Problemes avec avast 5

Résolu
jappie108 Messages postés 38 Statut Membre -  
jappie108 Messages postés 38 Statut Membre -
Bonjour,



J'ai besoin de votre aide!!!! J'ai telecharger avast 5 sur le web, puis j'ai fait un scan rapide. Résultats, 15 000 fichiers infectés, VBS:Dropper-gen[Trj]. On me suggere de les mettre en quarantaine, mais ensuite on me dit espace insuffisant sur le disque (?)

Par la suite, plusieurs fichiers de mon ordinateur ne fontionnent plus, des jeux par exemple. que puis-je faire?? Est-ce que je dois recuperer les fichiers en quarantaine et recommencer avec un autre anti-virus??

De plus, apres le scan, avast me dit que je dois le (rétablir) Je le fais mais ca ne fonctionne pas :(
J'ai peur que si je deinstalle avast, je perd tout ce qu'il a mis en quarantaine!!
Merci de m'aidée, je n'y comprend plus rien!!!

52 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Configuration : Windows XP et Internet Explorer 7.0 : l’utilisateur est confronté à une détection Avast 5 indiquant de nombreux fichiers infectés (VBS:Dropper-gen[Trj]), avec un message d'espace disque insuffisant et des programmes qui cessent de fonctionner.
Plusieurs réponses préconisent d'utiliser des outils de nettoyage et de suppression avancés (ComboFix, ZHPDiag, OTMoveIt) et d'analyser les fichiers suspects avec VirusTotal, tout en gérant la quarantaine et la restauration éventuelle.
Des procédures complémentaires préconisent de rendre visibles les dossiers et fichiers cachés du système, puis d'extraire et d'analyser les rapports générés (CFScript, ComboFix.txt, moved files) pour évaluer les modifications et poursuivre le nettoyage.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Bonsoir,

    Peux tu me coller le dernier rapport de Avast ainsi que ceci :

    Télécharge ZhpDiag de Nicolas Coolman .

    Une fois le téléchargement achevé, double clique sur ZHPDiag.exe(clic droit ,"éxécuter en tant qu'administrateur" pour Vista).

    Une fois installé le programme s'ouvre automatiquement .

    Clique sur la loupe pour lancer l'analyse.

    A la fin de l'analyse, clique sur la "disquette" (enregistrer sous..) .

    Rend toi sur ce site : http://www.cijoint.fr/index.php

    Clique sur parcourir et sélectionne le fichier ZhpDiag.txt .

    Un lien va etre créer ,poste ce lien dans ta prochaine réponse.

    0
  2. jappie108 Messages postés 38 Statut Membre
     
    Merci de m'avoir repondu si rapidement!

    Je t'envoie le resultat de l'analyse de ZHPDiag.

    http://www.cijoint.fr/cjlink.php?file=cj201010/cijzSq4t95.txt

    Pour le rapport de avast, je suis incapable de transmettre le message, de faire un copier/coller. Je tente encore de le faire et te l'envoie si possible, a moins que tu ne saches un autre secret que je ne connait pas!

    Merci, Jappie108
    0
  3. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Je regarde ton rapport et te donne la suite ce soir .
    0
  4. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Normal que Avast s'affole au vu du nombre d'infections que tu trimbale :)

    On a du boulot sur la planche :

    Télécharges ComboFix à partir d'un de ces liens :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    https://forospyware.com
    http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

    Et important, enregistre le sur le bureau.

    Avant d'utiliser ComboFix :

    ? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    ? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
    la protection en temps réel de ton Antivirus et de tes Antispywares,
    qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt,.
    est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    ? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares,
    avant de te reconnecter à internet.

    ? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jappie108 Messages postés 38 Statut Membre
     
    Bon, désolée, ce fut assez long!! Tu vois que je ne suis pas une pro ;)
    Tiens-toi bien, voici le rapport de ComboFix.
    ComboFix 10-10-12.03 - Caroline Roberge 2010-10-13 15:13:41.1.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.272 [GMT -4:00]
    Lancé depuis: c:\documents and settings\Caroline Roberge\Bureau\repare.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\bold.log
    c:\documents and settings\All Users\Documents\Server\admin.txt
    c:\documents and settings\All Users\Documents\Server\server.dat
    c:\documents and settings\All Users\Menu Démarrer\Programmes\ADSTechnology
    c:\documents and settings\All Users\Menu Démarrer\Programmes\ADSTechnology\ADSTechnology.lnk
    c:\documents and settings\All Users\Menu Démarrer\Programmes\ADSTechnology\Uninstall.lnk
    c:\documents and settings\Caroline Roberge\Application Data\Ekexe\paog.exe
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Caroline Roberge\Local Settings\Application Data\ceyao_nav.dat
    c:\documents and settings\Caroline Roberge\Local Settings\Application Data\ceyao_navps.dat
    C:\mtwb.dat
    c:\program files\ActivationManager
    c:\program files\ADSTechnology
    c:\program files\ADSTechnology\Uninstall.exe
    c:\program files\Fast Browser Search
    c:\program files\Fast Browser Search\1.bat
    c:\program files\Fast Browser Search\about.html
    c:\program files\Fast Browser Search\affid.dat
    c:\program files\Fast Browser Search\basis.xml
    c:\program files\Fast Browser Search\basis_br.xml
    c:\program files\Fast Browser Search\basis_de.xml
    c:\program files\Fast Browser Search\basis_en.xml
    c:\program files\Fast Browser Search\basis_es.xml
    c:\program files\Fast Browser Search\basis_fr.xml
    c:\program files\Fast Browser Search\basis_it.xml
    c:\program files\Fast Browser Search\basis_nr.xml
    c:\program files\Fast Browser Search\basis_pt.xml
    c:\program files\Fast Browser Search\basis_ru.xml
    c:\program files\Fast Browser Search\basis_tr.xml
    c:\program files\Fast Browser Search\ClearRecycleBin.exe
    c:\program files\Fast Browser Search\error.html
    c:\program files\Fast Browser Search\FBSPlugin.dll
    c:\program files\Fast Browser Search\fbsProtection.xml
    c:\program files\Fast Browser Search\FbsSearchProvider.xml
    c:\program files\Fast Browser Search\FbsSearchProviderIE8.exe
    c:\program files\Fast Browser Search\FBStoolbar.dll
    c:\program files\Fast Browser Search\fbstoolbar.jar
    c:\program files\Fast Browser Search\fbstoolbar.manifest
    c:\program files\Fast Browser Search\icons.bmp
    c:\program files\Fast Browser Search\IE\basis.xml
    c:\program files\Fast Browser Search\IE\fbsSearchProvider.xml
    c:\program files\Fast Browser Search\IE\search_fr.bmp
    c:\program files\Fast Browser Search\IE\search_it.bmp
    c:\program files\Fast Browser Search\IE\search_pt.bmp
    c:\program files\Fast Browser Search\IE\search_ru.bmp
    c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
    c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
    c:\program files\Fast Browser Search\IE\SGPU.ico
    c:\program files\Fast Browser Search\IE\sgpUpdater.exe
    c:\program files\Fast Browser Search\IE\sgpUpdater.xml
    c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
    c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
    c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
    c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
    c:\program files\Fast Browser Search\IE\Toolbar Help.htm
    c:\program files\Fast Browser Search\info.txt
    c:\program files\Fast Browser Search\local.xml
    c:\program files\Fast Browser Search\logobg.bmp
    c:\program files\Fast Browser Search\MTWBtoolbar.html
    c:\program files\Fast Browser Search\search.bmp
    c:\program files\Fast Browser Search\search_br.bmp
    c:\program files\Fast Browser Search\search_de.bmp
    c:\program files\Fast Browser Search\search_es.bmp
    c:\program files\Fast Browser Search\uninstall.exe
    c:\program files\Fast Browser Search\uninstalSGPU.exe
    c:\program files\Fast Browser Search\update.exe
    c:\program files\Fast Browser Search\version.txt
    c:\program files\Microsoft\DesktopLayer.exe
    c:\program files\Search Guard Plus
    c:\program files\Search Guard Plus\fbsSearchProvider.xml
    c:\program files\Search Guard Plus\SearchGuardPlus.exe
    c:\program files\Search Guard Plus\SearchGuardPlus.ico
    c:\program files\Search Guard PlusU
    c:\program files\Search Guard PlusU\SGPU.ico
    c:\program files\Search Guard PlusU\sgpUpdater.exe
    c:\program files\Search Guard PlusU\sgpUpdater.xml
    c:\program files\Search Guard PlusU\sgpUpdaters.exe
    c:\program files\SGPSA
    c:\windows\system32\dmlconf.dat
    c:\windows\system32\gT2cuVPL.exe.a_a
    c:\windows\system32\qtplugin.exe
    c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    c:\windows\Temp\scsE.tmp
    d:\mes documents\DPE.DUS

    Une copie infectée de c:\windows\system32\drivers\pciide.sys a été trouvée et désinfectée
    Copie restaurée à partir de - Kitty had a snack :p
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-09-13 au 2010-10-13 ))))))))))))))))))))))))))))))))))))
    .

    2010-10-13 02:33 . 2010-10-13 02:33 -------- d-----w- c:\documents and settings\Caroline Roberge\Application Data\XnView
    2010-10-12 22:37 . 2010-10-12 22:40 -------- d-----w- c:\program files\ZHPDiag
    2010-10-12 12:42 . 2010-10-13 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-10-11 16:25 . 2010-10-12 12:42 -------- d-----w- c:\program files\win
    2010-10-11 16:25 . 2010-10-12 13:36 -------- d-----w- c:\program files\tmp
    2010-10-06 02:13 . 2010-10-06 02:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-09-26 21:38 . 2010-09-26 21:38 -------- d-----w- c:\documents and settings\Caroline Roberge\Application Data\Sony Online Entertainment
    2010-09-14 17:03 . 2010-09-14 17:03 -------- d-----w- c:\program files\Comical

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2008-10-08 17:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-15 68856]
    "{64DB072A-63AB-82F4-088F-7088FDB001CB}"="c:\documents and settings\Caroline Roberge\Application Data\Holu\rybu.exe" [2010-03-29 195584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-10-11 483328]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2004-06-29 13:06 88363 ----a-w- c:\windows\AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    2004-09-07 18:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2010-10-11 18:26 303104 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-10-11 18:26 110592 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-01 12:32 421160 ----a-w- d:\ma music\iTunes\iTunes Music\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 02:34 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-05-16 18:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-05-16 18:01 86016 ----a-w- c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-05-16 18:01 1630208 ----a-w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfferBox]
    2010-03-04 22:08 628368 ----a-w- c:\program files\OfferBox\OfferBox.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
    2006-11-03 16:01 319488 ----a-w- c:\windows\PixArt\PAC7302\Monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-10-11 18:43 483328 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-10-15 13:33 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    2004-10-22 16:53 53248 ----a-w- c:\windows\system32\VTTimer.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Magic\\Program\\Manalink.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Bell\\Internet Service Advisor\\ServicepointService.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Ma Music\\iTunes\\iTunes Music\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "58866:TCP"= 58866:TCP:Pando Media Booster
    "58866:UDP"= 58866:UDP:Pando Media Booster

    R2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2010-05-24 689392]
    S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys --> c:\windows\system32\DRIVERS\diginet.sys [?]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
    S3 MA763010;M-Audio Fast Track;c:\windows\system32\drivers\MA763010.sys --> c:\windows\system32\drivers\MA763010.sys [?]
    S3 XDva238;XDva238;\??\c:\windows\system32\XDva238.sys --> c:\windows\system32\XDva238.sys [?]
    S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-07-22 721904]
    .
    Contenu du dossier 'Tâches planifiées'

    2010-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

    2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 11:08]

    2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 11:08]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.ca/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    FF - ProfilePath - c:\documents and settings\Caroline Roberge\Application Data\Mozilla\Firefox\Profiles\64bzi2dt.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
    FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
    FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={3A32941C-0086-2126-B6AC-2AFABDE2C776}&q=
    FF - component: c:\documents and settings\Caroline Roberge\Application Data\Mozilla\Firefox\Profiles\64bzi2dt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\Caroline Roberge\Application Data\Mozilla\Firefox\Profiles\64bzi2dt.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
    FF - plugin: c:\program files\Bell\Internet Service Advisor\nprpspa.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: d:\ma music\iTunes\iTunes Music\Mozilla Plugins\npitunes.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    BHO-{0fc85f5d-6207-4515-a490-45a549d285c0} - (no file)
    BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Toolbar-{0fc85f5d-6207-4515-a490-45a549d285c0} - (no file)
    Toolbar-{D01B1F7D-9D7F-46C3-8DB9-5A55819E2A7F} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{0FC85F5D-6207-4515-A490-45A549D285C0} - (no file)
    HKLM-Run-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
    SSODL-WebSys-{57DC7889-1476-D94A-C43B-0A9C129B618A} - c:\program files\rsmbxy\WebSys.dll
    Notify-avgrsstarter - (no file)
    MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
    MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
    MSConfigStartUp-ceyao - c:\documents and settings\caroline roberge\local settings\application data\ceyao.exe
    MSConfigStartUp-CPM0f1fa610 - c:\windows\system32\lalihihe.dll
    MSConfigStartUp-FBSearch - c:\program files\Search Guard Plus\SearchGuardPlus.exe
    MSConfigStartUp-InCD - c:\program files\Ahead\InCD\InCD.exe
    MSConfigStartUp-jawerafira - c:\windows\system32\nehozipa.dll
    MSConfigStartUp-NBJ - c:\program files\Ahead\Nero BackItUp\NBJ.exe
    MSConfigStartUp-Registry Helper - c:\program files\Registry Helper\RegistryHelper.Exe
    MSConfigStartUp-RemoteControl - c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    MSConfigStartUp-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe
    MSConfigStartUp-SmartChkCom - c:\windows\system32\fmnklufe.exe
    AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Ahead\nero\uninstall\UNNERO.exe
    AddRemove-ZwangiSrch - c:\program files\ZwangiSrch\uninstall.exe
    AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe

    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1177238915-854245398-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:45,89,c7,01,0f,7d,4a,62,45,7a,ea,0d,65,d6,c1,8f,5f,81,55,4b,e7,b3,f7,
    6c,2b,65,02,8f,e5,81,96,33,04,0e,a1,61,d1,a2,33,aa,58,b3,10,59,89,9d,9e,c0,\
    "??"=hex:d2,e8,86,ff,c7,48,ea,85,62,2d,54,37,b8,2d,93,fe

    [HKEY_USERS\S-1-5-21-1177238915-854245398-839522115-1004\Software\SecuROM\License information*]
    "datasecu"=hex:20,74,fe,60,27,ae,c8,ad,e7,99,f7,64,1f,c7,92,aa,f8,c5,04,ae,65,
    88,9c,a1,e2,7a,47,6e,c9,91,99,54,0d,42,5f,c6,3b,51,cc,f6,6d,d4,3c,cd,60,7c,\
    "rkeysecu"=hex:41,b7,98,d8,59,44,ad,a7,0c,0f,e2,86,30,a5,5e,99

    [HKEY_LOCAL_MACHINE\software\Classes\ **z×***|N*o* *H*e*r*o*e*s*_*a*u*t*o*_*f*i*l*e*\shell\open]
    @="Open with &WinZip"

    [HKEY_LOCAL_MACHINE\software\Classes\ **z×***|N*o* *H*e*r*o*e*s*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
    @="c:\\PROGRA~1\\WINZIP\\winzip32.exe \"%1\""

    [HKEY_LOCAL_MACHINE\software\Classes\ **z×***|N*o* *H*e*r*o*e*s*_*a*u*t*o*_*f*i*l*e*\shell\print\command]
    @="c:\\PROGRA~1\\WINZIP\\winzip32.exe /print /ni \"%1\""

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€-€|ÿÿÿÿÀ*€|ù*9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(2664)
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Ahead\InCD\InCDsrv.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-10-13 15:35:49 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-10-13 19:35

    Avant-CF: 9 614 925 824 octets libres
    Après-CF: 8 776 687 616 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

    - - End Of File - - 8DAF5FEFA9B8498FC919E007479B9B1C
    0
  7. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Combofix a fait du bon boulot mais ce n'est pas terminé pour autant :

    > Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
    - Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie/colle dedans les lignes suivantes :

    Killall::

    Driver::
    XDva238
    XDva248

    File::
    c:\windows\system32\XDva238.sys
    c:\windows\system32\XDva248.sys
    c:\documents and settings\caroline roberge\local settings\application data\ceyao.exe

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Magic\\Program\\Manalink.exe"=-


    - Enregistre ce fichier sous le nom CFScript
    - Fait un glisser/déposer de ce fichier CFScrïpt sur le fichier ComboFix.exe comme sur cette image. (Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris.) Combofix va démarrer.
    - Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    - Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    - Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
    - Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    Note : Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ===============

    Il va falloir analyser un ou des fichier(s) suspect(s) !

    Il se peut qu'il se trouvent dans les " dossiers cachés " du systeme.
    Il faut donc les rendre visibles pour le scan.

    Pour afficher les dossiers et fichiers cachés:

    Panneau de configuration > Options des dossiers > onglet Affichage.

    Coche Afficher les fichiers et dossiers cachés,
    Décoche Masquer les extensions de fichiers connus
    Décoche Masquer les fichiers protégés du Système.
    Un message de mise en garde va apparaitre. Clique sur OK pour confirmer ton choix.
    Les fichiers et dossiers cachés du système apparaitront alors dans l'explorateur Windows en transparence.

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ces fichiers :

    c:\windows\system32\fmnklufe.exe
    c:\windows\system32\lalihihe.dll
    c:\program files\microsoft\desktoplayer.exe


    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    ***Membre Contributeur Sécurité***
    0
  8. jappie108 Messages postés 38 Statut Membre
     
    ComboFix 10-10-12.03 - Caroline Roberge 2010-10-13 19:05:42.2.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.271 [GMT -4:00]
    Lancé depuis: c:\documents and settings\Caroline Roberge\Bureau\repare.exe
    Commutateurs utilisés :: c:\documents and settings\Caroline Roberge\Bureau\CFScript.txt
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Caroline Roberge\Application Data\Holu\rybu.exe
    c:\program files\Microsoft\DesktopLayer.exe
    c:\windows\system32\dmlconf.dat

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-09-13 au 2010-10-13 ))))))))))))))))))))))))))))))))))))
    .

    2010-10-13 21:57 . 2010-10-13 22:53 -------- d-----w- C:\repare
    2010-10-13 02:33 . 2010-10-13 02:33 -------- d-----w- c:\documents and settings\Caroline Roberge\Application Data\XnView
    2010-10-12 22:37 . 2010-10-12 22:40 -------- d-----w- c:\program files\ZHPDiag
    2010-10-12 12:42 . 2010-10-13 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-10-11 16:25 . 2010-10-12 12:42 -------- d-----w- c:\program files\win
    2010-10-11 16:25 . 2010-10-12 13:36 -------- d-----w- c:\program files\tmp
    2010-10-06 02:13 . 2010-10-06 02:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-09-26 21:38 . 2010-09-26 21:38 -------- d-----w- c:\documents and settings\Caroline Roberge\Application Data\Sony Online Entertainment
    2010-09-14 17:03 . 2010-09-14 17:03 -------- d-----w- c:\program files\Comical

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2008-10-08 17:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-15 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-10-11 483328]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2004-06-29 13:06 88363 ----a-w- c:\windows\AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    2004-09-07 18:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2010-10-11 18:26 303104 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-10-11 18:26 110592 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-01 12:32 421160 ----a-w- d:\ma music\iTunes\iTunes Music\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 02:34 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-05-16 18:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-05-16 18:01 86016 ----a-w- c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-05-16 18:01 1630208 ----a-w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfferBox]
    2010-03-04 22:08 628368 ----a-w- c:\program files\OfferBox\OfferBox.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
    2006-11-03 16:01 319488 ----a-w- c:\windows\PixArt\PAC7302\Monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-10-11 18:43 483328 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-10-15 13:33 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    2004-10-22 16:53 53248 ----a-w- c:\windows\system32\VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Magic\\Program\\Manalink.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Bell\\Internet Service Advisor\\ServicepointService.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Ma Music\\iTunes\\iTunes Music\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "58866:TCP"= 58866:TCP:Pando Media Booster
    "58866:UDP"= 58866:UDP:Pando Media Booster

    R2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2010-05-24 689392]
    S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys --> c:\windows\system32\DRIVERS\diginet.sys [?]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
    S3 MA763010;M-Audio Fast Track;c:\windows\system32\drivers\MA763010.sys --> c:\windows\system32\drivers\MA763010.sys [?]
    S3 XDva238;XDva238;\??\c:\windows\system32\XDva238.sys --> c:\windows\system32\XDva238.sys [?]
    S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-07-22 721904]
    .
    Contenu du dossier 'Tâches planifiées'

    2010-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

    2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 11:08]

    2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 11:08]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.ca/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    FF - ProfilePath - c:\documents and settings\Caroline Roberge\Application Data\Mozilla\Firefox\Profiles\64bzi2dt.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
    FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
    FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={3A32941C-0086-2126-B6AC-2AFABDE2C776}&q=
    FF - component: c:\documents and settings\Caroline Roberge\Application Data\Mozilla\Firefox\Profiles\64bzi2dt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\Caroline Roberge\Application Data\Mozilla\Firefox\Profiles\64bzi2dt.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
    FF - plugin: c:\program files\Bell\Internet Service Advisor\nprpspa.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: d:\ma music\iTunes\iTunes Music\Mozilla Plugins\npitunes.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-{64DB072A-63AB-82F4-088F-7088FDB001CB} - c:\documents and settings\Caroline Roberge\Application Data\Holu\rybu.exe

    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1177238915-854245398-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:45,89,c7,01,0f,7d,4a,62,45,7a,ea,0d,65,d6,c1,8f,5f,81,55,4b,e7,b3,f7,
    6c,2b,65,02,8f,e5,81,96,33,04,0e,a1,61,d1,a2,33,aa,58,b3,10,59,89,9d,9e,c0,\
    "??"=hex:d2,e8,86,ff,c7,48,ea,85,62,2d,54,37,b8,2d,93,fe

    [HKEY_USERS\S-1-5-21-1177238915-854245398-839522115-1004\Software\SecuROM\License information*]
    "datasecu"=hex:20,74,fe,60,27,ae,c8,ad,e7,99,f7,64,1f,c7,92,aa,f8,c5,04,ae,65,
    88,9c,a1,e2,7a,47,6e,c9,91,99,54,0d,42,5f,c6,3b,51,cc,f6,6d,d4,3c,cd,60,7c,\
    "rkeysecu"=hex:41,b7,98,d8,59,44,ad,a7,0c,0f,e2,86,30,a5,5e,99

    [HKEY_LOCAL_MACHINE\software\Classes\ **z×***|N*o* *H*e*r*o*e*s*_*a*u*t*o*_*f*i*l*e*\shell\open]
    @="Open with &WinZip"

    [HKEY_LOCAL_MACHINE\software\Classes\ **z×***|N*o* *H*e*r*o*e*s*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
    @="c:\\PROGRA~1\\WINZIP\\winzip32.exe \"%1\""

    [HKEY_LOCAL_MACHINE\software\Classes\ **z×***|N*o* *H*e*r*o*e*s*_*a*u*t*o*_*f*i*l*e*\shell\print\command]
    @="c:\\PROGRA~1\\WINZIP\\winzip32.exe /print /ni \"%1\""

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€-€|ÿÿÿÿÀ*€|ù*9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    Heure de fin: 2010-10-13 19:17:49
    ComboFix-quarantined-files.txt 2010-10-13 23:17
    ComboFix2.txt 2010-10-13 19:35

    Avant-CF: 9 387 352 064 octets libres
    Après-CF: 9 379 930 112 octets libres

    - - End Of File - - 0ED39B25E3201B2A7E94FC4CDDA39FC2
    Voila l'autre rapport de combix comme demander dans le dernier message. Pour l'analyse avec virustotal, j'attends le resultat de scan par e-mail, mais je ne suis pas certaine que ca a fonctionner....Je te l'envoie aussitot que possible
    0
  9. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Je ne t'ai pas demandé de supprimer ces fichiers :

    c:\documents and settings\Caroline Roberge\Application Data\Holu\rybu.exe
    c:\program files\Microsoft\DesktopLayer.exe
    c:\windows\system32\dmlconf.dat


    ????
    0
  10. jappie108 Messages postés 38 Statut Membre
     
    Je ne crois pas non, j'ai revérifié et je ne vois pas ca......Dois-je les supprimer?
    0
  11. jappie108 Messages postés 38 Statut Membre
     
    Vous m'avez demandé de faire scanner des fichiers sur le site virustotal.com. Pour les 2 premiers fichiers, soit c:\windows\system32\fmnklufe.exe et c:\windows\system32\lalihihe.dll
    Mon ordinateur me dit que ca n'existe pas, fichiers introuvables. Pour le troisieme, c:\program files\microsoft\desktoplayer.exe
    En faisant la recherche je le retrouve, mais je ne peux rien faire avec lui, application déja utilisée.....
    0
  12. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Je ne crois pas non, j'ai revérifié et je ne vois pas ca......Dois-je les supprimer?


    Tu n'as pas appliqué mes instructions sur ce Post !

    Je te remet la manip (ne fait rien d'autre...)

    > Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
    - Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie/colle dedans les lignes suivantes :

    Killall::

    Driver::
    XDva238
    XDva248

    File::
    c:\windows\system32\XDva238.sys
    c:\windows\system32\XDva248.sys
    c:\documents and settings\caroline roberge\local settings\application data\ceyao.exe

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Magic\\Program\\Manalink.exe"=-


    - Enregistre ce fichier sous le nom CFScript
    - Fait un glisser/déposer de ce fichier CFScrïpt sur le fichier ComboFix.exe comme sur cette image. (Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris.) Combofix va démarrer.
    - Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    - Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    - Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
    - Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    Note : Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  13. jappie108 Messages postés 38 Statut Membre
     
    Désolée, j'avais pourtant fait comme dans les instructions. Bon, je l'ai refait, alors le voila.
    ComboFix 10-10-12.03 - Caroline Roberge 2010-10-14 17:25:54.3.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.271 [GMT -4:00]
    Lancé depuis: c:\documents and settings\Caroline Roberge\Bureau\repare.exe
    Commutateurs utilisés :: c:\documents and settings\Caroline Roberge\Bureau\CFScript.txt
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FILE ::
    "c:\documents and settings\caroline roberge\local settings\application data\ceyao.exe"
    "c:\windows\system32\XDva238.sys"
    "c:\windows\system32\XDva248.sys"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Caroline Roberge\Application Data\Teehve\apwu.exe
    c:\program files\Microsoft\DesktopLayer.exe
    c:\windows\system32\dmlconf.dat
    c:\windows\system32\qtplugin.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_XDVA238
    -------\Legacy_XDVA248
    -------\Service_XDva238
    -------\Service_XDva248

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-09-15 au 2010-10-15 ))))))))))))))))))))))))))))))))))))
    .

    2010-10-13 23:21 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-10-13 23:21 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-10-13 23:21 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-10-13 23:21 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-10-13 23:21 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-10-13 23:21 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-10-13 23:21 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-10-13 23:21 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-10-13 23:21 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-10-13 21:57 . 2010-10-13 22:53 -------- d-----w- C:\repare
    2010-10-13 02:33 . 2010-10-13 02:33 -------- d-----w- c:\documents and settings\Caroline Roberge\Application Data\XnView
    2010-10-12 22:37 . 2010-10-12 22:40 -------- d-----w- c:\program files\ZHPDiag
    2010-10-12 12:42 . 2010-10-13 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-10-11 16:25 . 2010-10-14 18:25 -------- d-----w- c:\program files\win
    2010-10-11 16:25 . 2010-10-12 13:36 -------- d-----w- c:\program files\tmp
    2010-10-06 02:13 . 2010-10-06 02:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-09-26 21:38 . 2010-09-26 21:38 -------- d-----w- c:\documents and settings\Caroline Roberge\Application Data\Sony Online Entertainment

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ------- Sigcheck -------

    Erreur des Services de cryptographie !!
    .
    ((((((((((((((((((((((((((((( SnapShot@2010-10-13_23.15.08 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-10-02 02:40 . 2008-04-14 02:33 1314816 c:\windows\system32\dllcache\msoe.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2008-10-08 17:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-15 68856]
    "{64DB072A-63AB-82F4-088F-7088FDB001CB}"="c:\documents and settings\Caroline Roberge\Application Data\Teehve\apwu.exe" [BU]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-10-11 483328]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    [BU]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2004-06-29 13:06 88363 ----a-w- c:\windows\AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    2004-09-07 18:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2010-10-11 18:26 303104 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-10-11 18:26 110592 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-01 12:32 421160 ----a-w- d:\ma music\iTunes\iTunes Music\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 02:34 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-05-16 18:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-05-16 18:01 86016 ----a-w- c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-05-16 18:01 1630208 ----a-w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfferBox]
    2010-03-04 22:08 628368 ----a-w- c:\program files\OfferBox\OfferBox.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
    2006-11-03 16:01 319488 ----a-w- c:\windows\PixArt\PAC7302\Monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-10-11 18:43 483328 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-10-15 13:33 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    2004-10-22 16:53 53248 ----a-w- c:\windows\system32\VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Bell\\Internet Service Advisor\\ServicepointService.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Ma Music\\iTunes\\iTunes Music\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "58866:TCP"= 58866:TCP:Pando Media Booster
    "58866:UDP"= 58866:UDP:Pando Media Booster

    R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [x]
    R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
    R2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2010-01-08 689392]
    R3 MA763010;M-Audio Fast Track;c:\windows\system32\drivers\MA763010.sys [x]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-07-23 721904]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]

    .
    Contenu du dossier 'Tâches planifiées'

    2010-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

    2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 11:08]

    2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 11:08]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.ca/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    FF - ProfilePath - c:\documents and settings\Caroline Roberge\Application Data\Mozilla\Firefox\Profiles\64bzi2dt.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
    FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
    FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={3A32941C-0086-2126-B6AC-2AFABDE2C776}&q=
    FF - component: c:\documents and settings\Caroline Roberge\Application Data\Mozilla\Firefox\Profiles\64bzi2dt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\Caroline Roberge\Application Data\Mozilla\Firefox\Profiles\64bzi2dt.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
    FF - plugin: c:\program files\Bell\Internet Service Advisor\nprpspa.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: d:\ma music\iTunes\iTunes Music\Mozilla Plugins\npitunes.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{0fc85f5d-6207-4515-a490-45a549d285c0} - (no file)
    BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1177238915-854245398-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:45,89,c7,01,0f,7d,4a,62,45,7a,ea,0d,65,d6,c1,8f,5f,81,55,4b,e7,b3,f7,
    6c,2b,65,02,8f,e5,81,96,33,04,0e,a1,61,d1,a2,33,aa,58,b3,10,59,89,9d,9e,c0,\
    "??"=hex:d2,e8,86,ff,c7,48,ea,85,62,2d,54,37,b8,2d,93,fe

    [HKEY_USERS\S-1-5-21-1177238915-854245398-839522115-1004\Software\SecuROM\License information*]
    "datasecu"=hex:20,74,fe,60,27,ae,c8,ad,e7,99,f7,64,1f,c7,92,aa,f8,c5,04,ae,65,
    88,9c,a1,e2,7a,47,6e,c9,91,99,54,0d,42,5f,c6,3b,51,cc,f6,6d,d4,3c,cd,60,7c,\
    "rkeysecu"=hex:41,b7,98,d8,59,44,ad,a7,0c,0f,e2,86,30,a5,5e,99

    [HKEY_LOCAL_MACHINE\software\Classes\ **z×***|N*o* *H*e*r*o*e*s*_*a*u*t*o*_*f*i*l*e*\shell\open]
    @="Open with &WinZip"

    [HKEY_LOCAL_MACHINE\software\Classes\ **z×***|N*o* *H*e*r*o*e*s*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
    @="c:\\PROGRA~1\\WINZIP\\winzip32.exe \"%1\""

    [HKEY_LOCAL_MACHINE\software\Classes\ **z×***|N*o* *H*e*r*o*e*s*_*a*u*t*o*_*f*i*l*e*\shell\print\command]
    @="c:\\PROGRA~1\\WINZIP\\winzip32.exe /print /ni \"%1\""

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€-€|ÿÿÿÿÀ*€|ù*9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(676)
    c:\windows\system32\sirenacm.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Ahead\InCD\InCDsrv.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-10-15 00:03:28 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-10-15 04:03
    ComboFix2.txt 2010-10-13 23:17
    ComboFix3.txt 2010-10-13 19:35

    Avant-CF: 14 222 434 304 octets libres
    Après-CF: 14 217 154 560 octets libres

    - - End Of File - - 380EC51604C664364EA2A4254D68C060
    Un grand merci pour votre patience!!
    0
  14. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    * Télécharge et install UsbFix par El Desaparecido , C_XX & Chimay8

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    * Double clic sur le raccourci UsbFix présent sur ton bureau .

    * Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    * Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

    * Laisse travailler l'outil.

    * Ensuite post le rapport UsbFix.txt qui apparaitra.

    * Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    * Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    * Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
    0
  15. jappie108 Messages postés 38 Statut Membre
     
    Bonjour, voici le rapport de USBfix.
    ############################## | UsbFix 7.030 | [Recherche]

    Utilisateur: Caroline Roberge (Administrateur) # CAROLINE [ ]
    Mis à jour le 10/10/10 par El Desaparecido / C_XX
    Lancé à 08:50:16 | 15/10/2010
    Site Web: http://www.teamxscript.org
    Contact: eldesaparecido@arx-services.com

    CPU: AMD Athlon(tm) XP 3200+
    Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702

    Pare-feu Windows: Activé
    Antivirus: avast! Antivirus 5.0.83886757 [(!) Disabled | Updated]
    RAM -> 511 Mo
    C:\ (%systemdrive%) -> Disque fixe # 80 Go (12 Go libre(s) - 15%) [WIN] # NTFS
    D:\ -> Disque fixe # 106 Go (39 Go libre(s) - 37%) [SAUVEGARDE] # NTFS
    E:\ -> CD-ROM
    G:\ -> Disque amovible # 4 Go (4 Go libre(s) - 94%) [] # FAT32
    K:\ -> Disque fixe # 932 Go (820 Go libre(s) - 88%) ["New_Volume"] # NTFS

    ################## | Éléments infectieux |

    Présent! C:\Program Files\Microsoft\DesktopLayer.exe
    Présent! C:\Program Files\Windows
    Présent! C:\log.txt

    ################## | Registre |

    Présent! HKCU\Software\3FWHZQA3LT
    Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
    Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
    Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

    ################## | Mountpoints2 |

    ################## | Vaccin |

    (!) Cet ordinateur n'est pas vacciné!

    ################## | E.O.F |
    0
  16. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

    * Double clic sur le raccourci UsbFix présent sur ton bureau

    * Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    * Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

    * Ton bureau disparaitra et le pc redémarrera .

    * Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

    * Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    * Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
    0
  17. jappie108 Messages postés 38 Statut Membre
     
    Voila le dernier rapport de UsbFix. Est-ce normal que mon ordi soit de plus en -plus lent??? Il est vraiment pire que avant......Mais bon, j'imagine que ca va se regler avec tout vos conseils...

    ############################## | UsbFix 7.030 | [Suppression]

    Utilisateur: Caroline Roberge (Administrateur) # CAROLINE [ ]
    Mis à jour le 10/10/10 par El Desaparecido / C_XX
    Lancé à 18:35:39 | 15/10/2010
    Site Web: http://www.teamxscript.org
    Contact: eldesaparecido@arx-services.com

    CPU: AMD Athlon(tm) XP 3200+
    Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702

    Pare-feu Windows: Activé
    Antivirus: avast! Antivirus 5.0.83886757 [Enabled | Updated]
    RAM -> 511 Mo
    C:\ (%systemdrive%) -> Disque fixe # 80 Go (10 Go libre(s) - 12%) [WIN] # NTFS
    D:\ -> Disque fixe # 106 Go (39 Go libre(s) - 37%) [SAUVEGARDE] # NTFS
    E:\ -> CD-ROM
    G:\ -> Disque amovible # 4 Go (4 Go libre(s) - 94%) [] # FAT32
    K:\ -> Disque fixe # 932 Go (820 Go libre(s) - 88%) ["New_Volume"] # NTFS

    ################## | Éléments infectieux |

    Non supprimé ! C:\Program Files\Microsoft\DesktopLayer.exe
    Supprimé! C:\Program Files\Windows
    Supprimé! C:\WINDOWS\system32\qtplugin.exe
    Supprimé! C:\Recycler\S-1-5-21-1177238915-854245398-839522115-1004
    Supprimé! D:\Recycler\S-1-5-21-1177238915-854245398-839522115-1004
    Supprimé! K:\Recycler\S-1-5-21-1177238915-854245398-839522115-1004
    Supprimé! C:\log.txt

    ################## | Registre |

    Supprimé! HKCU\Software\3FWHZQA3LT
    Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
    Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
    Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
    Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|RegistryMonitor1

    ################## | Mountpoints2 |

    ################## | Listing |

    [23/03/2010 - 17:12:34 | D ] C:\$AVG
    [21/01/2010 - 18:01:53 | D ] C:\.jagex_cache_32
    [04/10/2009 - 09:32:10 | D ] C:\21758db0107dc5237803
    [03/10/2009 - 03:00:36 | D ] C:\922950eeda15d359e800b2
    [10/12/2007 - 14:08:52 | N | 0] C:\AUTOEXEC.BAT
    [23/03/2010 - 22:25:52 | N | 216] C:\Boot.bak
    [13/10/2010 - 15:06:57 | N | 332] C:\boot.ini
    [05/08/2004 - 08:00:00 | N | 4952] C:\Bootfont.bin
    [13/10/2010 - 15:06:56 | D ] C:\cmdcons
    [03/08/2004 - 23:00:08 | N | 263488] C:\cmldr
    [15/10/2010 - 00:12:28 | N | 16810] C:\ComboFix.txt
    [15/10/2010 - 10:47:04 | D ] C:\Config.Msi
    [10/12/2007 - 14:08:52 | N | 0] C:\CONFIG.SYS
    [04/02/2010 - 17:18:12 | N | 130] C:\debug.txt
    [08/09/2008 - 14:19:41 | D ] C:\Digidesign Databases
    [21/10/2008 - 08:18:40 | D ] C:\Documents and Settings
    [03/10/2009 - 19:00:29 | D ] C:\ff31594042327b4a736db3a38638e16b
    [26/09/2009 - 15:31:34 | D ] C:\found.000
    [22/08/2010 - 01:55:36 | D ] C:\found.001
    [14/01/2009 - 04:07:58 | D ] C:\Google
    [05/04/2010 - 17:29:57 | N | 5675720] C:\immudebug.log
    [10/12/2007 - 14:08:52 | N | 0] C:\IO.SYS
    [18/04/2008 - 22:42:23 | D ] C:\Magic
    [22/01/2008 - 19:12:54 | D ] C:\MPS
    [10/12/2007 - 14:08:52 | N | 0] C:\MSDOS.SYS
    [10/07/2009 - 22:23:56 | D ] C:\My Download Files
    [03/12/2008 - 08:05:06 | D ] C:\My Games
    [10/05/2010 - 17:41:10 | D ] C:\nDoors
    [05/08/2004 - 08:00:00 | N | 47564] C:\NTDETECT.COM
    [15/09/2008 - 06:03:41 | N | 252240] C:\ntldr
    [23/09/2008 - 14:11:59 | D ] C:\NVIDIA
    [15/10/2010 - 18:03:21 | ASH | 1409286144] C:\pagefile.sys
    [15/10/2010 - 18:44:19 | D ] C:\Program Files
    [15/10/2010 - 00:12:40 | D ] C:\Qoobox
    [15/10/2010 - 18:44:21 | SHD ] C:\RECYCLER
    [13/10/2010 - 18:53:42 | D ] C:\repare
    [13/10/2010 - 18:55:27 | D ] C:\repare1631r
    [15/10/2010 - 00:12:41 | D ] C:\repare28440r
    [06/11/2008 - 02:03:27 | D ] C:\SDFix
    [10/12/2007 - 14:39:32 | D ] C:\softpaq
    [15/07/2009 - 19:01:18 | N | 232] C:\sqmdata00.sqm
    [15/07/2009 - 21:54:29 | N | 232] C:\sqmdata01.sqm
    [16/07/2009 - 16:22:56 | N | 232] C:\sqmdata02.sqm
    [16/07/2009 - 20:51:10 | N | 232] C:\sqmdata03.sqm
    [16/07/2009 - 21:38:51 | N | 232] C:\sqmdata04.sqm
    [17/07/2009 - 05:22:05 | N | 232] C:\sqmdata05.sqm
    [17/07/2009 - 05:59:35 | N | 232] C:\sqmdata06.sqm
    [22/07/2009 - 13:51:59 | N | 268] C:\sqmdata07.sqm
    [25/08/2009 - 17:08:29 | N | 232] C:\sqmdata08.sqm
    [08/09/2009 - 20:52:46 | N | 232] C:\sqmdata09.sqm
    [09/09/2009 - 06:04:26 | N | 232] C:\sqmdata10.sqm
    [20/09/2009 - 07:24:44 | N | 268] C:\sqmdata11.sqm
    [07/09/2009 - 06:39:30 | N | 232] C:\sqmdata12.sqm
    [13/07/2009 - 20:41:21 | N | 232] C:\sqmdata13.sqm
    [14/07/2009 - 06:28:30 | N | 232] C:\sqmdata14.sqm
    [14/07/2009 - 21:10:49 | N | 232] C:\sqmdata15.sqm
    [14/07/2009 - 23:35:26 | N | 232] C:\sqmdata16.sqm
    [15/07/2009 - 06:09:32 | N | 232] C:\sqmdata17.sqm
    [15/07/2009 - 18:29:54 | N | 232] C:\sqmdata18.sqm
    [15/07/2009 - 18:29:59 | N | 232] C:\sqmdata19.sqm
    [15/07/2009 - 19:01:18 | N | 244] C:\sqmnoopt00.sqm
    [15/07/2009 - 21:54:29 | N | 244] C:\sqmnoopt01.sqm
    [16/07/2009 - 16:22:56 | N | 244] C:\sqmnoopt02.sqm
    [16/07/2009 - 20:51:09 | N | 244] C:\sqmnoopt03.sqm
    [16/07/2009 - 21:38:51 | N | 244] C:\sqmnoopt04.sqm
    [17/07/2009 - 05:22:05 | N | 244] C:\sqmnoopt05.sqm
    [17/07/2009 - 05:59:35 | N | 244] C:\sqmnoopt06.sqm
    [22/07/2009 - 13:51:59 | N | 244] C:\sqmnoopt07.sqm
    [25/08/2009 - 17:08:29 | N | 244] C:\sqmnoopt08.sqm
    [08/09/2009 - 20:52:45 | N | 244] C:\sqmnoopt09.sqm
    [09/09/2009 - 06:04:26 | N | 244] C:\sqmnoopt10.sqm
    [20/09/2009 - 07:24:44 | N | 244] C:\sqmnoopt11.sqm
    [07/09/2009 - 06:39:30 | N | 244] C:\sqmnoopt12.sqm
    [13/07/2009 - 20:41:21 | N | 244] C:\sqmnoopt13.sqm
    [14/07/2009 - 06:28:29 | N | 244] C:\sqmnoopt14.sqm
    [14/07/2009 - 21:10:49 | N | 244] C:\sqmnoopt15.sqm
    [14/07/2009 - 23:35:26 | N | 244] C:\sqmnoopt16.sqm
    [15/07/2009 - 06:09:32 | N | 244] C:\sqmnoopt17.sqm
    [15/07/2009 - 18:29:54 | N | 244] C:\sqmnoopt18.sqm
    [15/07/2009 - 18:29:59 | N | 244] C:\sqmnoopt19.sqm
    [11/10/2010 - 11:53:20 | SHD ] C:\System Volume Information
    [11/10/2010 - 14:44:20 | N | 119280] C:\temp.html
    [06/01/2008 - 14:18:24 | D ] C:\UbiSoft
    [15/10/2010 - 18:44:21 | D ] C:\UsbFix
    [15/10/2010 - 18:44:27 | A | 5101] C:\UsbFix.txt
    [10/09/2009 - 21:34:14 | D ] C:\users
    [15/10/2010 - 10:52:21 | D ] C:\WINDOWS
    [09/03/2010 - 17:28:05 | D ] D:\$AVG
    [13/10/2010 - 04:42:43 | D ] D:\2a37893ca5135d59c48cc5
    [08/09/2008 - 14:19:41 | D ] D:\Digidesign Databases
    [03/09/2008 - 00:29:05 | D ] D:\Driver
    [05/09/2001 - 22:00:58 | N | 1700352] D:\gdiplus.dll
    [07/04/2008 - 12:55:36 | D ] D:\Incomplete
    [01/03/2008 - 09:22:50 | D ] D:\language
    [10/04/2010 - 19:04:41 | D ] D:\Ma Music
    [13/10/2010 - 15:24:07 | D ] D:\Mes Documents
    [16/05/2009 - 12:48:52 | D ] D:\Music
    [19/02/2008 - 21:34:50 | D ] D:\MyWorks
    [15/10/2010 - 18:44:21 | SHD ] D:\RECYCLER
    [23/03/2010 - 22:22:00 | SHD ] D:\System Volume Information
    [07/08/2008 - 16:22:42 | N | 377211788] D:\top_setup_1.37.exe.sl
    [07/03/2010 - 18:40:36 | D ] D:\torrent
    [09/12/2007 - 18:17:37 | D ] D:\~MSSETUP.T
    [26/01/2007 - 10:46:36 | D ] G:\.Trashes
    [03/02/2007 - 17:50:12 | N | 678328] G:\33.wav
    [06/09/2009 - 18:37:38 | N | 4867] G:\id30.gp5
    [24/03/2007 - 01:44:40 | N | 15364] G:\.DS_Store
    [03/02/2007 - 12:00:50 | D ] G:\Digidesign Databases
    [03/02/2007 - 17:50:34 | N | 82] G:\._33.wav
    [22/03/2007 - 22:10:48 | N | 82] G:\._dalida3.wav
    [19/02/2007 - 13:20:12 | N | 9974620] G:\-40 en skidoo pas d'casque.wav
    [19/02/2007 - 13:24:16 | N | 82] G:\._-40 en skidoo pas d'casque.wav
    [16/03/2007 - 23:44:26 | N | 29249168] G:\l'homme de fer à cheval.wav
    [19/03/2007 - 14:16:02 | N | 82] G:\._l'homme de fer à cheval.wav
    [19/03/2007 - 14:22:18 | N | 15125632] G:\aéronef.wav
    [19/03/2007 - 14:23:14 | N | 82] G:\._aéronef.wav
    [03/03/2007 - 19:56:50 | N | 14412688] G:\fait toi des backups.wav
    [19/03/2007 - 14:35:18 | N | 82] G:\._fait toi des backups.wav
    [03/03/2007 - 00:24:02 | N | 23478252] G:\La collation dégrade.wav
    [19/03/2007 - 14:35:28 | N | 82] G:\._La collation dégrade.wav
    [25/11/2006 - 20:12:46 | N | 46530614] G:\strange part of life
    [05/02/2007 - 18:44:02 | N | 15125632] G:\oscillation de la constante gravitationnelle.wav
    [19/03/2007 - 14:36:22 | N | 82] G:\._oscillation de la constante gravitationnelle.wav
    [19/03/2007 - 14:40:30 | N | 82] G:\._strange part of life
    [29/03/2007 - 14:49:00 | N | 22541456] G:\Grind the Soap.aif
    [29/03/2007 - 14:48:46 | N | 82] G:\._Grind the Soap.aif
    [22/03/2007 - 22:11:02 | N | 82] G:\._dalida4.wav
    [25/10/2009 - 17:42:16 | N | 23381] G:\id38.gp5
    [22/03/2007 - 22:11:12 | N | 82] G:\._dalida1.wav
    [12/09/2009 - 13:01:38 | N | 7813] G:\id31.gp5
    [22/03/2007 - 22:11:24 | N | 82] G:\._dalida2.wav
    [22/03/2007 - 22:41:24 | N | 23730120] G:\regard.wav
    [22/03/2007 - 22:51:34 | N | 82] G:\._regard.wav
    [06/02/2009 - 12:15:16 | N | 73728] G:\invention de chainsaw.doc
    [03/11/2009 - 14:02:28 | N | 5550] G:\death1.gp5
    [06/02/2009 - 11:38:08 | N | 92146] G:\alexandre valiquette
    [06/02/2009 - 12:15:44 | N | 73728] G:\invention de chainsaw miguel.doc
    [06/02/2009 - 12:17:38 | N | 84480] G:\Dynamite anthony.doc
    [06/02/2009 - 12:23:04 | N | 17890] G:\ATOMIC BOMB !!!!!!!!!!!!!!!!!!!!!!!!!!corey.odt
    [06/02/2009 - 12:26:18 | N | 92262] G:\alexandre valiquette fr.pdf
    [06/02/2009 - 12:26:42 | N | 54907] G:\alexandre valiquette0.pdf
    [06/02/2009 - 12:31:12 | N | 13108] G:\auto alexh.odt
    [11/02/2009 - 14:13:20 | N | 73216] G:\gaétan frisbee.doc
    [22/05/2009 - 08:21:54 | N | 19456] G:\Dictée du 21 mai 2009.doc
    [29/05/2009 - 10:34:14 | N | 21504] G:\Dictée+du29 mai.doc
    [04/06/2009 - 08:15:14 | N | 19968] G:\dictée du 4 juin.doc
    [17/06/2009 - 15:03:34 | D ] G:\bilan mensuel
    [17/06/2009 - 15:04:00 | N | 662528] G:\bilanmartinetjulieetmartine.doc
    [05/09/2009 - 14:59:02 | N | 8064] G:\id29.1.gp5
    [10/07/2009 - 15:28:38 | N | 9299] G:\id27.1.gp5
    [19/12/2009 - 20:11:52 | D ] G:\Polar Fleet
    [19/11/2008 - 16:55:14 | N | 12321] G:\id12.2.gp5
    [29/12/2008 - 12:18:02 | N | 3464] G:\id13.gp5
    [08/12/2008 - 14:31:26 | N | 8037] G:\id14.gp5
    [22/12/2008 - 00:03:00 | N | 12990] G:\id14.1.gp5
    [22/12/2008 - 22:05:38 | N | 14843] G:\id15.gp5
    [18/01/2009 - 18:42:28 | N | 5473] G:\id20.gp5
    [27/12/2008 - 18:28:24 | N | 26903] G:\id16.1.gp5
    [02/01/2009 - 19:29:58 | N | 4562] G:\id17.gp5
    [07/06/2009 - 09:58:02 | N | 11527] G:\id18.gp5
    [16/01/2009 - 13:06:02 | N | 3164] G:\id19.gp5
    [17/06/2009 - 20:17:10 | N | 3619] G:\id26.gp5
    [24/02/2009 - 21:11:04 | N | 1755] G:\id21.1.gp5
    [26/02/2009 - 18:16:44 | N | 2559] G:\id22.gp5
    [07/06/2009 - 08:09:36 | N | 5309] G:\id23.gp5
    [14/11/2009 - 08:23:08 | N | 11044] G:\id24.gp5
    [07/06/2009 - 10:42:24 | N | 8246] G:\id25.gp5
    [15/07/2009 - 13:10:50 | N | 6053] G:\id28.gp5
    [04/12/2009 - 14:18:30 | N | 2568] G:\id41.gp5
    [23/09/2009 - 10:32:10 | N | 6452] G:\id32.gp5
    [25/09/2009 - 17:18:16 | N | 17038] G:\id33.gp5
    [01/10/2009 - 10:41:10 | N | 2797] G:\id34.gp5
    [03/10/2009 - 07:09:54 | N | 11701] G:\id35.gp5
    [13/10/2009 - 18:42:46 | N | 3898] G:\id36.gp5
    [24/10/2009 - 20:09:46 | N | 7650] G:\id37.gp5
    [28/11/2009 - 13:40:00 | N | 4958] G:\id39.gp5
    [04/12/2009 - 14:38:26 | N | 12564] G:\id40.gp5
    [23/12/2009 - 20:43:30 | N | 12398] G:\id42.1.gp5
    [22/12/2009 - 18:52:20 | N | 2221] G:\id43.gp5
    [29/07/2010 - 10:16:14 | N | 17928] G:\embryon20.2!!!.gp5
    [20/10/2009 - 19:51:10 | N | 20625] G:\Embryon29(down tune).1!!!.gp5
    [07/12/2009 - 17:35:52 | N | 16839] G:\embryon30!!!.gp5
    [29/11/2009 - 12:54:36 | N | 24503] G:\embryon32!!!.gp5
    [01/03/2010 - 16:08:00 | N | 19753] G:\Embryon35.1!!!.gp5
    [15/07/2010 - 17:41:18 | N | 6143] G:\Embryon37!!!.gp5
    [30/08/2010 - 19:35:20 | N | 15585] G:\id30!!!.gp5
    [29/07/2010 - 11:51:08 | N | 23897] G:\id33!!!.1.gp5
    [03/10/2009 - 08:09:54 | N | 11701] G:\id35!!!.gp5
    [24/10/2009 - 21:09:46 | N | 7650] G:\id37!!!.gp5
    [25/10/2009 - 18:42:16 | N | 23381] G:\id38!!!.gp5
    [04/12/2009 - 15:38:26 | N | 12564] G:\id40!!!.gp5
    [05/06/2010 - 08:57:02 | N | 14126] G:\id42.1!!!.gp5
    [19/02/2010 - 21:32:16 | N | 1961] G:\id47!!!.gp5
    [07/03/2010 - 19:12:38 | N | 4189] G:\id48!!!.gp5
    [20/03/2010 - 14:31:24 | N | 3568] G:\id49!!!.gp5
    [28/05/2010 - 21:15:54 | N | 20678] G:\id50!!!.gp5
    [15/10/2010 - 08:48:36 | HD ] G:\RECYCLER
    [02/07/2007 - 20:23:04 | N | 39936] G:\cv.doc
    [01/02/2009 - 23:26:36 | N | 34304] G:\Islam.doc
    [15/04/2010 - 21:28:09 | D ] K:\musique
    [15/10/2010 - 18:44:21 | SHD ] K:\RECYCLER
    [15/10/2010 - 18:39:17 | SHD ] K:\System Volume Information

    ################## | Vaccin |

    C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
    D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
    G:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
    K:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

    ################## | Upload |

    Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_CAROLINE.zip
    https://www.ionos.fr/?affiliate_id=77097
    Merci de votre contribution.

    ################## | E.O.F |
    0
  18. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Garde tes clés USB branchés sur le pc puis fait ceci :

    > Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
    - Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie/colle dedans les lignes suivantes :

    Kilall::

    File::
    C:\Program Files\Microsoft\DesktopLayer.exe


    - Enregistre ce fichier sous le nom CFScript
    - Fait un glisser/déposer de ce fichier CFScrïpt sur le fichier ComboFix.exe comme sur cette image. (Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris.) Combofix va démarrer.
    - Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    - Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    - Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
    - Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    Note : Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  19. jappie108 Messages postés 38 Statut Membre
     
    Voici le dernier rapport de scan combofix demandé
    ComboFix 10-10-12.03 - Caroline Roberge 2010-10-16 19:55:03.4.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.269 [GMT -4:00]
    Lancé depuis: c:\documents and settings\Caroline Roberge\Bureau\repare.exe
    Commutateurs utilisés :: c:\documents and settings\Caroline Roberge\Bureau\CFScript.txt.txt

    FILE ::
    "c:\program files\Microsoft\DesktopLayer.exe"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Caroline Roberge\Application Data\Wesytu
    c:\documents and settings\Caroline Roberge\Application Data\Wesytu\xyma.exe
    c:\program files\Microsoft\DesktopLayer.exe
    c:\windows\system32\dmlconf.dat

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-09-17 au 2010-10-17 ))))))))))))))))))))))))))))))))))))
    .

    2010-10-15 12:49 . 2010-10-15 22:44 -------- d-----w- C:\UsbFix
    2010-10-15 04:38 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-15 04:38 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-15 04:38 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-13 21:57 . 2010-10-13 22:53 -------- d-----w- C:\repare
    2010-10-13 02:33 . 2010-10-13 02:33 -------- d-----w- c:\documents and settings\Caroline Roberge\Application Data\XnView
    2010-10-12 22:37 . 2010-10-15 04:31 -------- d-----w- c:\program files\ZHPDiag
    2010-10-12 12:42 . 2010-10-15 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-10-11 16:25 . 2010-10-16 19:25 -------- d-----w- c:\program files\win
    2010-10-11 16:25 . 2010-10-12 13:36 -------- d-----w- c:\program files\tmp
    2010-10-06 02:13 . 2010-10-06 02:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-09-26 21:38 . 2010-09-26 21:38 -------- d-----w- c:\documents and settings\Caroline Roberge\Application Data\Sony Online Entertainment

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-10-13_23.15.08 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-10-16 23:53 . 2010-10-16 23:53 16384 c:\windows\temp\Perflib_Perfdata_1d0.dat
    - 2007-07-18 12:42 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
    + 2007-07-18 12:42 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
    + 2004-08-05 12:00 . 2010-08-27 05:58 99840 c:\windows\system32\srvsvc.dll
    + 2004-08-05 12:00 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
    + 2004-08-05 12:00 . 2010-10-15 14:27 84874 c:\windows\system32\perfc00C.dat
    - 2004-08-05 12:00 . 2010-10-12 17:36 84874 c:\windows\system32\perfc00C.dat
    - 2004-08-05 12:00 . 2010-10-12 17:36 71374 c:\windows\system32\perfc009.dat
    + 2004-08-05 12:00 . 2010-10-15 14:27 71374 c:\windows\system32\perfc009.dat
    - 2004-08-05 12:00 . 2009-03-08 08:31 66560 c:\windows\system32\mshtmled.dll
    + 2004-08-05 12:00 . 2010-09-10 05:50 66560 c:\windows\system32\mshtmled.dll
    - 2009-03-08 08:31 . 2010-05-06 10:33 55296 c:\windows\system32\msfeedsbs.dll
    + 2009-03-08 08:31 . 2010-09-10 05:50 55296 c:\windows\system32\msfeedsbs.dll
    + 2004-08-05 12:00 . 2010-09-10 05:50 43520 c:\windows\system32\licmgr10.dll
    + 2004-08-05 12:00 . 2010-09-10 05:50 25600 c:\windows\system32\jsproxy.dll
    - 2004-08-05 12:00 . 2010-05-06 10:33 25600 c:\windows\system32\jsproxy.dll
    + 2010-05-25 15:40 . 2010-09-10 05:50 12800 c:\windows\system32\dllcache\xpshims.dll
    - 2010-05-25 15:40 . 2010-05-06 10:33 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2010-08-27 05:58 . 2010-08-27 05:58 99840 c:\windows\system32\dllcache\srvsvc.dll
    + 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
    + 2009-03-08 08:31 . 2010-09-10 05:50 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2009-03-08 08:31 . 2009-03-08 08:31 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2010-05-25 15:40 . 2010-05-06 10:33 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2010-05-25 15:40 . 2010-09-10 05:50 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2009-03-08 08:34 . 2010-09-10 05:50 43520 c:\windows\system32\dllcache\licmgr10.dll
    + 2009-03-08 08:33 . 2010-09-10 05:50 25600 c:\windows\system32\dllcache\jsproxy.dll
    - 2009-03-08 08:33 . 2010-05-06 10:33 25600 c:\windows\system32\dllcache\jsproxy.dll
    - 2010-03-23 09:31 . 2010-03-23 09:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2010-09-22 13:43 . 2010-09-22 13:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2010-09-23 19:55 . 2010-09-23 19:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
    + 2010-09-23 06:26 . 2010-09-23 06:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    - 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    - 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2010-09-23 06:26 . 2010-09-23 06:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2010-09-23 06:26 . 2010-09-23 06:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2010-09-23 07:17 . 2010-09-23 07:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2010-09-23 07:17 . 2010-09-23 07:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    - 2003-02-20 23:19 . 2003-02-20 23:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    + 2007-12-10 19:19 . 2010-10-15 14:13 23040 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2007-12-10 19:19 . 2010-05-22 23:08 23040 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2007-12-10 19:19 . 2010-05-22 23:08 61440 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2007-12-10 19:19 . 2010-10-15 14:13 61440 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2007-12-10 19:19 . 2010-05-22 23:08 27136 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2007-12-10 19:19 . 2010-10-15 14:13 27136 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2007-12-10 19:19 . 2010-10-15 14:13 11264 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2007-12-10 19:19 . 2010-05-22 23:08 11264 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2007-12-10 19:19 . 2010-05-22 23:08 86016 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2007-12-10 19:19 . 2010-10-15 14:13 86016 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2007-12-10 19:19 . 2010-10-15 14:13 12288 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2007-12-10 19:19 . 2010-05-22 23:08 12288 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2010-06-07 22:39 . 2010-10-15 14:20 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    - 2010-06-07 22:39 . 2010-06-07 22:39 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2010-10-15 14:22 . 2010-05-06 10:33 12800 c:\windows\ie8updates\KB2360131-IE8\xpshims.dll
    + 2010-10-15 14:22 . 2009-03-08 08:31 66560 c:\windows\ie8updates\KB2360131-IE8\mshtmled.dll
    + 2010-10-15 14:22 . 2010-05-06 10:33 55296 c:\windows\ie8updates\KB2360131-IE8\msfeedsbs.dll
    + 2010-10-15 14:22 . 2009-03-08 08:34 43008 c:\windows\ie8updates\KB2360131-IE8\licmgr10.dll
    + 2010-10-15 14:22 . 2010-05-06 10:33 25600 c:\windows\ie8updates\KB2360131-IE8\jsproxy.dll
    + 2010-10-15 14:09 . 2010-10-15 14:09 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_1353d0f5\System.Drawing.Design.dll
    + 2010-10-15 14:09 . 2010-10-15 14:09 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2dfb9d63\CustomMarshalers.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\dd5ce29ac227f3d0fd81b84621a57477\WindowsLiveWriter.ni.exe
    + 2010-10-15 14:56 . 2010-10-15 14:56 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\67a565eaa748e11f0953953cbdcd4e72\WindowsLive.Writer.Api.ni.dll
    + 2010-10-15 14:35 . 2010-10-15 14:35 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
    + 2010-10-15 14:58 . 2010-10-15 14:58 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
    + 2010-10-15 14:58 . 2010-10-15 14:58 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
    + 2010-10-15 14:30 . 2010-10-15 14:30 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
    + 2010-10-15 14:28 . 2010-10-15 14:28 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
    + 2010-10-15 14:58 . 2010-10-15 14:58 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\272d51526813ea113970b8e890c92ee2\Microsoft.VisualC.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
    + 2010-10-15 14:54 . 2010-10-15 14:54 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2010-10-15 14:08 . 2010-10-15 14:08 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
    + 2010-10-15 14:14 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980436\update\spcustom.dll
    + 2010-10-15 14:14 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB980436\spmsg.dll
    + 2010-10-15 14:10 . 2010-02-22 14:25 26488 c:\windows\$hf_mig$\KB2286198\update\spcustom.dll
    + 2010-10-15 14:10 . 2010-02-22 14:25 18296 c:\windows\$hf_mig$\KB2286198\spmsg.dll
    + 2010-10-15 14:30 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2115168\update\spcustom.dll
    + 2010-10-15 14:30 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB2115168\spmsg.dll
    + 2010-10-15 14:29 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2079403\update\spcustom.dll
    + 2010-10-15 14:29 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB2079403\spmsg.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2008-05-05 11:25 . 2010-08-27 01:43 5632 c:\windows\system32\xpsp4res.dll
    + 2007-12-10 19:19 . 2010-10-15 14:13 4096 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2007-12-10 19:19 . 2010-05-22 23:08 4096 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2010-10-15 14:26 . 2010-10-15 14:26 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2004-08-05 12:00 . 2010-06-18 17:45 293888 c:\windows\system32\winsrv.dll
    - 2004-08-05 12:00 . 2008-04-14 02:33 293888 c:\windows\system32\winsrv.dll
    - 2004-08-05 12:00 . 2010-05-06 10:33 916480 c:\windows\system32\wininet.dll
    + 2004-08-05 12:00 . 2010-09-10 05:50 916480 c:\windows\system32\wininet.dll
    + 2004-08-05 12:00 . 2010-04-16 15:38 406016 c:\windows\system32\usp10.dll
    - 2004-08-05 12:00 . 2008-04-14 02:33 406016 c:\windows\system32\usp10.dll
    + 2004-08-05 12:00 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
    - 2004-08-05 12:00 . 2009-10-15 16:32 119808 c:\windows\system32\t2embed.dll
    + 2004-08-05 12:00 . 2010-06-30 12:32 149504 c:\windows\system32\schannel.dll
    + 2004-08-05 12:00 . 2010-08-16 08:44 590848 c:\windows\system32\rpcrt4.dll
    + 2004-08-05 12:00 . 2010-10-15 14:27 510656 c:\windows\system32\perfh00C.dat
    - 2004-08-05 12:00 . 2010-10-12 17:36 510656 c:\windows\system32\perfh00C.dat
    - 2004-08-05 12:00 . 2010-10-12 17:36 441438 c:\windows\system32\perfh009.dat
    + 2004-08-05 12:00 . 2010-10-15 14:27 441438 c:\windows\system32\perfh009.dat
    - 2004-08-05 12:00 . 2010-05-06 10:33 206848 c:\windows\system32\occache.dll
    + 2004-08-05 12:00 . 2010-09-10 05:50 206848 c:\windows\system32\occache.dll
    + 2004-08-05 12:00 . 2010-09-10 05:50 611840 c:\windows\system32\mstime.dll
    - 2004-08-05 12:00 . 2010-05-06 10:33 611840 c:\windows\system32\mstime.dll
    + 2009-03-08 08:32 . 2010-09-10 05:50 602112 c:\windows\system32\msfeeds.dll
    - 2006-10-19 01:47 . 2006-10-19 01:47 317440 c:\windows\system32\MP4SDECD.dll
    + 2006-10-19 01:47 . 2010-03-30 16:24 317440 c:\windows\system32\mp4sdecd.dll
    + 2004-08-05 12:00 . 2010-09-18 16:23 974848 c:\windows\system32\mfc42u.dll
    + 2004-08-05 12:00 . 2010-09-18 06:53 974848 c:\windows\system32\mfc42.dll
    + 2004-08-05 12:00 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
    + 2004-08-05 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
    + 2007-12-10 18:06 . 2010-06-09 07:44 692736 c:\windows\system32\inetcomm.dll
    + 2004-08-05 12:00 . 2010-09-10 05:50 184320 c:\windows\system32\iepeers.dll
    - 2004-08-05 12:00 . 2010-05-06 10:33 184320 c:\windows\system32\iepeers.dll
    + 2004-08-05 12:00 . 2010-09-10 05:50 387584 c:\windows\system32\iedkcs32.dll
    - 2004-08-05 12:00 . 2010-05-06 10:33 387584 c:\windows\system32\iedkcs32.dll
    + 2004-08-05 12:00 . 2010-08-26 12:22 173056 c:\windows\system32\ie4uinit.exe
    - 2004-08-05 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
    + 2004-08-05 12:00 . 2010-08-26 13:39 357248 c:\windows\system32\drivers\srv.sys
    + 2009-10-02 02:39 . 2010-07-16 12:04 221696 c:\windows\system32\dllcache\wordpad.exe
    + 2010-06-18 17:45 . 2010-06-18 17:45 293888 c:\windows\system32\dllcache\winsrv.dll
    + 2008-04-21 06:43 . 2010-09-10 05:50 916480 c:\windows\system32\dllcache\wininet.dll
    - 2008-04-21 06:43 . 2010-05-06 10:33 916480 c:\windows\system32\dllcache\wininet.dll
    + 2010-04-16 15:38 . 2010-04-16 15:38 406016 c:\windows\system32\dllcache\usp10.dll
    + 2009-07-29 04:35 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
    - 2009-07-29 04:35 . 2009-10-15 16:32 119808 c:\windows\system32\dllcache\t2embed.dll
    + 2008-10-15 18:01 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
    + 2008-12-05 06:57 . 2010-06-30 12:32 149504 c:\windows\system32\dllcache\schannel.dll
    + 2009-04-15 14:53 . 2010-08-16 08:44 590848 c:\windows\system32\dllcache\rpcrt4.dll
    + 2009-03-08 08:34 . 2010-09-10 05:50 206848 c:\windows\system32\dllcache\occache.dll
    - 2009-03-08 08:34 . 2010-05-06 10:33 206848 c:\windows\system32\dllcache\occache.dll
    - 2009-03-08 08:32 . 2010-05-06 10:33 611840 c:\windows\system32\dllcache\mstime.dll
    + 2009-03-08 08:32 . 2010-09-10 05:50 611840 c:\windows\system32\dllcache\mstime.dll
    + 2010-05-25 15:40 . 2010-09-10 05:50 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2010-03-30 16:24 . 2010-03-30 16:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
    + 2004-08-05 12:00 . 2010-09-18 16:23 974848 c:\windows\system32\dllcache\mfc42u.dll
    + 2004-08-05 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
    + 2008-08-13 03:08 . 2010-06-09 07:44 692736 c:\windows\system32\dllcache\inetcomm.dll
    + 2010-05-25 15:40 . 2010-09-10 05:50 247808 c:\windows\system32\dllcache\ieproxy.dll
    - 2010-05-25 15:40 . 2010-05-06 10:33 247808 c:\windows\system32\dllcache\ieproxy.dll
    - 2009-03-08 08:31 . 2010-05-06 10:33 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2009-03-08 08:31 . 2010-09-10 05:50 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2010-06-24 16:00 . 2010-09-10 05:50 743424 c:\windows\system32\dllcache\iedvtool.dll
    - 2010-06-24 16:00 . 2010-05-06 10:33 743424 c:\windows\system32\dllcache\iedvtool.dll
    + 2009-03-08 18:09 . 2010-09-10 05:50 387584 c:\windows\system32\dllcache\iedkcs32.dll
    - 2009-03-08 18:09 . 2010-05-06 10:33 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2009-03-08 08:32 . 2010-08-26 12:22 173056 c:\windows\system32\dllcache\ie4uinit.exe
    - 2009-03-08 08:32 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
    + 2010-09-09 09:56 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
    + 2010-04-20 05:30 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll
    - 2004-08-05 12:00 . 2008-04-14 02:33 617472 c:\windows\system32\comctl32.dll
    + 2004-08-05 12:00 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
    + 2004-08-05 12:00 . 2010-09-01 11:51 285824 c:\windows\system32\atmfd.dll
    + 2007-12-10 18:06 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    - 2007-12-10 18:06 . 2008-04-14 02:34 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    - 2010-03-23 09:31 . 2010-03-23 09:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2010-09-22 13:43 . 2010-09-22 13:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2010-05-11 10:40 . 2010-05-11 10:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2010-05-11 10:40 . 2010-05-11 10:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    - 2009-08-08 03:51 . 2009-08-08 03:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    - 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    + 2010-09-23 06:26 . 2010-09-23 06:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    - 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    + 2010-09-23 06:25 . 2010-09-23 06:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    - 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2010-09-23 07:17 . 2010-09-23 07:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2010-09-24 01:02 . 2010-09-24 01:02 798208 c:\windows\Installer\1f29431.msp
    - 2007-12-10 19:19 . 2010-05-22 23:08 409600 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2007-12-10 19:19 . 2010-10-15 14:13 409600 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2007-12-10 19:19 . 2010-10-15 14:13 286720 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2007-12-10 19:19 . 2010-05-22 23:08 286720 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2007-12-10 19:19 . 2010-10-15 14:13 249856 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2007-12-10 19:19 . 2010-05-22 23:08 249856 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2007-12-10 19:19 . 2010-05-22 23:08 794624 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2007-12-10 19:19 . 2010-10-15 14:13 794624 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2007-12-10 19:19 . 2010-05-22 23:08 135168 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2007-12-10 19:19 . 2010-10-15 14:13 135168 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2007-12-10 19:19 . 2010-10-15 14:13 593920 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
    - 2007-12-10 19:19 . 2010-05-22 23:08 593920 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2010-10-15 14:22 . 2010-05-06 10:33 916480 c:\windows\ie8updates\KB2360131-IE8\wininet.dll
    + 2010-10-15 14:22 . 2010-07-05 13:17 406392 c:\windows\ie8updates\KB2360131-IE8\spuninst\updspapi.dll
    + 2010-10-15 14:22 . 2009-05-26 09:01 234872 c:\windows\ie8updates\KB2360131-IE8\spuninst\spuninst.exe
    + 2010-10-15 14:22 . 2010-05-06 10:33 206848 c:\windows\ie8updates\KB2360131-IE8\occache.dll
    + 2010-10-15 14:22 . 2010-05-06 10:33 611840 c:\windows\ie8updates\KB2360131-IE8\mstime.dll
    + 2010-10-15 14:22 . 2010-05-06 10:33 599040 c:\windows\ie8updates\KB2360131-IE8\msfeeds.dll
    + 2010-10-15 14:22 . 2010-05-06 10:33 247808 c:\windows\ie8updates\KB2360131-IE8\ieproxy.dll
    + 2010-10-15 14:22 . 2010-05-06 10:33 184320 c:\windows\ie8updates\KB2360131-IE8\iepeers.dll
    + 2010-10-15 14:22 . 2010-05-06 10:33 743424 c:\windows\ie8updates\KB2360131-IE8\iedvtool.dll
    + 2010-10-15 14:22 . 2010-05-06 10:33 387584 c:\windows\ie8updates\KB2360131-IE8\iedkcs32.dll
    + 2010-10-15 14:22 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2360131-IE8\ie4uinit.exe
    + 2010-10-15 14:09 . 2010-10-15 14:09 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_647677f5\System.Drawing.dll
    + 2010-10-15 14:09 . 2010-10-15 14:09 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_63831fe5\System.Drawing.Design.dll
    + 2010-10-15 14:09 . 2010-10-15 14:09 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_73efd937\CustomMarshalers.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
    + 2010-10-15 14:56 . 2010-10-15 14:56 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\f39d526b39e8928e719d9ce8a971383e\WindowsLiveLocal.WriterPlugin.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f06626ccee27150b618f6ff8e4b83dba\WindowsLive.Writer.Extensibility.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e0e45d40fad4c1b13c93dbd1268410f3\WindowsLive.Writer.Passport.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d0916f4cf87dafdf941b66056dd0e005\WindowsLive.Writer.BlogClient.ni.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c46d84073499887c745801bda334c97f\WindowsLive.Writer.Interop.SHDocVw.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa7ddbdf38e8a7129fb0befd951897f5\WindowsLive.Writer.HtmlEditor.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8f73472385b353ebd6010d02ad42b2b6\WindowsLive.Writer.SpellChecker.ni.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7619247d1c0a0779042423940f5f93de\WindowsLive.Writer.HtmlParser.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56faab9a03f8863e76f75d8b6c70185b\WindowsLive.Writer.Localization.ni.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4844cd1fac89240407ab5e2a4fe9c518\WindowsLive.Writer.BrowserControl.ni.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\482300ac4d48e5c77dc319ec489e6bfc\WindowsLive.Writer.Interop.Mshtml.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\436529704b6c85b97f68a5489dc82ab2\WindowsLive.Writer.FileDestinations.ni.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3dce78aa75f081de7ad7cd480e64167a\WindowsLive.Writer.Interop.ni.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1931e1807dc35a71bda7ce8b517c84ef\WindowsLive.Writer.Controls.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\18a657bcf90f1a3340e7e33ea4dad4c9\WindowsLive.Writer.Mshtml.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\088f2a6fd9107021e9b80ecc5c832334\WindowsLive.Writer.Instrumentation.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\4db92179406aa5a642aca6165defa8fe\WindowsLive.Client.ni.dll
    + 2010-10-15 14:35 . 2010-10-15 14:35 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
    + 2010-10-15 14:35 . 2010-10-15 14:35 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
    + 2010-10-15 14:35 . 2010-10-15 14:35 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
    + 2010-10-15 14:58 . 2010-10-15 14:58 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
    + 2010-10-15 14:58 . 2010-10-15 14:58 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
    + 2010-10-15 14:58 . 2010-10-15 14:58 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
    + 2010-10-15 14:58 . 2010-10-15 14:58 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
    + 2010-10-15 14:58 . 2010-10-15 14:58 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
    + 2010-10-15 14:58 . 2010-10-15 14:58 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
    + 2010-10-15 14:58 . 2010-10-15 14:58 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a140e8da81b3af34c864ad851fe150fd\System.Runtime.Remoting.ni.dll
    + 2010-10-15 14:58 . 2010-10-15 14:58 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
    + 2010-10-15 14:58 . 2010-10-15 14:58 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
    + 2010-10-15 14:58 . 2010-10-15 14:58 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
    + 2010-10-15 14:54 . 2010-10-15 14:54 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
    + 2010-10-15 14:54 . 2010-10-15 14:54 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
    + 2010-10-15 14:33 . 2010-10-15 14:33 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
    + 2010-10-15 14:57 . 2010-10-15 14:57 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
    + 2010-10-15 14:57 . 2010-10-15 14:57 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
    + 2010-10-15 14:57 . 2010-10-15 14:57 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
    + 2010-10-15 14:57 . 2010-10-15 14:57 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
    + 2010-10-15 14:56 . 2010-10-15 14:56 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
    + 2010-10-15 14:31 . 2010-10-15 14:31 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
    + 2010-10-15 14:31 . 2010-10-15 14:31 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
    + 2010-10-15 14:31 . 2010-10-15 14:31 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
    + 2010-10-15 14:31 . 2010-10-15 14:31 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
    + 2010-10-15 14:56 . 2010-10-15 14:56 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
    + 2010-10-15 14:54 . 2010-10-15 14:54 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2010-10-12 17:25 . 2010-10-12 17:25 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2010-10-15 14:26 . 2010-10-15 14:26 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2010-10-15 14:14 . 2009-05-26 11:40 406392 c:\windows\$hf_mig$\KB980436\update\updspapi.dll
    + 2010-10-15 14:14 . 2009-05-26 11:40 767352 c:\windows\$hf_mig$\KB980436\update\update.exe
    + 2010-10-15 14:14 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB980436\spuninst.exe
    + 2010-06-30 12:24 . 2010-06-30 12:24 149504 c:\windows\$hf_mig$\KB980436\SP3QFE\schannel.dll
    + 2010-10-15 14:10 . 2010-02-22 14:25 406392 c:\windows\$hf_mig$\KB2286198\update\updspapi.dll
    + 2010-10-15 14:10 . 2010-02-22 14:25 767352 c:\windows\$hf_mig$\KB2286198\update\update.exe
    + 2010-10-15 14:10 . 2010-02-22 14:25 234872 c:\windows\$hf_mig$\KB2286198\spuninst.exe
    + 2010-10-15 14:30 . 2009-05-26 11:40 406392 c:\windows\$hf_mig$\KB2115168\update\updspapi.dll
    + 2010-10-15 14:30 . 2009-05-26 11:40 767352 c:\windows\$hf_mig$\KB2115168\update\update.exe
    + 2010-10-15 14:30 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB2115168\spuninst.exe
    + 2010-10-15 14:29 . 2009-05-26 11:40 406392 c:\windows\$hf_mig$\KB2079403\update\updspapi.dll
    + 2010-10-15 14:29 . 2009-05-26 11:40 767352 c:\windows\$hf_mig$\KB2079403\update\update.exe
    + 2010-10-15 14:29 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB2079403\spuninst.exe
    + 2010-10-15 04:38 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    + 2004-08-05 12:00 . 2010-09-01 07:55 1852928 c:\windows\system32\win32k.sys
    + 2004-08-05 12:00 . 2010-09-10 05:50 1210880 c:\windows\system32\urlmon.dll
    + 2004-08-05 12:00 . 2010-07-27 06:30 8518656 c:\windows\system32\shell32.dll
    + 2004-08-05 12:00 . 2010-07-16 12:06 1287680 c:\windows\system32\ole32.dll
    + 2004-08-05 12:00 . 2010-04-28 18:13 2192000 c:\windows\system32\ntoskrnl.exe
    + 2004-08-04 00:48 . 2010-04-28 05:43 2068864 c:\windows\system32\ntkrnlpa.exe
    - 2004-08-05 12:00 . 2009-07-31 04:33 1172480 c:\windows\system32\msxml3.dll
    + 2004-08-05 12:00 . 2010-06-14 07:42 1172480 c:\windows\system32\msxml3.dll
    + 2004-08-05 12:00 . 2010-09-10 05:50 5957120 c:\windows\system32\mshtml.dll
    + 2009-03-08 08:32 . 2010-09-10 05:50 1986560 c:\windows\system32\iertutil.dll
    - 2007-12-10 12:55 . 2010-08-04 04:33 1494792 c:\windows\system32\FNTCACHE.DAT
    + 2007-12-10 12:55 . 2010-10-15 14:47 1494792 c:\windows\system32\FNTCACHE.DAT
    + 2008-10-15 18:01 . 2010-09-01 07:55 1852928 c:\windows\system32\dllcache\win32k.sys
    + 2008-06-26 08:13 . 2010-09-10 05:50 1210880 c:\windows\system32\dllcache\urlmon.dll
    + 2008-06-17 19:02 . 2010-07-27 06:30 8518656 c:\windows\system32\dllcache\shell32.dll
    + 2010-07-16 12:06 . 2010-07-16 12:06 1287680 c:\windows\system32\dllcache\ole32.dll
    + 2008-10-15 18:01 . 2010-04-28 18:13 2192000 c:\windows\system32\dllcache\ntoskrnl.exe
    + 2008-10-15 18:01 . 2010-04-28 05:43 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2008-10-15 18:01 . 2010-04-28 05:43 2068864 c:\windows\system32\dllcache\ntkrnlpa.exe
    + 2008-10-15 18:01 . 2010-04-28 05:43 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2008-11-12 04:23 . 2010-06-14 07:42 1172480 c:\windows\system32\dllcache\msxml3.dll
    - 2008-11-12 04:23 . 2009-07-31 04:33 1172480 c:\windows\system32\dllcache\msxml3.dll
    + 2008-04-21 06:43 . 2010-09-10 05:50 5957120 c:\windows\system32\dllcache\mshtml.dll
    + 2010-03-10 23:49 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
    - 2010-03-10 23:49 . 2008-04-14 02:34 3558912 c:\windows\system32\dllcache\moviemk.exe
    + 2010-05-25 15:40 . 2010-09-10 05:50 1986560 c:\windows\system32\dllcache\iertutil.dll
    - 2010-03-23 09:32 . 2010-03-23 09:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2010-09-22 13:44 . 2010-09-22 13:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    - 2009-08-08 03:51 . 2009-08-08 03:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2010-05-11 10:40 . 2010-05-11 10:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2010-05-11 10:40 . 2010-05-11 10:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2010-09-23 19:55 . 2010-09-23 19:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    - 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    + 2010-09-23 19:55 . 2010-09-23 19:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    - 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    - 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    + 2010-09-23 06:26 . 2010-09-23 06:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    - 2008-05-28 04:48 . 2008-05-28 04:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    + 2010-09-23 06:25 . 2010-09-23 06:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    + 2010-09-23 19:55 . 2010-09-23 19:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    - 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2010-09-23 11:39 . 2010-09-23 11:39 4265472 c:\windows\Installer\1f29413.msp
    + 2010-10-04 20:32 . 2010-10-04 20:32 5517824 c:\windows\Installer\1f29408.msp
    + 2010-10-15 14:22 . 2010-05-06 10:33 1209344 c:\windows\ie8updates\KB2360131-IE8\urlmon.dll
    + 2010-10-15 14:22 . 2010-05-06 10:33 5950976 c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
    + 2010-10-15 14:22 . 2010-05-06 10:33 1985536 c:\windows\ie8updates\KB2360131-IE8\iertutil.dll
    + 2008-10-15 18:01 . 2010-04-28 18:13 2192000 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2008-10-15 18:01 . 2010-04-28 05:43 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2008-10-15 18:01 . 2010-04-28 05:43 2068864 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2008-10-15 18:01 . 2010-04-28 05:43 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2010-10-15 14:09 . 2010-10-15 14:09 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_d18faf34\System.dll
    + 2010-10-15 14:09 . 2010-10-15 14:09 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2b126a9e\System.dll
    + 2010-10-15 14:09 . 2010-10-15 14:09 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e740b9f6\System.Xml.dll
    + 2010-10-15 14:09 . 2010-10-15 14:09 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_56f19df4\System.Xml.dll
    + 2010-10-15 14:09 . 2010-10-15 14:09 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b2e5efed\System.Windows.Forms.dll
    + 2010-10-15 14:09 . 2010-10-15 14:09 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6e1b4efd\System.Windows.Forms.dll
    + 2010-10-15 14:10 . 2010-10-15 14:10 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_5b875d1e\System.Drawing.dll
    + 2010-10-15 14:09 . 2010-10-15 14:09 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_6f0f35de\System.Design.dll
    + 2010-10-15 14:09 . 2010-10-15 14:09 1466368 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_17014ac2\System.Design.dll
    + 2010-10-15 14:10 . 2010-10-15 14:10 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_af9087af\mscorlib.dll
    + 2010-10-15 14:09 . 2010-10-15 14:09 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1839f775\mscorlib.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d13674449b3ae21327820bddbd7e445f\WindowsLive.Writer.PostEditor.ni.dll
    + 2010-10-15 14:55 . 2010-10-15 14:55 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c266f56473a94ee07c092381c2ff9522\WindowsLive.Writer.CoreServices.ni.dll
    + 2010-10-15 14:56 . 2010-10-15 14:56 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ba732eb3a84c96e8bf60495395efbfac\WindowsLive.Writer.ApplicationFramework.ni.dll
    + 2010-10-15 14:28 . 2010-10-15 14:28 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
    + 2010-10-15 14:35 . 2010-10-15 14:35 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
    + 2010-10-15 14:28 . 2010-10-15 14:28 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
    + 2010-10-15 14:35 . 2010-10-15 14:35 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
    + 2010-10-15 14:58 . 2010-10-15 14:58 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
    + 2010-10-15 14:58 . 2010-10-15 14:58 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
    + 2010-10-15 14:58 . 2010-10-15 14:58 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
    + 2010-10-15 14:58 . 2010-10-15 14:58 2992640 c:\windows\asse
    0
  20. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Le rapport Combofix n'est pas complet ...Héberge le comme avec ZhpDiag si besoin -;)
    0
  21. jappie108 Messages postés 38 Statut Membre
     
    Voici le lien
    http://www.cijoint.fr/cjlink.php?file=cj201010/cijOnfwC6M.txt
    0
  • 1
  • 2
  • 3