Dnsapi.dll

Résolu
blasterofmetal Messages postés 430 Statut Membre -  
anthony5151 Messages postés 10927 Statut Contributeur sécurité -
Bonjour,
Je fais des recherches antivirus et je trouve a chaques fois environ 40 fichiers nommés "dnsapi.dll" qui semblerait être porteur de virus, mais le probleme c'est qu'ils reviennent tout le temps ! a peine supprimé, a peine ils sont revenus, quelqu'un peut m'aider svp ?
Configuration: Windows XP
Firefox 3.0.6

25 réponses

  • 1
  • 2
  1. blasterofmetal Messages postés 430 Statut Membre 65
     
    rooter ne detecte rien du tout
    1
  2. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Bonjour,

    Merci d'utiliser ces deux logiciels de diagnostic pour me permettre de t'aider :

    • Télécharge Random's System Information Tool (RSIT) de random/random, et enregistre le sur ton Bureau.
    • Double clique sur RSIT.exe pour lancer l'outil.
    • Clique sur ' continue ' à l'écran Disclaimer.
    • Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
    • Une fois le scan terminé, deux rapports vont apparaitre. Poste le contenu de log.txt

    • Télécharge Rooter (créé par l'équipe IDN) sur ton Bureau.

    /!\ Déconnecte toi d'internet et ferme toutes les applications en cours /!\

    • Exécute Rooter et laisse le travailler jusqu'à l'apparition du rapport dans le bloc note

    • Poste le rapport dans ta prochaine réponse.

    0
  3. blasterofmetal Messages postés 430 Statut Membre 65
     
    log :

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by dorian at 2009-02-13 18:43:11
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 37 GB (56%) free of 66 GB
    Total RAM: 959 MB (28% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:43:22, on 13/02/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\vsnp2uvc.exe
    C:\Program Files\Hercules\DualPix Exchange\CamService.exe
    C:\TRUSTP~1\wh_exec.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Process Lasso\processlasso.exe
    C:\Program Files\Process Lasso\processgovernor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\OLITEC\Moniteur WiFi OLITEC\RtWLan.exe
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\wbem\unsecapp.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\defrag.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\dorian\Bureau\RSIT.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\trend micro\dorian.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\reg.exe
    C:\WINDOWS\system32\find.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
    O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\DualPix Exchange\CamService.exe
    O4 - HKLM\..\Run: [WheelMouse] C:\TRUSTP~1\wh_exec.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ProcessSupervisorGUI] C:\Program Files\Process Lasso\processlasso.exe
    O4 - HKLM\..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\processgovernor.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
    O4 - Global Startup: Moniteur WiFi OLITEC.lnk = C:\Program Files\OLITEC\Moniteur WiFi OLITEC\RtWLan.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B5BA1A9B-138F-4509-BA81-4097F31BD95D}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C6035450-EBC9-4E78-81FB-0BA29C65092C}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O20 - AppInit_DLLs: C:\WINDOWS\System32\dnsapi32.dll
    O20 - Winlogon Notify: a84e6402517 - C:\WINDOWS\System32\dnsapi32.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    0
  4. blasterofmetal Messages postés 430 Statut Membre 65
     
    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3000+ )
    BIOS : Award Modular BIOS v6.00PG
    USER : dorian ( Administrator )
    BOOT : Normal boot

    Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)

    C:\ (Local Disk) - NTFS - Total:63 Go (Free:36 Go)
    D:\ (CD or DVD)
    E:\ (Local Disk) - FAT32 - Total:63 Go (Free:23 Go)
    G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
    H:\ (CD or DVD)

    13/02/2009|18:51

    ----------------------\\ Search..

    No infections found !

    1 - "C:\Rooter$\Rooter_1.txt" - 13/02/2009|18:52

    ----------------------\\ Scan completed at 18:52
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Ok, je vois le fichier sur le rapport ;)

    • Télécharge et installe Malwarebytes' Anti-Malware
    • A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
    • Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
    • Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
    • Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
    • A la fin du scan, clique sur Afficher les résultats
    • Coche tous les éléments détectés puis clique sur Supprimer la sélection
    • Enregistre le rapport
    • S'il t'est demandé de redémarrer, clique sur Yes

    • Poste le rapport de scan après la suppression ici

    0
  7. blasterofmetal Messages postés 430 Statut Membre 65
     
    Le probleme c'est que je ne peux pas faire de mise ajour de tous mes programmes antivirus, c'est surement ce logiciel qui joue avec ça ...
    0
  8. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Tu as essayé quand même avec MalwareBytes, pour voir ?

    Sinon, fais ceci :

    • Télécharge Rooter (créé par l'équipe IDN) sur ton Bureau.

    /!\ Déconnecte toi d'internet et ferme toutes les applications en cours /!\

    • Exécute Rooter et laisse le travailler jusqu'à l'apparition du rapport dans le bloc note

    • Poste le rapport dans ta prochaine réponse.

    0
  9. blasterofmetal Messages postés 430 Statut Membre 65
     
    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1749
    Windows 5.1.2600 Service Pack 3

    14/02/2009 19:04:15
    mbam-log-2009-02-14 (19-04-13).txt

    Type de recherche: Examen complet (C:\|E:\|)
    Eléments examinés: 133202
    Temps écoulé: 23 minute(s), 34 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 3
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 10

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\dnsapi32.dll (Worm.P2P) -> No action taken.
    C:\WINDOWS\system32\3.tmp (Worm.P2P) -> No action taken.
    C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> No action taken.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\a84e6402517 (Worm.P2P) -> No action taken.
    HKEY_CLASSES_ROOT\videoplay (Trojan.DNSChanger) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Worm.P2P) -> Data: c:\windows\system32\dnsapi32.dll -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Worm.P2P) -> Data: system32\dnsapi32.dll -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

    Dossier(s) infecté(s):
    C:\resycled (Trojan.DNSChanger) -> No action taken.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\dnsapi32.dll (Worm.P2P) -> No action taken.
    C:\WINDOWS\system32\3.tmp (Worm.P2P) -> No action taken.
    C:\Program Files\Eurobarre\eb.exe (Adware.Eurobarre) -> No action taken.
    C:\Program Files\Eurobarre\uninstall.exe (Adware.Eurobarre) -> No action taken.
    C:\WINDOWS\system32\C5.tmp (Trojan.Fraudtool) -> No action taken.
    C:\WINDOWS\system32\gaopdxinergsbo.dll (Trojan.DNSChanger) -> No action taken.
    C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\drivers\gaopdxhfuimskw.sys (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\drivers\gaopdxlnnnobvu.sys (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\drivers\gaopdxmbyrjmux.sys (Trojan.Agent) -> No action taken.
    0
  10. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Le rapport indique "No action taken"
    As-tu effectué la suppression de ce qui a été détecté ?

    Si oui, poste le second rapport stp.
    Tu le retrouveras en relançant MalwareBytes et en allant dans l'onglet "Rapports/logs"

    0
  11. blasterofmetal Messages postés 430 Statut Membre 65
     
    Voici le second rapport malware :

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1749
    Windows 5.1.2600 Service Pack 3

    14/02/2009 19:06:57
    mbam-log-2009-02-14 (19-06-57).txt

    Type de recherche: Examen complet (C:\|E:\|)
    Eléments examinés: 133202
    Temps écoulé: 23 minute(s), 34 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 3
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 10

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\dnsapi32.dll (Worm.P2P) -> Delete on reboot.
    C:\WINDOWS\system32\3.tmp (Worm.P2P) -> Delete on reboot.
    C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\a84e6402517 (Worm.P2P) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\videoplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Worm.P2P) -> Data: c:\windows\system32\dnsapi32.dll -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Worm.P2P) -> Data: system32\dnsapi32.dll -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\dnsapi32.dll (Worm.P2P) -> Delete on reboot.
    C:\WINDOWS\system32\3.tmp (Worm.P2P) -> Delete on reboot.
    C:\Program Files\Eurobarre\eb.exe (Adware.Eurobarre) -> Quarantined and deleted successfully.
    C:\Program Files\Eurobarre\uninstall.exe (Adware.Eurobarre) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\C5.tmp (Trojan.Fraudtool) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gaopdxinergsbo.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\gaopdxhfuimskw.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\gaopdxlnnnobvu.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\gaopdxmbyrjmux.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    0
  12. blasterofmetal Messages postés 430 Statut Membre 65
     
    Je viens juste de remarquer, c'est génial, j'arrive à refaire les mises a jour de mes antivirus ! :D
    0
  13. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Ton ordinateur est infecté par un trojan qui effectue des détournement de DNS, c'est à dire qu'il peut rediriger tes connections vers d'autres sites, et en bloquer certains (ce qui explique ton problème avec les mises à jour de ton antivirus).

    Attention : la disparition apparente de ce problème ne veut pas dire que l'infection a été totalement supprimée...

    Redémarre ton ordinateur, puis fais ce qui est indiqué ci-dessous stp

    /!\ A l'attention de ceux qui passent sur ce sujet /!\
    Le logiciel qui suit n'est pas à utiliser à la légère ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

    On va utiliser Combofix pour finir la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts... Fais exactement ce qui suit :

    Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !). Pour cela, fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " et tape C-Fix dans dans la fenêtre qui s'ouvre, puis choisis le Bureau comme destination : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    --------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
    ! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation qui pourraient gêner fortement l'outil...Tu les réactiveras donc après !

    Dans ton cas, il s'agit d'Antivir (fais un clic-droit sur l'icone d'Antivir près de l'horloge, puis décoche « Activer Antivir Guard ») et du TeaTimer de Spybot (Lance Spybot → clique sur Mode → coche Mode avancé → Outils → Résident → décoche la case Résident Tea Timer → ferme Spybot)

    ==> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

    Tuto ici pour installer la Console de récupération (important en cas de problème) : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    ---------------------------------------------------------------------------------------------------------------------------------

    Ensuite :

    Double-clique sur C-Fix.exe (= combofix.exe ) .

    Appuie sur une touche pour démarrer le scan .

    Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

    Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

    0
  14. blasterofmetal Messages postés 430 Statut Membre 65
     
    J'ai fait tout ce que tu m'as dis, a part que j'ai peut etre oublié un ou deux logiciel du genre alcohol ... Enfin rien de grave je pense.
    Voici le rapport :

    ComboFix 09-02-15.01 - dorian 2009-02-16 22:43:01.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.959.586 [GMT 1:00]
    Lancé depuis: c:\documents and settings\dorian\Bureau\ComboFix.exe
    AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-16 au 2009-02-16 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-14 19:04 . 2009-02-14 19:04 <REP> d-------- c:\documents and settings\dorian\Application Data\U3
    2009-02-14 17:46 . 2009-02-14 19:04 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-02-14 17:46 . 2009-02-14 17:46 <REP> d-------- c:\documents and settings\dorian\Application Data\Malwarebytes
    2009-02-14 17:46 . 2009-02-14 17:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-14 17:46 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-14 17:46 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-02-13 19:51 . 2009-02-15 22:34 917 -rah----- c:\windows\EPMBatch.ept
    2009-02-13 19:28 . 2009-02-13 19:28 <REP> d-------- c:\program files\EASEUS
    2009-02-13 18:43 . 2009-02-13 18:52 <REP> d-------- C:\Rooter$
    2009-02-13 18:33 . 2009-02-13 18:45 <REP> d-------- C:\rsit
    2009-02-13 18:33 . 2009-02-13 18:43 <REP> d-------- c:\program files\trend micro
    2009-02-11 04:00 . 2009-02-11 04:00 0 --a------ c:\windows\system32\14.tmp
    2009-02-10 22:22 . 2009-02-16 15:55 <REP> d-------- c:\program files\LimeWire
    2009-02-05 15:55 . 2009-02-05 15:54 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
    2009-02-05 15:53 . 2009-02-05 15:56 <REP> d-------- c:\documents and settings\dorian\.housecall6.6
    2009-02-05 15:50 . 2009-02-05 15:50 <REP> d-------- c:\windows\Sun
    2009-02-05 15:50 . 2009-02-05 15:50 <REP> d-------- c:\program files\AxBx
    2009-02-02 20:46 . 2009-02-02 20:47 374,272 --ahs---- c:\windows\system32\2B.tmp
    2009-01-29 19:44 . 2009-01-18 22:35 15,688 --a------ c:\windows\system32\lsdelete.exe
    2009-01-29 19:30 . 2009-01-29 19:30 <REP> d-------- c:\program files\Lavasoft
    2009-01-29 19:30 . 2009-02-15 12:42 <REP> d-------- c:\program files\a-squared Free
    2009-01-29 19:30 . 2009-01-29 19:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-01-29 19:30 . 2009-01-29 19:30 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-01-29 19:30 . 2009-01-18 22:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
    2009-01-28 12:49 . 1999-07-20 01:07 192,512 --a------ c:\documents and settings\dorian\SOFTFSB.EXE
    2009-01-28 12:49 . 1999-07-20 01:07 36,864 --a------ c:\documents and settings\dorian\SOFTFSB.DLL
    2009-01-28 12:49 . 1999-07-20 01:07 4,639 --a------ c:\documents and settings\dorian\SOFTFSB.DAT
    2009-01-28 12:49 . 1999-07-20 01:07 2,304 --a------ c:\documents and settings\dorian\SOFTFSB.SYS
    2009-01-25 22:23 . 2009-01-25 22:23 <REP> d-------- c:\documents and settings\dorian\Application Data\OpenOffice.org
    2009-01-25 22:18 . 2009-01-25 22:18 <REP> d-------- c:\program files\OpenOffice.org 3
    2009-01-24 19:10 . 2009-01-24 19:10 <REP> d-------- c:\documents and settings\dorian\Application Data\Arcsoft
    2009-01-22 22:33 . 2009-01-22 22:37 174 --a------ c:\windows\PRCedit.INI
    2009-01-18 21:41 . 2009-01-18 21:41 <REP> d-------- c:\program files\Blue Point Studios
    2009-01-18 21:30 . 2009-01-18 21:30 0 --a------ c:\windows\QuickInstall.INI
    2009-01-18 21:16 . 2009-01-18 21:21 <REP> d-------- c:\program files\palmOne

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-16 21:35 --------- d-----w c:\documents and settings\dorian\Application Data\LimeWire
    2009-02-16 21:27 --------- d-----w c:\program files\Messenger Plus! Live
    2009-02-15 13:47 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-15 11:04 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-02-15 01:25 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-02-14 18:06 --------- d-----w c:\program files\Eurobarre
    2009-02-08 15:46 --------- d-----w c:\program files\Diablo II
    2009-02-01 17:54 --------- d-----w c:\program files\WinASPI
    2009-01-18 20:41 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-18 20:41 --------- d-----w c:\program files\Fichiers communs\InstallShield
    2009-01-13 21:49 --------- d-----w c:\documents and settings\All Users\Application Data\AutoClic
    2009-01-12 16:09 410,984 ----a-w c:\windows\system32\deploytk.dll
    2009-01-12 16:09 --------- d-----w c:\program files\Java
    2009-01-09 19:27 --------- d-----w c:\program files\MSXML 4.0
    2009-01-08 17:58 --------- d-----w c:\program files\Fichiers communs\MAGIX Shared
    2009-01-08 17:10 --------- d-----w c:\program files\Bonjour
    2009-01-07 22:26 --------- d-----w c:\documents and settings\dorian\Application Data\Apple Computer
    2009-01-07 22:25 --------- d-----w c:\program files\iTunes
    2009-01-07 22:25 --------- d-----w c:\program files\iPod
    2009-01-07 22:25 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
    2009-01-07 22:25 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-01-07 22:24 --------- d-----w c:\program files\Fichiers communs\Apple
    2009-01-07 22:17 --------- d-----w c:\documents and settings\dorian\Application Data\rockbox.org
    2009-01-07 22:06 --------- d-----w c:\program files\Morgan
    2009-01-07 13:04 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
    2009-01-07 12:59 --------- d-----w c:\program files\Avira
    2009-01-07 12:59 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
    2009-01-05 21:28 --------- d-----w c:\program files\PhotoFiltre
    2009-01-04 22:57 --------- d-----w c:\program files\NCH Software
    2009-01-04 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
    2009-01-04 22:56 --------- d-----w c:\program files\NCH Swift Sound
    2009-01-04 22:56 --------- d-----w c:\documents and settings\dorian\Application Data\NCH Swift Sound
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-12-16 16:10 --------- d-----w c:\program files\Process Lasso
    2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
    2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll
    2008-12-08 21:37 370,176 ----a-w c:\windows\system32\x264vfw.dll
    2008-11-27 07:51 225,280 ----a-w c:\windows\system32\BootMan.exe
    2008-11-26 14:58 472,064 ----a-w c:\windows\system32\NTFSFormat.dll
    2008-11-26 14:55 65,536 ----a-w c:\windows\system32\FatCopy.dll
    2008-11-26 14:54 17,920 ----a-w c:\windows\system32\SectorCopy.dll
    2008-11-26 14:54 139,776 ----a-w c:\windows\system32\NTFSCopy.dll
    2008-11-26 14:52 86,016 ----a-w c:\windows\system32\ResizeNTFS.dll
    2008-11-26 14:51 93,184 ----a-w c:\windows\system32\Partition.dll
    2008-11-26 14:51 61,952 ----a-w c:\windows\system32\FatResizeMove.dll
    2008-11-26 14:51 45,568 ----a-w c:\windows\system32\FileSystemCheck.dll
    2008-11-26 14:50 180,736 ----a-w c:\windows\system32\DeviceManager.dll
    2008-11-26 14:49 86,528 ----a-w c:\windows\system32\NTFSLib.dll
    2008-11-26 14:49 31,744 ----a-w c:\windows\system32\FatLib.dll
    2008-11-26 14:49 22,016 ----a-w c:\windows\system32\FatFormat.dll
    2008-11-26 14:48 68,096 ----a-w c:\windows\system32\Device.dll
    2008-11-26 14:48 6,656 ----a-w c:\windows\system32\CallbackOperator.dll
    2008-11-26 14:48 24,576 ----a-w c:\windows\system32\NTFSFileSystemAnalyser.dll
    2008-11-26 14:48 21,504 ----a-w c:\windows\system32\Fixup.dll
    2008-11-26 14:48 14,848 ----a-w c:\windows\system32\FileSystemAnalyser.dll
    2008-11-26 14:48 10,752 ----a-w c:\windows\system32\DeviceAdapter.dll
    2008-11-26 14:47 25,088 ----a-w c:\windows\system32\FATFileSystemAnalyser.dll
    2008-11-25 16:18 86,408 ----a-w c:\windows\system32\setupempdrv03.exe
    2008-11-25 16:18 8,704 ----a-w c:\windows\system32\epmntdrv.sys
    2008-11-25 16:18 3,072 ----a-w c:\windows\system32\EuGdiDrv.sys
    2008-11-25 16:18 14,848 ----a-w c:\windows\system32\EuEpmGdi.dll
    2008-11-19 09:01 219,648 ----a-w c:\windows\system32\uxtheme.dll
    2008-10-29 14:24 11,600,880 ----a-w c:\documents and settings\dorian\tru.dat
    2008-10-29 12:26 353,880 ----a-w c:\documents and settings\dorian\binkw32.dll
    2008-10-29 12:26 334,936 ----a-w c:\documents and settings\dorian\uninst.dat
    2008-10-29 12:26 328,280 ----a-w c:\documents and settings\dorian\fmodex.dll
    2008-10-29 12:26 2,604,120 ----a-w c:\documents and settings\dorian\setup.exe
    2000-07-31 20:17 355,328 ----a-w c:\documents and settings\dorian\AutoMouse.exe
    2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-15_13.38.05,57 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-02-15 21:38:35 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_b0.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 216520]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
    "snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-03-12 569344]
    "HerculesCamService"="c:\program files\Hercules\DualPix Exchange\CamService.exe" [2007-06-05 79400]
    "WheelMouse"="c:\trustp~1\wh_exec.exe" [2007-03-25 114688]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-12 136600]
    "ProcessSupervisorGUI"="c:\program files\Process Lasso\processlasso.exe" [2008-12-14 316944]
    "ProcessGovernor"="c:\program files\Process Lasso\processgovernor.exe" [2008-12-14 133136]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-15 509784]
    "nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
    "C-Media Mixer"="Mixer.exe" [2001-11-15 c:\windows\mixer.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 c:\windows\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

    c:\documents and settings\dorian\Menu D‚marrer\Programmes\D‚marrage\
    HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-04-13 299008]
    No-IP DUC.lnk - c:\program files\No-IP\DUC20.exe [2008-10-14 1172992]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Moniteur WiFi OLITEC.lnk - c:\program files\OLITEC\Moniteur WiFi OLITEC\RtWLan.exe [2008-10-13 880640]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.X264"= x264vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^dorian^Menu Démarrer^Programmes^Démarrage^Eurobarre.lnk]
    path=c:\documents and settings\dorian\Menu Démarrer\Programmes\Démarrage\Eurobarre.lnk
    backup=c:\windows\pss\Eurobarre.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe"=
    "c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
    "c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
    "c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
    "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
    "c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\palmOne\\HOTSYNC.EXE"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6112:TCP"= 6112:TCP:warc
    "6112:UDP"= 6112:UDP:warc
    "4437:UDP"= 4437:UDP:Windows Media Format SDK (cherie fm.exe)
    "4448:UDP"= 4448:UDP:Windows Media Format SDK (cherie fm.exe)
    "4449:UDP"= 4449:UDP:Windows Media Format SDK (cherie fm.exe)

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-29 64160]
    R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [2008-10-13 94208]
    R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2007-01-25 6784]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-02-13 8704]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-02-13 3072]
    S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-10-25 33792]
    S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2008-10-25 27904]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b15ccab-9945-11dd-9ff9-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com e:

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33f833a6-9940-11dd-842f-001a4d7e618e}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com i:
    \Shell\Open\command - i:\resycled\ntldr.com i:

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33f833a7-9940-11dd-842f-001a4d7e618e}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com j:
    \Shell\Open\command - j:\resycled\ntldr.com j:

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43f42fbc-99cc-11dd-842a-001a4d7e618e}]
    \Shell\AutoRun\command - F:\setupSNK.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-02-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-15 11:48]

    2009-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: {B5BA1A9B-138F-4509-BA81-4097F31BD95D} = 208.67.220.220,208.67.222.222
    TCP: {C6035450-EBC9-4E78-81FB-0BA29C65092C} = 208.67.220.220,208.67.222.222
    FF - ProfilePath - c:\documents and settings\dorian\Application Data\Mozilla\Firefox\Profiles\7pousdvr.default\
    FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-16 22:44:50
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(908)
    c:\windows\system32\COMRes.dll
    .
    Heure de fin: 2009-02-16 22:46:21
    ComboFix-quarantined-files.txt 2009-02-16 21:46:19
    ComboFix2.txt 2009-02-15 12:39:18

    Avant-CF: 37 084 692 480 octets libres
    Après-CF: 37,076,262,912 octets libres

    247 --- E O F --- 2009-02-15 01:26:57
    0
  15. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Il y a une infection de disque amovible...

    Télécharge Flash Disinfector (de sUBs) sur ton Bureau.
    • Double clique dessus pour le lancer
    • Une fenêtre "Start Flash Disinfector" va apparaître --> branche tous tes disques amovibles (clés USB, lecteurs mp3, disques durs externes, iPod...) et clique sur OK.
    • Tes icônes vont disparaitre, c'est normal, ne touche à rien pendant la désinfection.
    • Lorsque le message "Finish" apparaît, clique sur OK.

    /!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour blasterofmetal, il n'est pas transposable sur un autre ordinateur !

    • Rends toi sur ce site : http://www.mediafire.com/download.php?5qy5ayhymyh
    • Télécharge le fichier CFScript.txt sur ton Bureau en cliquant sur « Click here to start download »
    • Désactive toutes tes protections.

    • Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

    • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    • Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

    0
    1. blasterofmetal Messages postés 430 Statut Membre 65
       
      Petits problemes :
      1.Flash desinfector semple etre un "Worm" d'après antivir et ad-aware
      2.Le liens pour telecharger le logiciel médiafire semble etre mort
      0
  16. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    J'ai oublié de te recommander de désinstaller l'Eurobarre, c'est une arnaque (fais une recherche sur internet ou consulte leur propre forum, tu verras que plus personne n'est payé depuis bientôt un an).

    Pour FlashDisinfector, c'est une fausse alerte. La plupart des antivirus le détectent car il est capable d'arrêter tous les programmes (y compris les logiciels de protection), ce qui pourrait être dangereux si c'était un outil malveillant. Mais ce n'est pas le cas, rassure toi ;)

    Pour le script, en effet le lien est mort, je vais devoir le refaire :(

    Enregistre le dossier script.zip sur ton Bureau : http://sd-1.archive-host.com/membres/up/7739387536519291/Script.zip
    Fais un clic-droit dessus et choisis "Extraire tout" et choisis le Bureau comme destination. Un fichier CFScript.txt doit apparaître sur ton Bureau.

    /!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour blasterofmetal, il n'est pas transposable sur un autre ordinateur !

    Toujours avec toutes les protections désactivées, fais ceci :
    • Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    • Fais un glisser/déposer du fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

    • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    • Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

    0
  17. blasterofmetal Messages postés 430 Statut Membre 65
     
    Mon pc a planté à la fin quand il m'a affiché ça...
    J'ai fait reset. j'espere que ça va rien changer ...

    ComboFix 09-02-15.01 - dorian 2009-02-19 21:19:09.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.959.324 [GMT 1:00]
    Lancé depuis: c:\documents and settings\dorian\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\dorian\Bureau\CFScript.txt
    AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
    FW: PC Tools Firewall Plus *enabled*
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    F:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-19 au 2009-02-19 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-19 06:43 . 2009-02-19 06:43 <REP> d-------- c:\documents and settings\All Users\Application Data\NCH Software
    2009-02-18 20:46 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
    2009-02-18 20:46 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
    2009-02-17 19:37 . 2009-02-17 19:37 <REP> d-------- c:\documents and settings\dorian\Application Data\PCToolsFirewallPlus
    2009-02-17 19:36 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
    2009-02-17 19:36 . 2009-01-20 14:12 130,928 --a------ c:\windows\system32\drivers\PCTCore.sys
    2009-02-17 19:36 . 2008-12-18 12:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
    2009-02-17 19:35 . 2009-02-17 19:38 <REP> d-------- c:\program files\PC Tools Firewall Plus
    2009-02-17 19:35 . 2009-02-17 19:36 <REP> d-------- c:\program files\Fichiers communs\PC Tools
    2009-02-17 19:35 . 2009-02-19 20:40 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
    2009-02-17 19:35 . 2008-09-22 12:29 97,408 --a------ c:\windows\system32\drivers\pctfw.sys
    2009-02-17 19:35 . 2009-01-21 10:38 95,640 --a------ c:\windows\system32\drivers\pctplfw.sys
    2009-02-17 07:49 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
    2009-02-17 07:43 . 2009-02-17 07:49 <REP> d-------- c:\windows\system32\XPSViewer
    2009-02-17 07:43 . 2009-02-17 07:43 <REP> d-------- c:\program files\Reference Assemblies
    2009-02-17 07:42 . 2009-02-17 18:15 <REP> d-------- c:\windows\SxsCaPendDel
    2009-02-17 07:42 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
    2009-02-17 07:42 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
    2009-02-17 07:42 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-02-17 07:42 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
    2009-02-17 07:42 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-02-17 07:42 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
    2009-02-17 07:42 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-02-17 07:37 . 2009-02-17 07:37 <REP> d-------- c:\program files\Microsoft
    2009-02-14 19:04 . 2009-02-14 19:04 <REP> d-------- c:\documents and settings\dorian\Application Data\U3
    2009-02-14 17:46 . 2009-02-14 19:04 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-02-14 17:46 . 2009-02-14 17:46 <REP> d-------- c:\documents and settings\dorian\Application Data\Malwarebytes
    2009-02-14 17:46 . 2009-02-14 17:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-14 17:46 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-14 17:46 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-02-13 19:51 . 2009-02-15 22:34 917 -rah----- c:\windows\EPMBatch.ept
    2009-02-13 19:28 . 2009-02-13 19:28 <REP> d-------- c:\program files\EASEUS
    2009-02-13 18:43 . 2009-02-13 18:52 <REP> d-------- C:\Rooter$
    2009-02-13 18:33 . 2009-02-13 18:45 <REP> d-------- C:\rsit
    2009-02-13 18:33 . 2009-02-13 18:43 <REP> d-------- c:\program files\trend micro
    2009-02-11 04:00 . 2009-02-11 04:00 0 --a------ c:\windows\system32\14.tmp
    2009-02-10 22:22 . 2009-02-16 15:55 <REP> d-------- c:\program files\LimeWire
    2009-02-05 15:55 . 2009-02-05 15:54 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
    2009-02-05 15:53 . 2009-02-05 15:56 <REP> d-------- c:\documents and settings\dorian\.housecall6.6
    2009-02-05 15:50 . 2009-02-05 15:50 <REP> d-------- c:\windows\Sun
    2009-02-05 15:50 . 2009-02-05 15:50 <REP> d-------- c:\program files\AxBx
    2009-01-29 19:44 . 2009-01-18 22:35 15,688 --a------ c:\windows\system32\lsdelete.exe
    2009-01-29 19:30 . 2009-01-29 19:30 <REP> d-------- c:\program files\Lavasoft
    2009-01-29 19:30 . 2009-02-17 00:48 <REP> d-------- c:\program files\a-squared Free
    2009-01-29 19:30 . 2009-01-29 19:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-01-29 19:30 . 2009-01-29 19:30 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-01-29 19:30 . 2009-01-18 22:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
    2009-01-28 12:49 . 1999-07-20 01:07 192,512 --a------ c:\documents and settings\dorian\SOFTFSB.EXE
    2009-01-28 12:49 . 1999-07-20 01:07 36,864 --a------ c:\documents and settings\dorian\SOFTFSB.DLL
    2009-01-28 12:49 . 1999-07-20 01:07 4,639 --a------ c:\documents and settings\dorian\SOFTFSB.DAT
    2009-01-28 12:49 . 1999-07-20 01:07 2,304 --a------ c:\documents and settings\dorian\SOFTFSB.SYS
    2009-01-25 22:23 . 2009-01-25 22:23 <REP> d-------- c:\documents and settings\dorian\Application Data\OpenOffice.org
    2009-01-25 22:18 . 2009-01-25 22:18 <REP> d-------- c:\program files\OpenOffice.org 3
    2009-01-24 19:10 . 2009-01-24 19:10 <REP> d-------- c:\documents and settings\dorian\Application Data\Arcsoft
    2009-01-22 22:33 . 2009-01-22 22:37 174 --a------ c:\windows\PRCedit.INI

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-19 19:35 --------- d-----w c:\documents and settings\dorian\Application Data\LimeWire
    2009-02-19 05:42 --------- d-----w c:\program files\NCH Software
    2009-02-17 06:43 --------- d-----w c:\program files\MSBuild
    2009-02-16 21:27 --------- d-----w c:\program files\Messenger Plus! Live
    2009-02-15 13:47 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-15 11:04 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-02-15 01:25 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-02-08 15:46 --------- d-----w c:\program files\Diablo II
    2009-02-01 17:54 --------- d-----w c:\program files\WinASPI
    2009-01-18 20:41 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-18 20:41 --------- d-----w c:\program files\Fichiers communs\InstallShield
    2009-01-18 20:41 --------- d-----w c:\program files\Blue Point Studios
    2009-01-18 20:21 --------- d-----w c:\program files\palmOne
    2009-01-13 21:49 --------- d-----w c:\documents and settings\All Users\Application Data\AutoClic
    2009-01-12 16:09 410,984 ----a-w c:\windows\system32\deploytk.dll
    2009-01-12 16:09 --------- d-----w c:\program files\Java
    2009-01-09 19:27 --------- d-----w c:\program files\MSXML 4.0
    2009-01-08 17:58 --------- d-----w c:\program files\Fichiers communs\MAGIX Shared
    2009-01-08 17:10 --------- d-----w c:\program files\Bonjour
    2009-01-07 22:26 --------- d-----w c:\documents and settings\dorian\Application Data\Apple Computer
    2009-01-07 22:25 --------- d-----w c:\program files\iTunes
    2009-01-07 22:25 --------- d-----w c:\program files\iPod
    2009-01-07 22:25 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
    2009-01-07 22:25 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-01-07 22:24 --------- d-----w c:\program files\Fichiers communs\Apple
    2009-01-07 22:17 --------- d-----w c:\documents and settings\dorian\Application Data\rockbox.org
    2009-01-07 22:06 --------- d-----w c:\program files\Morgan
    2009-01-07 13:04 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
    2009-01-07 12:59 --------- d-----w c:\program files\Avira
    2009-01-07 12:59 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
    2009-01-05 21:28 --------- d-----w c:\program files\PhotoFiltre
    2009-01-04 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
    2009-01-04 22:56 --------- d-----w c:\program files\NCH Swift Sound
    2009-01-04 22:56 --------- d-----w c:\documents and settings\dorian\Application Data\NCH Swift Sound
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
    2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll
    2008-12-08 21:37 370,176 ----a-w c:\windows\system32\x264vfw.dll
    2008-11-27 07:51 225,280 ----a-w c:\windows\system32\BootMan.exe
    2008-11-26 14:58 472,064 ----a-w c:\windows\system32\NTFSFormat.dll
    2008-11-26 14:55 65,536 ----a-w c:\windows\system32\FatCopy.dll
    2008-11-26 14:54 17,920 ----a-w c:\windows\system32\SectorCopy.dll
    2008-11-26 14:54 139,776 ----a-w c:\windows\system32\NTFSCopy.dll
    2008-11-26 14:52 86,016 ----a-w c:\windows\system32\ResizeNTFS.dll
    2008-11-26 14:51 93,184 ----a-w c:\windows\system32\Partition.dll
    2008-11-26 14:51 61,952 ----a-w c:\windows\system32\FatResizeMove.dll
    2008-11-26 14:51 45,568 ----a-w c:\windows\system32\FileSystemCheck.dll
    2008-11-26 14:50 180,736 ----a-w c:\windows\system32\DeviceManager.dll
    2008-11-26 14:49 86,528 ----a-w c:\windows\system32\NTFSLib.dll
    2008-11-26 14:49 31,744 ----a-w c:\windows\system32\FatLib.dll
    2008-11-26 14:49 22,016 ----a-w c:\windows\system32\FatFormat.dll
    2008-11-26 14:48 68,096 ----a-w c:\windows\system32\Device.dll
    2008-11-26 14:48 6,656 ----a-w c:\windows\system32\CallbackOperator.dll
    2008-11-26 14:48 24,576 ----a-w c:\windows\system32\NTFSFileSystemAnalyser.dll
    2008-11-26 14:48 21,504 ----a-w c:\windows\system32\Fixup.dll
    2008-11-26 14:48 14,848 ----a-w c:\windows\system32\FileSystemAnalyser.dll
    2008-11-26 14:48 10,752 ----a-w c:\windows\system32\DeviceAdapter.dll
    2008-11-26 14:47 25,088 ----a-w c:\windows\system32\FATFileSystemAnalyser.dll
    2008-11-25 16:18 86,408 ----a-w c:\windows\system32\setupempdrv03.exe
    2008-11-25 16:18 8,704 ----a-w c:\windows\system32\epmntdrv.sys
    2008-11-25 16:18 3,072 ----a-w c:\windows\system32\EuGdiDrv.sys
    2008-11-25 16:18 14,848 ----a-w c:\windows\system32\EuEpmGdi.dll
    2008-11-19 09:01 219,648 ----a-w c:\windows\system32\uxtheme.dll
    2008-10-29 14:24 11,600,880 ----a-w c:\documents and settings\dorian\tru.dat
    2008-10-29 12:26 353,880 ----a-w c:\documents and settings\dorian\binkw32.dll
    2008-10-29 12:26 334,936 ----a-w c:\documents and settings\dorian\uninst.dat
    2008-10-29 12:26 328,280 ----a-w c:\documents and settings\dorian\fmodex.dll
    2008-10-29 12:26 2,604,120 ----a-w c:\documents and settings\dorian\setup.exe
    2000-07-31 20:17 355,328 ----a-w c:\documents and settings\dorian\AutoMouse.exe
    2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-15_13.38.05,57 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-10-19 12:04:15 69,120 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2009-02-17 06:46:49 69,120 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2008-10-19 12:04:19 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2009-02-17 06:46:54 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2009-02-17 06:43:01 163,840 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    - 2008-10-19 12:04:05 4,444,160 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2009-02-17 06:47:00 4,546,560 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2009-02-17 06:43:05 4,210,688 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    - 2008-10-19 12:04:20 483,840 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2009-02-17 06:47:02 486,400 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    - 2008-10-19 12:04:10 3,036,160 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2009-02-17 06:47:03 2,933,248 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2008-10-19 12:04:22 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2009-02-17 06:46:57 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2008-10-19 12:04:22 113,664 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2009-02-17 06:46:57 113,664 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2009-02-17 06:43:06 368,640 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
    - 2008-10-19 12:04:19 261,120 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2009-02-17 06:46:56 261,632 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2008-10-19 12:04:09 5,431,296 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2009-02-17 06:46:43 5,242,880 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2008-10-19 12:04:13 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2009-02-17 06:46:50 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2008-11-05 20:32:24 315,392 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_fr_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
    + 2009-02-17 06:49:01 315,392 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_fr_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
    - 2008-10-19 12:04:10 507,904 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2009-02-17 06:46:43 507,904 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2008-10-19 12:04:15 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2009-02-17 06:46:48 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2008-10-19 12:04:16 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2009-02-17 06:46:51 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2008-10-19 12:04:17 77,824 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2009-02-17 06:46:51 77,824 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2008-10-19 12:04:17 6,656 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2009-02-17 06:46:52 6,656 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2009-02-17 06:49:30 12,288 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.resources.dll
    + 2009-02-17 06:43:57 106,496 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
    - 2008-11-05 20:32:33 53,248 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
    + 2009-02-17 06:49:08 53,248 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
    + 2009-02-17 06:49:30 69,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
    - 2008-10-19 12:04:22 348,160 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2009-02-17 06:46:57 348,160 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2009-02-17 06:43:57 733,184 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2008-10-19 12:04:23 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2009-02-17 06:46:58 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2009-02-17 06:43:58 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2008-11-05 20:32:34 139,264 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
    + 2009-02-17 06:49:08 139,264 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
    + 2009-02-17 06:49:30 163,840 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.resources.dll
    + 2009-02-17 06:43:58 802,816 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
    - 2008-10-19 12:04:23 655,360 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2009-02-17 06:46:59 655,360 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2008-11-05 20:32:34 10,752 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
    + 2009-02-17 06:49:09 10,752 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
    + 2009-02-17 06:49:30 11,776 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.resources.dll
    + 2009-02-17 06:43:58 94,208 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
    - 2008-10-19 12:04:24 77,824 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2009-02-17 06:47:00 77,824 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2008-11-05 20:32:25 45,056 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll
    + 2009-02-17 06:49:03 45,056 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll
    - 2008-10-19 12:04:18 749,568 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2009-02-17 06:46:55 749,568 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2009-02-17 06:49:23 5,120 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.transactions.bridge.dtc.resources\3.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.Resources.dll
    + 2009-02-17 06:49:23 19,456 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.transactions.bridge.resources\3.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Resources.dll
    + 2009-02-17 06:43:01 397,312 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    - 2008-11-05 20:32:40 9,216 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
    + 2009-02-17 06:49:14 9,216 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
    - 2008-10-19 12:04:17 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2009-02-17 06:46:54 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2008-11-05 20:32:40 9,728 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
    + 2009-02-17 06:49:13 9,728 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
    - 2008-10-19 12:04:16 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2009-02-17 06:46:54 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2008-11-05 20:32:40 61,440 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
    + 2009-02-17 06:49:13 61,440 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
    - 2008-10-19 12:04:20 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2009-02-17 06:46:55 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2008-10-19 12:04:16 671,744 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2009-02-17 06:46:53 659,456 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2009-02-17 06:43:57 41,984 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
    - 2008-10-19 12:04:07 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2009-02-17 06:47:01 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2008-10-19 12:04:21 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2009-02-17 06:46:55 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2008-10-19 12:04:15 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2009-02-17 06:46:52 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2008-10-19 12:04:15 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2009-02-17 06:46:52 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2008-11-05 20:32:35 311,296 ----a-w c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.Resources.dll
    + 2009-02-17 06:49:09 311,296 ----a-w c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.Resources.dll
    + 2009-02-17 06:49:24 53,248 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationBuildTasks.resources.dll
    + 2009-02-17 06:43:08 598,016 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
    + 2009-02-17 06:43:05 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
    + 2009-02-17 06:49:21 110,592 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationCore.resources.dll
    + 2009-02-17 06:43:09 46,104 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
    + 2009-02-17 06:43:10 196,608 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    + 2009-02-17 06:43:10 139,264 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    + 2009-02-17 06:43:10 397,312 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    + 2009-02-17 06:49:25 245,760 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationFramework.resources.dll
    + 2009-02-17 06:43:11 163,840 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    + 2009-02-17 06:47:52 5,283,840 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2009-02-17 06:49:25 372,736 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationUI.resources.dll
    + 2009-02-17 06:43:12 864,256 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
    + 2009-02-17 06:49:21 40,960 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework.resources\3.0.0.0_fr_31bf3856ad364e35\ReachFramework.resources.dll
    + 2009-02-17 06:43:06 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
    + 2009-02-17 06:43:59 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
    + 2009-02-17 06:49:23 5,120 ----a-w c:\windows\assembly\GAC_MSIL\smdiagnostics.resources\3.0.0.0_fr_b77a5c561934e089\SMDiagnostics.resources.dll
    + 2009-02-17 06:43:02 110,592 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
    - 2008-11-05 20:32:39 10,752 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_fr_b03f5f7f11d50a3a\sysglobl.resources.dll
    + 2009-02-17 06:49:12 10,752 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_fr_b03f5f7f11d50a3a\sysglobl.resources.dll
    - 2008-10-19 12:04:18 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2009-02-17 06:47:02 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2009-02-17 06:43:59 45,056 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    + 2009-02-17 06:44:00 163,840 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
    + 2009-02-17 06:49:31 8,192 ----a-w c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations.resources\3.5.0.0_fr_31bf3856ad364e35\System.ComponentModel.DataAnnotations.Resources.dll
    + 2009-02-17 06:44:05 57,344 ----a-w c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
    - 2008-11-05 20:32:35 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll
    + 2009-02-17 06:49:09 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll
    - 2008-10-19 12:04:18 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2009-02-17 06:47:02 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2008-11-05 20:32:39 49,152 ----a-w c:\windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Configuration.resources.dll
    + 2009-02-17 06:49:12 49,152 ----a-w c:\windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Configuration.resources.dll
    - 2008-10-19 12:04:10 425,984 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2009-02-17 06:47:02 425,984 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2009-02-17 06:49:31 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_fr_b77a5c561934e089\System.Core.Resources.dll
    + 2009-02-17 06:44:00 667,648 ----a-w c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
    + 2009-02-17 06:49:31 5,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.DataSetExtensions.Resources.dll
    + 2009-02-17 06:44:01 53,248 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
    + 2009-02-17 06:49:31 15,872 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Entity.Design.Resources.dll
    + 2009-02-17 06:44:01 229,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
    + 2009-02-17 06:49:31 409,600 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Entity.Resources.dll
    + 2009-02-17 06:44:01 2,879,488 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
    + 2009-02-17 06:49:30 57,344 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Linq.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Linq.Resources.dll
    + 2009-02-17 06:43:56 684,032 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
    - 2008-11-05 20:32:35 110,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_fr_b77a5c561934e089\System.Data.OracleClient.resources.dll
    + 2009-02-17 06:49:10 110,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_fr_b77a5c561934e089\System.Data.OracleClient.resources.dll
    - 2008-11-05 20:32:31 344,064 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_fr_b77a5c561934e089\System.Data.Resources.dll
    + 2009-02-17 06:49:06 352,256 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_fr_b77a5c561934e089\System.Data.Resources.dll
    + 2009-02-17 06:49:29 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Client.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Services.Client.resources.dll
    + 2009-02-17 06:48:19 294,912 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    + 2009-02-17 06:49:29 7,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Design.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Services.Design.resources.dll
    + 2009-02-17 06:43:55 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
    + 2009-02-17 06:49:29 69,632 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Services.resources.dll
    + 2009-02-17 06:48:20 442,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
    - 2008-11-05 20:32:36 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_fr_b77a5c561934e089\system.data.sqlxml.resources.dll
    + 2009-02-17 06:49:10 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_fr_b77a5c561934e089\system.data.sqlxml.resources.dll
    - 2008-10-19 12:04:11 741,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2009-02-17 06:47:03 745,472 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2008-11-05 20:32:25 389,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Deployment.resources.dll
    + 2009-02-17 06:49:02 413,696 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Deployment.resources.dll
    - 2008-10-19 12:04:11 933,888 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2009-02-17 06:47:03 970,752 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2008-11-05 20:32:31 544,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Design.Resources.dll
    + 2009-02-17 06:49:07 548,864 ----a-w c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Design.Resources.dll
    - 2008-10-19 12:04:24 5,070,848 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2009-02-17 06:46:47 5,062,656 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2009-02-17 06:49:30 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement.resources\3.5.0.0_fr_b77a5c561934e089\System.DirectoryServices.AccountManagement.resources.dll
    + 2009-02-17 06:43:56 286,720 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    - 2008-11-05 20:32:27 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
    + 2009-02-17 06:49:04 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
    - 2008-10-19 12:04:23 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2009-02-17 06:46:48 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2008-11-05 20:32:27 40,960 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll
    + 2009-02-17 06:49:04 40,960 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll
    - 2008-10-19 12:04:14 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2009-02-17 06:46:55 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2008-11-05 20:32:36 6,144 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Design.Resources.dll
    + 2009-02-17 06:49:10 6,144 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Design.Resources.dll
    - 2008-10-19 12:04:21 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2009-02-17 06:46:46 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2008-11-05 20:32:32 15,360 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Resources.dll
    + 2009-02-17 06:49:07 15,360 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Resources.dll
    - 2008-10-19 12:04:07 630,784 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2009-02-17 06:46:58 626,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2008-11-05 20:32:26 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll
    + 2009-02-17 06:49:03 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll
    + 2009-02-17 06:49:24 65,536 ----a-w c:\windows\assembly\GAC_MSIL\system.identitymodel.resources\3.0.0.0_fr_b77a5c561934e089\System.IdentityModel.Resources.dll
    + 2009-02-17 06:49:23 57,344 ----a-w c:\windows\assembly\GAC_MSIL\system.identitymodel.selectors.resources\3.0.0.0_fr_b77a5c561934e089\System.IdentityModel.Selectors.Resources.dll
    + 2009-02-17 06:43:12 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    + 2009-02-17 06:43:02 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    + 2009-02-17 06:49:24 12,288 ----a-w c:\windows\assembly\GAC_MSIL\system.io.log.resources\3.0.0.0_fr_b03f5f7f11d50a3a\System.IO.Log.Resources.dll
    + 2009-02-17 06:43:02 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    + 2009-02-17 06:49:31 11,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation.resources\3.5.0.0_fr_b77a5c561934e089\System.Management.Instrumentation.Resources.dll
    + 2009-02-17 06:44:02 143,360 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    - 2008-11-05 20:32:37 13,312 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Management.Resources.dll
    + 2009-02-17 06:49:11 13,312 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Management.Resources.dll
    - 2008-10-19 12:04:21 372,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2009-02-17 06:46:59 372,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2008-11-05 20:32:32 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Messaging.Resources.dll
    + 2009-02-17 06:49:07 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Messaging.Resources.dll
    - 2008-10-19 12:04:21 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2009-02-17 06:46:59 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2009-02-17 06:49:34 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Net.resources\3.5.0.0_fr_b03f5f7f11d50a3a\System.Net.Resources.dll
    + 2009-02-17 06:44:06 233,472 ----a-w c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
    + 2009-02-17 06:49:22 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Printing.resources\3.0.0.0_fr_31bf3856ad364e35\System.Printing.resources.dll
    - 2008-11-05 20:32:33 212,992 ----a-w c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\system.Resources.dll
    + 2009-02-17 06:49:07 212,992 ----a-w c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\system.Resources.dll
    - 2008-11-05 20:32:37 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.Resources.dll
    + 2009-02-17 06:49:11 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.Resources.dll
    - 2008-10-19 12:04:20 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2009-02-17 06:46:58 303,104 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2008-11-05 20:32:38 11,776 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
    + 2009-02-17 06:49:11 11,776 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
    - 2008-10-19 12:04:19 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2009-02-17 06:46:57 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2009-02-17 06:49:24 102,400 ----a-w c:\windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_fr_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
    + 2009-02-17 06:43:02 966,656 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    - 2008-11-05 20:32:26 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Security.Resources.dll
    + 2009-02-17 06:49:03 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Security.Resources.dll
    - 2008-10-19 12:04:08 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2009-02-17 06:46:56 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2009-02-17 06:49:24 36,864 ----a-w c:\windows\assembly\GAC_MSIL\system.servicemodel.install.resources\3.0.0.0_fr_b77a5c561934e089\System.ServiceModel.Install.Resources.dll
    + 2009-02-17 06:43:04 73,728 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
    + 2009-02-17 06:49:24 499,712 ----a-w c:\windows\assembly\GAC_MSIL\system.servicemodel.resources\3.0.0.0_fr_b77a5c561934e089\System.ServiceModel.Resources.dll
    + 2009-02-17 06:43:05 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    + 2009-02-17 06:49:29 73,728 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web.resources\3.5.0.0_fr_31bf3856ad364e35\System.ServiceModel.Web.resources.dll
    + 2009-02-17 06:43:55 569,344 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
    + 2009-02-17 06:47:50 5,931,008 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    - 2008-11-05 20:32:28 40,960 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
    + 2009-02-17 06:49:04 40,960 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
    - 2008-10-19 12:04:08 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2009-02-17 06:46:53 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2009-02-17 06:49:24 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech.resources\3.0.0.0_fr_31bf3856ad364e35\System.Speech.resources.dll
    + 2009-02-17 06:43:09 688,128 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
    - 2008-11-05 20:32:38 16,896 ----a-w c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_fr_b77a5c561934e089\System.Transactions.resources.dll
    + 2009-02-17 06:49:12 16,896 ----a-w c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_fr_b77a5c561934e089\System.Transactions.resources.dll
    + 2009-02-17 06:49:31 3,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Abstractions.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Abstractions.Resources.dll
    + 2009-02-17 06:44:06 77,824 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
    + 2009-02-17 06:49:32 4,096 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.DynamicData.Design.Resources.dll
    + 2009-02-17 06:44:07 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
    + 2009-02-17 06:49:32 16,384 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.DynamicData.Resources.dll
    + 2009-02-17 06:48:21 229,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
    + 2009-02-17 06:49:32 11,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design.resources\3.5.0.0_fr_b77a5c561934e089\System.Web.Entity.Design.Resources.dll
    + 2009-02-17 06:44:03 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
    + 2009-02-17 06:49:32 24,576 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity.resources\3.5.0.0_fr_b77a5c561934e089\System.Web.Entity.Resources.dll
    + 2009-02-17 06:48:21 139,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
    + 2009-02-17 06:49:32 49,152 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Extensions.Design.Resources.dll
    + 2009-02-17 06:44:08 335,872 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
    + 2009-02-17 06:49:32 634,880 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Extensions.Resources.dll
    + 2009-02-17 06:48:22 1,277,952 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    - 2008-11-05 20:32:39 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
    + 2009-02-17 06:49:13 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
    - 2008-10-19 12:04:13 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2009-02-17 06:46:44 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2008-10-19 12:04:13 90,112 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2009-02-17 06:46:45 77,824 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2008-11-05 20:32:28 618,496 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Resources.dll
    + 2009-02-17 06:49:05 622,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Resources.dll
    + 2009-02-17 06:49:33 7,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Routing.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Routing.Resources.dll
    + 2009-02-17 06:44:09 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
    - 2008-11-05 20:32:29 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Services.Resources.dll
    + 2009-02-17 06:49:05 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Services.Resources.dll
    - 2008-10-19 12:04:12 839,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2009-02-17 06:46:44 839,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2008-11-05 20:32:29 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_fr_b77a5c561934e089\System.Windows.Forms.Resources.dll
    + 2009-02-17 06:49:05 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_fr_b77a5c561934e089\System.Windows.Forms.Resources.dll
    - 2008-10-19 12:04:14 5,013,504 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2009-02-17 06:46:45 5,025,792 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2009-02-17 06:49:34 3,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Presentation.resources\3.5.0.0_fr_b77a5c561934e089\System.Windows.Presentation.resources.dll
    + 2009-02-17 06:44:04 12,288 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    + 2009-02-17 06:49:25 184,320 ----a-w c:\windows\assembly\GAC_MSIL\system.workflow.activities.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.Activities.resources.dll
    + 2009-02-17 06:43:07 1,138,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
    + 2009-02-17 06:49:25 311,296 ----a-w c:\windows\assembly\GAC_MSIL\system.workflow.componentmodel.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.ComponentModel.resources.dll
    + 2009-02-17 06:43:08 1,630,208 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
    + 2009-02-17 06:49:25 36,864 ----a-w c:\windows\assembly\GAC_MSIL\system.workflow.runtime.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.Runtime.resources.dll
    + 2009-02-17 06:43:08 540,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
    + 2009-02-17 06:49:29 102,400 ----a-w c:\windows\assembly\GAC_MSIL\System.WorkflowServices.resources\3.5.0.0_fr_31bf3856ad364e35\System.WorkflowServices.resources.dll
    + 2009-02-17 06:43:55 507,904 ----a-w c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
    + 2009-02-17 06:49:33 8,192 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml.Linq.resources\3.5.0.0_fr_b77a5c561934e089\System.Xml.Linq.Resources.dll
    + 2009-02-17 06:44:04 139,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
    - 2008-11-05 20:32:30 167,936 ----a-w c:\windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_fr_b77a5c561934e089\System.xml.Resources.dll
    + 2009-02-17 06:49:06 167,936 ----a-w c:\windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_fr_b77a5c561934e089\System.xml.Resources.dll
    - 2008-10-19 12:04:09 2,068,480 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2009-02-17 06:47:04 2,048,000 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2008-10-19 12:04:11 3,076,096 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2009-02-17 06:47:04 3,149,824 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2009-02-17 06:49:24 4,096 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationClient.resources.dll
    + 2009-02-17 06:43:09 167,936 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    + 2009-02-17 06:49:24 12,288 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationClientsideProviders.resources.dll
    + 2009-02-17 06:43:10 385,024 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    + 2009-02-17 06:49:22 4,096 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationProvider.resources.dll
    + 2009-02-17 06:43:06 40,960 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    + 2009-02-17 06:49:22 10,240 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationTypes.resources.dll
    + 2009-02-17 06:43:06 98,304 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    + 2009-02-17 06:49:23 90,112 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_fr_31bf3856ad364e35\WindowsBase.resources.dll
    + 2009-02-17 06:43:07 1,245,184 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2009-02-17 06:49:25 5,120 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration.resources\3.0.0.0_fr_31bf3856ad364e35\WindowsFormsIntegration.resources.dll
    + 2009-02-17 06:43:10 94,208 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    + 2009-02-17 06:54:16 25,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
    + 2009-02-17 06:54:17 842,240 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
    + 2009-02-17 06:54:06 410,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
    + 2009-02-17 06:54:28 220,672 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
    + 2009-02-17 06:54:18 14,336 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
    + 2009-02-17 06:54:29 222,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2009-02-17 06:54:22 1,888,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
    + 2009-02-17 06:54:31 839,680 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
    + 2009-02-17 06:54:19 74,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
    + 2009-02-17 06:54:31 65,024 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
    + 2009-02-17 06:54:38 1,966,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2009-02-17 06:54:34 1,620,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
    + 2009-02-17 06:54:39 175,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2009-02-17 06:54:38 144,384 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
    + 2009-02-17 06:56:01 2,332,160 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
    + 2009-02-17 06:54:09 386,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2009-02-17 06:54:08 1,093,120 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
    + 2009-02-17 06:54:41 1,712,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
    + 2009-02-17 06:56:01 55,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
    + 2009-02-17 06:54:19 133,632 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
    + 2009-02-17 06:47:48 11,486,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
    + 2009-02-17 06:48:16 1,451,008 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
    + 2009-02-17 06:48:19 39,424 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
    + 2009-02-17 06:50:23 12,216,320 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
    + 2009-02-17 06:50:24 47,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
    + 2009-02-17 06:50:54 258,048 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
    + 2009-02-17 06:50:51 368,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
    + 2009-02-17 06:50:53 539,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
    + 2009-02-17 06:50:50 14,327,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
    + 2009-02-17 06:50:52 224,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
    + 2009-02-17 06:50:58 1,657,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
    + 2009-02-17 06:51:02 2,128,896 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
    + 2009-02-17 06:54:11 320,512 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
    + 2009-02-17 06:54:12 256,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
    + 2009-02-17 06:54:13 366,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\[u]0/u45dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
    + 2009-02-17 06:54:44 82,944 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
    + 2009-02-17 06:54:43 633,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
    + 2009-02-17 06:54:44 94,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
    + 2009-02-17 06:55:56 141,312 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
    + 2009-02-17 06:54:23 971,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
    + 2009-02-17 06:51:06 2,295,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
    + 2009-02-17 06:54:45 135,680 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
    + 2009-02-17 06:55:41 756,736 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
    + 2009-02-17 06:55:39 9,924,096 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
    + 2009-02-17 06:51:20 2,516,480 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\[u]0/ubbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
    + 2009-02-17 06:55:48 354,816 ----a-w c:\windows\assembly\NativeImage
    0
  18. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Il semble que tu as installé un pare-feu depuis la dernière fois (PC Tools Firewall, très bon choix d'ailleurs), et qu'il était activé, c'est peut-être pour ça qu'il y a eu un problème.

    Quoi qu'il en soit, la fin du rapport est difficile à lire et le rapport est incomplet de toute façon.
    Poste un nouveau rapport RSIT stp, on va voir si le script a fonctionné.

    0
  19. blasterofmetal Messages postés 430 Statut Membre 65
     
    Logfile of random's system information tool 1.05 (written by random/random)
    Run by dorian at 2009-02-20 22:53:24
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 20 GB (31%) free of 66 GB
    Total RAM: 959 MB (61% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:53:34, on 20/02/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\PC Tools Firewall Plus\FWService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\vsnp2uvc.exe
    C:\TRUSTP~1\wh_exec.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Process Lasso\processlasso.exe
    C:\Program Files\Process Lasso\processgovernor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Documents and Settings\dorian\Bureau\RSIT.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\trend micro\dorian.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
    O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\DualPix Exchange\CamService.exe
    O4 - HKLM\..\Run: [WheelMouse] C:\TRUSTP~1\wh_exec.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ProcessSupervisorGUI] C:\Program Files\Process Lasso\processlasso.exe
    O4 - HKLM\..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\processgovernor.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
    O4 - Global Startup: Moniteur WiFi OLITEC.lnk = C:\Program Files\OLITEC\Moniteur WiFi OLITEC\RtWLan.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dorian
    O17 - HKLM\Software\..\Telephony: DomainName = dorian
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B5BA1A9B-138F-4509-BA81-4097F31BD95D}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C6035450-EBC9-4E78-81FB-0BA29C65092C}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dorian
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dorian
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Program Files\NCH Software\BroadCam\broadCam.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    0
  20. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Re,

    Désolé pour le délai de réponse... Le script précédent n'a pas fonctionné

    Fais ce qui suit dans l'ordre :

    • Télécharge et installe CCleaner (si ce n’est déjà fait) : https://www.ccleaner.com/ccleaner/download

    • Télécharge OTMoveIt3 (de OldTimer) sur ton Bureau : http://oldtimer.geekstogo.com/OTMoveIt3.exe
    • Double-clique sur OTMoveIt3.exe afin de le lancer.
    • Copie/colle le texte suivant dans le cadre « Paste Instructions for Items to be Moved » et clique sur Moveit :

    :Reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b15ccab-9945-11dd-9ff9-806d6172696f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33f833a6-9940-11dd-842f-001a4d7e618e}]
    
    :commands 
    [purity] 
    [emptytemp] 
    [start explorer] 
    [reboot] 


    • Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.

    • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles
    Le nom du rapport correspond au moment de sa création : date_heure.log

    • Lance CCleaner :
    Option --> avancé --> décoche « effacer uniquement les fichiers plus vieux que 48h »
    Puis nettoyeur --> Analyse > Lancer le nettoyage,
    puis sur OK dans la fenêtre qui s' affiche.

    Enfin, registre --> Chercher des erreurs --> Répare toutes les erreurs (renouvelle cette manipulation jusqu'à ce qu'il ne trouve plus d'erreur)

    0
  21. blasterofmetal Messages postés 430 Statut Membre 65
     
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{2b15ccab-9945-11dd-9ff9-806d6172696­f}\\ not found.
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{33f833a6-9940-11dd-842f-001a4d7e618­e}\\ not found.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\dorian\LOCALS~1\Temp\etilqs_1XCAheR4aUXaIT807pPw scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\dorian\LOCALS~1\Temp\tmp23.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\dorian\LOCALS~1\Temp\tmp24.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\dorian\LOCALS~1\Temp\~DF4F8E.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\dorian\LOCALS~1\Temp\~DF4FE4.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\dorian\LOCALS~1\Temp\~DFB8CA.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\dorian\LOCALS~1\Temp\~DFB97B.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_434.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:\Documents and Settings\dorian\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pousdvr.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\dorian\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pousdvr.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\dorian\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pousdvr.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\dorian\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pousdvr.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\dorian\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pousdvr.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\dorian\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pousdvr.default\urlclassifier3.sqlite-journal scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\dorian\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pousdvr.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02232009_195700

    Files moved on Reboot...
    File C:\DOCUME~1\dorian\LOCALS~1\Temp\etilqs_1XCAheR4aUXaIT807pPw not found!
    File move failed. C:\DOCUME~1\dorian\LOCALS~1\Temp\tmp23.tmp scheduled to be moved on reboot.
    File move failed. C:\DOCUME~1\dorian\LOCALS~1\Temp\tmp24.tmp scheduled to be moved on reboot.
    File C:\DOCUME~1\dorian\LOCALS~1\Temp\~DF4F8E.tmp not found!
    File C:\DOCUME~1\dorian\LOCALS~1\Temp\~DF4FE4.tmp not found!
    File C:\DOCUME~1\dorian\LOCALS~1\Temp\~DFB8CA.tmp not found!
    File C:\DOCUME~1\dorian\LOCALS~1\Temp\~DFB97B.tmp not found!
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\WINDOWS\temp\Perflib_Perfdata_434.dat scheduled to be moved on reboot.
    C:\Documents and Settings\dorian\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pousdvr.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\dorian\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pousdvr.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\dorian\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pousdvr.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\dorian\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pousdvr.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\dorian\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pousdvr.default\urlclassifier3.sqlite moved successfully.
    File C:\Documents and Settings\dorian\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pousdvr.default\urlclassifier3.sqlite-journal not found!
    C:\Documents and Settings\dorian\Local Settings\Application Data\Mozilla\Firefox\Profiles\7pousdvr.default\XUL.mfl moved successfully.
    0
  • 1
  • 2