Combofix

batigool15 Messages postés 398 Statut Membre -  
batigool15 Messages postés 398 Statut Membre -
Bonjour,

ComboFix 09-03-02.03 - maouro 2009-03-03 16:30:14.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.295 [GMT 1:00]
Lancé depuis: c:\documents and settings\maouro\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090303-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\program files\rnamfler\radprlib.dll
c:\program files\rnamfler\radhslib.dll

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\rnamfler\radhslib.dll
c:\program files\rnamfler\radprlib.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 15:33 805,306,368 --sha-w C:\pagefile.sys
2009-03-03 15:32 53,248 ----a-w c:\windows\PSEXESVC.EXE
2009-03-03 15:32 3,932,160 ---ha-w c:\documents and settings\maouro\NTUSER.DAT
2009-03-03 15:32 139,264 ---ha-w c:\documents and settings\NetworkService.AUTORITE NT\NTUSER.DAT
2009-03-03 15:32 139,264 ---ha-w c:\documents and settings\LocalService.AUTORITE NT\NTUSER.DAT
2009-03-03 15:17 --------- d--h--r c:\program files\rnamfler
2009-03-03 15:12 --------- d-----w c:\program files\Mozilla Firefox
2009-03-03 15:05 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-03 14:32 --------- d-----w c:\program files\MSBuild
2009-03-03 14:31 --------- d-----w c:\program files\Reference Assemblies
2009-03-03 13:53 --------- d-----w c:\program files\eChanblard
2009-03-03 13:53 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-02-27 13:17 1,572,864 ---ha-w c:\documents and settings\Invité\NTUSER.DAT
2009-02-27 13:17 1,572,864 ---ha-w c:\documents and settings\Invité\NTUSER.DAT
2009-02-05 21:08 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
2009-02-05 21:08 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
2009-02-05 21:07 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-02-05 21:07 114,768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-02-05 21:06 51,376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-02-05 21:06 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-02-05 21:05 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
2009-01-27 11:34 --------- d-----w c:\documents and settings\maouro\Application Data\dvdcss
2009-01-26 16:00 --------- d-s---w c:\documents and settings\maouro\Application Data\Microsoft
2009-01-13 12:14 --------- d-----w c:\program files\EClea2_0
2009-01-06 17:03 --------- d-s---w c:\documents and settings\Invité\Application Data\Microsoft
2008-08-14 19:33 262,144 ---ha-w c:\documents and settings\Default User\NTUSER.DAT
2008-08-14 19:33 139,264 ---h--w c:\documents and settings\Default User.WINDOWS\NTUSER.DAT
2008-08-14 19:33 1,048,576 ---ha-w c:\documents and settings\Administrateur\NTUSER.DAT
2008-08-14 14:43 225,280 ---ha-w c:\documents and settings\NetworkService\NTUSER.DAT
2008-08-14 14:43 225,280 ---ha-w c:\documents and settings\LocalService\NTUSER.DAT
.

((((((((((((((((((((((((((((( snapshot_2009-01-26_21.01.48,81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-17 19:04:03 8,518,144 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:40:22 18,296 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:40:24 234,872 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:40:22 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
- 2008-10-16 17:32:49 69,120 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-03-03 14:40:43 69,120 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-10-16 17:33:11 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-03-03 14:40:50 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-03-03 14:31:38 163,840 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2008-10-16 17:31:39 4,444,160 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-03-03 14:41:06 4,546,560 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-03-03 14:31:56 4,210,688 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2008-10-16 17:33:19 483,840 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-03-03 14:41:15 486,400 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-10-16 17:32:18 3,036,160 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-03-03 14:41:16 2,933,248 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2008-10-16 17:33:38 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-03-03 14:40:55 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-10-16 17:33:38 113,664 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-03-03 14:40:55 113,664 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-03-03 14:32:08 368,640 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2008-10-16 17:33:13 261,120 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-03-03 14:40:53 261,632 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-10-16 17:32:09 5,431,296 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-03-03 14:40:35 5,242,880 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-10-16 17:32:37 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-03-03 14:40:44 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-03-03 14:45:52 315,392 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_fr_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
- 2008-10-16 17:32:12 507,904 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-03-03 14:40:36 507,904 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2008-10-16 17:32:46 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-03-03 14:40:43 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-10-16 17:32:58 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-03-03 14:40:44 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-10-16 17:33:01 77,824 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-03-03 14:40:45 77,824 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-10-16 17:33:03 6,656 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-03-03 14:40:46 6,656 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-03-03 14:46:46 12,288 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.resources.dll
+ 2009-03-03 14:35:24 106,496 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2009-03-03 14:46:04 53,248 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
+ 2009-03-03 14:46:46 69,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
- 2008-10-16 17:33:42 348,160 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-03-03 14:40:57 348,160 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-03-03 14:35:25 733,184 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-10-16 17:33:44 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-03-03 14:41:02 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-03-03 14:35:26 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-03-03 14:46:05 139,264 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
+ 2009-03-03 14:46:47 163,840 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.resources.dll
+ 2009-03-03 14:35:26 802,816 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
- 2008-10-16 17:33:47 655,360 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-03-03 14:41:03 655,360 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-03-03 14:46:06 10,752 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
+ 2009-03-03 14:46:47 11,776 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.resources.dll
+ 2009-03-03 14:35:27 94,208 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
- 2008-10-16 17:33:49 77,824 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-03-03 14:41:04 77,824 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-03-03 14:45:54 45,056 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll
- 2008-10-16 17:33:05 749,568 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-03-03 14:40:50 749,568 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-03-03 14:46:30 5,120 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.transactions.bridge.dtc.resources\3.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.Resources.dll
+ 2009-03-03 14:46:30 19,456 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.transactions.bridge.resources\3.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Resources.dll
+ 2009-03-03 14:31:37 397,312 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2009-03-03 14:46:14 9,216 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
- 2008-10-16 17:33:00 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-03-03 14:40:49 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-03-03 14:46:13 9,728 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
- 2008-10-16 17:32:56 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-03-03 14:40:49 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-03-03 14:46:13 61,440 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
- 2008-10-16 17:33:22 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-03-03 14:40:52 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-10-16 17:32:54 671,744 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-03-03 14:40:47 659,456 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-03-03 14:35:24 41,984 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2008-10-16 17:31:52 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-03-03 14:41:10 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-10-16 17:33:31 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-03-03 14:40:52 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-10-16 17:32:52 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-03-03 14:40:47 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-10-16 17:32:50 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-03-03 14:40:46 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-03-03 14:46:06 311,296 ----a-w c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.Resources.dll
+ 2009-03-03 14:46:31 53,248 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationBuildTasks.resources.dll
+ 2009-03-03 14:32:26 598,016 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2009-03-03 14:31:55 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2009-03-03 14:46:27 110,592 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationCore.resources.dll
+ 2009-03-03 14:32:27 46,104 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2009-03-03 14:32:32 196,608 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-03-03 14:32:32 139,264 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-03-03 14:32:33 397,312 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-03-03 14:46:32 245,760 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationFramework.resources.dll
+ 2009-03-03 14:32:34 163,840 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-03-03 14:43:32 5,283,840 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-03-03 14:46:32 372,736 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationUI.resources.dll
+ 2009-03-03 14:32:37 864,256 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-03-03 14:46:28 40,960 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework.resources\3.0.0.0_fr_31bf3856ad364e35\ReachFramework.resources.dll
+ 2009-03-03 14:32:06 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-03-03 14:35:28 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2009-03-03 14:46:30 5,120 ----a-w c:\windows\assembly\GAC_MSIL\smdiagnostics.resources\3.0.0.0_fr_b77a5c561934e089\SMDiagnostics.resources.dll
+ 2009-03-03 14:31:40 110,592 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2009-03-03 14:46:12 10,752 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_fr_b03f5f7f11d50a3a\sysglobl.resources.dll
- 2008-10-16 17:33:06 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-03-03 14:41:13 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-03-03 14:35:30 45,056 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-03-03 14:35:30 163,840 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2009-03-03 14:46:47 8,192 ----a-w c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations.resources\3.5.0.0_fr_31bf3856ad364e35\System.ComponentModel.DataAnnotations.Resources.dll
+ 2009-03-03 14:35:39 57,344 ----a-w c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2009-03-03 14:46:07 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll
- 2008-10-16 17:33:07 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-03-03 14:41:14 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-03-03 14:46:12 49,152 ----a-w c:\windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Configuration.resources.dll
- 2008-10-16 17:32:16 425,984 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-03-03 14:41:15 425,984 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-03-03 14:46:48 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_fr_b77a5c561934e089\System.Core.Resources.dll
+ 2009-03-03 14:35:31 667,648 ----a-w c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-03-03 14:46:48 5,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.DataSetExtensions.Resources.dll
+ 2009-03-03 14:35:31 53,248 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-03-03 14:46:48 15,872 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Entity.Design.Resources.dll
+ 2009-03-03 14:35:32 229,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-03-03 14:46:48 409,600 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Entity.Resources.dll
+ 2009-03-03 14:35:33 2,879,488 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-03-03 14:46:46 57,344 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Linq.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Linq.Resources.dll
+ 2009-03-03 14:35:22 684,032 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-03-03 14:46:08 110,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_fr_b77a5c561934e089\System.Data.OracleClient.resources.dll
+ 2009-03-03 14:46:01 352,256 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_fr_b77a5c561934e089\System.Data.Resources.dll
+ 2009-03-03 14:46:45 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Client.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Services.Client.resources.dll
+ 2009-03-03 14:44:30 294,912 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-03-03 14:46:45 7,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Design.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Services.Design.resources.dll
+ 2009-03-03 14:35:20 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-03-03 14:46:45 69,632 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Services.resources.dll
+ 2009-03-03 14:44:31 442,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-03-03 14:46:08 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_fr_b77a5c561934e089\system.data.sqlxml.resources.dll
- 2008-10-16 17:32:22 741,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-03-03 14:41:17 745,472 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-03-03 14:45:53 413,696 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Deployment.resources.dll
- 2008-10-16 17:32:25 933,888 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-03-03 14:41:18 970,752 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-03-03 14:46:01 548,864 ----a-w c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Design.Resources.dll
- 2008-10-16 17:33:52 5,070,848 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-03-03 14:40:41 5,062,656 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-03-03 14:46:45 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement.resources\3.5.0.0_fr_b77a5c561934e089\System.DirectoryServices.AccountManagement.resources.dll
+ 2009-03-03 14:35:22 286,720 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-03-03 14:45:57 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
- 2008-10-16 17:33:45 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-03-03 14:40:42 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-03-03 14:45:56 40,960 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll
- 2008-10-16 17:32:39 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-03-03 14:40:51 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-03-03 14:46:09 6,144 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Design.Resources.dll
- 2008-10-16 17:33:30 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-03-03 14:40:40 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-03-03 14:46:02 15,360 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Resources.dll
- 2008-10-16 17:31:54 630,784 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-03-03 14:41:01 626,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-03-03 14:45:55 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll
+ 2009-03-03 14:46:30 65,536 ----a-w c:\windows\assembly\GAC_MSIL\system.identitymodel.resources\3.0.0.0_fr_b77a5c561934e089\System.IdentityModel.Resources.dll
+ 2009-03-03 14:46:30 57,344 ----a-w c:\windows\assembly\GAC_MSIL\system.identitymodel.selectors.resources\3.0.0.0_fr_b77a5c561934e089\System.IdentityModel.Selectors.Resources.dll
+ 2009-03-03 14:32:42 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-03-03 14:31:41 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-03-03 14:46:30 12,288 ----a-w c:\windows\assembly\GAC_MSIL\system.io.log.resources\3.0.0.0_fr_b03f5f7f11d50a3a\System.IO.Log.Resources.dll
+ 2009-03-03 14:31:42 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-03-03 14:46:48 11,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation.resources\3.5.0.0_fr_b77a5c561934e089\System.Management.Instrumentation.Resources.dll
+ 2009-03-03 14:35:34 143,360 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-03-03 14:46:10 13,312 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Management.Resources.dll
- 2008-10-16 17:33:33 372,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-03-03 14:41:04 372,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-03-03 14:46:03 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Messaging.Resources.dll
- 2008-10-16 17:33:28 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-03-03 14:41:03 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-03-03 14:46:50 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Net.resources\3.5.0.0_fr_b03f5f7f11d50a3a\System.Net.Resources.dll
+ 2009-03-03 14:35:39 233,472 ----a-w c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2009-03-03 14:46:28 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Printing.resources\3.0.0.0_fr_31bf3856ad364e35\System.Printing.resources.dll
+ 2009-03-03 14:46:04 212,992 ----a-w c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\system.Resources.dll
+ 2009-03-03 14:46:10 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.Resources.dll
- 2008-10-16 17:33:16 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-03-03 14:40:58 303,104 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-03-03 14:46:11 11,776 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
- 2008-10-16 17:33:15 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-03-03 14:40:56 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-03-03 14:46:30 102,400 ----a-w c:\windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_fr_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
+ 2009-03-03 14:31:42 966,656 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2009-03-03 14:45:56 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Security.Resources.dll
- 2008-10-16 17:31:58 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-03-03 14:40:55 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-03-03 14:46:30 36,864 ----a-w c:\windows\assembly\GAC_MSIL\system.servicemodel.install.resources\3.0.0.0_fr_b77a5c561934e089\System.ServiceModel.Install.Resources.dll
+ 2009-03-03 14:31:53 73,728 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2009-03-03 14:46:31 499,712 ----a-w c:\windows\assembly\GAC_MSIL\system.servicemodel.resources\3.0.0.0_fr_b77a5c561934e089\System.ServiceModel.Resources.dll
+ 2009-03-03 14:31:54 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-03-03 14:46:44 73,728 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web.resources\3.5.0.0_fr_31bf3856ad364e35\System.ServiceModel.Web.resources.dll
+ 2009-03-03 14:35:19 569,344 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2009-03-03 14:43:28 5,931,008 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-03-03 14:45:57 40,960 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
- 2008-10-16 17:32:02 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-03-03 14:40:48 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-03-03 14:46:31 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech.resources\3.0.0.0_fr_31bf3856ad364e35\System.Speech.resources.dll
+ 2009-03-03 14:32:28 688,128 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2009-03-03 14:46:11 16,896 ----a-w c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_fr_b77a5c561934e089\System.Transactions.resources.dll
+ 2009-03-03 14:46:49 3,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Abstractions.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Abstractions.Resources.dll
+ 2009-03-03 14:35:40 77,824 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-03-03 14:46:49 4,096 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.DynamicData.Design.Resources.dll
+ 2009-03-03 14:35:41 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-03-03 14:46:49 16,384 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.DynamicData.Resources.dll
+ 2009-03-03 14:44:31 229,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-03-03 14:46:49 11,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design.resources\3.5.0.0_fr_b77a5c561934e089\System.Web.Entity.Design.Resources.dll
+ 2009-03-03 14:35:35 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-03-03 14:46:49 24,576 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity.resources\3.5.0.0_fr_b77a5c561934e089\System.Web.Entity.Resources.dll
+ 2009-03-03 14:44:31 139,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-03-03 14:46:49 49,152 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Extensions.Design.Resources.dll
+ 2009-03-03 14:35:43 335,872 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-03-03 14:46:49 634,880 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Extensions.Resources.dll
+ 2009-03-03 14:44:32 1,277,952 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-03-03 14:46:12 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
- 2008-10-16 17:32:34 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-03-03 14:40:37 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-10-16 17:32:36 90,112 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-03-03 14:40:39 77,824 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-03-03 14:45:58 622,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Resources.dll
+ 2009-03-03 14:46:49 7,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Routing.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Routing.Resources.dll
+ 2009-03-03 14:35:45 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2009-03-03 14:45:59 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Services.Resources.dll
- 2008-10-16 17:32:32 839,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-03-03 14:40:38 839,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-03-03 14:45:59 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_fr_b77a5c561934e089\System.Windows.Forms.Resources.dll
- 2008-10-16 17:32:43 5,013,504 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-03-03 14:40:40 5,025,792 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-03-03 14:46:50 3,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Presentation.resources\3.5.0.0_fr_b77a5c561934e089\System.Windows.Presentation.resources.dll
+ 2009-03-03 14:35:36 12,288 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-03-03 14:46:32 184,320 ----a-w c:\windows\assembly\GAC_MSIL\system.workflow.activities.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.Activities.resources.dll
+ 2009-03-03 14:32:20 1,138,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-03-03 14:46:33 311,296 ----a-w c:\windows\assembly\GAC_MSIL\system.workflow.componentmodel.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.ComponentModel.resources.dll
+ 2009-03-03 14:32:21 1,630,208 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-03-03 14:46:33 36,864 ----a-w c:\windows\assembly\GAC_MSIL\system.workflow.runtime.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.Runtime.resources.dll
+ 2009-03-03 14:32:22 540,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2009-03-03 14:46:44 102,400 ----a-w c:\windows\assembly\GAC_MSIL\System.WorkflowServices.resources\3.5.0.0_fr_31bf3856ad364e35\System.WorkflowServices.resources.dll
+ 2009-03-03 14:35:19 507,904 ----a-w c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-03-03 14:46:50 8,192 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml.Linq.resources\3.5.0.0_fr_b77a5c561934e089\System.Xml.Linq.Resources.dll
+ 2009-03-03 14:35:37 139,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-03-03 14:46:00 167,936 ----a-w c:\windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_fr_b77a5c561934e089\System.xml.Resources.dll
- 2008-10-16 17:32:05 2,068,480 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-03-03 14:41:20 2,048,000 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2008-10-16 17:32:29 3,076,096 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-03-03 14:41:19 3,149,824 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-03-03 14:46:31 4,096 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationClient.resources.dll
+ 2009-03-03 14:32:29 167,936 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-03-03 14:46:31 12,288 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationClientsideProviders.resources.dll
+ 2009-03-03 14:32:30 385,024 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-03-03 14:46:28 4,096 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationProvider.resources.dll
+ 2009-03-03 14:32:10 40,960 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-03-03 14:46:28 10,240 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationTypes.resources.dll
+ 2009-03-03 14:32:12 98,304 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-03-03 14:46:29 90,112 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_fr_31bf3856ad364e35\WindowsBase.resources.dll
+ 2009-03-03 14:32:15 1,245,184 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-03-03 14:46:32 5,120 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration.resources\3.0.0.0_fr_31bf3856ad364e35\WindowsFormsIntegration.resources.dll
+ 2009-03-03 14:32:31 94,208 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-03-03 15:26:42 25,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
+ 2009-03-03 15:26:48 842,240 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2009-03-03 15:26:22 410,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2009-03-03 15:27:13 220,672 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2009-03-03 15:26:50 14,336 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2009-03-03 15:27:14 222,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-03-03 15:26:57 1,888,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2009-03-03 15:27:17 839,680 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2009-03-03 15:26:53 74,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2009-03-03 15:27:18 65,024 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2009-03-03 15:27:32 1,966,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-03-03 15:27:26 1,620,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2009-03-03 15:27:35 175,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-03-03 15:27:34 144,384 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2009-03-03 15:41:48 2,332,160 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2009-03-03 15:26:29 386,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-03-03 15:26:27 1,093,120 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2009-03-03 15:27:40 1,712,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2009-03-03 15:41:49 55,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2009-03-03 15:26:52 133,632 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2009-03-03 14:48:04 11,486,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
+ 2009-03-03 14:48:35 1,451,008 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
+ 2009-03-03 14:48:36 39,424 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
+ 2009-03-03 14:49:20 12,216,320 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
+ 2009-03-03 14:49:23 47,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
+ 2009-03-03 14:50:17 258,048 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
+ 2009-03-03 14:50:12 368,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
+ 2009-03-03 14:50:16 539,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
+ 2009-03-03 14:50:09 14,327,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
+ 2009-03-03 14:50:14 224,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
+ 2009-03-03 14:50:22 1,657,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
+ 2009-03-03 14:50:29 2,128,896 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
+ 2009-03-03 15:26:33 320,512 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2009-03-03 15:26:34 256,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2009-03-03 15:26:36 366,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\[u]0[/u]45dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2009-03-03 15:27:45 82,944 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2009-03-03 15:27:44 633,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2009-03-03 15:27:47 94,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-03-03 15:41:40 141,312 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2009-03-03 15:27:01 971,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2009-03-03 14:50:38 2,295,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
+ 2009-03-03 15:27:52 135,680 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2009-03-03 15:29:18 756,736 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2009-03-03 15:29:14 9,924,096 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2009-03-03 14:51:10 2,516,480 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\[u]0[/u]bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
+ 2009-03-03 15:41:21 354,816 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2009-03-03 15:41:18 939,008 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2009-03-03 15:41:13 1,328,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2009-03-03 15:27:08 2,510,336 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2009-03-03 14:50:57 6,616,576 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
+ 2009-03-03 15:41:25 1,801,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
+ 2009-03-03 14:51:30 10,683,392 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll
+ 2009-03-03 15:41:28 1,116,672 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
+ 2009-03-03 15:41:31 881,152 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-03-03 15:41:33 455,680 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2009-03-03 14:51:37 208,384 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2009-03-03 14:51:35 1,587,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
+ 2009-03-03 15:41:36 627,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2009-03-03 15:41:35 280,064 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2009-03-03 15:25:17 212,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2009-03-03 15:25:15 1,056,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2009-03-03 15:25:19 381,440 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2009-03-03 15:41:39 330,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2009-03-03 15:41:43 998,400 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2009-03-03 15:41:51 621,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2009-03-03 14:51:41 1,035,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
+ 2009-03-03 15:25:26 2,338,304 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\[u]0[/u]34c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2009-03-03 15:41:41 311,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-03-03 15:27:11 676,352 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2009-03-03 15:42:01 1,706,496 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2009-03-03 15:26:15 17,317,888 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll
+ 2009-03-03 15:42:03 212,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2009-03-03 14:51:47 1,917,440 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
+ 2009-03-03 15:42:05 627,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2009-03-03 15:42:34 141,312 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\[u]0[/u]0ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2009-03-03 15:42:50 36,864 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
+ 2009-03-03 15:42:48 547,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2009-03-03 15:42:54 301,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2009-03-03 15:42:52 328,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2009-03-03 15:42:59 859,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2009-03-03 15:42:44 2,403,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2009-03-03 15:43:05 2,209,280 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2009-03-03 15:43:07 202,240 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2009-03-03 15:42:38 129,536 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2009-03-03 15:43:11 1,840,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
+ 2009-03-03 15:42:30 11,796,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
+ 2009-03-03 14:52:11 12,430,848 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
+ 2009-03-03 15:43:30 37,888 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
+ 2009-03-03 15:43:41 2,992,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2009-03-03 15:43:56 4,514,304 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2009-03-03 15:44:03 1,908,224 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2009-03-03 15:44:09 1,356,288 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2009-03-03 15:44:11 400,896 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2009-03-03 14:52:25 5,450,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
+ 2009-03-03 14:48:30 7,868,416 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
+ 2009-03-03 14:39:15 7,598,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP155.tmp\System.dll
+ 2009-03-03 14:43:59 11,486,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP233.tmp\mscorlib.dll
+ 2009-03-03 14:52:27 447,488 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2009-03-03 14:52:30 1,049,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
+ 2009-03-03 14:52:32 60,928 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
+ 2009-03-03 14:52:33 187,904 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2009-03-03 14:48:46 3,313,664 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
+ 2009-03-03 14:52:35 240,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
+ 2009-03-03 15:26:38 321,536 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2008-10-16 17:33:16 299,008 ------w c:\windows\assembly\temp\JRW16AFJNS\System.Runtime.Remoting.dll
+ 2008-07-06 12:06:10 89,088 ------w c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2008-07-06 12:06:10 765,440 ------w c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2008-07-06 12:06:10 198,656 ------w c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2008-07-06 12:06:10 373,248 ------w c:\windows\Driver Cache\i386\unidrv.dll
+ 2008-07-06 12:06:10 744,960 ------w c:\windows\Driver Cache\i386\unidrvui.dll
+ 2008-03-13 04:52:36 761,344 ------w c:\windows\Driver Cache\i386\unires.dll
- 2009-01-14 17:20:25 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-02-14 20:41:04 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-01-14 17:20:25 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-02-14 20:41:04 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-01-14 17:20:25 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-02-14 20:41:04 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-01-14 17:20:25 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-02-14 20:41:02 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-01-14 17:20:25 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-02-14 20:41:04 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-01-14 17:20:26 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-02-14 20:41:05 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-01-14 17:20:26 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-02-14 20:41:05 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-01-14 17:20:26 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-02-14 20:41:06 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-01-14 17:20:25 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-02-14 20:41:03 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-01-14 17:20:25 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-02-14 20:41:03 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-01-14 17:20:26 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-02-14 20:41:06 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-01-14 17:20:25 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-02-14 20:41:02 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-01-14 17:20:25 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-02-14 20:41:01 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-10-23 23:47:38 82,944 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-25 10:16:58 82,944 ----a-w c:\windows\Microsoft.NET\Fr
Configuration: Windows XP
Firefox 3.0.6

16 réponses

Résumé de la discussion

Problème identifié: l’exécution de ComboFix 09-03-02.03 sur Windows XP Professionnel signale des composants malveillants désactivés et la création d’un point de restauration, dans un contexte de protection Avast. Des fichiers critiques, notamment dans c:\program files\rnamfler\, tels que radprlib.dll et radhslib.dll, ont été désactivés pendant l’exécution, et la liste indique aussi des suppressions associées. Le compte-rendu Find3M recense des éléments sensibles comme pagefile.sys, PSEXESVC.EXE, NTUSER.DAT et divers pilotes Avast et binaire rnamfler, indiquant des traces d’actions système et d’historique d’audit. D’autres éléments utiles évoquent des artefacts dans des dossiers système et les entrées de l’architecture .NET (GAC et assemblies), reflétant l’étendue des modifications avant ou après l’intervention.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    si il faut car windows n'utilise que internet explorer pour se mettre a jour !!!
    2
    1. batigool15 Messages postés 398 Statut Membre 11
       
      dsl pour le retard c parceque j'ai laisser l'ani virus banda toute la nuite , alors voila le rapport :


      ;***********************************************************************************************************************************************************************************
      ANALYSIS: 2009-03-04 11:05:31
      PROTECTIONS: 1
      MALWARE: 16
      SUSPECTS: 1
      ;***********************************************************************************************************************************************************************************
      PROTECTIONS
      Description Version Active Updated
      ;===================================================================================================================================================================================
      avast! antivirus 4.8.1335 [VPS 090303-0] 4.8.1335 Yes Yes
      ;===================================================================================================================================================================================
      MALWARE
      Id Description Type Active Severity Disinfectable Disinfected Location
      ;===================================================================================================================================================================================
      00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\maouro\Cookies\maouro@doubleclick[1].txt
      00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@doubleclick[1].txt
      00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@doubleclick[2].txt
      00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\maouro\Cookies\maouro@atdmt[2].txt
      00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@atdmt[2].txt
      00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@tradedoubler[1].txt
      00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@tradedoubler[3].txt
      00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@mediaplex[1].txt
      00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@mediaplex[2].txt
      00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@xiti[1].txt
      00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@ad.yieldmanager[1].txt
      00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@serving-sys[2].txt
      00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@weborama[1].txt
      00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@weborama[3].txt
      00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@fl01.ct2.comclick[1].txt
      00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@advertising[1].txt
      00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@bluestreak[1].txt
      00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@bluestreak[3].txt
      00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@adrevolver[2].txt
      00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@adviva[1].txt
      00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@smartadserver[2].txt
      01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{9548850C-346E-48C9-A938-0C06807CD340}\RP13\A0013229.EXE
      01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{9548850C-346E-48C9-A938-0C06807CD340}\RP16\A0013612.EXE
      02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{9548850C-346E-48C9-A938-0C06807CD340}\RP13\A0013203.sys
      02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{9548850C-346E-48C9-A938-0C06807CD340}\RP12\A0013174.sys
      ;===================================================================================================================================================================================
      SUSPECTS
      Sent Location l
      ;===================================================================================================================================================================================
      No C:\Program Files\rnamfler\naomf.exe l
      ;===================================================================================================================================================================================
      VULNERABILITIES
      Id Severity Description l
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu vire tout car il faut systematiquement utiliser les dernieres version

    et garde ceci:

    pour protéger gratos ton ordi

    http://www.commentcamarche.net/telecharger/logiciel 4 securite

    mettre un antivirus

    ANTIVIR ou AVG8 ou (AVAST )
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions :
    MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
    WINDOWS DEFENDER ou SPYWARE TERMINATOR

    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    Rq : spybot … sortent de nouvelles versions régulièrement, vérifiez que vous avez la dernière version
    --------
    un pare feu :
    celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
    https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
    https://forum.pcastuces.com/sujet.asp?f=25&s=35606
    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

    -----------
    CCLEANER pour effacer les traces de surf
    ---------
    naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
    http://www.mozilla-europe.org/fr/products/firefox/
    1
    1. batigool15 Messages postés 398 Statut Membre 11
       
      merci bcp , j'ai tout fais se que tu ma demandé , ya juste un truc , a chaque fois je met spybot sur mon pc je le désinstalle car il m'embête tjr avec , autorisé ou refuser les modification ; et je c pas quoi répondre alors je fais tjr autorisé , alors j'aimerai bien un conseille de votre part , es que je le met spybot , si oui , j'autorise ou je refuse les modification ??


      merci
      0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt
    rapport incomplet et pas d'explications ...

    on n'aime pas :(
    0
    1. batigool15 Messages postés 398 Statut Membre 11
       
      je refais un autre rapport , c pas de ma faite s'il est complet lol
      0
    2. batigool15 Messages postés 398 Statut Membre 11
       
      voila je vien de refaire le rapport :

      ComboFix 09-03-02.03 - maouro 2009-03-03 18:17:27.4 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.296 [GMT 1:00]
      Running from: c:\documents and settings\maouro\Bureau\ComboFix.exe
      AV: avast! antivirus 4.8.1335 [VPS 090303-0] *On-access scanning disabled* (Updated)
      .

      ((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))))
      .

      2009-03-03 15:47 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
      2009-03-03 15:32 . 2009-03-03 15:46 <REP> d-------- c:\windows\system32\XPSViewer
      2009-03-03 15:32 . 2009-03-03 15:32 <REP> d-------- c:\program files\MSBuild
      2009-03-03 15:31 . 2009-03-03 15:31 <REP> d-------- c:\program files\Reference Assemblies
      2009-03-03 15:27 . 2009-03-03 15:30 <REP> d-------- C:\730f6ebbae90de96ecc46475
      2009-03-03 15:27 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
      2009-03-03 15:27 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\DllCache\xpssvcs.dll
      2009-03-03 15:27 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\DllCache\printfilterpipelinesvc.exe
      2009-03-03 15:27 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
      2009-03-03 15:27 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\DllCache\xpsshhdr.dll
      2009-03-03 15:27 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
      2009-03-03 15:27 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\DllCache\filterpipelineprintproc.dll
      2009-03-03 15:25 . 2009-03-03 16:05 <REP> d-------- c:\windows\SxsCaPendDel
      2009-03-02 22:06 . 2009-03-02 22:06 280 --ah----- C:\sqmdata18.sqm
      2009-03-02 22:06 . 2009-03-02 22:06 244 --ah----- C:\sqmnoopt18.sqm
      2009-03-02 22:06 . 2009-03-02 22:06 172 --ah----- C:\sqmnoopt19.sqm
      2009-03-02 22:06 . 2009-03-02 22:06 172 --ah----- C:\sqmdata19.sqm
      2009-03-01 17:49 . 2009-03-01 17:49 244 --ah----- C:\sqmnoopt17.sqm
      2009-03-01 17:49 . 2009-03-01 17:49 232 --ah----- C:\sqmdata17.sqm

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-03-03 15:17 --------- d--h--r c:\program files\rnamfler
      2009-03-03 15:05 --------- d-----w c:\program files\Spybot - Search & Destroy
      2009-03-03 13:53 --------- d-----w c:\program files\eChanblard
      2009-03-03 13:53 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
      2009-01-27 11:34 --------- d-----w c:\documents and settings\maouro\Application Data\dvdcss
      2009-01-13 12:14 --------- d-----w c:\program files\EClea2_0
      2008-12-14 19:17 410,984 ----a-w c:\windows\system32\deploytk.dll
      2008-12-12 17:02 3,088,896 ------w c:\windows\system32\DllCache\mshtml.dll
      2008-12-11 10:57 333,952 ------w c:\windows\system32\DllCache\srv.sys
      .

      ((((((((((((((((((((((((((((( SnapShot_2009-03-03_17.06.22.57 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2009-03-03 16:24:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4e8.dat
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
      "Meteo Fusion"="c:\program files\Eggiz\Meteo Fusion\Meteo Fusion.exe" [2007-04-12 294912]
      "ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]
      "LClock"="lclock.exe" [2004-12-08 c:\windows\LClock.exe]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "wrna3ls"="c:\program files\rnamfler\naomf.exe" [2006-04-01 1253960]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
      "tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-29 258048]
      "Athan"="c:\program files\Athan\Athan.exe" [2008-08-18 1069056]
      "snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "LSD_III"="c:\windows\LSD\end.cmd" [2005-07-14 2310]
      "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "ForceClassicControlPanel"= 1 (0x1)
      "NoSMBalloonTip"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "UpdatesDisableNotify"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
      "c:\\Program Files\\eChanblard\\emule.exe"=
      "c:\\Program Files\\adslTV\\adsltv.exe"=
      "c:\\WINDOWS\\system32\\dpvsetup.exe"=

      R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2003-10-31 77312]
      R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-14 114768]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-14 20560]
      S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-01 33752]
      S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-07-25 191656]
      .
      Contents of the 'Scheduled Tasks' folder

      2008-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.ustart.org
      uDefault_Search_URL = hxxp://www.google.com/ie
      uInternet Connection Wizard,ShellNext = hxxp://www.winlsd.org/
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
      FF - ProfilePath - c:\documents and settings\maouro\Application Data\Mozilla\Firefox\Profiles\fa3ykpp6.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1146876&SearchSource=3&q=
      FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
      FF - plugin: c:\documents and settings\maouro\Application Data\Mozilla\Firefox\Profiles\fa3ykpp6.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
      FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
      FF - plugin: c:\program files\Picasa2\npPicasa2.dll
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-03-03 18:19:30
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(660)
      c:\windows\system32\Ati2evxx.dll
      .
      Completion time: 2009-03-03 18:21:26
      ComboFix-quarantined-files.txt 2009-03-03 17:21:23
      ComboFix2.txt 2009-03-03 16:07:27
      ComboFix3.txt 2009-01-26 20:03:10
      ComboFix4.txt 2008-11-25 13:39:52

      Pre-Run: 68 843 827 200 octets libres
      Post-Run: 68,833,693,696 octets libres

      131 --- E O F --- 2009-03-01 16:34:06
      0
  4. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    Slt

    Mais toujours d'explications....
    0
    1. batigool15 Messages postés 398 Statut Membre 11
       
      qu'es je doit faire , j'en c rien moi lol
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
    1. batigool15 Messages postés 398 Statut Membre 11
       
      info txt :

      info.txt logfile of random's system information tool 1.05 2009-03-03 19:12:19

      ======Uninstall list======

      -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
      -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
      -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      Acrobat.com-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
      Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
      Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
      Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
      Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
      Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
      Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
      Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
      adsl TV-->C:\Program Files\adslTV\Uninstal.exe
      Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
      Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
      Athan Basic 3.4-->C:\WINDOWS\iun6002.exe "C:\Program Files\Athan\irunin.ini"
      ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
      ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
      ATnotes Version 9.5-->"C:\Program Files\ATnotes\unins000.exe"
      avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
      CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
      C-Media PCI Audio-->C:\WINDOWS\CmiPCIUninstall.exe C:\Program Files\C-Media PCI Audio#C-Media PCI Audio#C-Media PCI Audio#
      Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
      Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
      Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
      DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
      DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
      DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
      DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
      GCobol 1.15-->"C:\Program Files\GCobol\unins000.exe"
      getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
      Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
      HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
      Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
      Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
      Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
      Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
      LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
      Ludi-->C:\Program Files\Ludi\uninstall.exe
      Ma-Config.com-->MsiExec.exe /X{CFF24C43-9C46-4044-9C54-A4D98A3A25FB}
      Magnetic Webcam-->C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\setup.exe -runfromtemp -l0x040c -removeonly -u
      Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
      Meteo Fusion 1.5.9.11-->"C:\Program Files\Eggiz\Meteo Fusion\unins000.exe"
      Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
      Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
      Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
      Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
      Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
      Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
      Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
      Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
      Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
      Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
      Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
      Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
      Nero Suite-->C:\Program Files\Fichiers communs\Ahead\Uninstall\Setup.exe /uninstall ExtraUninstallID=""
      OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
      Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
      QuickTime Alternative 2.6.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
      QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
      VLC media player 0.9.8a-->C:\Program Files\adslTV\uninstall.exe
      Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
      Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
      Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
      Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
      Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
      Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
      Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
      Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
      XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

      ======Security center information======

      AV: avast! antivirus 4.8.1335 [VPS 090303-0]

      System event log

      Computer Name: LSD-748DF047AB7
      Event Code: 7036
      Message: Le service Carte de performance WMI est entré dans l'état : arrêté.

      Record Number: 9009
      Source Name: Service Control Manager
      Time Written: 20081222155447.000000+060
      Event Type: Informations
      User:

      Computer Name: LSD-748DF047AB7
      Event Code: 7036
      Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution.

      Record Number: 9008
      Source Name: Service Control Manager
      Time Written: 20081222155447.000000+060
      Event Type: Informations
      User:

      Computer Name: LSD-748DF047AB7
      Event Code: 7035
      Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.

      Record Number: 9007
      Source Name: Service Control Manager
      Time Written: 20081222155447.000000+060
      Event Type: Informations
      User: AUTORITE NT\SYSTEM

      Computer Name: LSD-748DF047AB7
      Event Code: 7036
      Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.

      Record Number: 9006
      Source Name: Service Control Manager
      Time Written: 20081222155443.000000+060
      Event Type: Informations
      User:

      Computer Name: LSD-748DF047AB7
      Event Code: 7035
      Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.

      Record Number: 9005
      Source Name: Service Control Manager
      Time Written: 20081222155443.000000+060
      Event Type: Informations
      User: AUTORITE NT\SYSTEM

      Application event log

      Computer Name: LSD-748DF047AB7
      Event Code: 701
      Message: msnmsgr (2144) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\maouro\Local Settings\Application Data\Microsoft\Messenger\maouro59@hotmail.fr\SharingMetadata\Working\database_961C_E01D_1CDF_F5E9\dfsr.db'.

      Record Number: 5729
      Source Name: ESENT
      Time Written: 20081119060010.000000+060
      Event Type: Informations
      User:

      Computer Name: LSD-748DF047AB7
      Event Code: 700
      Message: msnmsgr (2144) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\maouro\Local Settings\Application Data\Microsoft\Messenger\maouro59@hotmail.fr\SharingMetadata\Working\database_961C_E01D_1CDF_F5E9\dfsr.db'.

      Record Number: 5728
      Source Name: ESENT
      Time Written: 20081119060010.000000+060
      Event Type: Informations
      User:

      Computer Name: LSD-748DF047AB7
      Event Code: 701
      Message: msnmsgr (2144) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\maouro\Local Settings\Application Data\Microsoft\Messenger\maouro59@hotmail.fr\SharingMetadata\Working\database_961C_E01D_1CDF_F5E9\dfsr.db'.

      Record Number: 5727
      Source Name: ESENT
      Time Written: 20081119050010.000000+060
      Event Type: Informations
      User:

      Computer Name: LSD-748DF047AB7
      Event Code: 700
      Message: msnmsgr (2144) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\maouro\Local Settings\Application Data\Microsoft\Messenger\maouro59@hotmail.fr\SharingMetadata\Working\database_961C_E01D_1CDF_F5E9\dfsr.db'.

      Record Number: 5726
      Source Name: ESENT
      Time Written: 20081119050010.000000+060
      Event Type: Informations
      User:

      Computer Name: LSD-748DF047AB7
      Event Code: 701
      Message: msnmsgr (2144) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\maouro\Local Settings\Application Data\Microsoft\Messenger\maouro59@hotmail.fr\SharingMetadata\Working\database_961C_E01D_1CDF_F5E9\dfsr.db'.

      Record Number: 5725
      Source Name: ESENT
      Time Written: 20081119040010.000000+060
      Event Type: Informations
      User:

      ======Environment variables======

      "ComSpec"=%SystemRoot%\system32\cmd.exe
      "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime Alternative\QTSystem
      "windir"=%SystemRoot%
      "FP_NO_HOST_CHECK"=NO
      "OS"=Windows_NT
      "PROCESSOR_ARCHITECTURE"=x86
      "PROCESSOR_LEVEL"=6
      "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
      "PROCESSOR_REVISION"=0a00
      "NUMBER_OF_PROCESSORS"=1
      "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      "TEMP"=%SystemRoot%\TEMP
      "TMP"=%SystemRoot%\TEMP
      "DEVMGR_SHOW_DETAILS"=1
      "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
      "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

      -----------------EOF-----------------



      log.txt :


      Logfile of random's system information tool 1.05 (written by random/random)
      Run by maouro at 2009-03-03 19:11:58
      Microsoft Windows XP Professionnel Service Pack 3
      System drive C: has 66 GB (84%) free of 78 GB
      Total RAM: 511 MB (35% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:12:17, on 03/03/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\rnamfler\naofsvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\WINDOWS\tsnp2std.exe
      C:\Program Files\Athan\Athan.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe
      C:\Program Files\ATnotes\ATnotes.exe
      C:\WINDOWS\lclock.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Documents and Settings\maouro\Bureau\RSIT.exe
      C:\Program Files\trend micro\maouro.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://melanthios-ana.com/zcvisitor/1624d318-3614-11eb-87b9-12a1ab6c324d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=47f83760-f118-11ea-9bc8-0ac2bbf4ada7
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
      O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
      O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Meteo Fusion] "C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe"
      O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
      O4 - HKCU\..\Run: [LClock] lclock.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
      0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Driver ::
    RdnaoFlSv
    File::
    C:\Program Files\rnamfler\naofsvc.exe
    C:\Program Files\rnamfler

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ____________________________

    scan avec malwarebyte , fais un scan rapide x et colle le rapport obtenu et vire ce qui est trouvé:

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

    _______________________________

    colle un scan en ligne avec un des suivants:
    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr
    ____________________________

    mets a jour internet explorer:

    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
    0
    1. batigool15 Messages postés 398 Statut Membre 11
       
      rapport de combofix

      ComboFix 09-03-02.03 - maouro 2009-03-03 20:27:00.5 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.228 [GMT 1:00]
      Lancé depuis: c:\documents and settings\maouro\Bureau\ComboFix.exe
      Commutateurs utilisés :: c:\documents and settings\maouro\Bureau\CFscript
      AV: avast! antivirus 4.8.1335 [VPS 090303-0] *On-access scanning disabled* (Updated)
      * Un nouveau point de restauration a été créé

      FILE ::
      c:\program files\rnamfler
      c:\program files\rnamfler\naofsvc.exe
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\program files\rnamfler\naofsvc.exe

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
      .

      2009-03-03 19:12 . 2009-03-03 19:12 <REP> d-------- c:\program files\trend micro
      2009-03-03 19:11 . 2009-03-03 19:12 <REP> d-------- C:\rsit
      2009-03-03 15:47 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
      2009-03-03 15:32 . 2009-03-03 15:46 <REP> d-------- c:\windows\system32\XPSViewer
      2009-03-03 15:32 . 2009-03-03 15:32 <REP> d-------- c:\program files\MSBuild
      2009-03-03 15:31 . 2009-03-03 15:31 <REP> d-------- c:\program files\Reference Assemblies
      2009-03-03 15:27 . 2009-03-03 15:30 <REP> d-------- C:\730f6ebbae90de96ecc46475
      2009-03-03 15:27 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
      2009-03-03 15:27 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\DllCache\xpssvcs.dll
      2009-03-03 15:27 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\DllCache\printfilterpipelinesvc.exe
      2009-03-03 15:27 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
      2009-03-03 15:27 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\DllCache\xpsshhdr.dll
      2009-03-03 15:27 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
      2009-03-03 15:27 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\DllCache\filterpipelineprintproc.dll
      2009-03-03 15:25 . 2009-03-03 16:05 <REP> d-------- c:\windows\SxsCaPendDel
      2009-03-02 22:06 . 2009-03-02 22:06 280 --ah----- C:\sqmdata18.sqm
      2009-03-02 22:06 . 2009-03-02 22:06 244 --ah----- C:\sqmnoopt18.sqm
      2009-03-02 22:06 . 2009-03-02 22:06 172 --ah----- C:\sqmnoopt19.sqm
      2009-03-02 22:06 . 2009-03-02 22:06 172 --ah----- C:\sqmdata19.sqm
      2009-03-01 17:49 . 2009-03-01 17:49 244 --ah----- C:\sqmnoopt17.sqm
      2009-03-01 17:49 . 2009-03-01 17:49 232 --ah----- C:\sqmdata17.sqm

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-03-03 19:27 --------- d--h--r c:\program files\rnamfler
      2009-03-03 19:16 --------- d-----w c:\program files\Java
      2009-03-03 15:05 --------- d-----w c:\program files\Spybot - Search & Destroy
      2009-03-03 13:53 --------- d-----w c:\program files\eChanblard
      2009-03-03 13:53 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
      2009-01-27 11:34 --------- d-----w c:\documents and settings\maouro\Application Data\dvdcss
      2009-01-13 12:14 --------- d-----w c:\program files\EClea2_0
      2008-12-14 19:17 410,984 ----a-w c:\windows\system32\deploytk.dll
      2008-12-12 17:02 3,088,896 ------w c:\windows\system32\DllCache\mshtml.dll
      2008-12-11 10:57 333,952 ------w c:\windows\system32\DllCache\srv.sys
      .

      ((((((((((((((((((((((((((((( SnapShot_2009-03-03_17.06.22.57 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2009-03-03 16:24:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4e8.dat
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
      "Meteo Fusion"="c:\program files\Eggiz\Meteo Fusion\Meteo Fusion.exe" [2007-04-12 294912]
      "ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]
      "LClock"="lclock.exe" [2004-12-08 c:\windows\LClock.exe]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "wrna3ls"="c:\program files\rnamfler\naomf.exe" [2006-04-01 1253960]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
      "tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-29 258048]
      "Athan"="c:\program files\Athan\Athan.exe" [2008-08-18 1069056]
      "snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "LSD_III"="c:\windows\LSD\end.cmd" [2005-07-14 2310]
      "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "ForceClassicControlPanel"= 1 (0x1)
      "NoSMBalloonTip"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "UpdatesDisableNotify"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
      "c:\\Program Files\\eChanblard\\emule.exe"=
      "c:\\Program Files\\adslTV\\adsltv.exe"=
      "c:\\WINDOWS\\system32\\dpvsetup.exe"=

      R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2003-10-31 77312]
      R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-14 114768]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-14 20560]
      S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-01 33752]
      S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-07-25 191656]
      .
      Contenu du dossier 'Tâches planifiées'

      2008-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.ustart.org
      uDefault_Search_URL = hxxp://www.google.com/ie
      uInternet Connection Wizard,ShellNext = hxxp://www.winlsd.org/
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
      FF - ProfilePath - c:\documents and settings\maouro\Application Data\Mozilla\Firefox\Profiles\fa3ykpp6.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1146876&SearchSource=3&q=
      FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
      FF - plugin: c:\documents and settings\maouro\Application Data\Mozilla\Firefox\Profiles\fa3ykpp6.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
      FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
      FF - plugin: c:\program files\Picasa2\npPicasa2.dll
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-03-03 20:28:50
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(660)
      c:\windows\system32\Ati2evxx.dll
      .
      Heure de fin: 2009-03-03 20:30:49
      ComboFix-quarantined-files.txt 2009-03-03 19:30:39
      ComboFix2.txt 2009-03-03 17:21:27
      ComboFix3.txt 2009-03-03 16:07:27
      ComboFix4.txt 2009-01-26 20:03:10
      ComboFix5.txt 2009-03-03 19:26:20

      Avant-CF: 68 917 309 440 octets libres
      Après-CF: 68,907,220,992 octets libres

      143 --- E O F --- 2009-03-01 16:34:06
      0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok fais le reste
    0
    1. batigool15 Messages postés 398 Statut Membre 11
       
      Malwarebytes' Anti-Malware 1.34
      Version de la base de données: 1815
      Windows 5.1.2600 Service Pack 3

      03/03/2009 20:45:47
      mbam-log-2009-03-03 (20-45-47).txt

      Type de recherche: Examen rapide
      Eléments examinés: 81516
      Temps écoulé: 5 minute(s), 34 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
    2. batigool15 Messages postés 398 Statut Membre 11
       
      au faite pour la mise a joue internet explorer ça sert a rien puisque j'utilise mozilla fire fox
      0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Driver ::
    RdnaoFlSv
    File::
    C:\Program Files\rnamfler
    C:\Program Files\rnamfler\naomf.exe
    Registry::
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "wrna3ls"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ____________________________

    remets ensuite un rapport RSIT
    0
    1. batigool15 Messages postés 398 Statut Membre 11
       
      ComboFix 09-03-03.01 - maouro 2009-03-04 17:05:19.6 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.241 [GMT 1:00]
      Lancé depuis: c:\documents and settings\maouro\Bureau\ComboFix.exe
      Commutateurs utilisés :: c:\documents and settings\maouro\Bureau\CFscript
      AV: avast! antivirus 4.8.1335 [VPS 090303-2] *On-access scanning disabled* (Updated)
      * Un nouveau point de restauration a été créé

      FILE ::
      c:\program files\rnamfler
      c:\program files\rnamfler\naomf.exe
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\program files\rnamfler\naomf.exe

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-04 au 2009-03-04 ))))))))))))))))))))))))))))))))))))
      .

      2009-03-04 09:11 . 2009-01-09 20:19 1,089,883 --------- c:\windows\system32\DllCache\ntprint.cat
      2009-03-03 21:01 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
      2009-03-03 20:58 . 2009-03-03 20:58 73,728 --a------ c:\windows\system32\javacpl.cpl
      2009-03-03 20:48 . 2009-03-03 20:48 <REP> d-------- c:\program files\Panda Security
      2009-03-03 20:35 . 2009-03-03 20:35 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
      2009-03-03 20:35 . 2009-03-03 20:35 <REP> d-------- c:\documents and settings\maouro\Application Data\Malwarebytes
      2009-03-03 20:35 . 2009-03-03 20:35 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
      2009-03-03 20:35 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
      2009-03-03 20:35 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
      2009-03-03 19:12 . 2009-03-04 12:39 <REP> d-------- c:\program files\trend micro
      2009-03-03 19:11 . 2009-03-03 19:12 <REP> d-------- C:\rsit
      2009-03-03 15:47 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
      2009-03-03 15:47 . 2009-03-03 15:47 575 --a------ c:\windows\imsins.BAK
      2009-03-03 15:32 . 2009-03-03 15:46 <REP> d-------- c:\windows\system32\XPSViewer
      2009-03-03 15:32 . 2009-03-03 15:32 <REP> d-------- c:\program files\MSBuild
      2009-03-03 15:31 . 2009-03-03 15:31 <REP> d-------- c:\program files\Reference Assemblies
      2009-03-03 15:27 . 2009-03-03 15:30 <REP> d-------- C:\730f6ebbae90de96ecc46475
      2009-03-03 15:27 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
      2009-03-03 15:27 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\DllCache\xpssvcs.dll
      2009-03-03 15:27 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\DllCache\printfilterpipelinesvc.exe
      2009-03-03 15:27 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
      2009-03-03 15:27 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\DllCache\xpsshhdr.dll
      2009-03-03 15:27 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
      2009-03-03 15:27 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\DllCache\filterpipelineprintproc.dll
      2009-03-03 15:25 . 2009-03-03 16:05 <REP> d-------- c:\windows\SxsCaPendDel
      2009-03-02 22:06 . 2009-03-02 22:06 280 --ah----- C:\sqmdata18.sqm
      2009-03-02 22:06 . 2009-03-02 22:06 244 --ah----- C:\sqmnoopt18.sqm
      2009-03-02 22:06 . 2009-03-02 22:06 172 --ah----- C:\sqmnoopt19.sqm
      2009-03-02 22:06 . 2009-03-02 22:06 172 --ah----- C:\sqmdata19.sqm
      2009-03-01 17:49 . 2009-03-01 17:49 244 --ah----- C:\sqmnoopt17.sqm
      2009-03-01 17:49 . 2009-03-01 17:49 232 --ah----- C:\sqmdata17.sqm

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-03-04 16:05 --------- d--h--r c:\program files\rnamfler
      2009-03-03 20:01 --------- d-----w c:\program files\adslTV
      2009-03-03 19:58 410,984 ----a-w c:\windows\system32\deploytk.dll
      2009-03-03 19:58 --------- d-----w c:\program files\Java
      2009-03-03 15:05 --------- d-----w c:\program files\Spybot - Search & Destroy
      2009-03-03 13:53 --------- d-----w c:\program files\eChanblard
      2009-03-03 13:53 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
      2009-01-27 11:34 --------- d-----w c:\documents and settings\maouro\Application Data\dvdcss
      2009-01-13 12:14 --------- d-----w c:\program files\EClea2_0
      2008-12-12 17:02 3,088,896 ------w c:\windows\system32\DllCache\mshtml.dll
      2008-12-11 10:57 333,952 ------w c:\windows\system32\DllCache\srv.sys
      .

      ((((((((((((((((((((((((((((( SnapShot_2009-03-03_17.06.22.57 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-12-14 19:17:54 144,792 ----a-w c:\windows\system32\java.exe
      + 2009-03-03 19:58:10 144,792 ----a-w c:\windows\system32\java.exe
      - 2008-12-14 19:17:54 144,792 ----a-w c:\windows\system32\javaw.exe
      + 2009-03-03 19:58:10 144,792 ----a-w c:\windows\system32\javaw.exe
      - 2008-12-14 19:17:54 148,888 ----a-w c:\windows\system32\javaws.exe
      + 2009-03-03 19:58:10 148,888 ----a-w c:\windows\system32\javaws.exe
      - 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
      + 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
      + 2009-03-04 10:32:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_564.dat
      + 2009-03-04 15:58:12 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5d4.dat
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
      "Meteo Fusion"="c:\program files\Eggiz\Meteo Fusion\Meteo Fusion.exe" [2007-04-12 294912]
      "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      "ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]
      "LClock"="lclock.exe" [2004-12-08 c:\windows\LClock.exe]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
      "tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-29 258048]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-03 148888]
      "snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
      "Athan"="c:\program files\Athan\Athan.exe" [2008-08-18 1069056]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "LSD_III"="c:\windows\LSD\end.cmd" [2005-07-14 2310]
      "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "ForceClassicControlPanel"= 1 (0x1)
      "NoSMBalloonTip"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "UpdatesDisableNotify"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
      "c:\\Program Files\\eChanblard\\emule.exe"=
      "c:\\Program Files\\adslTV\\adsltv.exe"=
      "c:\\WINDOWS\\system32\\dpvsetup.exe"=

      R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-03 28544]
      R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2003-10-31 77312]
      R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-14 114768]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-14 20560]
      S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-01 33752]
      S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-07-25 191656]
      .
      Contenu du dossier 'Tâches planifiées'

      2008-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.ustart.org
      uDefault_Search_URL = hxxp://www.google.com/ie
      uInternet Connection Wizard,ShellNext = hxxp://www.winlsd.org/
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
      FF - ProfilePath - c:\documents and settings\maouro\Application Data\Mozilla\Firefox\Profiles\fa3ykpp6.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1146876&SearchSource=3&q=
      FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
      FF - plugin: c:\documents and settings\maouro\Application Data\Mozilla\Firefox\Profiles\fa3ykpp6.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
      FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
      FF - plugin: c:\program files\Picasa2\npPicasa2.dll
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-03-04 17:07:34
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(656)
      c:\windows\system32\Ati2evxx.dll
      .
      Heure de fin: 2009-03-04 17:09:40
      ComboFix-quarantined-files.txt 2009-03-04 16:09:27
      ComboFix2.txt 2009-03-03 19:30:51
      ComboFix3.txt 2009-03-03 17:21:27
      ComboFix4.txt 2009-03-03 16:07:27
      ComboFix5.txt 2009-03-04 16:04:04

      Avant-CF: 68 422 950 912 octets libres
      Après-CF: 68,417,617,920 octets libres

      164 --- E O F --- 2009-03-04 10:07:47
      0
    2. batigool15 Messages postés 398 Statut Membre 11
       
      Logfile of random's system information tool 1.05 (written by random/random)
      Run by maouro at 2009-03-04 17:11:31
      Microsoft Windows XP Professionnel Service Pack 3
      System drive C: has 65 GB (83%) free of 78 GB
      Total RAM: 511 MB (41% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:11:34, on 04/03/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\tsnp2std.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Athan\Athan.exe
      C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe
      C:\WINDOWS\lclock.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\ATnotes\ATnotes.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\notepad.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\maouro\Bureau\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\maouro.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://melanthios-ana.com/zcvisitor/1624d318-3614-11eb-87b9-12a1ab6c324d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=47f83760-f118-11ea-9bc8-0ac2bbf4ada7
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
      O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Meteo Fusion] "C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe"
      O4 - HKCU\..\Run: [LClock] lclock.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe (file missing)
      0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    lance ccleaner et reg cleaner pour faire le menage

    ccleaner

    https://www.malekal.com/tutoriel-ccleaner/

    reg cleaner
    https://www.malekal.com/nettoyer-sa-base-de-registre-avec-windows-registry-cleaner/

    _______________________

    si tout es ok désactive ta restauration puis redemarre ton ordi puis réactive la

    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fdocid/20020830101856924

    verifie avec panda que c'est ok
    0
    1. batigool15 Messages postés 398 Statut Membre 11
       
      c bon j'ai tout fais , et comment desactivé la restauration de system


      ya un autre truc a chaque fois que je rdemarre le pc il me met

      erreur : impossible de trouver le fichier radhslib.dll le programme va fermer !!
      0
    2. batigool15 Messages postés 398 Statut Membre 11
       
      c bon g trouver dsl , reste dll
      0
    3. batigool15 Messages postés 398 Statut Membre 11
       
      j'ai tout fais comme tu ma dit , il reste quoi mnt ??
      0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    verifie avec panda que c'est ok
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    et dis nous si ton pc se comporte bien, si tu as encore des problèmes
    0
    1. batigool15 Messages postés 398 Statut Membre 11
       
      bonjour , oui mon pc va bien , il c amélioré pour la vitesse , pas comme avant mais ça va .

      se qui concerne le message d'erreur dll , je les plus :)

      g fais un scanner avec banda ya toujours des fichier infecté et je c pas comme les supprimé !!


      merci
      0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle le rapport panda pour voir
    0
    1. batigool15 Messages postés 398 Statut Membre 11
       
      j'ai plus le rapport , je vient de le démarré (scanne complet ) il est a 7% , je t'envoie le rapport des qu'il soit terminé , merci encore
      0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok
    0
    1. batigool15 Messages postés 398 Statut Membre 11
       
      c tro long le scanne il est a 16 % lol
      0
    2. batigool15 Messages postés 398 Statut Membre 11
       
      ;***********************************************************************************************************************************************************************************
      ANALYSIS: 2009-03-05 18:23:04
      PROTECTIONS: 1
      MALWARE: 14
      SUSPECTS: 2
      ;***********************************************************************************************************************************************************************************
      PROTECTIONS
      Description Version Active Updated
      ;===================================================================================================================================================================================
      avast! antivirus 4.8.1335 [VPS 090305-0] 4.8.1335 Yes Yes
      ;===================================================================================================================================================================================
      MALWARE
      Id Description Type Active Severity Disinfectable Disinfected Location
      ;===================================================================================================================================================================================
      00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@doubleclick[2].txt
      00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@doubleclick[1].txt
      00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\maouro\Cookies\maouro@doubleclick[1].txt
      00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@atdmt[2].txt
      00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@tradedoubler[1].txt
      00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@tradedoubler[3].txt
      00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@mediaplex[1].txt
      00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@mediaplex[2].txt
      00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@xiti[1].txt
      00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@ad.yieldmanager[1].txt
      00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@serving-sys[2].txt
      00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@weborama[3].txt
      00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@weborama[1].txt
      00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@fl01.ct2.comclick[1].txt
      00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@advertising[1].txt
      00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@bluestreak[3].txt
      00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@bluestreak[1].txt
      00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@adrevolver[2].txt
      00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@adviva[1].txt
      00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Invité\Cookies\invité@smartadserver[2].txt
      ;===================================================================================================================================================================================
      SUSPECTS
      Sent Location
      ;===================================================================================================================================================================================
      No C:\Documents and Settings\maouro\Bureau\ComboFix.exe
      No C:\Qoobox\Quarantine\C\Program Files\rnamfler\naomf.exe.vir
      ;===================================================================================================================================================================================
      VULNERABILITIES
      Id Severity Description
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================
      0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok pas de souci que des cookies et ceci

    vire combofix de ton bureau

    et le fichier quarantine (c'est combofix qui les a mis la en quarantaine) en allant dans poste de travail puis

    C:\Qoobox\Quarantine\

    ____________________

    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
    0
    1. batigool15 Messages postés 398 Statut Membre 11
       
      a chaque fois que je lance toolscleaner il me met pas de réponse !!
      0
    2. batigool15 Messages postés 398 Statut Membre 11
       
      [ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]

      -->- Recherche:

      C:\Combofix.txt: trouvé !
      C:\Qoobox: trouvé !
      C:\Rsit: trouvé !
      C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis: trouvé !
      C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
      C:\Documents and Settings\maouro\Bureau\HijackThis.lnk: trouvé !
      C:\Documents and Settings\maouro\Bureau\Rsit.exe: trouvé !
      C:\Program Files\trend micro\HijackThis.exe: trouvé !
      C:\Program Files\trend micro\hijackthis.log: trouvé !
      C:\Program Files\trend micro\HijackThis: trouvé !
      C:\Program Files\trend micro\HijackThis\HijackThis.exe: trouvé !
      C:\Program Files\trend micro\HijackThis\hijackthis.log: trouvé !

      ---------------------------------
      -->- Suppression:

      C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
      C:\Documents and Settings\maouro\Bureau\HijackThis.lnk: supprimé !
      C:\Program Files\trend micro\HijackThis.exe: supprimé !
      C:\Program Files\trend micro\HijackThis\HijackThis.exe: supprimé !
      C:\Combofix.txt: supprimé !
      C:\Documents and Settings\maouro\Bureau\Rsit.exe: supprimé !
      C:\Program Files\trend micro\hijackthis.log: supprimé !
      C:\Program Files\trend micro\HijackThis\hijackthis.log: supprimé !
      C:\Qoobox: supprimé !
      C:\Rsit: supprimé !
      C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis: supprimé !
      C:\Program Files\trend micro\HijackThis: supprimé !
      0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pas grave alors vires manuellement tout ce qui a été utilisé

    et dis si encore des soucis
    0
    1. batigool15 Messages postés 398 Statut Membre 11
       
      je deinstalle tout ? pe etre j'aurai besoin !!! ou bien de preference les viré ?!!!
      0
  17. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu mets spybot mais lors de l'installation DECOCHE la case pour l'installation du TEA TIMER

    et tu n'auras plus aucune alerte

    si il est djà installé pour vire le tea timer et ses alertes va dans MODE puis MODE AVANCE puis OUTIL puis RESIDENT
    0
    1. batigool15 Messages postés 398 Statut Membre 11
       
      c fais , merci d'avoir la patience de m'aidé , j'espère que je vous y pas tro ennuie lol , bonne soirée et encore merci
      0