Rootkit sous vista

Résolu

kev_du_53 -
kevin.m Messages postés 62 Date d'inscription Statut Membre Dernière intervention - 17 avril 2009 à 21:03

Bonjour,
J'ai un ordinateur avec vista que j'ai depuis un an et quand je lance internet explorer mon anti virus (celui de sfr) me dit que j'ai un rootkit sur mon PC (Rootkit:W32/TDSS.BK) ensuite il me demande ce que je veux faire donc je met nettoyer(recomander) puis il scan mon disc dur ensuite il me dit que il a réussit a nettoyer le le virus donc je met ok en suite je peut surfer sur le net mais cela est limiter car il y a de nombreux site que je ne peut pas visiter.
Le problème c'est que à chaque fois que je relance internet explorer il me dit le même message!! et je peux refaire la manip' autant de fois que je le veux mais ça ne marche pas.
je ne sait pas quoi faire je suis aller voir sur des forum j'ai essayer plusieurs proposition mais j'ai toujours le même message.
Si quelqu'un à le même rootkit ou connait le moyen de le supprimer définitivement je serait très content qu'il réponde a ce message!
merci d'avance!

A voir également:

Rootkit sous vista
Windows vista - Télécharger - Divers Utilitaires
Clé windows vista - Guide
Windows Vista SP1 - Télécharger - Divers Utilitaires
Pdf vista - Télécharger - PDF
Rootkit - Télécharger - Antivirus & Antimalwares

82 réponses

Précédent

1
2
3
4
5

Suivant

Réponse 21 / 82

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

Re,

le rapport n'est pas complet ( trop long pour le forum ^^ )

reposte moi le sans le chapitre "snapshot" ...

merci ... :)

Réponse 22 / 82

kevin.m Messages postés 62 Date d'inscription Statut Membre Dernière intervention

encor une fois désolé de te répondre que maintenant!!
je voulais te demandé ce qu'est le chapitre "snapshot"
j'ai encor le rapport si tu veux je peu te l'envoyé en plusieur fois.

Réponse 23 / 82

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

re,

tu me poste le rapport de Combofix en supprimant tous ce qui ce trouve dans ce chapitre :

((((((((((((((((((((((((((((( SnapShot@2009-03-05_21.56.43,47 )))))))))))))))))))))))))))))))))))))))))

PS : poster tout les quinze jours n'est pas une solution ! ... Il a pu ce passer un max de chosesur ton PC depuis ce temps alors que tu n'étaiait pas sorti d'affaire ! ..... ^^

Donc après avoir posté le rapport Combo , tu referas un nouveau scan RSIT et tu posteras le nouveau rapport "log.txt" obtenu pour analyse ....

Réponse 24 / 82

kevin.m Messages postés 62 Date d'inscription Statut Membre Dernière intervention

voila le rootkit sans snapshot:

ComboFix 09-03-15.01 - Kevin MONTHERAT 2009-03-17 21:18:59.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2047.950 [GMT 1:00]
Lancé depuis: c:\users\Kevin MONTHERAT\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Kevin MONTHERAT\Desktop\CFScript.txt
FW: Pack sécurité 8.00 *enabled*
* Un nouveau point de restauration a été créé
* Resident AV is active

FILE ::
c:\windows\System32\gaopdxpmicngut.0ll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\gaopdxpmicngut.0ll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-17 au 2009-03-17 ))))))))))))))))))))))))))))))))))))
.

2009-03-16 20:31 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-16 20:31 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-16 20:31 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-16 20:31 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-16 20:31 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-16 20:31 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-16 20:31 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-16 20:31 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-16 20:23 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-16 20:23 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-16 20:23 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-16 20:23 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-16 20:23 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-14 20:48 . 2009-03-14 20:48 <REP> d----c--- c:\windows\System32\DRVSTORE
2009-03-14 20:48 . 2009-02-06 18:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys
2009-03-14 20:47 . 2009-03-14 20:47 <REP> d-------- c:\program files\Microsoft Sync Framework
2009-03-14 14:15 . 2009-03-14 14:32 <REP> d-------- c:\users\Kevin MONTHERAT\AppData\Roaming\InfraRecorder
2009-03-14 14:15 . 2009-03-14 14:15 <REP> d-------- c:\program files\InfraRecorder
2009-03-11 12:54 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 12:54 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 12:54 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 12:54 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 12:54 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 12:54 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-06 18:12 . 2009-03-06 18:12 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-03-05 21:14 . 2009-03-05 21:24 <REP> d-------- C:\rsit
2009-03-05 21:12 . 2009-03-05 21:12 <REP> d-------- c:\program files\Trend Micro
2009-03-05 20:05 . 2009-03-05 20:05 <REP> d-------- c:\users\Kevin MONTHERAT\AppData\Roaming\Malwarebytes
2009-03-05 20:05 . 2009-03-05 20:05 <REP> d-------- c:\users\All Users\Malwarebytes
2009-03-05 20:05 . 2009-03-05 20:05 <REP> d-------- c:\programdata\Malwarebytes
2009-03-05 20:05 . 2009-03-05 20:05 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 20:05 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-05 20:05 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-05 19:58 . 2009-03-05 20:54 <REP> d-------- C:\Rooter$
2009-03-04 12:57 . 2009-03-04 12:57 <REP> d-------- c:\users\Kevin MONTHERAT\Pavark
2009-03-04 12:52 . 2009-03-04 12:52 <REP> d-------- c:\program files\PHPNukeFR
2009-03-04 11:06 . 2009-03-04 11:06 <REP> d-------- c:\program files\VID_0E8F&PID_0012
2009-03-02 13:27 . 2009-03-02 13:27 <REP> d-------- c:\program files\Conduit
2009-03-02 12:58 . 2009-03-02 13:12 <REP> d-------- c:\program files\Navilog1
2009-02-28 10:49 . 2009-02-28 10:49 <REP> d-------- c:\program files\Java
2009-02-28 10:43 . 2009-02-28 10:47 <REP> d-------- c:\users\Kevin MONTHERAT\.housecall6.6
2009-02-27 19:12 . 2009-03-05 20:56 <REP> d-------- C:\Fraps
2009-02-24 19:58 . 2009-02-24 19:58 <REP> dr------- c:\windows\System32\config\systemprofile\Videos
2009-02-24 19:58 . 2009-02-24 19:58 <REP> dr------- c:\windows\System32\config\systemprofile\Searches
2009-02-24 19:58 . 2009-02-24 19:58 <REP> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-02-24 19:58 . 2009-02-24 19:58 <REP> dr------- c:\windows\System32\config\systemprofile\Pictures
2009-02-24 19:58 . 2009-02-24 19:58 <REP> dr------- c:\windows\System32\config\systemprofile\Music
2009-02-24 19:58 . 2009-02-24 19:58 <REP> dr------- c:\windows\System32\config\systemprofile\Links
2009-02-24 19:58 . 2009-02-24 19:58 <REP> dr------- c:\windows\System32\config\systemprofile\Downloads
2009-02-24 19:58 . 2009-02-24 19:58 <REP> dr------- c:\windows\System32\config\systemprofile\Documents
2009-02-24 19:58 . 2009-02-24 19:58 <REP> d-------- c:\users\All Users\Electronic Arts
2009-02-24 19:58 . 2009-02-24 19:58 <REP> d-------- c:\programdata\Electronic Arts
2009-02-24 19:58 . 2009-02-24 19:58 1,590 --a------ c:\windows\System32\ealregsnapshot1.reg
2009-02-24 19:41 . 2009-02-24 19:41 <REP> d-------- c:\program files\EA Games
2009-02-24 18:50 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll
2009-02-24 18:50 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\System32\d3dx9_36.dll
2009-02-24 18:50 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll
2009-02-24 18:50 . 2007-10-12 15:14 1,374,232 --a------ c:\windows\System32\D3DCompiler_36.dll
2009-02-24 18:50 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll
2009-02-24 18:50 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll
2009-02-24 18:50 . 2007-10-02 09:56 444,776 --a------ c:\windows\System32\d3dx10_36.dll
2009-02-24 18:50 . 2007-10-22 03:39 267,272 --a------ c:\windows\System32\xactengine2_10.dll
2009-02-24 18:50 . 2007-07-20 00:57 267,112 --a------ c:\windows\System32\xactengine2_9.dll
2009-02-24 18:50 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll
2009-02-24 18:50 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll
2009-02-24 18:50 . 2007-10-22 03:37 17,928 --a------ c:\windows\System32\X3DAudio1_2.dll
2009-02-23 18:49 . 2009-02-23 18:49 <REP> d-------- c:\users\Kevin MONTHERAT\AppData\Roaming\Leadertech
2009-02-22 19:15 . 2009-02-23 19:56 <REP> d-------- c:\program files\PowerISO
2009-02-22 18:46 . 2009-02-22 18:47 <REP> d-------- c:\users\Kevin MONTHERAT\AppData\Roaming\vlc

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 19:12 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\Azureus
2009-03-17 18:06 --------- d-----w c:\programdata\Google Updater
2009-03-14 19:48 --------- d-----w c:\program files\Windows Live
2009-03-14 19:05 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-14 19:04 183,112 ----a-w c:\windows\System32\PnkBstrB.exe
2009-03-13 22:29 --------- d-----w c:\programdata\Test Drive Unlimited
2009-03-12 18:18 --------- d-----w c:\program files\Windows Mail
2009-03-12 18:05 --------- d-----w c:\programdata\Microsoft Help
2009-03-08 11:13 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-06 20:19 --------- d-----w c:\program files\Vuze
2009-03-05 20:03 --------- d-----w c:\program files\CCleaner
2009-03-05 19:45 --------- d---a-w c:\programdata\TEMP
2009-03-04 10:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-03 16:57 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\dvdcss
2009-03-01 11:13 --------- d-----w c:\program files\Google
2009-02-28 09:49 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-26 17:19 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\LimeWire
2009-02-25 12:42 413,696 ----a-w c:\windows\System32\wrap_oal.dll
2009-02-25 12:42 110,592 ----a-w c:\windows\System32\OpenAL32.dll
2009-02-25 12:34 --------- d-----w c:\program files\Yahoo!
2009-02-24 20:13 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2009-02-22 17:44 --------- d-----w c:\program files\VideoLAN
2009-02-22 16:53 --------- d-----w c:\programdata\Media Center Programs
2009-02-14 14:53 --------- d-----w c:\program files\LimeWire
2009-02-14 09:48 --------- d-----w c:\program files\PowerQuest
2009-02-14 00:21 --------- d-----w c:\program files\NCH Swift Sound
2009-02-14 00:16 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\eSobi
2009-02-14 00:16 --------- d-----w c:\programdata\eMule
2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 18:33 --------- d-----w c:\program files\GameSpy Arcade
2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-02-06 06:03 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-04 12:31 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\InstallShield
2009-02-04 12:31 --------- d-----w c:\program files\RALINK
2009-02-03 17:43 --------- d-----w c:\program files\Audacity
2009-02-02 16:14 --------- d-----w c:\program files\Microsoft Works
2009-02-01 16:45 --------- d-----w c:\program files\Zattoo
2009-02-01 11:32 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-29 19:31 --------- d-----w c:\program files\Microsoft
2009-01-29 19:30 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-01-29 19:28 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-01-29 14:10 174 --sha-w c:\program files\desktop.ini
2009-01-29 14:03 --------- d-----w c:\program files\Windows Sidebar
2009-01-29 14:03 --------- d-----w c:\program files\Windows Photo Gallery
2009-01-29 14:03 --------- d-----w c:\program files\Windows Journal
2009-01-29 14:03 --------- d-----w c:\program files\Windows Collaboration
2009-01-29 14:03 --------- d-----w c:\program files\Windows Calendar
2009-01-29 14:02 --------- d-----w c:\program files\Windows Defender
2009-01-29 13:40 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-29 13:40 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-28 16:57 33,408 ----a-w c:\windows\system32\drivers\fsbts.sys
2009-01-28 16:53 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\F-Secure
2009-01-28 16:37 --------- d-----w c:\programdata\f-secure
2009-01-28 16:35 --------- d-----w c:\programdata\fssg
2009-01-28 16:35 --------- d-----w c:\program files\SFR
2009-01-28 16:29 --------- d-----w c:\programdata\Avg7
2009-01-24 10:31 9,847,296 ----a-w c:\windows\System32\NlsData000a.dll
2009-01-23 16:38 61,440 ----a-w c:\windows\System32\winipsec.dll
2009-01-23 16:38 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-01-23 16:38 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2009-01-23 16:38 272,896 ----a-w c:\windows\System32\polstore.dll
2009-01-23 16:37 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-23 16:37 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2009-01-23 16:37 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2009-01-23 16:28 296,960 ----a-w c:\windows\System32\gdi32.dll
2009-01-23 16:27 269,312 ----a-w c:\windows\System32\es.dll
2009-01-23 16:27 212,480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-01-23 16:26 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-23 16:26 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-23 16:26 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-23 16:26 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-23 16:26 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2009-01-23 16:26 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-23 16:26 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-23 16:26 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-23 16:26 1,695,744 ----a-w c:\windows\System32\gameux.dll
2009-01-23 16:21 988,216 ----a-w c:\windows\System32\winload.exe
2009-01-23 16:21 927,288 ----a-w c:\windows\System32\winresume.exe
2009-01-23 16:21 615,992 ----a-w c:\windows\System32\ci.dll
2009-01-23 16:21 6,656 ----a-w c:\windows\System32\kbd106n.dll
2009-01-23 16:21 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2009-01-23 16:21 40,960 ----a-w c:\windows\System32\srclient.dll
2009-01-23 16:21 378,368 ----a-w c:\windows\System32\srcore.dll
2009-01-23 16:21 318,464 ----a-w c:\windows\System32\rstrui.exe
2009-01-23 16:21 19,000 ----a-w c:\windows\System32\kd1394.dll
2009-01-23 16:21 14,848 ----a-w c:\windows\System32\srdelayed.exe
2009-01-23 16:18 --------- d-----w c:\program files\MSXML 4.0
2009-01-22 14:29 --------- d-----w c:\programdata\Azureus
2009-01-22 08:39 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2009-01-22 08:37 2,048 ----a-w c:\windows\System32\msxml3r.dll
2009-01-22 08:37 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2009-01-22 08:33 2,048 ----a-w c:\windows\System32\tzres.dll
2009-01-22 08:28 2,927,104 ----a-w c:\windows\explorer.exe
2009-01-22 08:20 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll
2009-01-22 08:20 443,392 ----a-w c:\windows\System32\win32spl.dll
2009-01-22 08:20 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
2009-01-22 08:20 37,888 ----a-w c:\windows\System32\printcom.dll
2009-01-22 08:20 347,648 ----a-w c:\windows\System32\WindowsCodecsExt.dll
2009-01-22 08:19 14,848 ----a-w c:\windows\System32\wshrm.dll
2009-01-22 08:19 113,664 ----a-w c:\windows\system32\drivers\rmcast.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-03-05_21.56.43,47 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-05 11:26:08 69,120 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-07-27 18:03:11 69,120 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-01-05 11:26:17 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-07-27 18:03:12 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-01-05 11:21:39 151,552 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-06-20 01:14:31 163,840 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2008-01-05 11:26:32 4,444,160 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-10-13 22:26:54 4,546,560 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2008-01-05 11:21:53 4,174,336 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2008-11-24 23:34:46 4,210,688 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2008-11-24 23:34:49 1,736,528 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
- 2008-01-05 11:26:54 483,840 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-10-13 22:26:57 486,400 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-01-05 11:26:54 3,036,160 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-07-27 18:03:15 2,933,248 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2008-01-05 11:26:55 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-07-27 18:03:15 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-01-19 03:22:55 113,664 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-07-27 18:22:54 113,664 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2008-01-05 11:21:55 346,624 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2008-06-20 01:14:43 368,640 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2008-01-05 11:26:59 261,120 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-07-27 18:03:15 261,632 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-01-05 11:26:59 5,431,296 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-10-13 22:26:58 5,242,880 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-01-05 11:25:52 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-07-27 18:03:10 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-01-05 11:26:11 315,392 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_fr_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
+ 2008-07-27 18:03:10 315,392 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_fr_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
- 2008-01-05 11:25:59 507,904 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-07-27 18:03:11 507,904 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2008-01-05 11:21:39 159,744 ----a-w c:\windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe
+ 2008-06-20 01:14:31 168,968 ----a-w c:\windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe
- 2008-01-05 11:26:08 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-07-27 18:03:11 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-01-05 11:26:11 5,120 ----a-w c:\windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe
+ 2008-07-27 18:03:11 5,120 ----a-w c:\windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe
- 2008-01-05 11:26:12 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-07-27 18:03:12 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-01-05 11:26:12 77,824 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-07-27 18:03:12 77,824 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-01-05 11:26:13 6,656 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-07-27 18:03:12 6,656 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-03-16 19:36:54 106,496 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
- 2008-01-05 11:26:11 53,248 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
+ 2008-07-27 18:03:10 53,248 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
- 2008-01-05 11:26:17 348,160 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-07-27 18:03:12 348,160 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-03-16 19:36:55 733,184 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-01-05 11:26:17 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-07-27 18:03:12 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-03-16 19:36:55 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-01-05 11:26:11 139,264 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
+ 2008-07-27 18:03:10 139,264 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
+ 2009-03-16 19:36:55 802,816 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
- 2008-01-05 11:26:17 655,360 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-07-27 18:03:12 655,360 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2008-01-05 11:26:11 10,752 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
+ 2008-07-27 18:03:10 10,752 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
+ 2009-03-16 19:36:56 94,208 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
- 2008-01-05 11:26:17 77,824 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-07-27 18:03:12 77,824 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2008-01-05 11:26:11 45,056 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll
+ 2008-07-27 18:03:10 45,056 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll
- 2008-01-05 11:26:19 749,568 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-07-27 18:03:12 749,568 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2006-11-02 15:46:12 5,120 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.Dtc.resources\3.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.Resources.dll
+ 2008-07-11 19:39:09 5,120 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.Dtc.resources\3.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.Resources.dll
- 2008-01-05 11:26:41 19,456 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.resources\3.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Resources.dll
+ 2008-07-11 19:39:09 19,456 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.resources\3.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Resources.dll
- 2008-01-05 11:21:39 397,312 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2008-06-20 01:14:31 397,312 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2008-01-05 11:26:17 9,216 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
+ 2008-07-27 18:03:10 9,216 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
- 2008-01-05 11:26:19 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-27 18:03:12 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-01-05 11:26:17 9,728 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
+ 2008-07-27 18:03:10 9,728 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
- 2008-01-05 11:26:23 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-27 18:03:12 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-01-05 11:26:11 61,440 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
+ 2008-07-27 18:03:10 61,440 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
- 2008-01-05 11:26:23 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-27 18:03:12 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-01-05 11:26:23 671,744 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-07-27 18:03:12 659,456 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-03-16 19:36:55 41,984 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2006-10-20 01:14:05 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-07-27 18:03:12 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-01-05 11:26:24 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-27 18:03:12 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-01-05 11:26:23 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-07-27 18:03:12 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2006-10-20 01:14:05 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-07-27 18:03:12 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-01-05 11:26:12 311,296 ----a-w c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.Resources.dll
+ 2008-07-27 18:03:10 311,296 ----a-w c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.Resources.dll
- 2006-11-02 15:46:13 57,344 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationBuildTasks.resources.dll
+ 2008-07-11 19:39:10 53,248 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationBuildTasks.resources.dll
- 2008-01-05 11:21:52 602,112 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2008-06-20 01:14:42 598,016 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2008-01-05 11:21:52 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2008-06-20 01:14:44 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
- 2006-11-02 15:46:11 110,592 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationCore.resources.dll
+ 2008-07-11 19:39:10 110,592 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationCore.resources.dll
- 2008-01-05 11:21:53 36,864 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2008-06-20 01:14:44 46,104 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
- 2008-01-05 11:21:53 184,320 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2008-06-20 01:14:43 196,608 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2008-01-05 11:21:53 131,072 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2008-06-20 01:14:43 139,264 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2008-01-05 11:21:53 376,832 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2008-06-20 01:14:43 397,312 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2006-11-02 15:46:16 253,952 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationFramework.resources.dll
+ 2008-07-11 19:39:10 245,760 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationFramework.resources.dll
- 2008-01-05 11:21:54 151,552 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2008-06-20 01:14:43 163,840 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2008-01-05 11:21:53 5,210,112 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2008-11-24 23:34:47 5,283,840 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2006-11-02 15:46:08 372,736 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationUI.resources.dll
+ 2008-07-11 19:39:10 372,736 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationUI.resources.dll
- 2008-01-05 11:21:55 897,024 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2008-06-20 01:14:44 864,256 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2006-11-02 15:46:11 40,960 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework.resources\3.0.0.0_fr_31bf3856ad364e35\ReachFramework.resources.dll
+ 2008-07-11 19:39:10 40,960 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework.resources\3.0.0.0_fr_31bf3856ad364e35\ReachFramework.resources.dll
- 2008-01-05 11:21:55 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2008-06-20 01:14:43 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-03-16 19:36:56 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
- 2008-01-05 11:21:39 61,440 ----a-w c:\windows\assembly\GAC_MSIL\ServiceModelReg\3.0.0.0__b03f5f7f11d50a3a\ServiceModelReg.exe
+ 2008-06-20 01:14:31 156,688 ----a-w c:\windows\assembly\GAC_MSIL\ServiceModelReg\3.0.0.0__b03f5f7f11d50a3a\ServiceModelReg.exe
- 2006-11-02 15:46:11 5,120 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics.resources\3.0.0.0_fr_b77a5c561934e089\SMDiagnostics.resources.dll
+ 2008-07-11 19:39:09 5,120 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics.resources\3.0.0.0_fr_b77a5c561934e089\SMDiagnostics.resources.dll
- 2008-01-05 11:21:39 102,400 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2008-06-20 01:14:31 110,592 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2008-01-05 11:21:39 122,880 ----a-w c:\windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe
+ 2008-06-20 01:14:31 132,096 ----a-w c:\windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe
- 2008-01-05 11:26:12 10,752 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_fr_b03f5f7f11d50a3a\sysglobl.resources.dll
+ 2008-07-27 18:03:10 10,752 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_fr_b03f5f7f11d50a3a\sysglobl.resources.dll
- 2008-01-05 11:26:54 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-07-27 18:03:14 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2008-11-06 18:25:27 47,832 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-03-16 19:36:58 45,056 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-03-16 19:36:58 163,840 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2009-03-16 19:37:04 57,344 ----a-w c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2008-01-05 11:26:12 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll
+ 2008-07-27 18:03:10 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll
- 2008-01-05 11:26:54 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-07-27 18:03:14 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2008-01-05 11:26:12 49,152 ----a-w c:\windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Configuration.resources.dll
+ 2008-07-27 18:03:10 49,152 ----a-w c:\windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Configuration.resources.dll
- 2008-01-05 11:26:54 425,984 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-07-27 18:03:14 425,984 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-03-16 19:36:59 667,648 ----a-w c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-03-16 19:36:59 53,248 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-03-16 19:37:00 229,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-03-16 19:37:00 2,879,488 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-03-16 19:36:52 684,032 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2008-01-05 11:26:12 110,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_fr_b77a5c561934e089\System.Data.OracleClient.resources.dll
+ 2008-07-27 18:03:10 110,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_fr_b77a5c561934e089\System.Data.OracleClient.resources.dll
- 2008-01-05 11:26:13 344,064 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_fr_b77a5c561934e089\System.Data.Resources.dll
+ 2008-07-27 18:03:10 352,256 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_fr_b77a5c561934e089\System.Data.Resources.dll
+ 2009-03-16 19:37:46 294,912 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-03-16 19:36:51 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-03-16 19:37:46 442,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
- 2008-01-05 11:26:13 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_fr_b77a5c561934e089\system.data.sqlxml.resources.dll
+ 2008-07-27 18:03:10 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_fr_b77a5c561934e089\system.data.sqlxml.resources.dll
- 2008-01-05 11:26:55 741,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-07-27 18:03:15 745,472 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2008-01-05 11:26:14 389,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Deployment.resources.dll
+ 2008-07-27 18:03:10 413,696 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Deployment.resources.dll
- 2008-01-05 11:26:55 933,888 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-07-27 18:03:15 970,752 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2008-01-05 11:26:14 544,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Design.Resources.dll
+ 2008-07-27 18:03:10 548,864 ----a-w c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Design.Resources.dll
- 2008-01-05 11:26:55 5,070,848 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-07-27 18:03:15 5,062,656 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-03-16 19:36:52 286,720 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2008-01-05 11:26:14 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
+ 2008-07-27 18:03:10 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
- 2008-01-05 11:26:55 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-07-27 18:03:15 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-01-05 11:26:16 40,960 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll
+ 2008-07-27 18:03:10 40,960 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll
- 2008-01-05 11:26:55 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-07-27 18:03:15 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-01-05 11:26:16 6,144 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Design.Resources.dll
+ 2008-07-27 18:03:10 6,144 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Design.Resources.dll
- 2008-01-05 11:26:55 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-07-27 18:03:15 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-01-05 11:26:16 15,360 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Resources.dll
+ 2008-07-27 18:03:10 15,360 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Resources.dll
- 2008-01-05 11:26:55 630,784 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-07-27 18:03:15 626,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-01-05 11:26:17 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll
+ 2008-07-27 18:03:10 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll
- 2008-01-05 11:26:37 65,536 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.resources\3.0.0.0_fr_b77a5c561934e089\System.IdentityModel.Resources.dll
+ 2008-07-11 19:39:09 65,536 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.resources\3.0.0.0_fr_b77a5c561934e089\System.IdentityModel.Resources.dll
- 2008-01-05 11:26:39 57,344 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors.resources\3.0.0.0_fr_b77a5c561934e089\System.IdentityModel.Selectors.Resources.dll
+ 2008-07-11 19:39:09 57,344 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors.resources\3.0.0.0_fr_b77a5c561934e089\System.IdentityModel.Selectors.Resources.dll
- 2008-01-05 11:21:38 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2008-06-20 01:14:29 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2008-01-05 11:21:37 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2008-06-20 01:14:29 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2006-11-02 15:46:11 12,288 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log.resources\3.0.0.0_fr_b03f5f7f11d50a3a\System.IO.Log.Resources.dll
+ 2008-07-11 19:39:09 12,288 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log.resources\3.0.0.0_fr_b03f5f7f11d50a3a\System.IO.Log.Resources.dll
- 2008-01-05 11:21:38 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2008-06-20 01:14:29 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-03-16 19:37:01 143,360 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2008-01-05 11:26:17 13,312 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Management.Resources.dll
+ 2008-07-27 18:03:10 13,312 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Management.Resources.dll
- 2008-01-05 11:26:58 372,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-07-27 18:03:15 372,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-01-05 11:26:17 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Messaging.Resources.dll
+ 2008-07-27 18:03:10 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Messaging.Resources.dll
- 2008-01-05 11:26:58 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-07-27 18:03:15 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-03-16 19:37:04 233,472 ----a-w c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2006-11-02 15:46:11 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Printing.resources\3.0.0.0_fr_31bf3856ad364e35\System.Printing.resources.dll
+ 2008-07-11 19:39:10 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Printing.resources\3.0.0.0_fr_31bf3856ad364e35\System.Printing.resources.dll
- 2008-01-05 11:26:17 212,992 ----a-w c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\system.Resources.dll
+ 2008-07-27 18:03:10 212,992 ----a-w c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\system.Resources.dll
- 2008-01-05 11:26:17 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.Resources.dll
+ 2008-07-27 18:03:10 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.Resources.dll
- 2008-01-05 11:26:58 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-07-27 18:03:15 303,104 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-01-05 11:26:17 11,776 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
+ 2008-07-27 18:03:10 11,776 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
- 2008-01-05 11:26:58 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-27 18:03:15 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-01-05 11:26:41 98,304 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_fr_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
+ 2008-07-11 19:39:09 102,400 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_fr_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
- 2008-01-05 11:21:38 929,792 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2008-06-20 01:14:29 966,656 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2008-01-05 11:26:17 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Security.Resources.dll
+ 2008-07-27 18:03:10 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Security.Resources.dll
- 2008-01-05 11:26:58 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-07-27 18:03:15 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2006-11-02 15:46:12 40,960 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install.resources\3.0.0.0_fr_b77a5c561934e089\System.ServiceModel.Install.Resources.dll
+ 2008-07-11 19:39:09 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install.resources\3.0.0.0_fr_b77a5c561934e089\System.ServiceModel.Install.Resources.dll
- 2008-01-05 11:21:40 159,744 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2008-06-20 01:14:32 73,728 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
- 2008-01-05 11:26:41 499,712 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_fr_b77a5c561934e089\System.ServiceModel.Resources.dll
+ 2008-07-11 19:39:09 499,712 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_fr_b77a5c561934e089\System.ServiceModel.Resources.dll
- 2008-01-05 11:21:40 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2008-06-20 01:14:33 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-03-16 19:36:50 569,344 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2008-01-05 11:21:38 5,971,968 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2008-11-24 23:34:36 5,931,008 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2008-01-05 11:26:17 40,960 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
+ 2008-07-27 18:03:10 40,960 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
- 2008-01-05 11:26:58 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-07-27 18:03:15 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2006-11-02 15:46:13 65,536 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech.resources\3.0.0.0_fr_31bf3856ad364e35\System.Speech.resources.dll
+ 2008-07-11 19:39:10 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech.resources\3.0.0.0_fr_31bf3856ad364e35\System.Speech.resources.dll
- 2008-01-05 11:26:17 16,896 ----a-w c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_fr_b77a5c561934e089\System.Transactions.resources.dll
+ 2008-07-27 18:03:10 16,896 ----a-w c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_fr_b77a5c561934e089\System.Transactions.resources.dll
+ 2009-03-16 19:37:06 77,824 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-03-16 19:37:06 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-03-16 19:37:46 229,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-03-16 19:37:02 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-03-16 19:37:46 139,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-03-16 19:37:07 335,872 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-03-16 19:37:47 1,277,952 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2008-01-05 11:26:17 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
+ 2008-07-27 18:03:10 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
- 2008-01-05 11:26:59 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-07-27 18:03:15 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-01-05 11:26:59 90,112 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-07-27 18:03:15 77,824 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-01-05 11:26:17 618,496 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Resources.dll
+ 2008-07-27 18:03:10 622,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Resources.dll
+ 2009-03-16 19:37:08 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2008-01-05 11:26:17 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Services.Resources.dll
+ 2008-07-27 18:03:10 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Services.Resources.dll
- 2008-01-05 11:27:00 839,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-07-27 18:03:15 839,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-01-05 11:26:17 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_fr_b77a5c561934e089\System.Windows.Forms.Resources.dll
+ 2008-07-27 18:03:10 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_fr_b77a5c561934e089\System.Windows.Forms.Resources.dll
- 2008-01-05 11:27:02 5,013,504 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-07-27 18:03:15 5,025,792 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-03-16 19:37:03 12,288 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2008-01-05 11:26:54 193,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.Activities.resources.dll
+ 2008-07-11 19:39:10 184,320 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.Activities.resources.dll
- 2008-01-05 11:22:14 1,152,040 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2008-06-20 01:14:46 1,138,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
- 2008-01-05 11:26:54 320,576 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.ComponentModel.resources.dll
+ 2008-07-11 19:39:10 311,296 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.ComponentModel.resources.dll
- 2008-01-05 11:22:15 1,635,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2008-06-20 01:14:47 1,630,208 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2008-01-05 11:26:54 46,136 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.Runtime.resources.dll
+ 2008-07-11 19:39:10 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.Runtime.resources.dll
- 2008-01-05 11:22:15 578,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2008-06-20 01:14:47 540,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2009-03-16 19:36:50 507,904 ----a-w c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-03-16 19:37:03 139,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2008-01-05 11:26:17 167,936 ----a-w c:\windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_fr_b77a5c561934e089\System.xml.Resources.dll
+ 2008-07-27 18:03:10 167,936 ----a-w c:\windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_fr_b77a5c561934e089\System.xml.Resources.dll
- 2008-01-05 11:27:03 2,068,480 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-10-13 22:26:58 2,048,000 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2008-01-05 11:26:55 3,076,096 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-07-27 18:03:15 3,149,824 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2006-11-02 15:46:08 9,728 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationClient.resources.dll
+ 2008-07-11 19:39:10 4,096 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationClient.resources.dll
- 2008-01-05 11:21:56 163,840 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2008-06-20 01:14:43 167,936 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2006-11-02 15:46:13 10,240 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationClientsideProviders.resources.dll
+ 2008-07-11 19:39:10 12,288 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationClientsideProviders.resources.dll
- 2008-01-05 11:22:00 372,736 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2008-06-20 01:14:43 385,024 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2006-11-02 15:46:16 4,096 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationProvider.resources.dll
+ 2008-07-11 19:39:10 4,096 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationProvider.resources.dll
- 2008-01-05 11:22:00 32,768 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 82

kevin.m Messages postés 62 Date d'inscription Statut Membre Dernière intervention

voila le rapport RSIT:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Kevin MONTHERAT at 2009-04-03 22:03:08
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 161 GB (69%) free of 234 GB
Total RAM: 2047 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:23, on 03/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\SFR\Pack Sécurité\FSGUI\fsguidll.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\JRE\Folding@home.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\conime.exe
C:\Program Files\SFR\Pack Sécurité\FSGUI\scanwizard.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
D:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kevin MONTHERAT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2007\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Adobe Live.lnk = C:\Program Files\JRE\Folding@home.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office 2007\Office12\GrooveSystemServices.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c98c646521307c) (gupdate1c98c646521307c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Réponse 26 / 82

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

Re,

Comme cela était à prévoir , la bestiole refait surface .... -_-'

Supprime ton Combofix car ce dernier n'est plus à jours ( c'est important ! ) .

Puis fais exactement ce qui suit :

Télécharge ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !):
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clique droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape CFix et valide .

- le renommage au téléchargement est primordial pour contrer l'infection , sinon l'outil sera inutilisable -

* Impératif :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) . Bien vérifier que rien ne soit " bloqué en écriture " ( petit loquet sur certaines clé usb ... ) et que les DD externes soient bien sûr alimentés électriquement ...

--------------------------------- [ ! ATTENTION ! ] ------------------------------------------
!! Déconnecte toi,ferme tes applications en cours ( ainsi que ton navigateur ) et DESACTIVE TOUTES TES DEFENSES (anti-virus, guarde anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Note : pour XP, bien installer la Console de Récupération de Windows comme il est indiqué dans le tuto ci-dessus ...
--------------------------------------------------------------------------------------------

Ensuite :
double-clique sur "CFix.exe" ( = combofix.exe ) pour lancer l'outil .

Appuie sur la touche Y (Yes) pour démarrer le scan .

Notes importantes :
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'annonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarrer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

Le rapport sera crée ici: C:\Combofix.txt

Réactive bien tes défenses

Poste le rapport Combofix pour analyse ...

Réponse 27 / 82

kevin.m Messages postés 62 Date d'inscription Statut Membre Dernière intervention

voici l'analyse de combo fix que j'ai renomé en le téléchargent:

ComboFix 09-04-03.01 - Kevin MONTHERAT 2009-04-04 13:14:47.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2047.1070 [GMT 2:00]
Lancé depuis: c:\users\Kevin MONTHERAT\Desktop\Combo.exe
FW: Pack sécurité 8.00 *enabled*
* Un nouveau point de restauration a été créé
* Resident AV is active

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-04 au 2009-04-04 ))))))))))))))))))))))))))))))))))))
.

2009-04-04 13:13 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-03-29 00:15 . 2009-03-29 00:15 <REP> d-------- c:\users\All Users\Codemasters
2009-03-29 00:15 . 2009-03-29 00:15 <REP> d-------- c:\programdata\Codemasters
2009-03-28 23:46 . 2009-03-28 23:46 <REP> d-------- c:\program files\OpenAL
2009-03-28 23:46 . 2008-04-28 16:53 805,400 -ra------ c:\windows\System32\tmp44BF.tmp
2009-03-28 23:45 . 2008-04-28 16:53 805,400 -ra------ c:\windows\System32\tmp4460.tmp
2009-03-28 12:42 . 2009-04-04 11:41 20,425 --a------ c:\windows\System32\oodbs.lor
2009-03-28 00:17 . 2009-03-28 00:17 <REP> d-------- c:\windows\System32\oodag
2009-03-28 00:06 . 2009-03-28 00:06 0 --a------ c:\windows\OODCNT.INI
2009-03-27 22:38 . 2009-03-27 22:38 <REP> d-------- c:\program files\OO Software
2009-03-26 20:46 . 2009-03-26 21:15 <REP> d-------- c:\users\Kevin MONTHERAT\AppData\Roaming\ICQ
2009-03-26 20:44 . 2009-03-26 21:15 <REP> d-------- c:\program files\ICQ6.5
2009-03-25 14:59 . 2009-03-25 14:59 <REP> d-------- c:\users\Kevin MONTHERAT\AppData\Roaming\AVS4YOU
2009-03-25 14:59 . 2009-03-25 14:59 <REP> d-------- c:\users\All Users\AVS4YOU
2009-03-25 14:59 . 2009-03-25 14:59 <REP> d-------- c:\programdata\AVS4YOU
2009-03-25 14:57 . 2009-03-25 14:57 <REP> d-------- c:\program files\Common Files\AVSMedia
2009-03-25 14:57 . 2009-03-25 14:58 <REP> d-------- c:\program files\AVS4YOU
2009-03-25 14:57 . 2008-08-13 11:22 974,848 --a------ c:\windows\System32\mfc70.dll
2009-03-19 20:50 . 2009-03-19 20:50 <REP> d-------- c:\program files\JRE
2009-03-18 22:04 . 2009-03-18 22:04 <REP> dr-h----- c:\users\Kevin MONTHERAT\AppData\Roaming\SecuROM
2009-03-18 20:36 . 2008-05-30 15:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2009-03-18 20:36 . 2008-05-30 15:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2009-03-18 20:36 . 2008-05-30 15:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
2009-03-18 20:36 . 2008-05-30 15:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2009-03-18 20:36 . 2008-05-30 15:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
2009-03-18 20:36 . 2008-05-30 15:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
2009-03-18 20:36 . 2008-05-30 15:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
2009-03-18 20:35 . 2009-03-18 20:35 <REP> d-------- c:\windows\System32\xlive
2009-03-18 20:35 . 2009-03-18 22:02 <REP> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-03-17 22:17 . 2009-03-17 22:24 <REP> d-------- C:\ComboFix
2009-03-16 21:31 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-16 21:31 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-16 21:31 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-16 21:31 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-16 21:31 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-16 21:31 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-16 21:31 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-16 21:31 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-16 21:23 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-16 21:23 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-16 21:23 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-16 21:23 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-16 21:23 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-14 21:48 . 2009-03-14 21:48 <REP> d----c--- c:\windows\System32\DRVSTORE
2009-03-14 21:48 . 2009-02-06 19:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys
2009-03-14 21:47 . 2009-03-14 21:47 <REP> d-------- c:\program files\Microsoft Sync Framework
2009-03-14 15:15 . 2009-03-14 15:32 <REP> d-------- c:\users\Kevin MONTHERAT\AppData\Roaming\InfraRecorder
2009-03-14 15:15 . 2009-03-14 15:15 <REP> d-------- c:\program files\InfraRecorder
2009-03-11 13:54 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 13:54 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 13:54 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 13:54 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 13:54 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 13:54 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-06 19:12 . 2009-03-06 19:12 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-03-05 22:14 . 2009-03-05 22:24 <REP> d-------- C:\rsit
2009-03-05 22:12 . 2009-03-05 22:12 <REP> d-------- c:\program files\Trend Micro
2009-03-05 21:05 . 2009-03-05 21:05 <REP> d-------- c:\users\Kevin MONTHERAT\AppData\Roaming\Malwarebytes
2009-03-05 21:05 . 2009-03-05 21:05 <REP> d-------- c:\users\All Users\Malwarebytes
2009-03-05 21:05 . 2009-03-05 21:05 <REP> d-------- c:\programdata\Malwarebytes
2009-03-05 21:05 . 2009-03-05 21:05 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 21:05 . 2009-02-11 11:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-05 21:05 . 2009-02-11 11:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-05 20:58 . 2009-03-05 21:54 <REP> d-------- C:\Rooter$
2009-03-04 13:57 . 2009-03-04 13:57 <REP> d-------- c:\users\Kevin MONTHERAT\Pavark
2009-03-04 13:52 . 2009-03-04 13:52 <REP> d-------- c:\program files\PHPNukeFR
2009-03-04 12:06 . 2009-03-04 12:06 <REP> d-------- c:\program files\VID_0E8F&PID_0012

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 11:11 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\Azureus
2009-04-03 19:28 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\dvdcss
2009-04-03 17:08 --------- d-----w c:\programdata\Google Updater
2009-03-28 23:46 183,112 ----a-w c:\windows\System32\PnkBstrB.exe
2009-03-28 23:46 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-28 21:46 444,952 ----a-w c:\windows\System32\wrap_oal.dll
2009-03-28 21:46 109,080 ----a-w c:\windows\System32\OpenAL32.dll
2009-03-28 21:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-19 15:34 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\F-Secure
2009-03-18 18:36 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2009-03-14 19:48 --------- d-----w c:\program files\Windows Live
2009-03-13 22:29 --------- d-----w c:\programdata\Test Drive Unlimited
2009-03-12 18:18 --------- d-----w c:\program files\Windows Mail
2009-03-12 18:05 --------- d-----w c:\programdata\Microsoft Help
2009-03-08 11:13 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-06 20:19 --------- d-----w c:\program files\Vuze
2009-03-05 20:03 --------- d-----w c:\program files\CCleaner
2009-03-05 19:45 --------- d---a-w c:\programdata\TEMP
2009-03-02 12:27 --------- d-----w c:\program files\Conduit
2009-03-02 12:12 --------- d-----w c:\program files\Navilog1
2009-03-01 11:13 --------- d-----w c:\program files\Google
2009-02-28 09:49 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-28 09:49 --------- d-----w c:\program files\Java
2009-02-26 17:19 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\LimeWire
2009-02-25 12:34 --------- d-----w c:\program files\Yahoo!
2009-02-24 20:13 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2009-02-24 18:58 1,590 ----a-w c:\windows\System32\ealregsnapshot1.reg
2009-02-24 18:58 --------- d-----w c:\programdata\Electronic Arts
2009-02-24 18:41 --------- d-----w c:\program files\EA Games
2009-02-23 18:56 --------- d-----w c:\program files\PowerISO
2009-02-23 17:49 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\Leadertech
2009-02-22 17:47 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\vlc
2009-02-22 17:44 --------- d-----w c:\program files\VideoLAN
2009-02-22 16:53 --------- d-----w c:\programdata\Media Center Programs
2009-02-14 14:53 --------- d-----w c:\program files\LimeWire
2009-02-14 09:48 --------- d-----w c:\program files\PowerQuest
2009-02-14 00:21 --------- d-----w c:\program files\NCH Swift Sound
2009-02-14 00:16 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\eSobi
2009-02-14 00:16 --------- d-----w c:\programdata\eMule
2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 18:33 --------- d-----w c:\program files\GameSpy Arcade
2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-02-06 06:03 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-04 12:31 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\InstallShield
2009-02-04 12:31 --------- d-----w c:\program files\RALINK
2009-01-29 14:10 174 --sha-w c:\program files\desktop.ini
2009-01-29 13:40 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-29 13:40 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-24 10:31 9,847,296 ----a-w c:\windows\System32\NlsData000a.dll
2009-01-23 16:38 61,440 ----a-w c:\windows\System32\winipsec.dll
2009-01-23 16:38 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-01-23 16:38 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2009-01-23 16:38 272,896 ----a-w c:\windows\System32\polstore.dll
2009-01-23 16:37 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-23 16:37 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2009-01-23 16:37 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2009-01-23 16:28 296,960 ----a-w c:\windows\System32\gdi32.dll
2009-01-23 16:27 269,312 ----a-w c:\windows\System32\es.dll
2009-01-23 16:26 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-23 16:26 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-23 16:26 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-23 16:26 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-23 16:26 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2009-01-23 16:26 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-23 16:26 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-23 16:26 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-23 16:26 1,695,744 ----a-w c:\windows\System32\gameux.dll
2009-01-23 16:21 988,216 ----a-w c:\windows\System32\winload.exe
2009-01-23 16:21 927,288 ----a-w c:\windows\System32\winresume.exe
2009-01-23 16:21 615,992 ----a-w c:\windows\System32\ci.dll
2009-01-23 16:21 6,656 ----a-w c:\windows\System32\kbd106n.dll
2009-01-23 16:21 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2009-01-23 16:21 40,960 ----a-w c:\windows\System32\srclient.dll
2009-01-23 16:21 378,368 ----a-w c:\windows\System32\srcore.dll
2009-01-23 16:21 318,464 ----a-w c:\windows\System32\rstrui.exe
2009-01-23 16:21 19,000 ----a-w c:\windows\System32\kd1394.dll
2009-01-23 16:21 14,848 ----a-w c:\windows\System32\srdelayed.exe
2009-01-22 08:39 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2009-01-22 08:37 2,048 ----a-w c:\windows\System32\msxml3r.dll
2009-01-22 08:37 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2009-01-22 08:33 2,048 ----a-w c:\windows\System32\tzres.dll
2009-01-22 08:28 2,927,104 ----a-w c:\windows\explorer.exe
2009-01-22 08:20 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll
2009-01-22 08:20 443,392 ----a-w c:\windows\System32\win32spl.dll
2009-01-22 08:20 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
2009-01-22 08:20 37,888 ----a-w c:\windows\System32\printcom.dll
2009-01-22 08:20 347,648 ----a-w c:\windows\System32\WindowsCodecsExt.dll
2009-01-22 08:19 14,848 ----a-w c:\windows\System32\wshrm.dll
2009-01-22 08:17 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
2009-01-22 08:17 98,816 ----a-w c:\windows\System32\mfps.dll
2009-01-22 08:17 94,720 ----a-w c:\windows\System32\logagent.exe
2009-01-22 08:17 53,248 ----a-w c:\windows\System32\rrinstaller.exe
2009-01-22 08:17 24,576 ----a-w c:\windows\System32\mfpmp.exe
2009-01-22 08:17 2,868,736 ----a-w c:\windows\System32\mf.dll
2009-01-22 08:17 2,048 ----a-w c:\windows\System32\mferror.dll
2009-01-22 08:15 84,480 ----a-w c:\windows\System32\INETRES.dll
2009-01-22 08:15 738,304 ----a-w c:\windows\System32\inetcomm.dll
2009-01-22 08:15 1,645,568 ----a-w c:\windows\System32\connect.dll
2009-01-22 08:14 1,314,816 ----a-w c:\windows\System32\quartz.dll
2009-01-22 08:13 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( SnapShot_2009-03-17_21.22.42,68 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-24 18:41:29 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-03-28 22:51:09 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-02-24 18:41:29 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-03-28 22:51:10 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-02-24 18:41:29 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-03-28 22:51:10 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-02-24 18:41:23 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-28 22:50:59 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 18:41:24 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-28 22:51:03 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 18:41:25 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-28 22:51:04 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 18:41:25 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-28 22:51:05 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 18:41:26 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-28 22:51:05 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 18:41:26 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-28 22:51:06 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 18:41:27 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-28 22:51:06 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 18:41:27 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-28 22:51:07 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 18:41:28 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-28 22:51:08 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 18:41:30 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-28 22:51:10 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-24 18:41:30 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-03-28 22:51:10 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-02-24 18:41:31 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-03-28 22:51:11 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-02-24 18:41:31 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-03-28 22:51:11 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-02-24 18:41:31 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-03-28 22:51:11 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-02-24 18:41:29 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-03-28 22:51:09 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-03-23 20:16:26 12,288 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.resources.dll
+ 2009-03-23 20:16:26 69,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
+ 2009-03-23 20:16:26 163,840 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.resources.dll
+ 2009-03-23 20:16:26 11,776 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.resources.dll
+ 2009-03-23 20:16:26 8,192 ----a-w c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations.resources\3.5.0.0_fr_31bf3856ad364e35\System.ComponentModel.DataAnnotations.Resources.dll
+ 2009-03-23 20:16:26 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_fr_b77a5c561934e089\System.Core.Resources.dll
+ 2009-03-23 20:16:26 5,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.DataSetExtensions.Resources.dll
+ 2009-03-23 20:16:27 15,872 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Entity.Design.Resources.dll
+ 2009-03-23 20:16:27 409,600 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Entity.Resources.dll
+ 2009-03-23 20:16:25 57,344 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Linq.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Linq.Resources.dll
+ 2009-03-23 20:16:25 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Client.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Services.Client.resources.dll
+ 2009-03-23 20:16:25 7,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Design.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Services.Design.resources.dll
+ 2009-03-23 20:16:25 69,632 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Services.resources.dll
+ 2009-03-23 20:16:25 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement.resources\3.5.0.0_fr_b77a5c561934e089\System.DirectoryServices.AccountManagement.resources.dll
+ 2009-03-23 20:16:27 11,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation.resources\3.5.0.0_fr_b77a5c561934e089\System.Management.Instrumentation.Resources.dll
+ 2009-03-23 20:16:28 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Net.resources\3.5.0.0_fr_b03f5f7f11d50a3a\System.Net.Resources.dll
+ 2009-03-23 20:16:24 73,728 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web.resources\3.5.0.0_fr_31bf3856ad364e35\System.ServiceModel.Web.resources.dll
+ 2009-03-23 20:16:27 3,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Abstractions.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Abstractions.Resources.dll
+ 2009-03-23 20:16:27 4,096 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.DynamicData.Design.Resources.dll
+ 2009-03-23 20:16:27 16,384 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.DynamicData.Resources.dll
+ 2009-03-23 20:16:27 11,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design.resources\3.5.0.0_fr_b77a5c561934e089\System.Web.Entity.Design.Resources.dll
+ 2009-03-23 20:16:27 24,576 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity.resources\3.5.0.0_fr_b77a5c561934e089\System.Web.Entity.Resources.dll
+ 2009-03-23 20:16:27 49,152 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Extensions.Design.Resources.dll
+ 2009-03-23 20:16:27 634,880 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Extensions.Resources.dll
+ 2009-03-23 20:16:27 7,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Routing.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Routing.Resources.dll
+ 2009-03-23 20:16:28 3,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Presentation.resources\3.5.0.0_fr_b77a5c561934e089\System.Windows.Presentation.resources.dll
+ 2009-03-23 20:16:25 102,400 ----a-w c:\windows\assembly\GAC_MSIL\System.WorkflowServices.resources\3.5.0.0_fr_31bf3856ad364e35\System.WorkflowServices.resources.dll
+ 2009-03-23 20:16:28 8,192 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml.Linq.resources\3.5.0.0_fr_b77a5c561934e089\System.Xml.Linq.Resources.dll
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2009-03-25 10:02:06 25,214 ----a-r c:\windows\Installer\{28142407-ACAD-4ECD-A6B6-9FA8471F6062}\ARPPRODUCTICON.exe
+ 2009-03-27 20:39:00 292,878 ----a-r c:\windows\Installer\{53480330-E1D1-41CA-B8F8-7F78644F7F50}\ARPPRODUCTICON.exe
+ 2009-03-27 20:39:00 292,878 ----a-r c:\windows\Installer\{53480330-E1D1-41CA-B8F8-7F78644F7F50}\oodcnt_ds.53480420_ED54_41F1_B802_5A3B83DAF067.exe
+ 2009-03-27 20:38:59 292,878 ----a-r c:\windows\Installer\{53480330-E1D1-41CA-B8F8-7F78644F7F50}\oodcnt_exe.53480420_ED54_41F1_B802_5A3B83DAF067.exe
+ 2009-03-26 22:25:46 11,502 ----a-r c:\windows\Installer\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\ARPPRODUCTICON.exe
+ 2008-07-31 03:18:06 198,144 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1036\cscompui.dll
+ 2008-07-31 03:18:06 275,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1036\vbc7ui.dll
+ 2008-07-31 03:18:06 17,944 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\fr\DataSvcUtil.resources.dll
+ 2008-07-31 03:18:06 22,032 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\fr\EdmGen.Resources.dll
+ 2008-07-31 03:18:06 163,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\fr\Microsoft.Build.Tasks.v3.5.resources.dll
+ 2008-07-31 03:18:06 4,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\fr\Microsoft.Data.Entity.Build.Tasks.Resources.dll
+ 2008-07-31 03:18:06 46,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\fr\MSBuild.resources.exe
+ 2008-07-31 03:15:58 27,910 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\baseline.dat
+ 2008-07-31 00:06:02 97,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\DeleteTemp.exe
+ 2008-07-31 00:06:02 276,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\dlmgr.dll
+ 2008-07-31 00:06:02 1,064,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\gencomp.dll
+ 2008-07-31 00:06:02 177,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\HtmlLite.dll
+ 2008-07-31 03:18:06 183,296 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\RebootStub.exe
+ 2008-07-31 00:06:02 269,304 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
+ 2008-07-31 00:08:42 133,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setupres.dll
+ 2008-07-31 00:06:02 1,364,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\SITSetup.dll
+ 2008-07-31 00:06:02 1,054,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\vs_setup.dll
+ 2008-07-31 00:06:02 632,320 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\vs70uimgr.dll
+ 2008-07-31 00:06:02 413,184 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\vsbasereqs.dll
+ 2008-07-31 00:06:02 689,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\vsscenario.dll
+ 2008-07-31 00:08:42 112,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\WapRes.dll
+ 2008-07-31 00:06:02 984,056 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\WapUI.dll
- 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2009-03-26 22:44:49 618,008 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-03-17 18:03:30 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-04 09:41:54 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-03-17 18:03:30 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-04 09:41:54 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-03-17 18:04:24 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-04-04 09:43:42 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-04-04 09:43:42 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-17 18:04:18 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-04-04 11:18:37 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-04-04 11:18:37 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2009-03-17 20:06:33 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-04 10:58:55 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-17 20:06:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-04 10:58:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-17 20:06:33 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-04 10:58:55 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-17 20:18:31 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-04-04 11:14:31 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-04-04 11:14:31 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
+ 2007-06-28 19:20:42 37,896 ----a-w c:\windows\System32\drivers\oobctm.sys
+ 2007-08-27 14:41:22 1,089,440 ----a-w c:\windows\System32\msidcrl40.dll
- 2002-10-06 12:37:26 487,424 ----a-w c:\windows\System32\MSVCP70.DLL
+ 2008-08-13 09:22:42 487,424 ----a-w c:\windows\System32\msvcp70.dll
+ 2007-06-28 22:02:08 1,049,856 ----a-w c:\windows\System32\oodag.exe
+ 2007-06-28 21:58:50 17,152 ----a-w c:\windows\System32\oodagmg.dll
+ 2007-06-28 21:58:52 15,616 ----a-w c:\windows\System32\oodagrs.dll
+ 2007-06-28 22:00:26 193,792 ----a-w c:\windows\System32\oodbs.exe
+ 2007-06-28 21:58:52 9,984 ----a-w c:\windows\System32\oodbsrs.dll
+ 2007-06-28 22:01:00 2,512,128 ----a-w c:\windows\System32\oodtray.exe
+ 2007-06-28 21:59:12 206,080 ----a-w c:\windows\System32\oodtrrs.dll
+ 2007-06-28 19:19:48 15,104 ----a-w c:\windows\System32\ootmapi.dll
- 2009-03-17 18:35:56 104,296 ----a-w c:\windows\System32\perfc009.dat
+ 2009-04-04 09:47:01 104,296 ----a-w c:\windows\System32\perfc009.dat
- 2009-03-17 18:35:56 126,594 ----a-w c:\windows\System32\perfc00C.dat
+ 2009-04-04 09:47:01 126,594 ----a-w c:\windows\System32\perfc00C.dat
- 2009-03-17 18:35:56 594,108 ----a-w c:\windows\System32\perfh009.dat
+ 2009-04-04 09:47:01 594,108 ----a-w c:\windows\System32\perfh009.dat
- 2009-03-17 18:35:56 676,456 ----a-w c:\windows\System32\perfh00C.dat
+ 2009-04-04 09:47:01 676,456 ----a-w c:\windows\System32\perfh00C.dat
- 2009-03-16 19:57:18 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-03-31 04:24:19 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-03-17 18:05:27 14,008 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2565260227-2245687259-2372371746-1000_UserData.bin
+ 2009-04-04 09:43:51 14,344 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2565260227-2245687259-2372371746-1000_UserData.bin
- 2009-03-17 18:05:26 90,218 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-04 09:43:50 93,692 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-27 17:58:20 4,394 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-03-29 13:09:36 4,394 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-03-17 18:05:21 61,468 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-04 09:43:49 64,564 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-28 16:41:22 14,303,392 ----a-w c:\windows\System32\xlive.dll
+ 2008-10-22 03:55:28 134,144 ----a-w c:\windows\System32\xlive\sqmapi.dll
+ 2008-10-28 16:41:20 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-16 167368]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"F-Secure Manager"="c:\program files\SFR\Pack Sécurité\Common\FSM32.EXE" [2008-09-23 182936]
"F-Secure TNB"="c:\program files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" [2008-09-23 957024]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-28 148888]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-29 2512128]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 c:\windows\RtHDVCpl.exe]

c:\users\Kevin MONTHERAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Live.lnk - c:\program files\JRE\Folding@home.exe [2009-03-19 452608]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-04-24 528384]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
PCM Media Sharing.lnk - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-04-24 200812]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-02-04 946176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F95798C9-BF0A-4D20-BD7C-6B38E7FF9FEE}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{A5333138-7820-4A45-A0F8-9FD93BB4D627}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{D585109C-A3E9-47A0-B1F8-BEF827E9F6D7}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{31A60708-F002-42F4-9908-B33BD16550DD}"= c:\program files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{932D4E56-6D5F-4909-A913-8B5947834283}"= c:\program files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{B4E3A7E7-6249-4309-B05F-B68B9B030828}"= c:\program files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{383C1570-BA3C-4015-8188-2C4B6D3284C4}"= c:\program files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{96FB5B8F-6D95-4F7A-809C-7952FC936ACB}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{4FF06BD9-4370-4B76-ACF7-40542F1CF716}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{98664FF4-6B05-4F6A-9AA8-4AB9AD382F88}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{ACE965AF-3E79-4CEA-88D0-A0B298285A08}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D86BA326-F11F-48E9-8234-8AE39B834488}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{C39F29EE-DA75-44D0-A759-A2E05856A4A2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{89B64FBA-3EED-4DB7-A281-2F9BDB2665B0}"= UDP:d:\logiciels installer\call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{89654656-1DB9-4BB8-A900-E9D057DDD2E4}"= TCP:d:\logiciels installer\call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{C47DE0E0-4BD4-4A91-BD8B-0C78813CCB9B}"= UDP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{9FD1E30E-7800-4419-8C93-30ECCF58E9E9}"= TCP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{134D50B9-E8A3-4C26-85A4-0EE7E0B21114}"= UDP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{AF909CFB-2CB9-49B0-88B6-F294A0E36CDE}"= TCP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{EE4FFA63-6B21-40EE-A0BE-2C152FBE7618}"= TCP:6004|c:\program files\Microsoft Office 2007\Office12\outlook.exe:Microsoft Office Outlook
"{8C41EABF-CC68-4EB1-AA96-C126DA3F9925}"= UDP:c:\program files\Microsoft Office 2007\Office12\GROOVE.EXE:Microsoft Office Groove
"{856E2AB8-B407-4917-8EBC-C7E2FA31A891}"= TCP:c:\program files\Microsoft Office 2007\Office12\GROOVE.EXE:Microsoft Office Groove
"{8F24B4D6-C4FC-4E7B-B33D-EC3E599039F1}"= UDP:c:\program files\Microsoft Office 2007\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{58AC9DEF-E39F-4733-B55B-6E4E2A514535}"= TCP:c:\program files\Microsoft Office 2007\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{80AF612D-A611-496E-B9BC-DB1B5D1E27FF}"= UDP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{80ABE62D-E174-4CC3-9E83-79076FC68605}"= TCP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{A0C24512-1D74-451C-B7F6-51072309D723}"= UDP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{49F6A9C9-94AF-4957-914D-5D96CF560B74}"= TCP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{552A529F-BAF1-4787-B320-3F35F6296502}"= UDP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{2F26A7D9-26CC-47D3-9C27-A0AB761A3CE0}"= TCP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{930EFD28-6339-408F-BD20-D99F23FB0161}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{5B2FE4EE-E54A-4726-A664-FD4FEC2AA1C9}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{02B441EE-6E51-4EC5-8260-600541CD56D2}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{5AC94F14-3F8E-45A1-A02A-B8FF5C2BFB56}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{F44333BC-15FA-4D16-B460-183FE8C4137E}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{5ADD8998-C2F5-4486-9B03-692A330B7462}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{90EFDDF3-E873-4DEC-BFA3-A69458219ACE}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{B35586BA-BC48-4745-8538-52D098074F43}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{C39C42F5-BA0A-4946-8E4D-ADCFCD10FE01}"= UDP:c:\program files\Zattoo\Zattoo.exe:Zattoo
"{4D327FB6-A0FC-46BD-9228-6E98BD2BA4FF}"= TCP:c:\program files\Zattoo\Zattoo.exe:Zattoo
"TCP Query User{885A49E5-7C53-4E3E-9D2A-AC6E7C906BB8}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood
"UDP Query User{57AB26D7-53AA-4855-ACC9-DB5D433AE6F2}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood
"TCP Query User{C2D5C423-31AB-4ACB-B8D7-F3DBEAB31BBF}d:\\jeux\\sega rally\\sega rally.exe"= UDP:d:\jeux\sega rally\sega rally.exe:SEGA Rally
"UDP Query User{2CC3FDF7-32F3-4286-B4E5-8CD9D9D8DC15}d:\\jeux\\sega rally\\sega rally.exe"= TCP:d:\jeux\sega rally\sega rally.exe:SEGA Rally
"{1CB6DA39-B807-4418-9471-186D8E2CAFE1}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{7F4AD08D-38F5-45AD-BE81-65330ABE7757}"= UDP:d:\jeux\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{208FBEAC-5C7B-4023-B732-0983C1E6A81B}"= TCP:d:\jeux\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{EFDB5BC4-8E77-4306-A96A-657DC797595A}"= UDP:d:\jeux\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{097ABFCC-67EE-4F1B-A966-4D24EB4D423A}"= TCP:d:\jeux\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{D1C5AA14-016C-4A08-807D-D2564C9C9CA4}"= UDP:d:\jeux\call of duty 5\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{C020817D-1928-4DC8-99B0-8ED8C6794400}"= TCP:d:\jeux\call of duty 5\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{9DDCAB11-3B95-4FCF-8234-1621A75F5860}"= UDP:d:\jeux\call of duty 5\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{35072848-F443-4E2D-9B01-CB0688200720}"= TCP:d:\jeux\call of duty 5\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{9E244BD1-D27A-466D-8C88-7085EBC7A15E}"= UDP:d:\jeux\race driver grid\GRID.exe:GRID
"{99AA10B5-1212-4237-B3E2-535B78D4C09D}"= TCP:d:\jeux\race driver grid\GRID.exe:GRID

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [2009-01-28 33408]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [2006-07-11 42392]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\SFR\Pack Sécurité\HIPS\drivers\fshs.sys [2009-01-28 66720]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2009-01-28 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2009-01-28 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsvista.sys [2009-01-28 12384]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-24 266343]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys [2009-01-28 84608]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe [2009-01-28 55904]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [2007-05-11 329728]
S2 gupdate1c98c646521307c;Google Update Service (gupdate1c98c646521307c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-03-14 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [2007-12-09 80744]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\SFR\Pack Sécurité\Anti-Virus\win2k\fsfilter.sys [2009-01-28 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\SFR\Pack Sécurité\Anti-Virus\win2k\fsrec.sys [2009-01-28 25184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69961655-fb38-11dc-a182-0019dbacc2ff}]
\shell\AutoRun\command - J:\Autorun.exe
.
Contenu du dossier 'Tâches planifiées'

2009-04-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 21:52]

2009-04-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 18:18]

2009-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2565260227-2245687259-2372371746-1000.job
- c:\users\Kevin MONTHERAT\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-04 17:05]

2009-04-04 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\SFR\PACKSC~1\ANTI-V~1\fsav.exe [2008-09-23 15:35]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Apanel - c:\acersw\config\NewSetApanel.cmd
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\SFR\Pack Se9,curite9,\FSPS\program\fslsp.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 13:18:56
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\program files\SFR\Pack Sécurité\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(784)
c:\program files\SFR\Pack Sécurité\FWES\Program\fsdc32.dll

- - - - - - - > 'Explorer.exe'(6924)
c:\program files\SFR\Pack Sécurité\Spam Control\fsscoepl.dll
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll

- - - - - - - > 'csrss.exe'(668)
c:\program files\SFR\Pack Sécurité\FWES\Program\fsdc32.dll

- - - - - - - > 'csrss.exe'(732)
c:\program files\SFR\Pack Sécurité\FWES\Program\fsdc32.dll
.
Heure de fin: 2009-04-04 13:20:41
ComboFix-quarantined-files.txt 2009-04-04 11:20:36
ComboFix2.txt 2009-03-17 20:24:13
ComboFix3.txt 2009-03-06 18:45:48
ComboFix4.txt 2009-03-05 20:58:07

Avant-CF: 169 885 573 120 octets libres
Après-CF: 170,034,946,048 octets libres

524 --- E O F --- 2009-04-02 16:07:47

Réponse 28 / 82

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

bien ....

1-Créer un doc texte sur ton bureau :
pointe ta souris sur ton bureau , clique droit : va dans "nouveau" et choisis "document texte" .

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :

File::
c:\pv.exe
c:\windows\System32\tmp44BF.tmp
c:\windows\System32\tmp4460.tmp

Driver::
gaopdxserv.sys
apkll5bt

Puis va dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valide ...

2-Nettoyage :

!! Déconnecte toi, ferme toutes tes applications et désactive TOUTES TES DEFENSES ( tu les réactiveras après ) !!

--->Sur ton bureau, fais glisser avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .

(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide.

Puis patiente le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

!! Ne touches à rien tant que le scan n'est pas terminé !!

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : poste le accompagné d' un nouveau rapport RSIT pour analyse ...

( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )

Réponse 29 / 82

kevin.m Messages postés 62 Date d'inscription Statut Membre Dernière intervention

vioila le rapport:

ComboFix 09-04-03.01 - Kevin MONTHERAT 2009-04-04 15:05:57.5 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2047.1023 [GMT 2:00]
Lancé depuis: c:\users\Kevin MONTHERAT\Desktop\Combo.exe
Commutateurs utilisés :: c:\users\Kevin MONTHERAT\Desktop\CFScript.txt
FW: Pack sécurité 8.00 *enabled*
* Un nouveau point de restauration a été créé
* Resident AV is active

FILE ::
c:\pv.exe
c:\windows\System32\tmp4460.tmp
c:\windows\System32\tmp44BF.tmp
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\pv.exe
c:\windows\System32\tmp4460.tmp
c:\windows\System32\tmp44BF.tmp

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-04 au 2009-04-04 ))))))))))))))))))))))))))))))))))))
.

2009-03-29 00:15 . 2009-03-29 00:15 <REP> d-------- c:\users\All Users\Codemasters
2009-03-29 00:15 . 2009-03-29 00:15 <REP> d-------- c:\programdata\Codemasters
2009-03-28 23:46 . 2009-03-28 23:46 <REP> d-------- c:\program files\OpenAL
2009-03-28 12:42 . 2009-04-04 15:10 21,702 --a------ c:\windows\System32\oodbs.lor
2009-03-28 00:17 . 2009-03-28 00:17 <REP> d-------- c:\windows\System32\oodag
2009-03-28 00:06 . 2009-03-28 00:06 0 --a------ c:\windows\OODCNT.INI
2009-03-27 22:38 . 2009-03-27 22:38 <REP> d-------- c:\program files\OO Software
2009-03-26 20:46 . 2009-03-26 21:15 <REP> d-------- c:\users\Kevin MONTHERAT\AppData\Roaming\ICQ
2009-03-26 20:44 . 2009-03-26 21:15 <REP> d-------- c:\program files\ICQ6.5
2009-03-25 14:59 . 2009-03-25 14:59 <REP> d-------- c:\users\Kevin MONTHERAT\AppData\Roaming\AVS4YOU
2009-03-25 14:59 . 2009-03-25 14:59 <REP> d-------- c:\users\All Users\AVS4YOU
2009-03-25 14:59 . 2009-03-25 14:59 <REP> d-------- c:\programdata\AVS4YOU
2009-03-25 14:57 . 2009-03-25 14:57 <REP> d-------- c:\program files\Common Files\AVSMedia
2009-03-25 14:57 . 2009-03-25 14:58 <REP> d-------- c:\program files\AVS4YOU
2009-03-25 14:57 . 2008-08-13 11:22 974,848 --a------ c:\windows\System32\mfc70.dll
2009-03-19 20:50 . 2009-03-19 20:50 <REP> d-------- c:\program files\JRE
2009-03-18 22:04 . 2009-03-18 22:04 <REP> dr-h----- c:\users\Kevin MONTHERAT\AppData\Roaming\SecuROM
2009-03-18 20:36 . 2008-05-30 15:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2009-03-18 20:36 . 2008-05-30 15:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2009-03-18 20:36 . 2008-05-30 15:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
2009-03-18 20:36 . 2008-05-30 15:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2009-03-18 20:36 . 2008-05-30 15:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
2009-03-18 20:36 . 2008-05-30 15:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
2009-03-18 20:36 . 2008-05-30 15:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
2009-03-18 20:35 . 2009-03-18 20:35 <REP> d-------- c:\windows\System32\xlive
2009-03-18 20:35 . 2009-03-18 22:02 <REP> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-03-17 22:17 . 2009-03-17 22:24 <REP> d-------- C:\ComboFix
2009-03-16 21:31 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-16 21:31 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-16 21:31 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-16 21:31 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-16 21:31 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-16 21:31 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-16 21:31 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-16 21:31 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-16 21:23 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-16 21:23 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-16 21:23 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-16 21:23 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-16 21:23 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-14 21:48 . 2009-03-14 21:48 <REP> d----c--- c:\windows\System32\DRVSTORE
2009-03-14 21:48 . 2009-02-06 19:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys
2009-03-14 21:47 . 2009-03-14 21:47 <REP> d-------- c:\program files\Microsoft Sync Framework
2009-03-14 15:15 . 2009-03-14 15:32 <REP> d-------- c:\users\Kevin MONTHERAT\AppData\Roaming\InfraRecorder
2009-03-14 15:15 . 2009-03-14 15:15 <REP> d-------- c:\program files\InfraRecorder
2009-03-11 13:54 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 13:54 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 13:54 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 13:54 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 13:54 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 13:54 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-06 19:12 . 2009-03-06 19:12 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-03-05 22:14 . 2009-03-05 22:24 <REP> d-------- C:\rsit
2009-03-05 22:12 . 2009-03-05 22:12 <REP> d-------- c:\program files\Trend Micro
2009-03-05 21:05 . 2009-03-05 21:05 <REP> d-------- c:\users\Kevin MONTHERAT\AppData\Roaming\Malwarebytes
2009-03-05 21:05 . 2009-03-05 21:05 <REP> d-------- c:\users\All Users\Malwarebytes
2009-03-05 21:05 . 2009-03-05 21:05 <REP> d-------- c:\programdata\Malwarebytes
2009-03-05 21:05 . 2009-03-05 21:05 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 21:05 . 2009-02-11 11:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-05 21:05 . 2009-02-11 11:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-05 20:58 . 2009-03-05 21:54 <REP> d-------- C:\Rooter$
2009-03-04 13:57 . 2009-03-04 13:57 <REP> d-------- c:\users\Kevin MONTHERAT\Pavark
2009-03-04 13:52 . 2009-03-04 13:52 <REP> d-------- c:\program files\PHPNukeFR
2009-03-04 12:06 . 2009-03-04 12:06 <REP> d-------- c:\program files\VID_0E8F&PID_0012

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 13:00 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\Azureus
2009-04-03 19:28 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\dvdcss
2009-04-03 17:08 --------- d-----w c:\programdata\Google Updater
2009-03-28 23:46 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-28 21:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-19 15:34 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\F-Secure
2009-03-14 19:48 --------- d-----w c:\program files\Windows Live
2009-03-13 22:29 --------- d-----w c:\programdata\Test Drive Unlimited
2009-03-12 18:18 --------- d-----w c:\program files\Windows Mail
2009-03-12 18:05 --------- d-----w c:\programdata\Microsoft Help
2009-03-08 11:13 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-06 20:19 --------- d-----w c:\program files\Vuze
2009-03-05 20:03 --------- d-----w c:\program files\CCleaner
2009-03-05 19:45 --------- d---a-w c:\programdata\TEMP
2009-03-02 12:27 --------- d-----w c:\program files\Conduit
2009-03-02 12:12 --------- d-----w c:\program files\Navilog1
2009-03-01 11:13 --------- d-----w c:\program files\Google
2009-02-28 09:49 --------- d-----w c:\program files\Java
2009-02-26 17:19 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\LimeWire
2009-02-25 12:34 --------- d-----w c:\program files\Yahoo!
2009-02-24 18:58 --------- d-----w c:\programdata\Electronic Arts
2009-02-24 18:41 --------- d-----w c:\program files\EA Games
2009-02-23 18:56 --------- d-----w c:\program files\PowerISO
2009-02-23 17:49 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\Leadertech
2009-02-22 17:47 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\vlc
2009-02-22 17:44 --------- d-----w c:\program files\VideoLAN
2009-02-22 16:53 --------- d-----w c:\programdata\Media Center Programs
2009-02-14 14:53 --------- d-----w c:\program files\LimeWire
2009-02-14 09:48 --------- d-----w c:\program files\PowerQuest
2009-02-14 00:21 --------- d-----w c:\program files\NCH Swift Sound
2009-02-14 00:16 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\eSobi
2009-02-14 00:16 --------- d-----w c:\programdata\eMule
2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 18:33 --------- d-----w c:\program files\GameSpy Arcade
2009-02-06 06:03 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-04 12:31 --------- d-----w c:\users\Kevin MONTHERAT\AppData\Roaming\InstallShield
2009-02-04 12:31 --------- d-----w c:\program files\RALINK
2009-01-29 14:10 174 --sha-w c:\program files\desktop.ini
2009-01-23 16:26 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-23 16:26 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-23 16:26 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-23 16:26 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-23 16:26 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-23 16:26 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-22 08:28 2,927,104 ----a-w c:\windows\explorer.exe
2008-03-26 14:29 22,328 ----a-w c:\users\Kevin MONTHERAT\AppData\Roaming\PnkBstrK.sys
2008-02-03 19:33 0 ----a-w c:\users\Kevin MONTHERAT\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-04-04_13.19.35,26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-04-04 09:43:42 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-04-04 13:10:51 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-04-04 13:10:51 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-04-04 11:18:37 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-04-04 13:10:51 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-04-04 13:10:51 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-04-04 10:58:55 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-04 13:10:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-04 10:58:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-04 13:10:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-04 10:58:55 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-04 13:10:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-16 167368]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"F-Secure Manager"="c:\program files\SFR\Pack Sécurité\Common\FSM32.EXE" [2008-09-23 182936]
"F-Secure TNB"="c:\program files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" [2008-09-23 957024]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-28 148888]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-29 2512128]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 c:\windows\RtHDVCpl.exe]

c:\users\Kevin MONTHERAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Live.lnk - c:\program files\JRE\Folding@home.exe [2009-03-19 452608]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-04-24 528384]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
PCM Media Sharing.lnk - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-04-24 200812]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-02-04 946176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F95798C9-BF0A-4D20-BD7C-6B38E7FF9FEE}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{A5333138-7820-4A45-A0F8-9FD93BB4D627}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{D585109C-A3E9-47A0-B1F8-BEF827E9F6D7}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{31A60708-F002-42F4-9908-B33BD16550DD}"= c:\program files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{932D4E56-6D5F-4909-A913-8B5947834283}"= c:\program files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{B4E3A7E7-6249-4309-B05F-B68B9B030828}"= c:\program files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{383C1570-BA3C-4015-8188-2C4B6D3284C4}"= c:\program files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{96FB5B8F-6D95-4F7A-809C-7952FC936ACB}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{4FF06BD9-4370-4B76-ACF7-40542F1CF716}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{98664FF4-6B05-4F6A-9AA8-4AB9AD382F88}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{ACE965AF-3E79-4CEA-88D0-A0B298285A08}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D86BA326-F11F-48E9-8234-8AE39B834488}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{C39F29EE-DA75-44D0-A759-A2E05856A4A2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{89B64FBA-3EED-4DB7-A281-2F9BDB2665B0}"= UDP:d:\logiciels installer\call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{89654656-1DB9-4BB8-A900-E9D057DDD2E4}"= TCP:d:\logiciels installer\call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{C47DE0E0-4BD4-4A91-BD8B-0C78813CCB9B}"= UDP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{9FD1E30E-7800-4419-8C93-30ECCF58E9E9}"= TCP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{134D50B9-E8A3-4C26-85A4-0EE7E0B21114}"= UDP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{AF909CFB-2CB9-49B0-88B6-F294A0E36CDE}"= TCP:d:\jeux\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{EE4FFA63-6B21-40EE-A0BE-2C152FBE7618}"= TCP:6004|c:\program files\Microsoft Office 2007\Office12\outlook.exe:Microsoft Office Outlook
"{8C41EABF-CC68-4EB1-AA96-C126DA3F9925}"= UDP:c:\program files\Microsoft Office 2007\Office12\GROOVE.EXE:Microsoft Office Groove
"{856E2AB8-B407-4917-8EBC-C7E2FA31A891}"= TCP:c:\program files\Microsoft Office 2007\Office12\GROOVE.EXE:Microsoft Office Groove
"{8F24B4D6-C4FC-4E7B-B33D-EC3E599039F1}"= UDP:c:\program files\Microsoft Office 2007\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{58AC9DEF-E39F-4733-B55B-6E4E2A514535}"= TCP:c:\program files\Microsoft Office 2007\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{80AF612D-A611-496E-B9BC-DB1B5D1E27FF}"= UDP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{80ABE62D-E174-4CC3-9E83-79076FC68605}"= TCP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{A0C24512-1D74-451C-B7F6-51072309D723}"= UDP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{49F6A9C9-94AF-4957-914D-5D96CF560B74}"= TCP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{552A529F-BAF1-4787-B320-3F35F6296502}"= UDP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{2F26A7D9-26CC-47D3-9C27-A0AB761A3CE0}"= TCP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{930EFD28-6339-408F-BD20-D99F23FB0161}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{5B2FE4EE-E54A-4726-A664-FD4FEC2AA1C9}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{02B441EE-6E51-4EC5-8260-600541CD56D2}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{5AC94F14-3F8E-45A1-A02A-B8FF5C2BFB56}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{F44333BC-15FA-4D16-B460-183FE8C4137E}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{5ADD8998-C2F5-4486-9B03-692A330B7462}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{90EFDDF3-E873-4DEC-BFA3-A69458219ACE}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{B35586BA-BC48-4745-8538-52D098074F43}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{C39C42F5-BA0A-4946-8E4D-ADCFCD10FE01}"= UDP:c:\program files\Zattoo\Zattoo.exe:Zattoo
"{4D327FB6-A0FC-46BD-9228-6E98BD2BA4FF}"= TCP:c:\program files\Zattoo\Zattoo.exe:Zattoo
"TCP Query User{885A49E5-7C53-4E3E-9D2A-AC6E7C906BB8}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood
"UDP Query User{57AB26D7-53AA-4855-ACC9-DB5D433AE6F2}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood
"TCP Query User{C2D5C423-31AB-4ACB-B8D7-F3DBEAB31BBF}d:\\jeux\\sega rally\\sega rally.exe"= UDP:d:\jeux\sega rally\sega rally.exe:SEGA Rally
"UDP Query User{2CC3FDF7-32F3-4286-B4E5-8CD9D9D8DC15}d:\\jeux\\sega rally\\sega rally.exe"= TCP:d:\jeux\sega rally\sega rally.exe:SEGA Rally
"{1CB6DA39-B807-4418-9471-186D8E2CAFE1}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{7F4AD08D-38F5-45AD-BE81-65330ABE7757}"= UDP:d:\jeux\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{208FBEAC-5C7B-4023-B732-0983C1E6A81B}"= TCP:d:\jeux\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{EFDB5BC4-8E77-4306-A96A-657DC797595A}"= UDP:d:\jeux\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{097ABFCC-67EE-4F1B-A966-4D24EB4D423A}"= TCP:d:\jeux\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{D1C5AA14-016C-4A08-807D-D2564C9C9CA4}"= UDP:d:\jeux\call of duty 5\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{C020817D-1928-4DC8-99B0-8ED8C6794400}"= TCP:d:\jeux\call of duty 5\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{9DDCAB11-3B95-4FCF-8234-1621A75F5860}"= UDP:d:\jeux\call of duty 5\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{35072848-F443-4E2D-9B01-CB0688200720}"= TCP:d:\jeux\call of duty 5\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{9E244BD1-D27A-466D-8C88-7085EBC7A15E}"= UDP:d:\jeux\race driver grid\GRID.exe:GRID
"{99AA10B5-1212-4237-B3E2-535B78D4C09D}"= TCP:d:\jeux\race driver grid\GRID.exe:GRID

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [2009-01-28 33408]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [2006-07-11 42392]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\SFR\Pack Sécurité\HIPS\drivers\fshs.sys [2009-01-28 66720]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2009-01-28 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2009-01-28 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsvista.sys [2009-01-28 12384]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-24 266343]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys [2009-01-28 84608]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe [2009-01-28 55904]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [2007-05-11 329728]
S2 gupdate1c98c646521307c;Google Update Service (gupdate1c98c646521307c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-03-14 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [2007-12-09 80744]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\SFR\Pack Sécurité\Anti-Virus\win2k\fsfilter.sys [2009-01-28 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\SFR\Pack Sécurité\Anti-Virus\win2k\fsrec.sys [2009-01-28 25184]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69961655-fb38-11dc-a182-0019dbacc2ff}]
\shell\AutoRun\command - J:\Autorun.exe
.
Contenu du dossier 'Tâches planifiées'

2009-04-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 21:52]

2009-04-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 18:18]

2009-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2565260227-2245687259-2372371746-1000.job
- c:\users\Kevin MONTHERAT\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-04 17:05]

2009-04-04 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\SFR\PACKSC~1\ANTI-V~1\fsav.exe [2008-09-23 15:35]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\SFR\Pack Se9,curite9,\FSPS\program\fslsp.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 15:11:13
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(4300)
c:\program files\SFR\Pack Sécurité\Spam Control\fsscoepl.dll
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
c:\program files\SFR\Pack Sécurité\Common\FSMA32.EXE
c:\program files\SFR\Pack Sécurité\Anti-Virus\fsgk32.exe
c:\program files\SFR\Pack Sécurité\Common\FSMB32.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\SFR\Pack Sécurité\Common\FCH32.EXE
c:\windows\System32\oodag.exe
c:\program files\SFR\Pack Sécurité\Common\FAMEH32.EXE
c:\program files\SFR\Pack Sécurité\Anti-Virus\fsqh.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\System32\WUDFHost.exe
c:\program files\SFR\Pack Sécurité\Anti-Virus\fssm32.exe
c:\program files\SFR\Pack Sécurité\FSAUA\program\fsaua.exe
c:\program files\SFR\Pack Sécurité\FWES\program\fsdfwd.exe
c:\program files\SFR\Pack Sécurité\FSAUA\program\fsus.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\acer\Empowering Technology\eRecovery\eRAgent.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\SFR\Pack Sécurité\FSGUI\fsguidll.exe
c:\program files\SFR\Pack Sécurité\Anti-Virus\fsav32.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2009-04-04 15:17:20 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-04 13:17:04
ComboFix2.txt 2009-04-04 11:20:43
ComboFix3.txt 2009-03-17 20:24:13
ComboFix4.txt 2009-03-06 18:45:48
ComboFix5.txt 2009-04-04 13:05:17

Avant-CF: 169 015 791 616 octets libres
Après-CF: 168,899,719,168 octets libres

370 --- E O F --- 2009-04-02 16:07:47

Réponse 30 / 82

kevin.m Messages postés 62 Date d'inscription Statut Membre Dernière intervention

voila le rapport RSIT:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Kevin MONTHERAT at 2009-04-04 15:25:11
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 161 GB (69%) free of 234 GB
Total RAM: 2047 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:25:17, on 04/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exea
C:\Windows\System32\oodtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\JRE\Folding@home.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\SFR\Pack Sécurité\FSGUI\fsguidll.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\SFR\Pack Sécurité\FSGUI\scanwizard.exe
D:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kevin MONTHERAT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2007\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Adobe Live.lnk = C:\Program Files\JRE\Folding@home.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office 2007\Office12\GrooveSystemServices.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c98c646521307c) (gupdate1c98c646521307c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Réponse 31 / 82

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

Bien ....

dis moi comment va le PC .... du mieux ?

puis fait ceci :

Télécharge GenProc (de Jean-Chretien1 et Narco4) sur ton bureau (et pas ailleur !) :
http://www.genproc.com/GenProc.exe

!!Déconnecte toi et ferme tes applications en cours !!

* clique droit / " executer entant qu'admin..." sur GenProc.exe pour lancer le scan et laisse faire...

* A la question "faites vous aidez sur un forum..." > clique sur " oui " .

-> poste le contenu du rapport qui s'ouvre ...

Aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

IMPORTANT : poste le rapport et ne fais rien d'autre pour l'instant ( souvant il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement ) .

Réponse 32 / 82

kevin.m Messages postés 62 Date d'inscription Statut Membre Dernière intervention

désolé de ne pas avoir pu te répondre avant j'étais en vacance^^.
je me demande si je ne ferais pas mieu de remettre mon PC au paramètres d'usine tu en pense quoi??
Sinan voici le rapport:

Rapport GenProc 2.523 [1] - 13/04/2009 à 19:23:38 - Windows Vista

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

Réponse 33 / 82

kevin.m Messages postés 62 Date d'inscription Statut Membre Dernière intervention

désolé de ne pas avoir pu te répondre avant j'étais en vacance^^.
je me demande si je ne ferais pas mieu de remettre mon PC au paramètres d'usine tu en pense quoi??
Sinan voici le rapport:

Rapport GenProc 2.523 [1] - 13/04/2009 à 19:23:38 - Windows Vista

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

Réponse 34 / 82

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

re,

je t'ai poser une question ici > http://www.commentcamarche.net/forum/affich 11360692 rootkit sous vista?page=2#34

encore des problèmes avec le PC ? ... ^^

Refais un scan RSIT et poste moi le nouveau rapport "Log.txt" pour voir où on en est ....

Réponse 35 / 82

kevin.m Messages postés 62 Date d'inscription Statut Membre Dernière intervention

bien en faite je ne sait pas si il reste des rootkit ou autre sur mon PC mais il est très lent au démarage!

Réponse 36 / 82

kevin.m Messages postés 62 Date d'inscription Statut Membre Dernière intervention

voila le rapport RSIT:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Kevin MONTHERAT at 2009-04-13 19:59:48
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 161 GB (69%) free of 234 GB
Total RAM: 2047 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:56, on 13/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\System32\oodtray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\SFR\Pack Sécurité\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\SFR\Pack Sécurité\FSGUI\scanwizard.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
D:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kevin MONTHERAT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2007\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Adobe Live.lnk = C:\Program Files\JRE\Folding@home.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office 2007\Office12\GrooveSystemServices.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c98c646521307c) (gupdate1c98c646521307c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Réponse 37 / 82

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

Bon ... on fera un petit check up à la fin ....

pour le moment , on va vérifier quelque chose :

Télécharge UsbFix ( de C_XX & Chiquitine29 ) sur ton bureau :

> http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe

! Déconnecte toi d'internet et ferme toutes applications en cours !

--> Double-clique sur l' .exe pour lancer l'installation de l'outil ( ne touche pas aux paramètres d'installe ) .

Impératif :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3, etc...) succeptibles d'avoir été infectés, ainsi que les CD et DVD rom dont tu te sers éventuellement le plus souvent ( mais sans les ouvrir ! ) .

# Double clique sur le raccourci UsbFix présent sur ton bureau pour lancer l'outil.

# Choisis l' option 1 ( Recherche )

# Laisse travailler l'outil et ne touche à rien pendant le scan .

# Une fois terminé, poste le rapport UsbFix.txt qui apparaitra.

Le rapport est en outre sauvegardé à la racine du disque maitre ( C:\UsbFix.txt ).

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Réponse 38 / 82

kevin.m Messages postés 62 Date d'inscription Statut Membre Dernière intervention

j'ai un problème car le rapport ne s'ouvre pas à la fin de l'analyse alors que le logiciel s'execute normalement!!(j'ai aussi regardé dans C: )

Réponse 39 / 82

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

re,

désactive ton anti-virus et retente la manipe ...

poste moi le rapport ( si possible ... )

Réponse 40 / 82

kevin.m Messages postés 62 Date d'inscription Statut Membre Dernière intervention

Désoler mais ça ne marche toujours pas!
je voulais te demander quelque chose: pour toi quelle est le meilleur antivirus gratuit?

Discussions similaires

j'ai perdu mon mot de passe sous vista

télécharger windows 7 gratuit pr remplacer windows vista edition

Télécharger Windows 7 gratuitement pour remplacer Vista

debloquer un pc sous vista

Forum Virus

Trouvez des solutions pour détecter et éliminer les menaces, des astuces pour prévenir les infections, et discutez des dernières menaces en ligne