Problemes avec avast 5 [Résolu/Fermé]

Signaler
Messages postés
38
Date d'inscription
mardi 12 octobre 2010
Statut
Membre
Dernière intervention
11 octobre 2011
-
Messages postés
38
Date d'inscription
mardi 12 octobre 2010
Statut
Membre
Dernière intervention
11 octobre 2011
-
Bonjour,





J'ai besoin de votre aide!!!! J'ai telecharger avast 5 sur le web, puis j'ai fait un scan rapide. Résultats, 15 000 fichiers infectés, VBS:Dropper-gen[Trj]. On me suggere de les mettre en quarantaine, mais ensuite on me dit espace insuffisant sur le disque (?)

Par la suite, plusieurs fichiers de mon ordinateur ne fontionnent plus, des jeux par exemple. que puis-je faire?? Est-ce que je dois recuperer les fichiers en quarantaine et recommencer avec un autre anti-virus??

De plus, apres le scan, avast me dit que je dois le (rétablir) Je le fais mais ca ne fonctionne pas :(
J'ai peur que si je deinstalle avast, je perd tout ce qu'il a mis en quarantaine!!
Merci de m'aidée, je n'y comprend plus rien!!!

52 réponses

Messages postés
13404
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 164
Bonsoir,

Peux tu me coller le dernier rapport de Avast ainsi que ceci :

Télécharge ZhpDiag de Nicolas Coolman .

Une fois le téléchargement achevé, double clique sur ZHPDiag.exe(clic droit ,"éxécuter en tant qu'administrateur" pour Vista).

Une fois installé le programme s'ouvre automatiquement .

Clique sur la loupe pour lancer l'analyse.

A la fin de l'analyse, clique sur la "disquette" (enregistrer sous..) .

Rend toi sur ce site : http://www.cijoint.fr/index.php

Clique sur parcourir et sélectionne le fichier ZhpDiag.txt .

Un lien va etre créer ,poste ce lien dans ta prochaine réponse.

Messages postés
38
Date d'inscription
mardi 12 octobre 2010
Statut
Membre
Dernière intervention
11 octobre 2011

Merci de m'avoir repondu si rapidement!

Je t'envoie le resultat de l'analyse de ZHPDiag.

http://www.cijoint.fr/cjlink.php?file=cj201010/cijzSq4t95.txt

Pour le rapport de avast, je suis incapable de transmettre le message, de faire un copier/coller. Je tente encore de le faire et te l'envoie si possible, a moins que tu ne saches un autre secret que je ne connait pas!

Merci, Jappie108
Messages postés
13404
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 164
Je regarde ton rapport et te donne la suite ce soir .
Messages postés
13404
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 164
Normal que Avast s'affole au vu du nombre d'infections que tu trimbale :)

On a du boulot sur la planche :

Télécharges ComboFix à partir d'un de ces liens :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Et important, enregistre le sur le bureau.

Avant d'utiliser ComboFix :

? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
la protection en temps réel de ton Antivirus et de tes Antispywares,
qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.


Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt,.
est automatiquement sauvegardé et rangé à C:\Combofix.txt)

? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares,
avant de te reconnecter à internet.

? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Messages postés
38
Date d'inscription
mardi 12 octobre 2010
Statut
Membre
Dernière intervention
11 octobre 2011

Bon, désolée, ce fut assez long!! Tu vois que je ne suis pas une pro ;)
Tiens-toi bien, voici le rapport de ComboFix.
ComboFix 10-10-12.03 - Caroline Roberge 2010-10-13 15:13:41.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.272 [GMT -4:00]
Lancé depuis: c:\documents and settings\Caroline Roberge\Bureau\repare.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
c:\documents and settings\All Users\Documents\Server\admin.txt
c:\documents and settings\All Users\Documents\Server\server.dat
c:\documents and settings\All Users\Menu Démarrer\Programmes\ADSTechnology
c:\documents and settings\All Users\Menu Démarrer\Programmes\ADSTechnology\ADSTechnology.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\ADSTechnology\Uninstall.lnk
c:\documents and settings\Caroline Roberge\Application Data\Ekexe\paog.exe
c:\documents and settings\Caroline Roberge\Application Data\PriceGong
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Caroline Roberge\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Caroline Roberge\Local Settings\Application Data\ceyao_nav.dat
c:\documents and settings\Caroline Roberge\Local Settings\Application Data\ceyao_navps.dat
C:\mtwb.dat
c:\program files\ActivationManager
c:\program files\ADSTechnology
c:\program files\ADSTechnology\Uninstall.exe
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\1.bat
c:\program files\Fast Browser Search\about.html
c:\program files\Fast Browser Search\affid.dat
c:\program files\Fast Browser Search\basis.xml
c:\program files\Fast Browser Search\basis_br.xml
c:\program files\Fast Browser Search\basis_de.xml
c:\program files\Fast Browser Search\basis_en.xml
c:\program files\Fast Browser Search\basis_es.xml
c:\program files\Fast Browser Search\basis_fr.xml
c:\program files\Fast Browser Search\basis_it.xml
c:\program files\Fast Browser Search\basis_nr.xml
c:\program files\Fast Browser Search\basis_pt.xml
c:\program files\Fast Browser Search\basis_ru.xml
c:\program files\Fast Browser Search\basis_tr.xml
c:\program files\Fast Browser Search\ClearRecycleBin.exe
c:\program files\Fast Browser Search\error.html
c:\program files\Fast Browser Search\FBSPlugin.dll
c:\program files\Fast Browser Search\fbsProtection.xml
c:\program files\Fast Browser Search\FbsSearchProvider.xml
c:\program files\Fast Browser Search\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\FBStoolbar.dll
c:\program files\Fast Browser Search\fbstoolbar.jar
c:\program files\Fast Browser Search\fbstoolbar.manifest
c:\program files\Fast Browser Search\icons.bmp
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\fbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\info.txt
c:\program files\Fast Browser Search\local.xml
c:\program files\Fast Browser Search\logobg.bmp
c:\program files\Fast Browser Search\MTWBtoolbar.html
c:\program files\Fast Browser Search\search.bmp
c:\program files\Fast Browser Search\search_br.bmp
c:\program files\Fast Browser Search\search_de.bmp
c:\program files\Fast Browser Search\search_es.bmp
c:\program files\Fast Browser Search\uninstall.exe
c:\program files\Fast Browser Search\uninstalSGPU.exe
c:\program files\Fast Browser Search\update.exe
c:\program files\Fast Browser Search\version.txt
c:\program files\Microsoft\DesktopLayer.exe
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\SGPSA
c:\windows\system32\dmlconf.dat
c:\windows\system32\gT2cuVPL.exe.a_a
c:\windows\system32\qtplugin.exe
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Temp\scsE.tmp
d:\mes documents\DPE.DUS

Une copie infectée de c:\windows\system32\drivers\pciide.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty had a snack :p
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-13 au 2010-10-13 ))))))))))))))))))))))))))))))))))))
.

2010-10-13 02:33 . 2010-10-13 02:33 -------- d-----w- c:\documents and settings\Caroline Roberge\Application Data\XnView
2010-10-12 22:37 . 2010-10-12 22:40 -------- d-----w- c:\program files\ZHPDiag
2010-10-12 12:42 . 2010-10-13 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-11 16:25 . 2010-10-12 12:42 -------- d-----w- c:\program files\win
2010-10-11 16:25 . 2010-10-12 13:36 -------- d-----w- c:\program files\tmp
2010-10-06 02:13 . 2010-10-06 02:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-26 21:38 . 2010-09-26 21:38 -------- d-----w- c:\documents and settings\Caroline Roberge\Application Data\Sony Online Entertainment
2010-09-14 17:03 . 2010-09-14 17:03 -------- d-----w- c:\program files\Comical

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 17:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-15 68856]
"{64DB072A-63AB-82F4-088F-7088FDB001CB}"="c:\documents and settings\Caroline Roberge\Application Data\Holu\rybu.exe" [2010-03-29 195584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-10-11 483328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 13:06 88363 ----a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 18:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2010-10-11 18:26 303104 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-10-11 18:26 110592 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32 421160 ----a-w- d:\ma music\iTunes\iTunes Music\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:34 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 18:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 18:01 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 18:01 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfferBox]
2010-03-04 22:08 628368 ----a-w- c:\program files\OfferBox\OfferBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 16:01 319488 ----a-w- c:\windows\PixArt\PAC7302\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-10-11 18:43 483328 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-10-15 13:33 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2004-10-22 16:53 53248 ----a-w- c:\windows\system32\VTTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Magic\\Program\\Manalink.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Bell\\Internet Service Advisor\\ServicepointService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Ma Music\\iTunes\\iTunes Music\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58866:TCP"= 58866:TCP:Pando Media Booster
"58866:UDP"= 58866:UDP:Pando Media Booster

R2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2010-05-24 689392]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys --> c:\windows\system32\DRIVERS\diginet.sys [?]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
S3 MA763010;M-Audio Fast Track;c:\windows\system32\drivers\MA763010.sys --> c:\windows\system32\drivers\MA763010.sys [?]
S3 XDva238;XDva238;\??\c:\windows\system32\XDva238.sys --> c:\windows\system32\XDva238.sys [?]
S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-07-22 721904]
.
Contenu du dossier 'Tâches planifiées'

2010-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 11:08]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 11:08]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\Caroline Roberge\Application Data\Mozilla\Firefox\Profiles\64bzi2dt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={3A32941C-0086-2126-B6AC-2AFABDE2C776}&q=
FF - component: c:\documents and settings\Caroline Roberge\Application Data\Mozilla\Firefox\Profiles\64bzi2dt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Caroline Roberge\Application Data\Mozilla\Firefox\Profiles\64bzi2dt.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: c:\program files\Bell\Internet Service Advisor\nprpspa.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\ma music\iTunes\iTunes Music\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{0fc85f5d-6207-4515-a490-45a549d285c0} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{0fc85f5d-6207-4515-a490-45a549d285c0} - (no file)
Toolbar-{D01B1F7D-9D7F-46C3-8DB9-5A55819E2A7F} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{0FC85F5D-6207-4515-A490-45A549D285C0} - (no file)
HKLM-Run-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
SSODL-WebSys-{57DC7889-1476-D94A-C43B-0A9C129B618A} - c:\program files\rsmbxy\WebSys.dll
Notify-avgrsstarter - (no file)
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-ceyao - c:\documents and settings\caroline roberge\local settings\application data\ceyao.exe
MSConfigStartUp-CPM0f1fa610 - c:\windows\system32\lalihihe.dll
MSConfigStartUp-FBSearch - c:\program files\Search Guard Plus\SearchGuardPlus.exe
MSConfigStartUp-InCD - c:\program files\Ahead\InCD\InCD.exe
MSConfigStartUp-jawerafira - c:\windows\system32\nehozipa.dll
MSConfigStartUp-NBJ - c:\program files\Ahead\Nero BackItUp\NBJ.exe
MSConfigStartUp-Registry Helper - c:\program files\Registry Helper\RegistryHelper.Exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
MSConfigStartUp-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe
MSConfigStartUp-SmartChkCom - c:\windows\system32\fmnklufe.exe
AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Ahead\nero\uninstall\UNNERO.exe
AddRemove-ZwangiSrch - c:\program files\ZwangiSrch\uninstall.exe
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1177238915-854245398-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:45,89,c7,01,0f,7d,4a,62,45,7a,ea,0d,65,d6,c1,8f,5f,81,55,4b,e7,b3,f7,
6c,2b,65,02,8f,e5,81,96,33,04,0e,a1,61,d1,a2,33,aa,58,b3,10,59,89,9d,9e,c0,\
"??"=hex:d2,e8,86,ff,c7,48,ea,85,62,2d,54,37,b8,2d,93,fe

[HKEY_USERS\S-1-5-21-1177238915-854245398-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:20,74,fe,60,27,ae,c8,ad,e7,99,f7,64,1f,c7,92,aa,f8,c5,04,ae,65,
88,9c,a1,e2,7a,47,6e,c9,91,99,54,0d,42,5f,c6,3b,51,cc,f6,6d,d4,3c,cd,60,7c,\
"rkeysecu"=hex:41,b7,98,d8,59,44,ad,a7,0c,0f,e2,86,30,a5,5e,99

[HKEY_LOCAL_MACHINE\software\Classes\ **z×***| N*o* *H*e*r*o*e*s*_*a*u*t*o*_*f*i*l*e*\shell\open]
@="Open with &WinZip"

[HKEY_LOCAL_MACHINE\software\Classes\ **z×***| N*o* *H*e*r*o*e*s*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="c:\\PROGRA~1\\WINZIP\\winzip32.exe \"%1\""

[HKEY_LOCAL_MACHINE\software\Classes\ **z×***| N*o* *H*e*r*o*e*s*_*a*u*t*o*_*f*i*l*e*\shell\print\command]
@="c:\\PROGRA~1\\WINZIP\\winzip32.exe /print /ni \"%1\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€-€|ÿÿÿÿÀ*€|ù*9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2664)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-10-13 15:35:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-13 19:35

Avant-CF: 9 614 925 824 octets libres
Après-CF: 8 776 687 616 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

- - End Of File - - 8DAF5FEFA9B8498FC919E007479B9B1C
Messages postés
13404
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 164
Combofix a fait du bon boulot mais ce n'est pas terminé pour autant :

> Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
- Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie/colle dedans les lignes suivantes :

Killall::

Driver::
XDva238
XDva248

File::
c:\windows\system32\XDva238.sys
c:\windows\system32\XDva248.sys
c:\documents and settings\caroline roberge\local settings\application data\ceyao.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Magic\\Program\\Manalink.exe"=-


- Enregistre ce fichier sous le nom CFScript
- Fait un glisser/déposer de ce fichier CFScrïpt sur le fichier ComboFix.exe comme sur cette image. (Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris.) Combofix va démarrer.
- Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
- Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Note : Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

===============

Il va falloir analyser un ou des fichier(s) suspect(s) !

Il se peut qu'il se trouvent dans les " dossiers cachés " du systeme.
Il faut donc les rendre visibles pour le scan.

Pour afficher les dossiers et fichiers cachés:

Panneau de configuration > Options des dossiers > onglet Affichage.

Coche Afficher les fichiers et dossiers cachés,
Décoche Masquer les extensions de fichiers connus
Décoche Masquer les fichiers protégés du Système.
Un message de mise en garde va apparaitre. Clique sur OK pour confirmer ton choix.
Les fichiers et dossiers cachés du système apparaitront alors dans l'explorateur Windows en transparence.

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ces fichiers :

c:\windows\system32\fmnklufe.exe
c:\windows\system32\lalihihe.dll
c:\program files\microsoft\desktoplayer.exe


Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.


***Membre Contributeur Sécurité***
Messages postés
38
Date d'inscription
mardi 12 octobre 2010
Statut
Membre
Dernière intervention
11 octobre 2011

ComboFix 10-10-12.03 - Caroline Roberge 2010-10-13 19:05:42.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.271 [GMT -4:00]
Lancé depuis: c:\documents and settings\Caroline Roberge\Bureau\repare.exe
Commutateurs utilisés :: c:\documents and settings\Caroline Roberge\Bureau\CFScript.txt
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Caroline Roberge\Application Data\Holu\rybu.exe
c:\program files\Microsoft\DesktopLayer.exe
c:\windows\system32\dmlconf.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-13 au 2010-10-13 ))))))))))))))))))))))))))))))))))))
.

2010-10-13 21:57 . 2010-10-13 22:53 -------- d-----w- C:\repare
2010-10-13 02:33 . 2010-10-13 02:33 -------- d-----w- c:\documents and settings\Caroline Roberge\Application Data\XnView
2010-10-12 22:37 . 2010-10-12 22:40 -------- d-----w- c:\program files\ZHPDiag
2010-10-12 12:42 . 2010-10-13 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-11 16:25 . 2010-10-12 12:42 -------- d-----w- c:\program files\win
2010-10-11 16:25 . 2010-10-12 13:36 -------- d-----w- c:\program files\tmp
2010-10-06 02:13 . 2010-10-06 02:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-26 21:38 . 2010-09-26 21:38 -------- d-----w- c:\documents and settings\Caroline Roberge\Application Data\Sony Online Entertainment
2010-09-14 17:03 . 2010-09-14 17:03 -------- d-----w- c:\program files\Comical

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 17:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-10-11 483328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 13:06 88363 ----a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 18:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2010-10-11 18:26 303104 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-10-11 18:26 110592 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32 421160 ----a-w- d:\ma music\iTunes\iTunes Music\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:34 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 18:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 18:01 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 18:01 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfferBox]
2010-03-04 22:08 628368 ----a-w- c:\program files\OfferBox\OfferBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 16:01 319488 ----a-w- c:\windows\PixArt\PAC7302\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-10-11 18:43 483328 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-10-15 13:33 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2004-10-22 16:53 53248 ----a-w- c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Magic\\Program\\Manalink.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Bell\\Internet Service Advisor\\ServicepointService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Ma Music\\iTunes\\iTunes Music\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58866:TCP"= 58866:TCP:Pando Media Booster
"58866:UDP"= 58866:UDP:Pando Media Booster

R2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2010-05-24 689392]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys --> c:\windows\system32\DRIVERS\diginet.sys [?]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
S3 MA763010;M-Audio Fast Track;c:\windows\system32\drivers\MA763010.sys --> c:\windows\system32\drivers\MA763010.sys [?]
S3 XDva238;XDva238;\??\c:\windows\system32\XDva238.sys --> c:\windows\system32\XDva238.sys [?]
S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-07-22 721904]
.
Contenu du dossier 'Tâches planifiées'

2010-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 11:08]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 11:08]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\Caroline Roberge\Application Data\Mozilla\Firefox\Profiles\64bzi2dt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={3A32941C-0086-2126-B6AC-2AFABDE2C776}&q=
FF - component: c:\documents and settings\Caroline Roberge\Application Data\Mozilla\Firefox\Profiles\64bzi2dt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Caroline Roberge\Application Data\Mozilla\Firefox\Profiles\64bzi2dt.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: c:\program files\Bell\Internet Service Advisor\nprpspa.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\ma music\iTunes\iTunes Music\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-{64DB072A-63AB-82F4-088F-7088FDB001CB} - c:\documents and settings\Caroline Roberge\Application Data\Holu\rybu.exe


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1177238915-854245398-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:45,89,c7,01,0f,7d,4a,62,45,7a,ea,0d,65,d6,c1,8f,5f,81,55,4b,e7,b3,f7,
6c,2b,65,02,8f,e5,81,96,33,04,0e,a1,61,d1,a2,33,aa,58,b3,10,59,89,9d,9e,c0,\
"??"=hex:d2,e8,86,ff,c7,48,ea,85,62,2d,54,37,b8,2d,93,fe

[HKEY_USERS\S-1-5-21-1177238915-854245398-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:20,74,fe,60,27,ae,c8,ad,e7,99,f7,64,1f,c7,92,aa,f8,c5,04,ae,65,
88,9c,a1,e2,7a,47,6e,c9,91,99,54,0d,42,5f,c6,3b,51,cc,f6,6d,d4,3c,cd,60,7c,\
"rkeysecu"=hex:41,b7,98,d8,59,44,ad,a7,0c,0f,e2,86,30,a5,5e,99

[HKEY_LOCAL_MACHINE\software\Classes\ **z×***| N*o* *H*e*r*o*e*s*_*a*u*t*o*_*f*i*l*e*\shell\open]
@="Open with &WinZip"

[HKEY_LOCAL_MACHINE\software\Classes\ **z×***| N*o* *H*e*r*o*e*s*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="c:\\PROGRA~1\\WINZIP\\winzip32.exe \"%1\""

[HKEY_LOCAL_MACHINE\software\Classes\ **z×***| N*o* *H*e*r*o*e*s*_*a*u*t*o*_*f*i*l*e*\shell\print\command]
@="c:\\PROGRA~1\\WINZIP\\winzip32.exe /print /ni \"%1\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€-€|ÿÿÿÿÀ*€|ù*9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2010-10-13 19:17:49
ComboFix-quarantined-files.txt 2010-10-13 23:17
ComboFix2.txt 2010-10-13 19:35

Avant-CF: 9 387 352 064 octets libres
Après-CF: 9 379 930 112 octets libres

- - End Of File - - 0ED39B25E3201B2A7E94FC4CDDA39FC2
Voila l'autre rapport de combix comme demander dans le dernier message. Pour l'analyse avec virustotal, j'attends le resultat de scan par e-mail, mais je ne suis pas certaine que ca a fonctionner....Je te l'envoie aussitot que possible
Messages postés
13404
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 164
Je ne t'ai pas demandé de supprimer ces fichiers :

c:\documents and settings\Caroline Roberge\Application Data\Holu\rybu.exe
c:\program files\Microsoft\DesktopLayer.exe
c:\windows\system32\dmlconf.dat


????
Messages postés
38
Date d'inscription
mardi 12 octobre 2010
Statut
Membre
Dernière intervention
11 octobre 2011

Je ne crois pas non, j'ai revérifié et je ne vois pas ca......Dois-je les supprimer?
Messages postés
38
Date d'inscription
mardi 12 octobre 2010
Statut
Membre
Dernière intervention
11 octobre 2011

Vous m'avez demandé de faire scanner des fichiers sur le site virustotal.com. Pour les 2 premiers fichiers, soit c:\windows\system32\fmnklufe.exe et c:\windows\system32\lalihihe.dll
Mon ordinateur me dit que ca n'existe pas, fichiers introuvables. Pour le troisieme, c:\program files\microsoft\desktoplayer.exe
En faisant la recherche je le retrouve, mais je ne peux rien faire avec lui, application déja utilisée.....
Messages postés
13404
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 164
Je ne crois pas non, j'ai revérifié et je ne vois pas ca......Dois-je les supprimer?


Tu n'as pas appliqué mes instructions sur ce Post !

Je te remet la manip (ne fait rien d'autre...)

> Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
- Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie/colle dedans les lignes suivantes :

Killall::

Driver::
XDva238
XDva248

File::
c:\windows\system32\XDva238.sys
c:\windows\system32\XDva248.sys
c:\documents and settings\caroline roberge\local settings\application data\ceyao.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Magic\\Program\\Manalink.exe"=-


- Enregistre ce fichier sous le nom CFScript
- Fait un glisser/déposer de ce fichier CFScrïpt sur le fichier ComboFix.exe comme sur cette image. (Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris.) Combofix va démarrer.
- Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
- Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Note : Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Messages postés
38
Date d'inscription
mardi 12 octobre 2010
Statut
Membre
Dernière intervention
11 octobre 2011

Désolée, j'avais pourtant fait comme dans les instructions. Bon, je l'ai refait, alors le voila.
ComboFix 10-10-12.03 - Caroline Roberge 2010-10-14 17:25:54.3.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.271 [GMT -4:00]
Lancé depuis: c:\documents and settings\Caroline Roberge\Bureau\repare.exe
Commutateurs utilisés :: c:\documents and settings\Caroline Roberge\Bureau\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\caroline roberge\local settings\application data\ceyao.exe"
"c:\windows\system32\XDva238.sys"
"c:\windows\system32\XDva248.sys"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Caroline Roberge\Application Data\Teehve\apwu.exe
c:\program files\Microsoft\DesktopLayer.exe
c:\windows\system32\dmlconf.dat
c:\windows\system32\qtplugin.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA238
-------\Legacy_XDVA248
-------\Service_XDva238
-------\Service_XDva248


((((((((((((((((((((((((((((( Fichiers créés du 2010-09-15 au 2010-10-15 ))))))))))))))))))))))))))))))))))))
.

2010-10-13 23:21 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-13 23:21 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-13 23:21 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-13 23:21 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-13 23:21 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-13 23:21 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-13 23:21 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-13 23:21 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-13 23:21 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-13 21:57 . 2010-10-13 22:53 -------- d-----w- C:\repare
2010-10-13 02:33 . 2010-10-13 02:33 -------- d-----w- c:\documents and settings\Caroline Roberge\Application Data\XnView
2010-10-12 22:37 . 2010-10-12 22:40 -------- d-----w- c:\program files\ZHPDiag
2010-10-12 12:42 . 2010-10-13 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-11 16:25 . 2010-10-14 18:25 -------- d-----w- c:\program files\win
2010-10-11 16:25 . 2010-10-12 13:36 -------- d-----w- c:\program files\tmp
2010-10-06 02:13 . 2010-10-06 02:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-26 21:38 . 2010-09-26 21:38 -------- d-----w- c:\documents and settings\Caroline Roberge\Application Data\Sony Online Entertainment

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

Erreur des Services de cryptographie !!
.
((((((((((((((((((((((((((((( SnapShot@2010-10-13_23.15.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-02 02:40 . 2008-04-14 02:33 1314816 c:\windows\system32\dllcache\msoe.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 17:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-15 68856]
"{64DB072A-63AB-82F4-088F-7088FDB001CB}"="c:\documents and settings\Caroline Roberge\Application Data\Teehve\apwu.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-10-11 483328]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 13:06 88363 ----a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 18:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2010-10-11 18:26 303104 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-10-11 18:26 110592 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32 421160 ----a-w- d:\ma music\iTunes\iTunes Music\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:34 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 18:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 18:01 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 18:01 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfferBox]
2010-03-04 22:08 628368 ----a-w- c:\program files\OfferBox\OfferBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 16:01 319488 ----a-w- c:\windows\PixArt\PAC7302\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-10-11 18:43 483328 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-10-15 13:33 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2004-10-22 16:53 53248 ----a-w- c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Bell\\Internet Service Advisor\\ServicepointService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Ma Music\\iTunes\\iTunes Music\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58866:TCP"= 58866:TCP:Pando Media Booster
"58866:UDP"= 58866:UDP:Pando Media Booster

R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [x]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2010-01-08 689392]
R3 MA763010;M-Audio Fast Track;c:\windows\system32\drivers\MA763010.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-07-23 721904]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]

.
Contenu du dossier 'Tâches planifiées'

2010-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 11:08]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 11:08]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\Caroline Roberge\Application Data\Mozilla\Firefox\Profiles\64bzi2dt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={3A32941C-0086-2126-B6AC-2AFABDE2C776}&q=
FF - component: c:\documents and settings\Caroline Roberge\Application Data\Mozilla\Firefox\Profiles\64bzi2dt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Caroline Roberge\Application Data\Mozilla\Firefox\Profiles\64bzi2dt.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: c:\program files\Bell\Internet Service Advisor\nprpspa.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\ma music\iTunes\iTunes Music\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{0fc85f5d-6207-4515-a490-45a549d285c0} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1177238915-854245398-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:45,89,c7,01,0f,7d,4a,62,45,7a,ea,0d,65,d6,c1,8f,5f,81,55,4b,e7,b3,f7,
6c,2b,65,02,8f,e5,81,96,33,04,0e,a1,61,d1,a2,33,aa,58,b3,10,59,89,9d,9e,c0,\
"??"=hex:d2,e8,86,ff,c7,48,ea,85,62,2d,54,37,b8,2d,93,fe

[HKEY_USERS\S-1-5-21-1177238915-854245398-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:20,74,fe,60,27,ae,c8,ad,e7,99,f7,64,1f,c7,92,aa,f8,c5,04,ae,65,
88,9c,a1,e2,7a,47,6e,c9,91,99,54,0d,42,5f,c6,3b,51,cc,f6,6d,d4,3c,cd,60,7c,\
"rkeysecu"=hex:41,b7,98,d8,59,44,ad,a7,0c,0f,e2,86,30,a5,5e,99

[HKEY_LOCAL_MACHINE\software\Classes\ **z×***| N*o* *H*e*r*o*e*s*_*a*u*t*o*_*f*i*l*e*\shell\open]
@="Open with &WinZip"

[HKEY_LOCAL_MACHINE\software\Classes\ **z×***| N*o* *H*e*r*o*e*s*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="c:\\PROGRA~1\\WINZIP\\winzip32.exe \"%1\""

[HKEY_LOCAL_MACHINE\software\Classes\ **z×***| N*o* *H*e*r*o*e*s*_*a*u*t*o*_*f*i*l*e*\shell\print\command]
@="c:\\PROGRA~1\\WINZIP\\winzip32.exe /print /ni \"%1\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€-€|ÿÿÿÿÀ*€|ù*9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\sirenacm.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Heure de fin: 2010-10-15 00:03:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-15 04:03
ComboFix2.txt 2010-10-13 23:17
ComboFix3.txt 2010-10-13 19:35

Avant-CF: 14 222 434 304 octets libres
Après-CF: 14 217 154 560 octets libres

- - End Of File - - 380EC51604C664364EA2A4254D68C060
Un grand merci pour votre patience!!
Messages postés
13404
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 164
* Télécharge et install UsbFix par El Desaparecido , C_XX & Chimay8

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

* Double clic sur le raccourci UsbFix présent sur ton bureau .

* Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

* Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

* Laisse travailler l'outil.

* Ensuite post le rapport UsbFix.txt qui apparaitra.

* Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

* Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


* Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
Messages postés
38
Date d'inscription
mardi 12 octobre 2010
Statut
Membre
Dernière intervention
11 octobre 2011

Bonjour, voici le rapport de USBfix.
############################## | UsbFix 7.030 | [Recherche]

Utilisateur: Caroline Roberge (Administrateur) # CAROLINE [ ]
Mis à jour le 10/10/10 par El Desaparecido / C_XX
Lancé à 08:50:16 | 15/10/2010
Site Web: http://www.teamxscript.org
Contact: eldesaparecido@arx-services.com

CPU: AMD Athlon(tm) XP 3200+
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Activé
Antivirus: avast! Antivirus 5.0.83886757 [(!) Disabled | Updated]
RAM -> 511 Mo
C:\ (%systemdrive%) -> Disque fixe # 80 Go (12 Go libre(s) - 15%) [WIN] # NTFS
D:\ -> Disque fixe # 106 Go (39 Go libre(s) - 37%) [SAUVEGARDE] # NTFS
E:\ -> CD-ROM
G:\ -> Disque amovible # 4 Go (4 Go libre(s) - 94%) [] # FAT32
K:\ -> Disque fixe # 932 Go (820 Go libre(s) - 88%) ["New_Volume"] # NTFS

################## | Éléments infectieux |


Présent! C:\Program Files\Microsoft\DesktopLayer.exe
Présent! C:\Program Files\Windows
Présent! C:\log.txt

################## | Registre |

Présent! HKCU\Software\3FWHZQA3LT
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |


################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F |
Messages postés
13404
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 164
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

* Double clic sur le raccourci UsbFix présent sur ton bureau

* Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

* Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

* Ton bureau disparaitra et le pc redémarrera .

* Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

* Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

* Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Messages postés
38
Date d'inscription
mardi 12 octobre 2010
Statut
Membre
Dernière intervention
11 octobre 2011

Voila le dernier rapport de UsbFix. Est-ce normal que mon ordi soit de plus en -plus lent??? Il est vraiment pire que avant......Mais bon, j'imagine que ca va se regler avec tout vos conseils...

############################## | UsbFix 7.030 | [Suppression]

Utilisateur: Caroline Roberge (Administrateur) # CAROLINE [ ]
Mis à jour le 10/10/10 par El Desaparecido / C_XX
Lancé à 18:35:39 | 15/10/2010
Site Web: http://www.teamxscript.org
Contact: eldesaparecido@arx-services.com

CPU: AMD Athlon(tm) XP 3200+
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Activé
Antivirus: avast! Antivirus 5.0.83886757 [Enabled | Updated]
RAM -> 511 Mo
C:\ (%systemdrive%) -> Disque fixe # 80 Go (10 Go libre(s) - 12%) [WIN] # NTFS
D:\ -> Disque fixe # 106 Go (39 Go libre(s) - 37%) [SAUVEGARDE] # NTFS
E:\ -> CD-ROM
G:\ -> Disque amovible # 4 Go (4 Go libre(s) - 94%) [] # FAT32
K:\ -> Disque fixe # 932 Go (820 Go libre(s) - 88%) ["New_Volume"] # NTFS

################## | Éléments infectieux |


Non supprimé ! C:\Program Files\Microsoft\DesktopLayer.exe
Supprimé! C:\Program Files\Windows
Supprimé! C:\WINDOWS\system32\qtplugin.exe
Supprimé! C:\Recycler\S-1-5-21-1177238915-854245398-839522115-1004
Supprimé! D:\Recycler\S-1-5-21-1177238915-854245398-839522115-1004
Supprimé! K:\Recycler\S-1-5-21-1177238915-854245398-839522115-1004
Supprimé! C:\log.txt

################## | Registre |

Supprimé! HKCU\Software\3FWHZQA3LT
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|RegistryMonitor1

################## | Mountpoints2 |


################## | Listing |

[23/03/2010 - 17:12:34 | D ] C:\$AVG
[21/01/2010 - 18:01:53 | D ] C:\.jagex_cache_32
[04/10/2009 - 09:32:10 | D ] C:\21758db0107dc5237803
[03/10/2009 - 03:00:36 | D ] C:\922950eeda15d359e800b2
[10/12/2007 - 14:08:52 | N | 0] C:\AUTOEXEC.BAT
[23/03/2010 - 22:25:52 | N | 216] C:\Boot.bak
[13/10/2010 - 15:06:57 | N | 332] C:\boot.ini
[05/08/2004 - 08:00:00 | N | 4952] C:\Bootfont.bin
[13/10/2010 - 15:06:56 | D ] C:\cmdcons
[03/08/2004 - 23:00:08 | N | 263488] C:\cmldr
[15/10/2010 - 00:12:28 | N | 16810] C:\ComboFix.txt
[15/10/2010 - 10:47:04 | D ] C:\Config.Msi
[10/12/2007 - 14:08:52 | N | 0] C:\CONFIG.SYS
[04/02/2010 - 17:18:12 | N | 130] C:\debug.txt
[08/09/2008 - 14:19:41 | D ] C:\Digidesign Databases
[21/10/2008 - 08:18:40 | D ] C:\Documents and Settings
[03/10/2009 - 19:00:29 | D ] C:\ff31594042327b4a736db3a38638e16b
[26/09/2009 - 15:31:34 | D ] C:\found.000
[22/08/2010 - 01:55:36 | D ] C:\found.001
[14/01/2009 - 04:07:58 | D ] C:\Google
[05/04/2010 - 17:29:57 | N | 5675720] C:\immudebug.log
[10/12/2007 - 14:08:52 | N | 0] C:\IO.SYS
[18/04/2008 - 22:42:23 | D ] C:\Magic
[22/01/2008 - 19:12:54 | D ] C:\MPS
[10/12/2007 - 14:08:52 | N | 0] C:\MSDOS.SYS
[10/07/2009 - 22:23:56 | D ] C:\My Download Files
[03/12/2008 - 08:05:06 | D ] C:\My Games
[10/05/2010 - 17:41:10 | D ] C:\nDoors
[05/08/2004 - 08:00:00 | N | 47564] C:\NTDETECT.COM
[15/09/2008 - 06:03:41 | N | 252240] C:\ntldr
[23/09/2008 - 14:11:59 | D ] C:\NVIDIA
[15/10/2010 - 18:03:21 | ASH | 1409286144] C:\pagefile.sys
[15/10/2010 - 18:44:19 | D ] C:\Program Files
[15/10/2010 - 00:12:40 | D ] C:\Qoobox
[15/10/2010 - 18:44:21 | SHD ] C:\RECYCLER
[13/10/2010 - 18:53:42 | D ] C:\repare
[13/10/2010 - 18:55:27 | D ] C:\repare1631r
[15/10/2010 - 00:12:41 | D ] C:\repare28440r
[06/11/2008 - 02:03:27 | D ] C:\SDFix
[10/12/2007 - 14:39:32 | D ] C:\softpaq
[15/07/2009 - 19:01:18 | N | 232] C:\sqmdata00.sqm
[15/07/2009 - 21:54:29 | N | 232] C:\sqmdata01.sqm
[16/07/2009 - 16:22:56 | N | 232] C:\sqmdata02.sqm
[16/07/2009 - 20:51:10 | N | 232] C:\sqmdata03.sqm
[16/07/2009 - 21:38:51 | N | 232] C:\sqmdata04.sqm
[17/07/2009 - 05:22:05 | N | 232] C:\sqmdata05.sqm
[17/07/2009 - 05:59:35 | N | 232] C:\sqmdata06.sqm
[22/07/2009 - 13:51:59 | N | 268] C:\sqmdata07.sqm
[25/08/2009 - 17:08:29 | N | 232] C:\sqmdata08.sqm
[08/09/2009 - 20:52:46 | N | 232] C:\sqmdata09.sqm
[09/09/2009 - 06:04:26 | N | 232] C:\sqmdata10.sqm
[20/09/2009 - 07:24:44 | N | 268] C:\sqmdata11.sqm
[07/09/2009 - 06:39:30 | N | 232] C:\sqmdata12.sqm
[13/07/2009 - 20:41:21 | N | 232] C:\sqmdata13.sqm
[14/07/2009 - 06:28:30 | N | 232] C:\sqmdata14.sqm
[14/07/2009 - 21:10:49 | N | 232] C:\sqmdata15.sqm
[14/07/2009 - 23:35:26 | N | 232] C:\sqmdata16.sqm
[15/07/2009 - 06:09:32 | N | 232] C:\sqmdata17.sqm
[15/07/2009 - 18:29:54 | N | 232] C:\sqmdata18.sqm
[15/07/2009 - 18:29:59 | N | 232] C:\sqmdata19.sqm
[15/07/2009 - 19:01:18 | N | 244] C:\sqmnoopt00.sqm
[15/07/2009 - 21:54:29 | N | 244] C:\sqmnoopt01.sqm
[16/07/2009 - 16:22:56 | N | 244] C:\sqmnoopt02.sqm
[16/07/2009 - 20:51:09 | N | 244] C:\sqmnoopt03.sqm
[16/07/2009 - 21:38:51 | N | 244] C:\sqmnoopt04.sqm
[17/07/2009 - 05:22:05 | N | 244] C:\sqmnoopt05.sqm
[17/07/2009 - 05:59:35 | N | 244] C:\sqmnoopt06.sqm
[22/07/2009 - 13:51:59 | N | 244] C:\sqmnoopt07.sqm
[25/08/2009 - 17:08:29 | N | 244] C:\sqmnoopt08.sqm
[08/09/2009 - 20:52:45 | N | 244] C:\sqmnoopt09.sqm
[09/09/2009 - 06:04:26 | N | 244] C:\sqmnoopt10.sqm
[20/09/2009 - 07:24:44 | N | 244] C:\sqmnoopt11.sqm
[07/09/2009 - 06:39:30 | N | 244] C:\sqmnoopt12.sqm
[13/07/2009 - 20:41:21 | N | 244] C:\sqmnoopt13.sqm
[14/07/2009 - 06:28:29 | N | 244] C:\sqmnoopt14.sqm
[14/07/2009 - 21:10:49 | N | 244] C:\sqmnoopt15.sqm
[14/07/2009 - 23:35:26 | N | 244] C:\sqmnoopt16.sqm
[15/07/2009 - 06:09:32 | N | 244] C:\sqmnoopt17.sqm
[15/07/2009 - 18:29:54 | N | 244] C:\sqmnoopt18.sqm
[15/07/2009 - 18:29:59 | N | 244] C:\sqmnoopt19.sqm
[11/10/2010 - 11:53:20 | SHD ] C:\System Volume Information
[11/10/2010 - 14:44:20 | N | 119280] C:\temp.html
[06/01/2008 - 14:18:24 | D ] C:\UbiSoft
[15/10/2010 - 18:44:21 | D ] C:\UsbFix
[15/10/2010 - 18:44:27 | A | 5101] C:\UsbFix.txt
[10/09/2009 - 21:34:14 | D ] C:\users
[15/10/2010 - 10:52:21 | D ] C:\WINDOWS
[09/03/2010 - 17:28:05 | D ] D:\$AVG
[13/10/2010 - 04:42:43 | D ] D:\2a37893ca5135d59c48cc5
[08/09/2008 - 14:19:41 | D ] D:\Digidesign Databases
[03/09/2008 - 00:29:05 | D ] D:\Driver
[05/09/2001 - 22:00:58 | N | 1700352] D:\gdiplus.dll
[07/04/2008 - 12:55:36 | D ] D:\Incomplete
[01/03/2008 - 09:22:50 | D ] D:\language
[10/04/2010 - 19:04:41 | D ] D:\Ma Music
[13/10/2010 - 15:24:07 | D ] D:\Mes Documents
[16/05/2009 - 12:48:52 | D ] D:\Music
[19/02/2008 - 21:34:50 | D ] D:\MyWorks
[15/10/2010 - 18:44:21 | SHD ] D:\RECYCLER
[23/03/2010 - 22:22:00 | SHD ] D:\System Volume Information
[07/08/2008 - 16:22:42 | N | 377211788] D:\top_setup_1.37.exe.sl
[07/03/2010 - 18:40:36 | D ] D:\torrent
[09/12/2007 - 18:17:37 | D ] D:\~MSSETUP.T
[26/01/2007 - 10:46:36 | D ] G:\.Trashes
[03/02/2007 - 17:50:12 | N | 678328] G:\33.wav
[06/09/2009 - 18:37:38 | N | 4867] G:\id30.gp5
[24/03/2007 - 01:44:40 | N | 15364] G:\.DS_Store
[03/02/2007 - 12:00:50 | D ] G:\Digidesign Databases
[03/02/2007 - 17:50:34 | N | 82] G:\._33.wav
[22/03/2007 - 22:10:48 | N | 82] G:\._dalida3.wav
[19/02/2007 - 13:20:12 | N | 9974620] G:\-40 en skidoo pas d'casque.wav
[19/02/2007 - 13:24:16 | N | 82] G:\._-40 en skidoo pas d'casque.wav
[16/03/2007 - 23:44:26 | N | 29249168] G:\l'homme de fer à cheval.wav
[19/03/2007 - 14:16:02 | N | 82] G:\._l'homme de fer à cheval.wav
[19/03/2007 - 14:22:18 | N | 15125632] G:\aéronef.wav
[19/03/2007 - 14:23:14 | N | 82] G:\._aéronef.wav
[03/03/2007 - 19:56:50 | N | 14412688] G:\fait toi des backups.wav
[19/03/2007 - 14:35:18 | N | 82] G:\._fait toi des backups.wav
[03/03/2007 - 00:24:02 | N | 23478252] G:\La collation dégrade.wav
[19/03/2007 - 14:35:28 | N | 82] G:\._La collation dégrade.wav
[25/11/2006 - 20:12:46 | N | 46530614] G:\strange part of life
[05/02/2007 - 18:44:02 | N | 15125632] G:\oscillation de la constante gravitationnelle.wav
[19/03/2007 - 14:36:22 | N | 82] G:\._oscillation de la constante gravitationnelle.wav
[19/03/2007 - 14:40:30 | N | 82] G:\._strange part of life
[29/03/2007 - 14:49:00 | N | 22541456] G:\Grind the Soap.aif
[29/03/2007 - 14:48:46 | N | 82] G:\._Grind the Soap.aif
[22/03/2007 - 22:11:02 | N | 82] G:\._dalida4.wav
[25/10/2009 - 17:42:16 | N | 23381] G:\id38.gp5
[22/03/2007 - 22:11:12 | N | 82] G:\._dalida1.wav
[12/09/2009 - 13:01:38 | N | 7813] G:\id31.gp5
[22/03/2007 - 22:11:24 | N | 82] G:\._dalida2.wav
[22/03/2007 - 22:41:24 | N | 23730120] G:\regard.wav
[22/03/2007 - 22:51:34 | N | 82] G:\._regard.wav
[06/02/2009 - 12:15:16 | N | 73728] G:\invention de chainsaw.doc
[03/11/2009 - 14:02:28 | N | 5550] G:\death1.gp5
[06/02/2009 - 11:38:08 | N | 92146] G:\alexandre valiquette
[06/02/2009 - 12:15:44 | N | 73728] G:\invention de chainsaw miguel.doc
[06/02/2009 - 12:17:38 | N | 84480] G:\Dynamite anthony.doc
[06/02/2009 - 12:23:04 | N | 17890] G:\ATOMIC BOMB !!!!!!!!!!!!!!!!!!!!!!!!!!corey.odt
[06/02/2009 - 12:26:18 | N | 92262] G:\alexandre valiquette fr.pdf
[06/02/2009 - 12:26:42 | N | 54907] G:\alexandre valiquette0.pdf
[06/02/2009 - 12:31:12 | N | 13108] G:\auto alexh.odt
[11/02/2009 - 14:13:20 | N | 73216] G:\gaétan frisbee.doc
[22/05/2009 - 08:21:54 | N | 19456] G:\Dictée du 21 mai 2009.doc
[29/05/2009 - 10:34:14 | N | 21504] G:\Dictée+du29 mai.doc
[04/06/2009 - 08:15:14 | N | 19968] G:\dictée du 4 juin.doc
[17/06/2009 - 15:03:34 | D ] G:\bilan mensuel
[17/06/2009 - 15:04:00 | N | 662528] G:\bilanmartinetjulieetmartine.doc
[05/09/2009 - 14:59:02 | N | 8064] G:\id29.1.gp5
[10/07/2009 - 15:28:38 | N | 9299] G:\id27.1.gp5
[19/12/2009 - 20:11:52 | D ] G:\Polar Fleet
[19/11/2008 - 16:55:14 | N | 12321] G:\id12.2.gp5
[29/12/2008 - 12:18:02 | N | 3464] G:\id13.gp5
[08/12/2008 - 14:31:26 | N | 8037] G:\id14.gp5
[22/12/2008 - 00:03:00 | N | 12990] G:\id14.1.gp5
[22/12/2008 - 22:05:38 | N | 14843] G:\id15.gp5
[18/01/2009 - 18:42:28 | N | 5473] G:\id20.gp5
[27/12/2008 - 18:28:24 | N | 26903] G:\id16.1.gp5
[02/01/2009 - 19:29:58 | N | 4562] G:\id17.gp5
[07/06/2009 - 09:58:02 | N | 11527] G:\id18.gp5
[16/01/2009 - 13:06:02 | N | 3164] G:\id19.gp5
[17/06/2009 - 20:17:10 | N | 3619] G:\id26.gp5
[24/02/2009 - 21:11:04 | N | 1755] G:\id21.1.gp5
[26/02/2009 - 18:16:44 | N | 2559] G:\id22.gp5
[07/06/2009 - 08:09:36 | N | 5309] G:\id23.gp5
[14/11/2009 - 08:23:08 | N | 11044] G:\id24.gp5
[07/06/2009 - 10:42:24 | N | 8246] G:\id25.gp5
[15/07/2009 - 13:10:50 | N | 6053] G:\id28.gp5
[04/12/2009 - 14:18:30 | N | 2568] G:\id41.gp5
[23/09/2009 - 10:32:10 | N | 6452] G:\id32.gp5
[25/09/2009 - 17:18:16 | N | 17038] G:\id33.gp5
[01/10/2009 - 10:41:10 | N | 2797] G:\id34.gp5
[03/10/2009 - 07:09:54 | N | 11701] G:\id35.gp5
[13/10/2009 - 18:42:46 | N | 3898] G:\id36.gp5
[24/10/2009 - 20:09:46 | N | 7650] G:\id37.gp5
[28/11/2009 - 13:40:00 | N | 4958] G:\id39.gp5
[04/12/2009 - 14:38:26 | N | 12564] G:\id40.gp5
[23/12/2009 - 20:43:30 | N | 12398] G:\id42.1.gp5
[22/12/2009 - 18:52:20 | N | 2221] G:\id43.gp5
[29/07/2010 - 10:16:14 | N | 17928] G:\embryon20.2!!!.gp5
[20/10/2009 - 19:51:10 | N | 20625] G:\Embryon29(down tune).1!!!.gp5
[07/12/2009 - 17:35:52 | N | 16839] G:\embryon30!!!.gp5
[29/11/2009 - 12:54:36 | N | 24503] G:\embryon32!!!.gp5
[01/03/2010 - 16:08:00 | N | 19753] G:\Embryon35.1!!!.gp5
[15/07/2010 - 17:41:18 | N | 6143] G:\Embryon37!!!.gp5
[30/08/2010 - 19:35:20 | N | 15585] G:\id30!!!.gp5
[29/07/2010 - 11:51:08 | N | 23897] G:\id33!!!.1.gp5
[03/10/2009 - 08:09:54 | N | 11701] G:\id35!!!.gp5
[24/10/2009 - 21:09:46 | N | 7650] G:\id37!!!.gp5
[25/10/2009 - 18:42:16 | N | 23381] G:\id38!!!.gp5
[04/12/2009 - 15:38:26 | N | 12564] G:\id40!!!.gp5
[05/06/2010 - 08:57:02 | N | 14126] G:\id42.1!!!.gp5
[19/02/2010 - 21:32:16 | N | 1961] G:\id47!!!.gp5
[07/03/2010 - 19:12:38 | N | 4189] G:\id48!!!.gp5
[20/03/2010 - 14:31:24 | N | 3568] G:\id49!!!.gp5
[28/05/2010 - 21:15:54 | N | 20678] G:\id50!!!.gp5
[15/10/2010 - 08:48:36 | HD ] G:\RECYCLER
[02/07/2007 - 20:23:04 | N | 39936] G:\cv.doc
[01/02/2009 - 23:26:36 | N | 34304] G:\Islam.doc
[15/04/2010 - 21:28:09 | D ] K:\musique
[15/10/2010 - 18:44:21 | SHD ] K:\RECYCLER
[15/10/2010 - 18:39:17 | SHD ] K:\System Volume Information

################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
K:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_CAROLINE.zip
https://www.ionos.fr/?affiliate_id=77097
Merci de votre contribution.

################## | E.O.F |
Messages postés
13404
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 164
Garde tes clés USB branchés sur le pc puis fait ceci :


> Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
- Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie/colle dedans les lignes suivantes :


Kilall::

File::
C:\Program Files\Microsoft\DesktopLayer.exe



- Enregistre ce fichier sous le nom CFScript
- Fait un glisser/déposer de ce fichier CFScrïpt sur le fichier ComboFix.exe comme sur cette image. (Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris.) Combofix va démarrer.
- Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
- Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Note : Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Messages postés
38
Date d'inscription
mardi 12 octobre 2010
Statut
Membre
Dernière intervention
11 octobre 2011

Voici le dernier rapport de scan combofix demandé
ComboFix 10-10-12.03 - Caroline Roberge 2010-10-16 19:55:03.4.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.269 [GMT -4:00]
Lancé depuis: c:\documents and settings\Caroline Roberge\Bureau\repare.exe
Commutateurs utilisés :: c:\documents and settings\Caroline Roberge\Bureau\CFScript.txt.txt

FILE ::
"c:\program files\Microsoft\DesktopLayer.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Caroline Roberge\Application Data\Wesytu
c:\documents and settings\Caroline Roberge\Application Data\Wesytu\xyma.exe
c:\program files\Microsoft\DesktopLayer.exe
c:\windows\system32\dmlconf.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-17 au 2010-10-17 ))))))))))))))))))))))))))))))))))))
.

2010-10-15 12:49 . 2010-10-15 22:44 -------- d-----w- C:\UsbFix
2010-10-15 04:38 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 04:38 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 04:38 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 21:57 . 2010-10-13 22:53 -------- d-----w- C:\repare
2010-10-13 02:33 . 2010-10-13 02:33 -------- d-----w- c:\documents and settings\Caroline Roberge\Application Data\XnView
2010-10-12 22:37 . 2010-10-15 04:31 -------- d-----w- c:\program files\ZHPDiag
2010-10-12 12:42 . 2010-10-15 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-11 16:25 . 2010-10-16 19:25 -------- d-----w- c:\program files\win
2010-10-11 16:25 . 2010-10-12 13:36 -------- d-----w- c:\program files\tmp
2010-10-06 02:13 . 2010-10-06 02:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-26 21:38 . 2010-09-26 21:38 -------- d-----w- c:\documents and settings\Caroline Roberge\Application Data\Sony Online Entertainment

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2010-10-13_23.15.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-16 23:53 . 2010-10-16 23:53 16384 c:\windows\temp\Perflib_Perfdata_1d0.dat
- 2007-07-18 12:42 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2007-07-18 12:42 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2004-08-05 12:00 . 2010-08-27 05:58 99840 c:\windows\system32\srvsvc.dll
+ 2004-08-05 12:00 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
+ 2004-08-05 12:00 . 2010-10-15 14:27 84874 c:\windows\system32\perfc00C.dat
- 2004-08-05 12:00 . 2010-10-12 17:36 84874 c:\windows\system32\perfc00C.dat
- 2004-08-05 12:00 . 2010-10-12 17:36 71374 c:\windows\system32\perfc009.dat
+ 2004-08-05 12:00 . 2010-10-15 14:27 71374 c:\windows\system32\perfc009.dat
- 2004-08-05 12:00 . 2009-03-08 08:31 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-05 12:00 . 2010-09-10 05:50 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 08:31 . 2010-05-06 10:33 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 08:31 . 2010-09-10 05:50 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-05 12:00 . 2010-09-10 05:50 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-05 12:00 . 2010-09-10 05:50 25600 c:\windows\system32\jsproxy.dll
- 2004-08-05 12:00 . 2010-05-06 10:33 25600 c:\windows\system32\jsproxy.dll
+ 2010-05-25 15:40 . 2010-09-10 05:50 12800 c:\windows\system32\dllcache\xpshims.dll
- 2010-05-25 15:40 . 2010-05-06 10:33 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-08-27 05:58 . 2010-08-27 05:58 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2009-03-08 08:31 . 2010-09-10 05:50 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-03-08 08:31 . 2009-03-08 08:31 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2010-05-25 15:40 . 2010-05-06 10:33 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-05-25 15:40 . 2010-09-10 05:50 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 08:34 . 2010-09-10 05:50 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 08:33 . 2010-09-10 05:50 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 08:33 . 2010-05-06 10:33 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2010-03-23 09:31 . 2010-03-23 09:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-22 13:43 . 2010-09-22 13:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-23 19:55 . 2010-09-23 19:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-23 07:17 . 2010-09-23 07:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-23 07:17 . 2010-09-23 07:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2003-02-20 23:19 . 2003-02-20 23:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2007-12-10 19:19 . 2010-10-15 14:13 23040 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-12-10 19:19 . 2010-05-22 23:08 23040 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-12-10 19:19 . 2010-05-22 23:08 61440 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-12-10 19:19 . 2010-10-15 14:13 61440 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-12-10 19:19 . 2010-05-22 23:08 27136 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-12-10 19:19 . 2010-10-15 14:13 27136 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-12-10 19:19 . 2010-10-15 14:13 11264 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-12-10 19:19 . 2010-05-22 23:08 11264 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-12-10 19:19 . 2010-05-22 23:08 86016 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-12-10 19:19 . 2010-10-15 14:13 86016 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-12-10 19:19 . 2010-10-15 14:13 12288 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-12-10 19:19 . 2010-05-22 23:08 12288 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-06-07 22:39 . 2010-10-15 14:20 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-07 22:39 . 2010-06-07 22:39 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-10-15 14:22 . 2010-05-06 10:33 12800 c:\windows\ie8updates\KB2360131-IE8\xpshims.dll
+ 2010-10-15 14:22 . 2009-03-08 08:31 66560 c:\windows\ie8updates\KB2360131-IE8\mshtmled.dll
+ 2010-10-15 14:22 . 2010-05-06 10:33 55296 c:\windows\ie8updates\KB2360131-IE8\msfeedsbs.dll
+ 2010-10-15 14:22 . 2009-03-08 08:34 43008 c:\windows\ie8updates\KB2360131-IE8\licmgr10.dll
+ 2010-10-15 14:22 . 2010-05-06 10:33 25600 c:\windows\ie8updates\KB2360131-IE8\jsproxy.dll
+ 2010-10-15 14:09 . 2010-10-15 14:09 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_1353d0f5\System.Drawing.Design.dll
+ 2010-10-15 14:09 . 2010-10-15 14:09 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2dfb9d63\CustomMarshalers.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\dd5ce29ac227f3d0fd81b84621a57477\WindowsLiveWriter.ni.exe
+ 2010-10-15 14:56 . 2010-10-15 14:56 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\67a565eaa748e11f0953953cbdcd4e72\WindowsLive.Writer.Api.ni.dll
+ 2010-10-15 14:35 . 2010-10-15 14:35 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-10-15 14:58 . 2010-10-15 14:58 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-10-15 14:58 . 2010-10-15 14:58 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-10-15 14:30 . 2010-10-15 14:30 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-10-15 14:28 . 2010-10-15 14:28 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-10-15 14:58 . 2010-10-15 14:58 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\272d51526813ea113970b8e890c92ee2\Microsoft.VisualC.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-10-15 14:54 . 2010-10-15 14:54 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-15 14:08 . 2010-10-15 14:08 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-15 14:14 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980436\update\spcustom.dll
+ 2010-10-15 14:14 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB980436\spmsg.dll
+ 2010-10-15 14:10 . 2010-02-22 14:25 26488 c:\windows\$hf_mig$\KB2286198\update\spcustom.dll
+ 2010-10-15 14:10 . 2010-02-22 14:25 18296 c:\windows\$hf_mig$\KB2286198\spmsg.dll
+ 2010-10-15 14:30 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2115168\update\spcustom.dll
+ 2010-10-15 14:30 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB2115168\spmsg.dll
+ 2010-10-15 14:29 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2079403\update\spcustom.dll
+ 2010-10-15 14:29 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB2079403\spmsg.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-05-05 11:25 . 2010-08-27 01:43 5632 c:\windows\system32\xpsp4res.dll
+ 2007-12-10 19:19 . 2010-10-15 14:13 4096 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-12-10 19:19 . 2010-05-22 23:08 4096 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-10-15 14:26 . 2010-10-15 14:26 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-10-12 17:25 . 2010-10-12 17:25 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-10-12 17:25 . 2010-10-12 17:25 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2004-08-05 12:00 . 2010-06-18 17:45 293888 c:\windows\system32\winsrv.dll
- 2004-08-05 12:00 . 2008-04-14 02:33 293888 c:\windows\system32\winsrv.dll
- 2004-08-05 12:00 . 2010-05-06 10:33 916480 c:\windows\system32\wininet.dll
+ 2004-08-05 12:00 . 2010-09-10 05:50 916480 c:\windows\system32\wininet.dll
+ 2004-08-05 12:00 . 2010-04-16 15:38 406016 c:\windows\system32\usp10.dll
- 2004-08-05 12:00 . 2008-04-14 02:33 406016 c:\windows\system32\usp10.dll
+ 2004-08-05 12:00 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
- 2004-08-05 12:00 . 2009-10-15 16:32 119808 c:\windows\system32\t2embed.dll
+ 2004-08-05 12:00 . 2010-06-30 12:32 149504 c:\windows\system32\schannel.dll
+ 2004-08-05 12:00 . 2010-08-16 08:44 590848 c:\windows\system32\rpcrt4.dll
+ 2004-08-05 12:00 . 2010-10-15 14:27 510656 c:\windows\system32\perfh00C.dat
- 2004-08-05 12:00 . 2010-10-12 17:36 510656 c:\windows\system32\perfh00C.dat
- 2004-08-05 12:00 . 2010-10-12 17:36 441438 c:\windows\system32\perfh009.dat
+ 2004-08-05 12:00 . 2010-10-15 14:27 441438 c:\windows\system32\perfh009.dat
- 2004-08-05 12:00 . 2010-05-06 10:33 206848 c:\windows\system32\occache.dll
+ 2004-08-05 12:00 . 2010-09-10 05:50 206848 c:\windows\system32\occache.dll
+ 2004-08-05 12:00 . 2010-09-10 05:50 611840 c:\windows\system32\mstime.dll
- 2004-08-05 12:00 . 2010-05-06 10:33 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 08:32 . 2010-09-10 05:50 602112 c:\windows\system32\msfeeds.dll
- 2006-10-19 01:47 . 2006-10-19 01:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2006-10-19 01:47 . 2010-03-30 16:24 317440 c:\windows\system32\mp4sdecd.dll
+ 2004-08-05 12:00 . 2010-09-18 16:23 974848 c:\windows\system32\mfc42u.dll
+ 2004-08-05 12:00 . 2010-09-18 06:53 974848 c:\windows\system32\mfc42.dll
+ 2004-08-05 12:00 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
+ 2004-08-05 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
+ 2007-12-10 18:06 . 2010-06-09 07:44 692736 c:\windows\system32\inetcomm.dll
+ 2004-08-05 12:00 . 2010-09-10 05:50 184320 c:\windows\system32\iepeers.dll
- 2004-08-05 12:00 . 2010-05-06 10:33 184320 c:\windows\system32\iepeers.dll
+ 2004-08-05 12:00 . 2010-09-10 05:50 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-05 12:00 . 2010-05-06 10:33 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-05 12:00 . 2010-08-26 12:22 173056 c:\windows\system32\ie4uinit.exe
- 2004-08-05 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-05 12:00 . 2010-08-26 13:39 357248 c:\windows\system32\drivers\srv.sys
+ 2009-10-02 02:39 . 2010-07-16 12:04 221696 c:\windows\system32\dllcache\wordpad.exe
+ 2010-06-18 17:45 . 2010-06-18 17:45 293888 c:\windows\system32\dllcache\winsrv.dll
+ 2008-04-21 06:43 . 2010-09-10 05:50 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-04-21 06:43 . 2010-05-06 10:33 916480 c:\windows\system32\dllcache\wininet.dll
+ 2010-04-16 15:38 . 2010-04-16 15:38 406016 c:\windows\system32\dllcache\usp10.dll
+ 2009-07-29 04:35 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
- 2009-07-29 04:35 . 2009-10-15 16:32 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-10-15 18:01 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:57 . 2010-06-30 12:32 149504 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:53 . 2010-08-16 08:44 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-03-08 08:34 . 2010-09-10 05:50 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 08:34 . 2010-05-06 10:33 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 08:32 . 2010-05-06 10:33 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 08:32 . 2010-09-10 05:50 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-05-25 15:40 . 2010-09-10 05:50 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-03-30 16:24 . 2010-03-30 16:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2004-08-05 12:00 . 2010-09-18 16:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2004-08-05 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
+ 2008-08-13 03:08 . 2010-06-09 07:44 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-05-25 15:40 . 2010-09-10 05:50 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2010-05-25 15:40 . 2010-05-06 10:33 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-03-08 08:31 . 2010-05-06 10:33 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 08:31 . 2010-09-10 05:50 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-24 16:00 . 2010-09-10 05:50 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-24 16:00 . 2010-05-06 10:33 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 18:09 . 2010-09-10 05:50 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 18:09 . 2010-05-06 10:33 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 08:32 . 2010-08-26 12:22 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-08 08:32 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-09-09 09:56 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
+ 2010-04-20 05:30 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll
- 2004-08-05 12:00 . 2008-04-14 02:33 617472 c:\windows\system32\comctl32.dll
+ 2004-08-05 12:00 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
+ 2004-08-05 12:00 . 2010-09-01 11:51 285824 c:\windows\system32\atmfd.dll
+ 2007-12-10 18:06 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2007-12-10 18:06 . 2008-04-14 02:34 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2010-03-23 09:31 . 2010-03-23 09:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-09-22 13:43 . 2010-09-22 13:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-08-08 03:51 . 2009-08-08 03:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 06:25 . 2010-09-23 06:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-09-23 07:17 . 2010-09-23 07:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-09-24 01:02 . 2010-09-24 01:02 798208 c:\windows\Installer\1f29431.msp
- 2007-12-10 19:19 . 2010-05-22 23:08 409600 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-12-10 19:19 . 2010-10-15 14:13 409600 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-12-10 19:19 . 2010-10-15 14:13 286720 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-12-10 19:19 . 2010-05-22 23:08 286720 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-12-10 19:19 . 2010-10-15 14:13 249856 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-12-10 19:19 . 2010-05-22 23:08 249856 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-12-10 19:19 . 2010-05-22 23:08 794624 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-12-10 19:19 . 2010-10-15 14:13 794624 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-12-10 19:19 . 2010-05-22 23:08 135168 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-12-10 19:19 . 2010-10-15 14:13 135168 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-12-10 19:19 . 2010-10-15 14:13 593920 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-12-10 19:19 . 2010-05-22 23:08 593920 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-10-15 14:22 . 2010-05-06 10:33 916480 c:\windows\ie8updates\KB2360131-IE8\wininet.dll
+ 2010-10-15 14:22 . 2010-07-05 13:17 406392 c:\windows\ie8updates\KB2360131-IE8\spuninst\updspapi.dll
+ 2010-10-15 14:22 . 2009-05-26 09:01 234872 c:\windows\ie8updates\KB2360131-IE8\spuninst\spuninst.exe
+ 2010-10-15 14:22 . 2010-05-06 10:33 206848 c:\windows\ie8updates\KB2360131-IE8\occache.dll
+ 2010-10-15 14:22 . 2010-05-06 10:33 611840 c:\windows\ie8updates\KB2360131-IE8\mstime.dll
+ 2010-10-15 14:22 . 2010-05-06 10:33 599040 c:\windows\ie8updates\KB2360131-IE8\msfeeds.dll
+ 2010-10-15 14:22 . 2010-05-06 10:33 247808 c:\windows\ie8updates\KB2360131-IE8\ieproxy.dll
+ 2010-10-15 14:22 . 2010-05-06 10:33 184320 c:\windows\ie8updates\KB2360131-IE8\iepeers.dll
+ 2010-10-15 14:22 . 2010-05-06 10:33 743424 c:\windows\ie8updates\KB2360131-IE8\iedvtool.dll
+ 2010-10-15 14:22 . 2010-05-06 10:33 387584 c:\windows\ie8updates\KB2360131-IE8\iedkcs32.dll
+ 2010-10-15 14:22 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2360131-IE8\ie4uinit.exe
+ 2010-10-15 14:09 . 2010-10-15 14:09 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_647677f5\System.Drawing.dll
+ 2010-10-15 14:09 . 2010-10-15 14:09 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_63831fe5\System.Drawing.Design.dll
+ 2010-10-15 14:09 . 2010-10-15 14:09 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_73efd937\CustomMarshalers.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-10-15 14:56 . 2010-10-15 14:56 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\f39d526b39e8928e719d9ce8a971383e\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f06626ccee27150b618f6ff8e4b83dba\WindowsLive.Writer.Extensibility.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e0e45d40fad4c1b13c93dbd1268410f3\WindowsLive.Writer.Passport.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d0916f4cf87dafdf941b66056dd0e005\WindowsLive.Writer.BlogClient.ni.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c46d84073499887c745801bda334c97f\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa7ddbdf38e8a7129fb0befd951897f5\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8f73472385b353ebd6010d02ad42b2b6\WindowsLive.Writer.SpellChecker.ni.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7619247d1c0a0779042423940f5f93de\WindowsLive.Writer.HtmlParser.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56faab9a03f8863e76f75d8b6c70185b\WindowsLive.Writer.Localization.ni.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4844cd1fac89240407ab5e2a4fe9c518\WindowsLive.Writer.BrowserControl.ni.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\482300ac4d48e5c77dc319ec489e6bfc\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\436529704b6c85b97f68a5489dc82ab2\WindowsLive.Writer.FileDestinations.ni.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3dce78aa75f081de7ad7cd480e64167a\WindowsLive.Writer.Interop.ni.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1931e1807dc35a71bda7ce8b517c84ef\WindowsLive.Writer.Controls.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\18a657bcf90f1a3340e7e33ea4dad4c9\WindowsLive.Writer.Mshtml.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\088f2a6fd9107021e9b80ecc5c832334\WindowsLive.Writer.Instrumentation.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\4db92179406aa5a642aca6165defa8fe\WindowsLive.Client.ni.dll
+ 2010-10-15 14:35 . 2010-10-15 14:35 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-10-15 14:35 . 2010-10-15 14:35 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-10-15 14:35 . 2010-10-15 14:35 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-10-15 14:58 . 2010-10-15 14:58 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-10-15 14:58 . 2010-10-15 14:58 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-10-15 14:58 . 2010-10-15 14:58 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2010-10-15 14:58 . 2010-10-15 14:58 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2010-10-15 14:58 . 2010-10-15 14:58 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2010-10-15 14:58 . 2010-10-15 14:58 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2010-10-15 14:58 . 2010-10-15 14:58 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a140e8da81b3af34c864ad851fe150fd\System.Runtime.Remoting.ni.dll
+ 2010-10-15 14:58 . 2010-10-15 14:58 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-10-15 14:58 . 2010-10-15 14:58 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-10-15 14:58 . 2010-10-15 14:58 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-10-15 14:54 . 2010-10-15 14:54 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-10-15 14:54 . 2010-10-15 14:54 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-10-15 14:33 . 2010-10-15 14:33 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-10-15 14:57 . 2010-10-15 14:57 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-10-15 14:57 . 2010-10-15 14:57 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-10-15 14:57 . 2010-10-15 14:57 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-10-15 14:57 . 2010-10-15 14:57 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-10-15 14:56 . 2010-10-15 14:56 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
+ 2010-10-15 14:31 . 2010-10-15 14:31 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-10-15 14:31 . 2010-10-15 14:31 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-10-15 14:31 . 2010-10-15 14:31 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-10-15 14:31 . 2010-10-15 14:31 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-10-15 14:56 . 2010-10-15 14:56 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-10-15 14:54 . 2010-10-15 14:54 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-12 17:25 . 2010-10-12 17:25 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-10-15 14:26 . 2010-10-15 14:26 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-10-15 14:14 . 2009-05-26 11:40 406392 c:\windows\$hf_mig$\KB980436\update\updspapi.dll
+ 2010-10-15 14:14 . 2009-05-26 11:40 767352 c:\windows\$hf_mig$\KB980436\update\update.exe
+ 2010-10-15 14:14 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB980436\spuninst.exe
+ 2010-06-30 12:24 . 2010-06-30 12:24 149504 c:\windows\$hf_mig$\KB980436\SP3QFE\schannel.dll
+ 2010-10-15 14:10 . 2010-02-22 14:25 406392 c:\windows\$hf_mig$\KB2286198\update\updspapi.dll
+ 2010-10-15 14:10 . 2010-02-22 14:25 767352 c:\windows\$hf_mig$\KB2286198\update\update.exe
+ 2010-10-15 14:10 . 2010-02-22 14:25 234872 c:\windows\$hf_mig$\KB2286198\spuninst.exe
+ 2010-10-15 14:30 . 2009-05-26 11:40 406392 c:\windows\$hf_mig$\KB2115168\update\updspapi.dll
+ 2010-10-15 14:30 . 2009-05-26 11:40 767352 c:\windows\$hf_mig$\KB2115168\update\update.exe
+ 2010-10-15 14:30 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB2115168\spuninst.exe
+ 2010-10-15 14:29 . 2009-05-26 11:40 406392 c:\windows\$hf_mig$\KB2079403\update\updspapi.dll
+ 2010-10-15 14:29 . 2009-05-26 11:40 767352 c:\windows\$hf_mig$\KB2079403\update\update.exe
+ 2010-10-15 14:29 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB2079403\spuninst.exe
+ 2010-10-15 04:38 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2004-08-05 12:00 . 2010-09-01 07:55 1852928 c:\windows\system32\win32k.sys
+ 2004-08-05 12:00 . 2010-09-10 05:50 1210880 c:\windows\system32\urlmon.dll
+ 2004-08-05 12:00 . 2010-07-27 06:30 8518656 c:\windows\system32\shell32.dll
+ 2004-08-05 12:00 . 2010-07-16 12:06 1287680 c:\windows\system32\ole32.dll
+ 2004-08-05 12:00 . 2010-04-28 18:13 2192000 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 00:48 . 2010-04-28 05:43 2068864 c:\windows\system32\ntkrnlpa.exe
- 2004-08-05 12:00 . 2009-07-31 04:33 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-05 12:00 . 2010-06-14 07:42 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-05 12:00 . 2010-09-10 05:50 5957120 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2010-09-10 05:50 1986560 c:\windows\system32\iertutil.dll
- 2007-12-10 12:55 . 2010-08-04 04:33 1494792 c:\windows\system32\FNTCACHE.DAT
+ 2007-12-10 12:55 . 2010-10-15 14:47 1494792 c:\windows\system32\FNTCACHE.DAT
+ 2008-10-15 18:01 . 2010-09-01 07:55 1852928 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-26 08:13 . 2010-09-10 05:50 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2010-07-27 06:30 8518656 c:\windows\system32\dllcache\shell32.dll
+ 2010-07-16 12:06 . 2010-07-16 12:06 1287680 c:\windows\system32\dllcache\ole32.dll
+ 2008-10-15 18:01 . 2010-04-28 18:13 2192000 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-15 18:01 . 2010-04-28 05:43 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 18:01 . 2010-04-28 05:43 2068864 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 18:01 . 2010-04-28 05:43 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-11-12 04:23 . 2010-06-14 07:42 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2008-11-12 04:23 . 2009-07-31 04:33 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2008-04-21 06:43 . 2010-09-10 05:50 5957120 c:\windows\system32\dllcache\mshtml.dll
+ 2010-03-10 23:49 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
- 2010-03-10 23:49 . 2008-04-14 02:34 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-05-25 15:40 . 2010-09-10 05:50 1986560 c:\windows\system32\dllcache\iertutil.dll
- 2010-03-23 09:32 . 2010-03-23 09:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-09-22 13:44 . 2010-09-22 13:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2009-08-08 03:51 . 2009-08-08 03:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-09-23 19:55 . 2010-09-23 19:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-09-23 19:55 . 2010-09-23 19:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 06:26 . 2010-09-23 06:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2008-05-28 04:48 . 2008-05-28 04:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-09-23 06:25 . 2010-09-23 06:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-09-23 19:55 . 2010-09-23 19:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-09-23 11:39 . 2010-09-23 11:39 4265472 c:\windows\Installer\1f29413.msp
+ 2010-10-04 20:32 . 2010-10-04 20:32 5517824 c:\windows\Installer\1f29408.msp
+ 2010-10-15 14:22 . 2010-05-06 10:33 1209344 c:\windows\ie8updates\KB2360131-IE8\urlmon.dll
+ 2010-10-15 14:22 . 2010-05-06 10:33 5950976 c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
+ 2010-10-15 14:22 . 2010-05-06 10:33 1985536 c:\windows\ie8updates\KB2360131-IE8\iertutil.dll
+ 2008-10-15 18:01 . 2010-04-28 18:13 2192000 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 18:01 . 2010-04-28 05:43 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 18:01 . 2010-04-28 05:43 2068864 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 18:01 . 2010-04-28 05:43 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-10-15 14:09 . 2010-10-15 14:09 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_d18faf34\System.dll
+ 2010-10-15 14:09 . 2010-10-15 14:09 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2b126a9e\System.dll
+ 2010-10-15 14:09 . 2010-10-15 14:09 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e740b9f6\System.Xml.dll
+ 2010-10-15 14:09 . 2010-10-15 14:09 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_56f19df4\System.Xml.dll
+ 2010-10-15 14:09 . 2010-10-15 14:09 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b2e5efed\System.Windows.Forms.dll
+ 2010-10-15 14:09 . 2010-10-15 14:09 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6e1b4efd\System.Windows.Forms.dll
+ 2010-10-15 14:10 . 2010-10-15 14:10 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_5b875d1e\System.Drawing.dll
+ 2010-10-15 14:09 . 2010-10-15 14:09 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_6f0f35de\System.Design.dll
+ 2010-10-15 14:09 . 2010-10-15 14:09 1466368 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_17014ac2\System.Design.dll
+ 2010-10-15 14:10 . 2010-10-15 14:10 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_af9087af\mscorlib.dll
+ 2010-10-15 14:09 . 2010-10-15 14:09 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1839f775\mscorlib.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d13674449b3ae21327820bddbd7e445f\WindowsLive.Writer.PostEditor.ni.dll
+ 2010-10-15 14:55 . 2010-10-15 14:55 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c266f56473a94ee07c092381c2ff9522\WindowsLive.Writer.CoreServices.ni.dll
+ 2010-10-15 14:56 . 2010-10-15 14:56 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ba732eb3a84c96e8bf60495395efbfac\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2010-10-15 14:28 . 2010-10-15 14:28 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-10-15 14:35 . 2010-10-15 14:35 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-10-15 14:28 . 2010-10-15 14:28 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-10-15 14:35 . 2010-10-15 14:35 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-10-15 14:58 . 2010-10-15 14:58 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2010-10-15 14:58 . 2010-10-15 14:58 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2010-10-15 14:58 . 2010-10-15 14:58 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2010-10-15 14:58 . 2010-10-15 14:58 2992640 c:\windows\asse
Messages postés
13404
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 164
Le rapport Combofix n'est pas complet ...Héberge le comme avec ZhpDiag si besoin -;)
Messages postés
38
Date d'inscription
mardi 12 octobre 2010
Statut
Membre
Dernière intervention
11 octobre 2011

Voici le lien
http://www.cijoint.fr/cjlink.php?file=cj201010/cijOnfwC6M.txt