system32\dllcache\wowfax.dll
+ 2004-08-05 12:00:00 14,336 -c--a-w C:\WINDOWS\system32\dllcache\wowfaxui.dll
+ 2004-08-05 12:00:00 108,032 -c--a-w C:\WINDOWS\system32\dllcache\wshbth.dll
+ 2004-08-03 22:54:48 8,192 -c--a-w C:\WINDOWS\system32\dllcache\wshirda.dll
+ 2004-08-03 20:29:48 12,063 -c--a-w C:\WINDOWS\system32\dllcache\wsiintxx.sys
+ 2004-08-03 21:10:22 19,328 -c--a-w C:\WINDOWS\system32\dllcache\wstcodec.sys
+ 2004-08-03 20:29:50 19,455 -c--a-w C:\WINDOWS\system32\dllcache\wvchntxx.sys
+ 2004-08-05 12:00:00 51,712 -c--a-w C:\WINDOWS\system32\dllcache\wzcsapi.dll
+ 2004-08-05 12:00:00 359,936 -c--a-w C:\WINDOWS\system32\dllcache\wzcsvc.dll
+ 2001-08-17 18:11:14 16,970 -c--a-w C:\WINDOWS\system32\dllcache\xem336n5.sys
+ 2001-08-23 15:47:50 99,865 -c--a-w C:\WINDOWS\system32\dllcache\xlog.exe
+ 2001-08-23 15:47:50 4,608 -c--a-w C:\WINDOWS\system32\dllcache\xrxflnch.exe
+ 2001-08-23 15:47:50 27,648 -c--a-w C:\WINDOWS\system32\dllcache\xrxftplt.exe
+ 2001-08-23 15:47:24 17,408 -c--a-w C:\WINDOWS\system32\dllcache\xrxscnui.dll
+ 2001-08-23 15:47:24 23,040 -c--a-w C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
+ 2004-08-03 22:54:48 116,736 -c--a-w C:\WINDOWS\system32\dllcache\xrxwiadr.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"Eraser"="C:\Program Files\Eraser\eraser.exe" [2007-07-28 23:05 277328]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 23:57 36640]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 13:48 1388544]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2007-04-05 15:29 684118]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=

R0 aac;Adaptec RAID Miniport Driver;C:\WINDOWS\system32\drivers\aac.sys [2004-04-12 08:42]
S0 aaccin;aaccin;C:\WINDOWS\system32\drivers\aaccin.dll [2004-04-12 08:42]
S3 optousb;OPTO ELECTRONICS optousb;C:\WINDOWS\system32\DRIVERS\optousb.sys [2006-10-18 19:14]
S3 optovcm;OPTO ELECTRONICS optovcm;C:\WINDOWS\system32\DRIVERS\optovcm.sys [2006-10-19 15:46]

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-30 20:20:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-14 23:05:35 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-09-25 15:29:20 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 22:47:15
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-19 22:47:51
ComboFix-quarantined-files.txt 2008-05-19 20:47:48

Pre-Run: 32,672,866,304 octets libres
Post-Run: 32,462,946,304 octets libres

1216 --- E O F --- 2008-05-17 13:09:03

--------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 21, 2008 12:23:31 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/05/2008
Kaspersky Anti-Virus database records: 789860
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 55254
Number of viruses found: 15
Number of infected objects: 31
Number of suspicious objects: 0
Duration of the scan process: 01:02:59

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\tempIpRules.xdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{BB39EE61-EE54-4ACC-B4C8-13161D19E893}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR30.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Rocher\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Rocher\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rocher\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Rocher\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rocher\Local Settings\Historique\History.IE5\MSHist012008052120080522\index.dat Object is locked skipped
C:\Documents and Settings\Rocher\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Rocher\Local Settings\Temp\~DF4521.tmp Object is locked skipped
C:\Documents and Settings\Rocher\Local Settings\Temp\~DF5DE8.tmp Object is locked skipped
C:\Documents and Settings\Rocher\Local Settings\Temp\~DF87DA.tmp Object is locked skipped
C:\Documents and Settings\Rocher\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Rocher\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rocher\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Rocher\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\apcotyvo.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awttuuvU.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iifcAqQH.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nbarhdyj.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ssslnkjl.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP49\A0014478.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP50\A0014507.dll Infected: Trojan.Win32.Monder.db skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP51\A0014546.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP59\A0015721.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP60\A0015781.dll Infected: Trojan.Win32.Monder.df skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP61\A0015846.dll Infected: Trojan.Win32.Monder.dm skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP61\A0015901.dll Infected: Trojan.Win32.Monder.dj skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP62\A0015970.dll Infected: Trojan.Win32.Monder.de skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP62\A0015974.dll Infected: Trojan.Win32.Monder.do skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP62\A0015976.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP62\A0015979.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP62\A0015980.dll Infected: Trojan.Win32.Monder.cz skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP62\A0015981.dll Infected: Trojan.Win32.Monder.dl skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP62\A0015984.dll Infected: Trojan.Win32.Monder.di skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP62\A0015985.dll Infected: Trojan.Win32.Monder.da skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP62\A0015988.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP66\A0016413.dll Infected: Trojan.Win32.Monder.fb skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP66\A0016424.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.quk skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP67\A0016722.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP67\A0016760.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP67\A0016760.exe RAR: infected - 1 skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP69\A0017035.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP69\A0017036.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP69\A0017037.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP69\A0017038.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP69\A0017042.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A4050CE5-7E96-474E-9829-CB2AE0A6FDAE}\RP77\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_Dmvo3YQ9rzEjjNM Object is locked skipped
C:\WINDOWS\Temp\mcafee_KZ69jLQ0jjDu8XF Object is locked skipped
C:\WINDOWS\Temp\mcmsc_58oVBMx2cTBhkhc Object is locked skipped
C:\WINDOWS\Temp\mcmsc_B1hfzzztnlhXGfb Object is locked skipped
C:\WINDOWS\Temp\mcmsc_IVkSAjBuagPucY8 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_S2c5lzbufipozkx Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\Temp\Step 1.doc Object is locked skipped
D:\Utilitaires\MSOffice\Normal.dot Object is locked skipped

Scan process completed.
---------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:29, on 21/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
D:\Telechargements\Hijackthis\Pierre.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} (TNSClickerb.Clicker) - http://www.consoclicker.com/TNSClickrb.CAB
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7772 bytes
User avatar
kovantchine
Active Member
 
Posts: 11
Joined: May 17th, 2008, 8:02 am

Re: Virtumonde.dll is bothering me.

Unread postby Rodav » May 21st, 2008, 11:30 am

The Kapersky report does not appear too cheerful.
The majority of infections are in System Restore, as long as you do not use System Restore while they are there, they are completely harmless and the others are quarantined. We will remove them all though very shortly.

We are nearly finished, although you posted the wrong ComboFix report, I would like to see the log at C:\DeQuarantine_log.txt and also I would like to make certain you have all your files you need back. Also is your computer running OK now?
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Virtumonde.dll is bothering me.

Unread postby kovantchine » May 21st, 2008, 1:59 pm

Hello,
Sorry for my mistake, the dequarantine file is below.
The machine runs fine and my precious KeePass file is back in use with my banking data.
During the IE7 lengthy download of the Kapersky virus base, no spurious ads appeared.
I tend to avoid using IE7 since there is no Adblock, Blocksite and Cookies management as with Firefox (as far as I know).

C:\Qoobox\Quarantine\D\Securite\Pierre(HijackThis).exe -> D:\Securite\Pierre(HijackThis).exe
C:\Qoobox\Quarantine\D\Securite\Achats\Commande Show Room 2001.pdf -> D:\Securite\Achats\Commande Show Room 2001.pdf
C:\Qoobox\Quarantine\D\Securite\Achats\Facture CDFolie.pdf -> D:\Securite\Achats\Facture CDFolie.pdf
C:\Qoobox\Quarantine\D\Securite\Achats\Neuf\Facture 200207.pdf -> D:\Securite\Achats\Neuf\Facture 200207.pdf
C:\Qoobox\Quarantine\D\Securite\Achats\Neuf\Facture 200407.pdf -> D:\Securite\Achats\Neuf\Facture 200407.pdf
C:\Qoobox\Quarantine\D\Securite\Achats\Neuf\Facture 200607.pdf -> D:\Securite\Achats\Neuf\Facture 200607.pdf
C:\Qoobox\Quarantine\D\Securite\Achats\Neuf\Facture 200807.pdf -> D:\Securite\Achats\Neuf\Facture 200807.pdf
C:\Qoobox\Quarantine\D\Securite\Achats\Neuf\Facture 201007.pdf -> D:\Securite\Achats\Neuf\Facture 201007.pdf
C:\Qoobox\Quarantine\D\Securite\Achats\Neuf\Facture 201207.pdf -> D:\Securite\Achats\Neuf\Facture 201207.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\C107.doc -> D:\Securite\Administrations\C107.doc
C:\Qoobox\Quarantine\D\Securite\Administrations\ASSEDIC\Attestation 01 07.pdf -> D:\Securite\Administrations\ASSEDIC\Attestation 01 07.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\ASSEDIC\Attestation 01 08.pdf -> D:\Securite\Administrations\ASSEDIC\Attestation 01 08.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\ASSEDIC\Attestation 02 07.pdf -> D:\Securite\Administrations\ASSEDIC\Attestation 02 07.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\ASSEDIC\Attestation 02 08.pdf -> D:\Securite\Administrations\ASSEDIC\Attestation 02 08.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\ASSEDIC\Attestation 03 07.pdf -> D:\Securite\Administrations\ASSEDIC\Attestation 03 07.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\ASSEDIC\Attestation 03 08.pdf -> D:\Securite\Administrations\ASSEDIC\Attestation 03 08.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\ASSEDIC\Attestation 04 07.pdf -> D:\Securite\Administrations\ASSEDIC\Attestation 04 07.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\ASSEDIC\Attestation 05 07.pdf -> D:\Securite\Administrations\ASSEDIC\Attestation 05 07.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\ASSEDIC\Attestation 06 07.pdf -> D:\Securite\Administrations\ASSEDIC\Attestation 06 07.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\ASSEDIC\Attestation 07 07.pdf -> D:\Securite\Administrations\ASSEDIC\Attestation 07 07.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\ASSEDIC\Attestation 08 07.pdf -> D:\Securite\Administrations\ASSEDIC\Attestation 08 07.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\ASSEDIC\Attestation 09 07.pdf -> D:\Securite\Administrations\ASSEDIC\Attestation 09 07.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\ASSEDIC\Attestation 10 07.pdf -> D:\Securite\Administrations\ASSEDIC\Attestation 10 07.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\ASSEDIC\Attestation 11 07.pdf -> D:\Securite\Administrations\ASSEDIC\Attestation 11 07.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\ASSEDIC\Attestation 12 07.pdf -> D:\Securite\Administrations\ASSEDIC\Attestation 12 07.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\ASSEDIC\Attestation Fiscale 2007.pdf -> D:\Securite\Administrations\ASSEDIC\Attestation Fiscale 2007.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\ASSEDIC\Attestation Oct 2006 Sep 2007.pdf -> D:\Securite\Administrations\ASSEDIC\Attestation Oct 2006 Sep 2007.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\CESU\Attestation 12 08.pdf -> D:\Securite\Administrations\CESU\Attestation 12 08.pdf
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007.htm -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007.htm
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007.htm -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007.htm
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007.htm -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007.htm
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Redevance TV Pierre 2007.doc -> D:\Securite\Administrations\Impots\Redevance TV Pierre 2007.doc
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Rocher IR 2006 1.jpg -> D:\Securite\Administrations\Impots\Rocher IR 2006 1.jpg
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Rocher IR 2006 2.jpg -> D:\Securite\Administrations\Impots\Rocher IR 2006 2.jpg
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\bandeau.js -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\bandeau.js
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\boutonsgeneriques.js -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\boutonsgeneriques.js
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\btnActionGch1_off.gif -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\btnActionGch1_off.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\btnActionGchImpr_off.gif -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\btnActionGchImpr_off.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cd2_part.gif -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cd2_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cd_part.gif -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cd_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cg2_btn_action_off.gif -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cg2_btn_action_off.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cg2_part.gif -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cg2_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cg_part.gif -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\cg_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\coi_bg_clair_part.gif -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\coi_bg_clair_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\coi_hd_dark_part.gif -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\coi_hd_dark_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\commun.css -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\commun.css
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\dialogue.js -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\dialogue.js
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\fond_btn_action.gif -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\fond_btn_action.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\fond_clair_part.gif -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\fond_clair_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\fond_quitter.jpg -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\fond_quitter.jpg
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\informations.gif -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\informations.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\logo1.gif -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\logo1.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\nav_info_Application.gif -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\nav_info_Application.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\posteUsagerPart.css -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\posteUsagerPart.css
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\puce_outils_off.gif -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\puce_outils_off.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\puce_part_off.gif -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\puce_part_off.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\puc_target_part.gif -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\puc_target_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\titre_part2.gif -> D:\Securite\Administrations\Impots\Paiement TF Cherbourg 2007_fichiers\titre_part2.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\bandeau.js -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\bandeau.js
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\boutonsgeneriques.js -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\boutonsgeneriques.js
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\btnActionGch1_off.gif -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\btnActionGch1_off.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\btnActionGchImpr_off.gif -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\btnActionGchImpr_off.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\cg2_btn_action_off.gif -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\cg2_btn_action_off.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\coi_bg_clair_part.gif -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\coi_bg_clair_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\coi_hd_dark_part.gif -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\coi_hd_dark_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\commun.css -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\commun.css
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\dialogue.js -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\dialogue.js
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\fond_btn_action.gif -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\fond_btn_action.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\fond_clair_part.gif -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\fond_clair_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\fond_quitter.jpg -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\fond_quitter.jpg
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\informations.gif -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\informations.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\logo1.gif -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\logo1.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\nav_info_Application.gif -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\nav_info_Application.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\posteUsagerPart.css -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\posteUsagerPart.css
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\puc_target_part.gif -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\puc_target_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\titre_part2.gif -> D:\Securite\Administrations\Impots\Paiement TF Gouville 2007_fichiers\titre_part2.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\bandeau.js -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\bandeau.js
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\boutonsgeneriques.js -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\boutonsgeneriques.js
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\btnActionGch1_off.gif -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\btnActionGch1_off.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\btnActionGchImpr_off.gif -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\btnActionGchImpr_off.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cd2_part.gif -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cd2_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cd_part.gif -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cd_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cg2_btn_action_off.gif -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cg2_btn_action_off.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cg2_part.gif -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cg2_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cg_part.gif -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\cg_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\coi_bg_clair_part.gif -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\coi_bg_clair_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\coi_hd_dark_part.gif -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\coi_hd_dark_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\commun.css -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\commun.css
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\dialogue.js -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\dialogue.js
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\fond_btn_action.gif -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\fond_btn_action.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\fond_clair_part.gif -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\fond_clair_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\fond_quitter.jpg -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\fond_quitter.jpg
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\informations.gif -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\informations.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\logo1.gif -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\logo1.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\nav_info_Application.gif -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\nav_info_Application.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\posteUsagerPart.css -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\posteUsagerPart.css
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\puce_outils_off.gif -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\puce_outils_off.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\puce_part_off.gif -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\puce_part_off.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\puc_target_part.gif -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\puc_target_part.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\titre_part2.gif -> D:\Securite\Administrations\Impots\Paiement TH Gouville 2007_fichiers\titre_part2.gif
C:\Qoobox\Quarantine\D\Securite\Administrations\La Poste\Tarifs_au_depart_de_France_Metropolitaine_a_compter_du_15_janvier_2007.pdf -> D:\Securite\Administrations\La Poste\Tarifs_au_depart_de_France_Metropolitaine_a_compter_du_15_janvier_2007.pdf
C:\Qoobox\Quarantine\D\Securite\Beatrice\Candidature Offre Nø 5192231 pour Mme TARJUS.eml -> D:\Securite\Beatrice\Candidature Offre Nø 5192231 pour Mme TARJUS.eml
C:\Qoobox\Quarantine\D\Securite\Beatrice\lettre du 13 10 07.odt -> D:\Securite\Beatrice\lettre du 13 10 07.odt
C:\Qoobox\Quarantine\D\Securite\Beatrice\Motivation 30 10 07.doc -> D:\Securite\Beatrice\Motivation 30 10 07.doc
C:\Qoobox\Quarantine\D\Securite\Beatrice\poemes noel 2007.doc -> D:\Securite\Beatrice\poemes noel 2007.doc
C:\Qoobox\Quarantine\D\Securite\Beatrice\poemes noel 2007.odt -> D:\Securite\Beatrice\poemes noel 2007.odt
C:\Qoobox\Quarantine\D\Securite\Beatrice\Thumbs.db -> D:\Securite\Beatrice\Thumbs.db
C:\Qoobox\Quarantine\D\Securite\Beatrice\CV\CV 12102007.doc -> D:\Securite\Beatrice\CV\CV 12102007.doc
C:\Qoobox\Quarantine\D\Securite\CRCA\111 1 & 2.xls -> D:\Securite\CRCA\111 1 & 2.xls
C:\Qoobox\Quarantine\D\Securite\CRCA\111 1 a 7 2008.xls -> D:\Securite\CRCA\111 1 a 7 2008.xls
C:\Qoobox\Quarantine\D\Securite\CRCA\111 7 a 12 2007.xls -> D:\Securite\CRCA\111 7 a 12 2007.xls
C:\Qoobox\Quarantine\D\Securite\CRCA\200.xls -> D:\Securite\CRCA\200.xls
C:\Qoobox\Quarantine\D\Securite\CRCA\271.xls -> D:\Securite\CRCA\271.xls
C:\Qoobox\Quarantine\D\Securite\CRCA\CIC.xls -> D:\Securite\CRCA\CIC.xls
C:\Qoobox\Quarantine\D\Securite\CRCA\CIN 2007.xls -> D:\Securite\CRCA\CIN 2007.xls
C:\Qoobox\Quarantine\D\Securite\CRCA\DEA.xls -> D:\Securite\CRCA\DEA.xls
C:\Qoobox\Quarantine\D\Securite\CRCA\Finances 2008.xls -> D:\Securite\CRCA\Finances 2008.xls
C:\Qoobox\Quarantine\D\Securite\CRCA\Open.xls -> D:\Securite\CRCA\Open.xls
C:\Qoobox\Quarantine\D\Securite\CRCA\PEA.xls -> D:\Securite\CRCA\PEA.xls
C:\Qoobox\Quarantine\D\Securite\CRCA\ThisWorkbook.cls -> D:\Securite\CRCA\ThisWorkbook.cls
C:\Qoobox\Quarantine\D\Securite\CRCA\Archives\2003.7z -> D:\Securite\CRCA\Archives\2003.7z
C:\Qoobox\Quarantine\D\Securite\CRCA\Archives\2004.7z -> D:\Securite\CRCA\Archives\2004.7z
C:\Qoobox\Quarantine\D\Securite\CRCA\Archives\2005.7z -> D:\Securite\CRCA\Archives\2005.7z
C:\Qoobox\Quarantine\D\Securite\CRCA\Archives\2006.7z -> D:\Securite\CRCA\Archives\2006.7z
C:\Qoobox\Quarantine\D\Securite\CRCA\Archives\2007.7z -> D:\Securite\CRCA\Archives\2007.7z
C:\Qoobox\Quarantine\D\Securite\KeyPass\Database.kdb -> D:\Securite\KeyPass\Database.kdb
C:\Qoobox\Quarantine\D\Securite\Mozbackup\Firefox 2.0.0.14 (fr) - 2008-05-03.pcv -> D:\Securite\Mozbackup\Firefox 2.0.0.14 (fr) - 2008-05-03.pcv
C:\Qoobox\Quarantine\D\Securite\Mozbackup\Thunderbird 2.0.0.14 (fr) - 2008-05-03.pcv -> D:\Securite\Mozbackup\Thunderbird 2.0.0.14 (fr) - 2008-05-03.pcv
C:\Qoobox\Quarantine\D\Securite\Pierre\Thumbs.db -> D:\Securite\Pierre\Thumbs.db
C:\Qoobox\Quarantine\D\Securite\Pierre\Divorce\Budget 10 12 07.xls -> D:\Securite\Pierre\Divorce\Budget 10 12 07.xls
C:\Qoobox\Quarantine\D\Securite\Pierre\Divorce\CIPAV 2006.tif -> D:\Securite\Pierre\Divorce\CIPAV 2006.tif
C:\Qoobox\Quarantine\D\Securite\Pierre\Divorce\CIPC S & A 2006.tif -> D:\Securite\Pierre\Divorce\CIPC S & A 2006.tif
C:\Qoobox\Quarantine\D\Securite\Pierre\Divorce\CRAM 2006.tif -> D:\Securite\Pierre\Divorce\CRAM 2006.tif
C:\Qoobox\Quarantine\D\Securite\Pierre\Divorce\CSG 2006 1.jpg -> D:\Securite\Pierre\Divorce\CSG 2006 1.jpg
C:\Qoobox\Quarantine\D\Securite\Pierre\Divorce\CSG 2006 2.jpg -> D:\Securite\Pierre\Divorce\CSG 2006 2.jpg
C:\Qoobox\Quarantine\D\Securite\Pierre\Divorce\Ech‚ancier Prˆt CMB.rtf -> D:\Securite\Pierre\Divorce\Ech‚ancier Prˆt CMB.rtf
C:\Qoobox\Quarantine\D\Securite\Pierre\Divorce\IRCANTEC 2006.tif -> D:\Securite\Pierre\Divorce\IRCANTEC 2006.tif
C:\Qoobox\Quarantine\D\Securite\Pierre\Divorce\K.Le Bihan 02 05 08.doc -> D:\Securite\Pierre\Divorce\K.Le Bihan 02 05 08.doc
C:\Qoobox\Quarantine\D\Securite\Pierre\Divorce\Livret Famille 1.tif -> D:\Securite\Pierre\Divorce\Livret Famille 1.tif
C:\Qoobox\Quarantine\D\Securite\Pierre\Divorce\Livret Famille 2.tif -> D:\Securite\Pierre\Divorce\Livret Famille 2.tif
C:\Qoobox\Quarantine\D\Securite\Pierre\Divorce\Livret Famille 3.tif -> D:\Securite\Pierre\Divorce\Livret Famille 3.tif
C:\Qoobox\Quarantine\D\Securite\Pierre\Divorce\MSA 2006.tif -> D:\Securite\Pierre\Divorce\MSA 2006.tif
C:\Qoobox\Quarantine\D\Securite\Pierre\Divorce\PIECES TRANSMISES.doc -> D:\Securite\Pierre\Divorce\PIECES TRANSMISES.doc
C:\Qoobox\Quarantine\D\Securite\Pierre\Divorce\Pret CMB.gif -> D:\Securite\Pierre\Divorce\Pret CMB.gif
C:\Qoobox\Quarantine\D\Securite\Pierre\Divorce\Prˆt CMB.xls -> D:\Securite\Pierre\Divorce\Prˆt CMB.xls
C:\Qoobox\Quarantine\D\Securite\Pierre\Divorce\Rocher IR 2006 1.jpg -> D:\Securite\Pierre\Divorce\Rocher IR 2006 1.jpg
C:\Qoobox\Quarantine\D\Securite\Pierre\Divorce\Rocher IR 2006 2.jpg -> D:\Securite\Pierre\Divorce\Rocher IR 2006 2.jpg
147 fichier(s) copi‚(s)
User avatar
kovantchine
Active Member
 
Posts: 11
Joined: May 17th, 2008, 8:02 am

Re: Virtumonde.dll is bothering me.

Unread postby Rodav » May 22nd, 2008, 4:33 am

I tend to avoid using IE7 since there is no Adblock, Blocksite and Cookies management as with Firefox (as far as I know).
If you use Firefox, you may like to try NoScript Add-on if you haven't already, it lets JavaScript, Java and other executable content to run only from sites you which you allow. I highly recommend it.

Now that you have all your files back we can finish up, please enable any protection you may have turned off during the fix, then proceed with the following:


Step 1:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Image
You can also delete any logs we have produced, and empty your Recycle bin.


Your logs are now clean. :D :D
If you still feel you are having any issues please let me know now, otherwise read through and proceed with the following:


Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  • Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster from here
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
    • Run Spybot Search & Destroy
    • Click on Mode, and then place a tick next to Advanced mode
    • Click Yes
    • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
    • Click on Add Spybot-S&D hosts list
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  • Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date

Please reply to this topic one more time so I know you have read through it or with any questions you may have.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Virtumonde.dll is bothering me.

Unread postby kovantchine » May 24th, 2008, 2:18 pm

Hello,
Back on the air.
I took time to answer for two reasons : I was away for two days, then I followed your recommendations and installed the various softwares.

Combofix /u indicated Combofix is uninstalled. What about the polluted restore files?
Can I use restore points without restoring the virus ?

I am very satisfied with the way you conducted the operations, the instructions were clear and were easy to apply.

Do you have a knowledge of the virus behaviour ? Does unloading-loading the system increases its activity ?

Thanks for your help.
User avatar
kovantchine
Active Member
 
Posts: 11
Joined: May 17th, 2008, 8:02 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware