Sujet Précédent Sujet Suivant

Virus Win32:Rootkit-gen [Rtk]

Fermé
portal - 29 juil. 2008 à 13:01
 portal - 30 juil. 2008 à 18:46
Bonjour,
je suis infecté par un virus du type Rootkit-gen mon anti virus avast n'arrete pas de s'ouvrir pour me le signaler que puis je faire pour remedier à ce probleme; voila ce que avast me dit:

nom du fichier C:\WINDOWS\system32\pphc57oj0evdp.exe
nom du logiciel Win32:Rootkit-gen [Rtk]
type Rootkit

je vous serai super reconnaissant de me donner un coup de main prck j'ai besoin de mon ordinateur pour le travail et il est impossible de travailler avec avast qui s'ouvre toute les 10 sec.merci
je vois que je ne suis pas le seul avec ce problème mais apparement tous les cas ont l'air d'avoir des origines différentes
voila ce que me dit l'analyse hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:36, on 29/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\lphc57oj0evdp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\rhc17oj0evdp\rhc17oj0evdp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [lphc57oj0evdp] C:\WINDOWS\system32\lphc57oj0evdp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp\200872912628_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp\200872912621_mcinfo.exe /insfin
O4 - HKLM\..\Run: [SMrhc17oj0evdp] C:\Program Files\rhc17oj0evdp\rhc17oj0evdp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0304EC79-35A5-4BBE-A3E9-B681482ED603}: NameServer = 10.0.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

12 réponses

Réponse 1 / 12
Utilisateur anonyme
29 juil. 2008 à 13:11
Salut ,

*************************************************************

/!\ Outils très puissant , ne pas reproduire la manip ci-dessous sur son pc sans y avoir été autorisé par une personne compétente /!\


_________________________________________________

1)Désactive ta restauration système
Clic sur « Démarrer »
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu y coches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]

_________________________________________________


2)Télécharge ComboFix ici → http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Et enregistre le sur le bureau >>> /!\ IMPORTANT /!\

Regardes ici, si tu souhaites te familiariser avec son utilisation: https://www.google.fr/?gws_rd=ssl

AVANT d'utiliser ComboFix :
→ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
→ Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection !!!, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil). /!\

3)Sur ton bureau double clic sur Combofix.exe.
Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.

/!\ PENDANT TOUTE la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme, ne touche pas à ta souris et ne surfe pas sur le net /!\

Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse).

En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse le faire.

Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.

(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)


_________________________________________________

4)Ensuite réactive ta restauration système
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu décoches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]

_________________________________________________

Tutorial ( aide ):

http://bibou0007.com/outils-specifiques-f78/tutorial-combofix-t121.htm

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


*************************************************************


a+
0
Réponse 2 / 12
portal
29 juil. 2008 à 13:21
Merci pour ton aide mais ton avertissement me fait un peu peur , n'y a t'il pas une methode moins risqué pour supprimerce genre de virus?
MERCI
0
Réponse 3 / 12
Utilisateur anonyme
29 juil. 2008 à 13:25
Re ,

Ne t'en fait pas , cet outil est quasiment sans risques si tu suis tout ce qui est marqué.

Vu ton degré d'infection , il va falloir passer par lui pour faire au mieux.


+++
0
portal
29 juil. 2008 à 17:32
voila je viens de faire la manip que tu m'as indiqué, tout a l'air de s'être passer normalement,voici ci dessous le rapport que me fournit Combofix, merci

ComboFix 08-07-28.6 - AurélienB 2008-07-29 16:51:52.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.151 [GMT 2:00]
Endroit: C:\Documents and Settings\AurélienB\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1rfw8hjr.com
C:\Autorun.inf
C:\Documents and Settings\AurélienB\Application Data\rhc17oj0evdp
C:\kdxdweli.cmd
C:\njibyekk.com
C:\Program Files\rhc17oj0evdp
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\blphc57oj0evdp.scr
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\lphc57oj0evdp.exe
C:\WINDOWS\system32\phc57oj0evdp.bmp
C:\WINDOWS\system32\pphc57oj0evdp.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-29 ))))))))))))))))))))))))))))))))))))
.

2008-07-29 12:24 . 2008-07-29 12:24 <REP> d-------- C:\Program Files\Trend Micro
2008-07-29 06:26 . 2008-07-29 06:26 <REP> d-------- C:\Program Files\Alwil Software
2008-07-28 18:24 . 2008-07-29 10:40 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 18:02 . 2008-07-28 18:02 4 --a------ C:\18.tmp
2008-07-27 17:47 . 2008-07-27 17:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-27 17:47 . 2008-07-27 17:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-26 22:22 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-07-26 22:22 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\dllcache\mstee.sys
2008-07-26 22:20 . 2008-07-26 22:20 <REP> d-------- C:\Program Files\Fichiers communs\logishrd
2008-07-26 22:20 . 2004-08-04 00:55 91,648 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-07-26 22:20 . 2004-08-04 00:55 91,648 --a------ C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-07-26 22:20 . 2004-08-04 00:55 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-07-26 22:20 . 2004-08-04 00:55 61,952 --a------ C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-07-26 22:20 . 2004-08-04 00:54 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-07-26 22:20 . 2004-08-04 00:54 54,784 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-07-26 22:20 . 2004-08-04 00:55 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-07-26 22:20 . 2004-08-04 00:55 43,008 --a------ C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-07-26 22:20 . 2004-08-04 00:55 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-07-26 22:20 . 2004-08-04 00:55 28,672 --a------ C:\WINDOWS\system32\dllcache\vidcap.ax
2008-07-26 22:18 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-26 22:18 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-26 05:01 . 2008-07-26 05:01 86,679 -r-hs---- C:\jk.exe
2008-07-24 17:44 . 2008-07-25 10:26 86,970 -r-hs---- C:\e.com
2008-07-23 16:57 . 2008-07-25 04:37 116,577 -r-hs---- C:\g2pfnid.com
2008-07-22 05:48 . 2008-07-29 06:42 79,360 -r-hs---- C:\WINDOWS\system32\ckvo1.dll
2008-07-19 18:10 . 2008-07-19 18:10 1,099,380 --a------ C:\WINDOWS\system32\Beautiful India.msf
2008-07-19 18:10 . 2008-07-19 18:10 412,160 --a------ C:\WINDOWS\system32\Beautiful India.scr
2008-07-19 18:10 . 2008-07-19 18:10 29,184 --a------ C:\WINDOWS\system32\sstunins.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 10:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-07-29 09:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-29 09:28 --------- d-----w C:\Program Files\Windows Live
2008-07-29 09:27 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-29 09:27 --------- d-----w C:\Program Files\QuickTime
2008-07-29 09:27 --------- d-----w C:\Program Files\Picasa2
2008-07-29 09:27 --------- d-----w C:\Program Files\Modem Helper
2008-07-29 09:27 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-07-29 09:27 --------- d-----w C:\Program Files\DivX
2008-07-29 09:27 --------- d-----w C:\Program Files\Dell
2008-07-29 09:27 --------- d-----w C:\Program Files\DC++
2008-07-29 08:49 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-07-29 08:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-26 18:37 --------- d-----w C:\Program Files\Skype
2008-06-26 18:37 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-06-26 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2007-02-08 20:34 8,282,187 ----a-w C:\Program Files\vlc-0.8.5-win32.exe
2007-02-06 15:07 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
2007-01-30 06:52 20,193,072 ----a-w C:\Program Files\SkypeSetup.exe
2006-12-19 17:21 1,127,520 ----a-w C:\Program Files\wrar361fr.exe
2006-12-15 09:59 665,934 ----a-w C:\Program Files\notepad-_notepad_2.6_francais_9567.exe
2006-08-29 14:31 251 ----a-w C:\Program Files\wt3d.ini
2006-12-15 09:13 56 --sh--r C:\WINDOWS\system32\[u]0[/u]DEEF677C7.sys
2006-12-10 16:59 88 --sh--r C:\WINDOWS\system32\C777F6EE0D.sys
2006-12-15 09:13 5,642 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24 20480]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 22:28 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 12:56 761947]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 15:58 1032192]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-30 03:22 1836544]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2004-01-14 17:16 45108]
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2004-01-14 17:42 36864]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 15:49 1121280]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 15:35 397312 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 16:22]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2006-12-05 22:43]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f9b12c3-7822-11dc-a086-0015c5191c7d}]
\Shell\AutoRun\command - G:\autoverify.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{444935ee-3dbf-11dc-a04a-0015c5191c7d}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c0f56d2-9053-11dc-a096-0015c5191c7d}]
\shell\verb1\command - desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c0f56de-9053-11dc-a096-0015c5191c7d}]
\shell\verb1\command - desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c0f56ea-9053-11dc-a096-0015c5191c7d}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5af05323-fe64-11dc-a0cc-0015c5191c7d}]
\Shell\AutoRun\command - F:\ino6.com
\Shell\explore\Command - F:\ino6.com
\Shell\open\Command - F:\ino6.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d28952c-f9eb-11dc-a0cb-0015c5191c7d}]
\Shell\AutoRun\command - F:\ino6.com
\Shell\explore\Command - F:\ino6.com
\Shell\open\Command - F:\ino6.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{669a75f3-fd0a-11da-83ee-00038a000015}]
\Shell\AutoRun\command - F:\jdwx.exe
\Shell\explore\Command - F:\jdwx.exe
\Shell\open\Command - F:\jdwx.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d8e6de0-0857-11dc-a01d-0015c5191c7d}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74ecb279-cb34-11db-9fc4-0015c5191c7d}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74ecb27a-cb34-11db-9fc4-0015c5191c7d}]
\Shell\AutoRun\command - G:\jfvkcsy.bat
\Shell\explore\Command - G:\jfvkcsy.bat
\Shell\open\Command - G:\jfvkcsy.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{830dbc1c-7b11-11db-8ca5-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{846e06d2-9035-11db-9f4c-0015c5191c7d}]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a99d8103-8506-11db-8cbd-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b13ff134-8d10-11db-9f42-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3faa5a3-7f11-11db-8cb3-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8bf22e8-def9-11db-9fe7-0015c5191c7d}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2333b28-b2d1-11dc-a0a9-0015c5191c7d}]
\Shell\AutoRun\command - G:\6.bat
\Shell\explore\Command - G:\6.bat
\Shell\open\Command - G:\6.bat
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
HKLM-Run-lphc57oj0evdp - C:\WINDOWS\system32\lphc57oj0evdp.exe
HKLM-Run-SMrhc17oj0evdp - C:\Program Files\rhc17oj0evdp\rhc17oj0evdp.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.fr/
R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{0304EC79-35A5-4BBE-A3E9-B681482ED603}: NameServer = 10.0.0.1


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 17:02:19
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-29 17:08:53 - machine was rebooted [Aur‚lienB]
ComboFix-quarantined-files.txt 2008-07-29 15:08:31

Pre-Run: 3,260,547,072 octets libres
Post-Run: 4,078,845,952 octets libres

247 --- E O F --- 2008-07-23 17:42:34
0
Réponse 4 / 12
Utilisateur anonyme
29 juil. 2008 à 21:02
Re ,

Tu connais ? :

C:\Program Files\notepad-_notepad_2.6_francais_9567.exe ?

****************************************************

Va dans le panneau de configuration, Options régionales et linguistiques, onglet "Langues", bouton "Détails", l'onglet "Avancé", cocher la case "Arrêter les services de texte avancés".


****************************************************

BRANCHE TOUTE TES CLES USB ET DISQUE DUR EXTERNES.


****************************************************

● Télécharge l'outil Flash_Disinfector de sUBs ici : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
● Enregistre Flash_Disinfector.exe sur ton bureau.
● Double clique sur Flash_Disinfector.exe pour l'exécuter.
● Quand le message : "Plug in yours flash drive & clic Ok to begin disinfection" apparaitra :
● Connecte au pc, clé USB, DD externes, susceptibles d'avoir été infectés.
● Puis clic sur Ok
● Les icônes sur le bureau vont disparaitre jusqu'à l'apparition du message: [Done!!]
● Appuies ensuite sur OK, pour faire réapparaitre le bureau.

Note:

Flash_Disinfector va créer un fichier caché nommé autorun.inf dans chaque clés usb connectées pendant que l'outil était lancé. Ne supprime pas ce fichier ... il aidera à proteger tes clés usb/DD externes de futures infections.


****************************************************

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )

File::
C:\18.tmp
C:\jk.exe
C:\e.com
C:\g2pfnid.com
C:\WINDOWS\system32\ckvo1.dll
C:\WINDOWS\system32\sstunins.exe
C:\WINDOWS\system32\C777F6EE0D.sys
C:\WINDOWS\system32\0DEEF677C7.sys
F:\ino6.com
F:\jdwx.exe
G:\jfvkcsy.bat
E:\Autorun.exe
G:\6.bat

Folder::
C:\Program Files\Java\j2re1.4.2_03
C:\Program Files\Adobe\Reader 8.0

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"igfxpers"=-
"igfxhkcmd"=-
"igfxtray"=-
"ehTray"=-
"QuickTime Task"=-
"dla"=-
"DAEMON Tools-1033"=-
"Adobe Reader Speed Launcher"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c0f56d2-9053-11dc-a096-0015c5191c7d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c0f56de-9053-11dc-a096-0015c5191c7d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5af05323-fe64-11dc-a0cc-0015c5191c7d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d28952c-f9eb-11dc-a0cb-0015c5191c7d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74ecb27a-cb34-11db-9fc4-0015c5191c7d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{846e06d2-9035-11db-9f4c-0015c5191c7d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b13ff134-8d10-11db-9f42-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2333b28-b2d1-11dc-a0a9-0015c5191c7d}]


Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.



Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.


****************************************************


A++
0
portal
30 juil. 2008 à 06:55
Bonjour

Merci de ta réponse,j'ai fait ce que tu m'as dit , voila les rapports que tu m'as demandé

celui de hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:34:27, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll (file missing)
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0304EC79-35A5-4BBE-A3E9-B681482ED603}: NameServer = 10.0.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
Utilisateur anonyme
30 juil. 2008 à 12:12
Re ,

J'aimerais le rapport Combofix complet s'il te plait.

++
0
Réponse 6 / 12
portal
30 juil. 2008 à 12:59
Voila

ComboFix 08-07-28.6 - AurélienB 2008-07-30 5:11:09.2 - NTFSx86
Endroit: C:\Documents and Settings\AurélienB\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\AurélienB\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\18.tmp
C:\e.com
C:\g2pfnid.com
C:\jk.exe
C:\WINDOWS\system32\[u]0[/u]DEEF677C7.sys
C:\WINDOWS\system32\C777F6EE0D.sys
C:\WINDOWS\system32\ckvo1.dll
C:\WINDOWS\system32\sstunins.exe
E:\Autorun.exe
F:\ino6.com
F:\jdwx.exe
G:\6.bat
G:\jfvkcsy.bat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\18.tmp
C:\e.com
C:\g2pfnid.com
C:\jk.exe
C:\Program Files\Adobe\Reader 8.0
C:\Program Files\Adobe\Reader 8.0\Esl\AiodLite.dll
C:\Program Files\Adobe\Reader 8.0\Reader\ACE.dll
C:\Program Files\Adobe\Reader 8.0\Reader\Acrofx32.dll
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.dll
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRdIF.dll
C:\Program Files\Adobe\Reader 8.0\Reader\adobe_epic.dll
C:\Program Files\Adobe\Reader 8.0\Reader\adobe_epic\eula\background.png
C:\Program Files\Adobe\Reader 8.0\Reader\adobe_epic\eula\default.css
C:\Program Files\Adobe\Reader 8.0\Reader\adobe_epic\eula\domutils.js
C:\Program Files\Adobe\Reader 8.0\Reader\adobe_epic\eula\en_US\install.html
C:\Program Files\Adobe\Reader 8.0\Reader\adobe_epic\eula\en_US\install2.html
C:\Program Files\Adobe\Reader 8.0\Reader\adobe_epic\eula\fr_FR\install.html
C:\Program Files\Adobe\Reader 8.0\Reader\adobe_epic\eula\fr_FR\install2.html
C:\Program Files\Adobe\Reader 8.0\Reader\adobe_epic\eula\onframeload.js
C:\Program Files\Adobe\Reader 8.0\Reader\adobe_epic\eula\wizardcore.js
C:\Program Files\Adobe\Reader 8.0\Reader\adobe_eula.dll
C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\AdobeLinguistic.dll
C:\Program Files\Adobe\Reader 8.0\Reader\AdobeUpdateCheck.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AdobeUpdater.dll
C:\Program Files\Adobe\Reader 8.0\Reader\AdobeXMP.dll
C:\Program Files\Adobe\Reader 8.0\Reader\AGM.dll
C:\Program Files\Adobe\Reader 8.0\Reader\AGMGPUOptIn.ini
C:\Program Files\Adobe\Reader 8.0\Reader\ahclient.dll
C:\Program Files\Adobe\Reader 8.0\Reader\AIR\nppdf32.dll
C:\Program Files\Adobe\Reader 8.0\Reader\AIR\nppdf32.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\AMT\AUMProduct.aup
C:\Program Files\Adobe\Reader 8.0\Reader\AMT\AUMProduct.cer
C:\Program Files\Adobe\Reader 8.0\Reader\atl.dll
C:\Program Files\Adobe\Reader 8.0\Reader\AXE8SharedExpat.dll
C:\Program Files\Adobe\Reader 8.0\Reader\AXSLE.dll
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Onramp\acrobat.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Onramp\b-onramp.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Onramp\bg.jpg
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Onramp\bl-onramp.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Onramp\br-onramp.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Onramp\Connecting.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Onramp\Connecting2.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Onramp\DownloadBeyondReaderIcon.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Onramp\l-onramp.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Onramp\m-onramp.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Onramp\onramp.css
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Onramp\onramp.js
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Onramp\r-onramp.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Onramp\t-onramp.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Onramp\tl-onramp.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\ENU\Onramp\tr-onramp.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\FRA\Onramp\acrobat.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\FRA\Onramp\b-onramp.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\FRA\Onramp\bg.jpg
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\FRA\Onramp\bl-onramp.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\FRA\Onramp\br-onramp.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\FRA\Onramp\Connecting.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\FRA\Onramp\Connecting2.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\FRA\Onramp\DownloadBeyondReaderIcon.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\FRA\Onramp\l-onramp.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\FRA\Onramp\m-onramp.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\FRA\Onramp\onramp.css
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\FRA\Onramp\onramp.js
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\FRA\Onramp\r-onramp.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\FRA\Onramp\t-onramp.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\FRA\Onramp\tl-onramp.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BeyondReader\FRA\Onramp\tr-onramp.gif
C:\Program Files\Adobe\Reader 8.0\Reader\BIB.dll
C:\Program Files\Adobe\Reader 8.0\Reader\BIBUtils.dll
C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
C:\Program Files\Adobe\Reader 8.0\Reader\CoolType.dll
C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll
C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.sig
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\content-locale.css
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\content.css
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Engineering.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Hanko05.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_CheckboxOn_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_CollapseAll_Md_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_Delete_Md_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_DistanceTool_Lg_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_Down_Md_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_ExpandAll_Md_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_ExportCertificate_Lg_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_ExportSelect_L_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_NavBarLayers_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_NavBarModelTree_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_NavBarShowComments_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_NavBarSign_Lg_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_NextView_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_PreviousView_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_ReplyComments_Md_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_ReviewAndComment_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_Secure_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_ShowComments_Md_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_Sign_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_Sort_Md_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_StartBreezeMeeting_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_Status_Md_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_Typerwriter_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\A_Up_Md_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\dingbat.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Images\layerisvisible.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\LRHelpContentReleaseNotes.txt
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\meta.xml
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Reader_en-us_report-conref.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Reader_en-us_report-content.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Reader_en-us_report-duplicate.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Reader_en-us_report-image.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Reader_en-us_report-indexes.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Reader_en-us_report-summary.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Reader_en-us_report-xref.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Review01.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Review02.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\Review05.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\srch_db.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\terms.js
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\version.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS0152AC38-6989-4789-A91A-DE804B4EE217.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS01D0DD7E-72C5-4bd7-98A5-61B6703E2874.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS0DB156A0-D8E0-40d1-A8FE-155D401E100A.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS116358B6-C899-4ef8-8718-5E8FEED1E80B.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS15C7F996-1DF1-4af3-8BB4-7AA64669E5A2.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS16696D10-CF60-4979-BC54-0F60285159A9.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS175FFA03-6BF0-4fa7-8D66-C91A809536CE.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS1ABEB45F-BA46-4913-A7E1-ACA6A974FE76.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS1D6D5242-53DD-40e0-B58E-95E027DCD94D.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS1E82B083-927E-47b3-AAD6-88CB47B5E992.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS21180009-84AE-4b72-9610-C38FE8B6C423.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS23BCDC6F-BC2E-489b-8D36-D875B917293B.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS23E49454-94C8-45b7-9F79-BC8CBC1621E1.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS25BA4195-6D5F-4aca-A8DF-EF72AAAAB5B1.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS26240DA8-2896-4976-8BBD-5A5CDF2DBB65.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS28F751CE-AA39-440f-8615-58F751037765.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS2AE3999E-C712-4e15-BC7C-1615EE1B5B56.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS3153B307-CB17-4269-9B46-DF43E8AC4582.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS32EEDD33-2F54-4848-9BBE-3E01F5BB2375.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS40A2300E-1DBC-4e12-9837-AD8454775679.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS4A6B605A-8F5B-4bfb-BD8E-90611BC05E4E.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS4B49EA85-530D-4820-8F46-FE0120FC591A.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS4C63D590-2C39-4ad9-9B3B-87558B53E8AD.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS4CE8758A-E53C-438a-A3EC-247A2076C1C3.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS4D7B71F8-4459-493e-A2BF-0CE66B055B46.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS4FDA872B-2373-47cc-9FC4-71EC25DFE3A8.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS500B1437-8713-43ea-87D2-C029BC4D95DB.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS569061E4-7434-4bb8-92A9-840CF861F474.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS57FC3C30-C0F1-41fb-B998-7CB8D9C9E488.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS5B5C7EE5-16D9-470a-AAC6-6F569C78D6AB.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS5DC362ED-F30C-4303-983D-9426DA6CA939.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS675A7196-68DC-405f-AA3B-1FE9D2F2E288.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS677DDFC2-618B-4128-A6A7-7BBF8B4B5FA8.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS68FC469B-1113-4ab1-BACF-C7ED43B09AC8.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS6BDF3AF5-5E90-4423-88C8-16675AF0C595.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS6F1D9AEB-BE3B-4b60-8D3F-1BB419EF1C1B.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS7098BCBC-0FA6-4a18-AFAB-6C59366399D0.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS70F00F0C-C476-46c6-BDC9-4775B21A895A.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS7101B368-E344-4a9a-9917-ACB09777A127.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS71AAA620-5DAD-4f24-A093-D184201A2CA7.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS728F554C-96AE-467c-94C3-61592E343AEC.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS7705371C-01C6-41df-8F29-EC17BE90A303.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS77BB9683-9BDA-4c93-8C4D-C10BEFD22D34.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS7804F58D-9B6D-4f83-8783-707173F19A57.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS7CF25848-721F-48e3-BF3F-7F6135505706.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS82B540C2-7F9D-4d87-9071-DA13712079F7.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS860530CA-10EF-4fcb-8517-B47769F67A93.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS86957517-D231-4f67-AA63-BB7113BA6B4C.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS913EF9D4-6D87-4858-AB2E-9AB7CD3B33AB.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS91C8140A-B901-4d25-B8EB-969199C241DE.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS953DEDAB-D5AC-491a-AC5A-9EA68DE93712.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS974BA363-E830-43a0-8A0D-54C90F13FE43.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS97FC333F-2B50-4664-A4C7-418BBD7EA061.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS98108EA9-0350-47c4-8666-C077928F7CDC.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS9A8AD2CD-C75D-4a96-A8C8-64125FC6B103.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WS9CA99867-575D-4438-A010-FEC8F2CEBEE7.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSA02AF508-E105-4e80-8928-11BCA70D3402.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSA4AFE6C3-84A0-495d-A24C-2273B637C29C.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSA64A1338-B969-4dba-80E8-BD37DFDE9180.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSA839D6AB-2E30-4c71-A779-CE4F8D964115.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSAF65B6C7-D000-4606-ACA4-7F32C9860E91.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSB11FAB59-A592-47a8-AD73-B38909D6E12F.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSB7B5F563-E2FA-4c9f-A9FD-590A22F508E7.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSB9422892-F790-4cb8-B4CD-8E4AD220A696.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSB95C4980-9B72-4e66-9ADA-CEC44E977786.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSC887FFE1-8857-4be1-BB81-BC32DE2AD7FC.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSCB6E92A7-E5C4-4285-853D-477A070EED2D.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSCCDA0B9F-2F54-4810-BAAF-04A59E60998B.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSCDCB0C74-267A-4db2-856D-EDD048947C59.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSD1D23E0E-281D-4aa8-8B10-64DB1EE65C71.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSD2ACE85B-5959-4f89-9D2B-218F9376E9D5.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSD5671438-ADC2-4616-BA90-0FF6FD03CED8.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSD5BEB284-9F6D-4635-881A-31A092178E63.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSD73A2CCE-18C6-4885-A567-3FF67DB23AF8.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSD8B6C446-DD94-4ade-928D-5A585D90870A.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSD8F4B47F-18D4-4fdf-AE0E-3C7B16CAB344.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSD96469EA-5613-41d4-A7CB-D05418271C69.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSDBCA1B83-917F-4800-BA1E-AE4D73C7436E.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSDE9DD7BF-83AA-40c7-ABDC-FFBDC84550C9.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSE2D6BFF2-376A-45ac-BB53-056DA78E65B0.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSE632035A-F854-473d-8AE0-9BD326226862.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSE9BBFA12-14C6-439d-B9E8-48630AB72870.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSEAA79063-1DAD-4317-AB33-5A68D623207D.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSEC4F451C-E254-43f9-ACFE-F242A591D0D7.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSEDA6E022-E71D-4185-8BE4-437766DA1F87.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSEE1DFE49-1C7E-4648-AFD8-7A5CFA20391D.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSF19D4446-A439-4adc-B9ED-E11325487E28.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSF30BC11C-BCEF-4e2b-8934-059526ED0229.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\ENU\WSF3FF17C0-8293-4cf7-B1B6-C362AC31072E.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\content-locale.css
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\content.css
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Engineering.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Hanko05.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_CheckboxOn_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_CollapseAll_Md_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_Delete_Md_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_DistanceTool_Lg_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_Down_Md_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_ExpandAll_Md_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_ExportCertificate_Lg_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_ExportSelect_L_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_NavBarLayers_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_NavBarModelTree_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_NavBarShowComments_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_NavBarSign_Lg_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_NextView_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_PreviousView_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_ReplyComments_Md_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_ReviewAndComment_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_Secure_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_ShowComments_Md_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_Sign_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_Sort_Md_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_StartBreezeMeeting_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_Status_Md_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_Typerwriter_Sm_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\A_Up_Md_N.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\dingbat.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Images\layerisvisible.png
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\meta.xml
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Review01.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Review02.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\Review05.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\srch_db.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\terms.js
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\version.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS0152AC38-6989-4789-A91A-DE804B4EE217.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS01D0DD7E-72C5-4bd7-98A5-61B6703E2874.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS0DB156A0-D8E0-40d1-A8FE-155D401E100A.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS116358B6-C899-4ef8-8718-5E8FEED1E80B.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS15C7F996-1DF1-4af3-8BB4-7AA64669E5A2.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS16696D10-CF60-4979-BC54-0F60285159A9.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS175FFA03-6BF0-4fa7-8D66-C91A809536CE.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS1ABEB45F-BA46-4913-A7E1-ACA6A974FE76.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS1D6D5242-53DD-40e0-B58E-95E027DCD94D.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS1E82B083-927E-47b3-AAD6-88CB47B5E992.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS21180009-84AE-4b72-9610-C38FE8B6C423.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS23BCDC6F-BC2E-489b-8D36-D875B917293B.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS23E49454-94C8-45b7-9F79-BC8CBC1621E1.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS25BA4195-6D5F-4aca-A8DF-EF72AAAAB5B1.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS26240DA8-2896-4976-8BBD-5A5CDF2DBB65.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS28F751CE-AA39-440f-8615-58F751037765.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS2AE3999E-C712-4e15-BC7C-1615EE1B5B56.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS3153B307-CB17-4269-9B46-DF43E8AC4582.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS32EEDD33-2F54-4848-9BBE-3E01F5BB2375.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS40A2300E-1DBC-4e12-9837-AD8454775679.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS4A6B605A-8F5B-4bfb-BD8E-90611BC05E4E.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS4B49EA85-530D-4820-8F46-FE0120FC591A.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS4C63D590-2C39-4ad9-9B3B-87558B53E8AD.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS4CE8758A-E53C-438a-A3EC-247A2076C1C3.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS4D7B71F8-4459-493e-A2BF-0CE66B055B46.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS4FDA872B-2373-47cc-9FC4-71EC25DFE3A8.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS500B1437-8713-43ea-87D2-C029BC4D95DB.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS569061E4-7434-4bb8-92A9-840CF861F474.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS57FC3C30-C0F1-41fb-B998-7CB8D9C9E488.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS5B5C7EE5-16D9-470a-AAC6-6F569C78D6AB.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS5DC362ED-F30C-4303-983D-9426DA6CA939.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS675A7196-68DC-405f-AA3B-1FE9D2F2E288.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS677DDFC2-618B-4128-A6A7-7BBF8B4B5FA8.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS68FC469B-1113-4ab1-BACF-C7ED43B09AC8.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS6BDF3AF5-5E90-4423-88C8-16675AF0C595.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS6F1D9AEB-BE3B-4b60-8D3F-1BB419EF1C1B.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS7098BCBC-0FA6-4a18-AFAB-6C59366399D0.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS70F00F0C-C476-46c6-BDC9-4775B21A895A.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS7101B368-E344-4a9a-9917-ACB09777A127.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS71AAA620-5DAD-4f24-A093-D184201A2CA7.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS728F554C-96AE-467c-94C3-61592E343AEC.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS7705371C-01C6-41df-8F29-EC17BE90A303.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS77BB9683-9BDA-4c93-8C4D-C10BEFD22D34.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS7804F58D-9B6D-4f83-8783-707173F19A57.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS7CF25848-721F-48e3-BF3F-7F6135505706.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS82B540C2-7F9D-4d87-9071-DA13712079F7.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS860530CA-10EF-4fcb-8517-B47769F67A93.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS86957517-D231-4f67-AA63-BB7113BA6B4C.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS913EF9D4-6D87-4858-AB2E-9AB7CD3B33AB.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS91C8140A-B901-4d25-B8EB-969199C241DE.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS953DEDAB-D5AC-491a-AC5A-9EA68DE93712.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS97FC333F-2B50-4664-A4C7-418BBD7EA061.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS98108EA9-0350-47c4-8666-C077928F7CDC.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS9A8AD2CD-C75D-4a96-A8C8-64125FC6B103.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WS9CA99867-575D-4438-A010-FEC8F2CEBEE7.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSA02AF508-E105-4e80-8928-11BCA70D3402.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSA4AFE6C3-84A0-495d-A24C-2273B637C29C.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSA64A1338-B969-4dba-80E8-BD37DFDE9180.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSA839D6AB-2E30-4c71-A779-CE4F8D964115.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSAF65B6C7-D000-4606-ACA4-7F32C9860E91.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSB11FAB59-A592-47a8-AD73-B38909D6E12F.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSB7B5F563-E2FA-4c9f-A9FD-590A22F508E7.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSB9422892-F790-4cb8-B4CD-8E4AD220A696.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSB95C4980-9B72-4e66-9ADA-CEC44E977786.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSC887FFE1-8857-4be1-BB81-BC32DE2AD7FC.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSCB6E92A7-E5C4-4285-853D-477A070EED2D.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSCCDA0B9F-2F54-4810-BAAF-04A59E60998B.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSCDCB0C74-267A-4db2-856D-EDD048947C59.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSD1D23E0E-281D-4aa8-8B10-64DB1EE65C71.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSD2ACE85B-5959-4f89-9D2B-218F9376E9D5.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSD5671438-ADC2-4616-BA90-0FF6FD03CED8.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSD5BEB284-9F6D-4635-881A-31A092178E63.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSD73A2CCE-18C6-4885-A567-3FF67DB23AF8.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSD8B6C446-DD94-4ade-928D-5A585D90870A.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSD8F4B47F-18D4-4fdf-AE0E-3C7B16CAB344.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSD96469EA-5613-41d4-A7CB-D05418271C69.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSDBCA1B83-917F-4800-BA1E-AE4D73C7436E.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSDE9DD7BF-83AA-40c7-ABDC-FFBDC84550C9.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSE2D6BFF2-376A-45ac-BB53-056DA78E65B0.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSE632035A-F854-473d-8AE0-9BD326226862.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSE9BBFA12-14C6-439d-B9E8-48630AB72870.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSEAA79063-1DAD-4317-AB33-5A68D623207D.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSEC4F451C-E254-43f9-ACFE-F242A591D0D7.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSEDA6E022-E71D-4185-8BE4-437766DA1F87.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSEE1DFE49-1C7E-4648-AFD8-7A5CFA20391D.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSF19D4446-A439-4adc-B9ED-E11325487E28.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSF30BC11C-BCEF-4e2b-8934-059526ED0229.html
C:\Program Files\Adobe\Reader 8.0\Reader\HowTo\FRA\WSF3FF17C0-8293-4cf7-B1B6-C362AC31072E.html
C:\Program Files\Adobe\Reader 8.0\Reader\icucnv34.dll
C:\Program Files\Adobe\Reader 8.0\Reader\icudt34.dll
C:\Program Files\Adobe\Reader 8.0\Reader\IDTemplates\ENU\AdobeID.pdf
C:\Program Files\Adobe\Reader 8.0\Reader\IDTemplates\ENU\DefaultID.pdf
C:\Program Files\Adobe\Reader 8.0\Reader\IDTemplates\FRA\AdobeID.pdf
C:\Program Files\Adobe\Reader 8.0\Reader\IDTemplates\FRA\DefaultID.pdf
C:\Program Files\Adobe\Reader 8.0\Reader\Javascripts\JSByteCodeWin.bin
C:\Program Files\Adobe\Reader 8.0\Reader\JP2KLib.dll
C:\Program Files\Adobe\Reader 8.0\Reader\Legal\en_US\license.html
C:\Program Files\Adobe\Reader 8.0\Reader\Legal\fr_FR\license.html
C:\Program Files\Adobe\Reader 8.0\Reader\Lisezmoi.htm
C:\Program Files\Adobe\Reader 8.0\Reader\Onix32.dll
C:\Program Files\Adobe\Reader 8.0\Reader\Optional\README.TXT
C:\Program Files\Adobe\Reader 8.0\Reader\PDFPrevHndlr.dll
C:\Program Files\Adobe\Reader 8.0\Reader\PDFPrevHndlrShim.exe
C:\Program Files\Adobe\Reader 8.0\Reader\PDFSigQFormalRep.pdf
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Accessibility.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\accessibility.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\AcroForm.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Acroform.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\AcroForm\adobepdf.xdc
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\AcroForm\PMP\AdobePDF417.pmp
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\AcroForm\PMP\QRCode.pmp
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\AcroSign.prc
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annotations\Stamps\FRA\Dynamic.pdf
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annotations\Stamps\FRA\SignHere.pdf
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annotations\Stamps\FRA\StandardBusiness.pdf
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annotations\Stamps\Words.pdf
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annots.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annots.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Checkers.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Checkers.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DigSig.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DigSig.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DVA.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DVA.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\eBook.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\eBook.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EScript.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EScript.fra
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EWH32.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EWH32.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\HLS.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Hls.fra
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\IA32.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\IA32.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ImageViewer.API
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ImageViewer.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ImageViewer\en_US\svgrsrc.dll
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ImageViewer\en_US\SVGViewer.dict
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ImageViewer\fr_FR\svgrsrc.dll
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ImageViewer\fr_FR\SVGViewer.dict
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ImageViewer\SVGCore.DLL
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\MakeAccessible.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\makeaccessible.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia\MPP\Flash.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia\MPP\Flash.mpp
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia\MPP\Mcimpp.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia\MPP\QuickTime.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia\MPP\Real.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia\MPP\Real.mpp
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia\MPP\WindowsMedia.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PDDom.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\pddom.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PPKLite.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PPKLITE.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\reflow.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\reflow.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search5.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search5.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SendMail.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SendMail.fra
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Spelling.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Spelling.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Updater.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\updater.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\ENU\acro20.lng
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\ENU\Vdk10.lng
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\ENU\VDK10.RSD
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\ENU\Vdk10.rst
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\ENU\VDK10.STC
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\ENU\VDK10.STP
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\ENU\VDK10.SYD
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\FRA\VDK10.LNG
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\FRA\VDK10.RSD
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\FRA\VDK10.RST
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\FRA\VDK10.STC
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\FRA\VDK10.STP
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\FRA\VDK10.SYD
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\VDK10.CMP
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\VDK10.LIC
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\VDK10.STD
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\VDK10.SYX
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\VDKHome\VDK10.THD
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\weblink.api
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Weblink.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins3d\2d.x3d
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins3d\3difr.x3d
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins3d\drvDX8.x3d
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins3d\drvDX9.x3d
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins3d\drvSOFT.x3d
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins3d\prc\MyriadCAD.otf
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins3d\prcr.x3d
C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins3d\tesselate.x3d
C:\Program Files\Adobe\Reader 8.0\Reader\pmd.cer
C:\Program Files\Adobe\Reader 8.0\Reader\RdLang32.FRA
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\ReadMe.htm
C:\Program Files\Adobe\Reader 8.0\Reader\rt3d.dll
C:\Program Files\Adobe\Reader 8.0\Reader\SPPlugins\ADMPlugin.apl
C:\Program Files\Adobe\Reader 8.0\Reader\Tracker\add_reviewer.gif
C:\Program Files\Adobe\Reader 8.0\Reader\Tracker\email_all.gif
C:\Program Files\Adobe\Reader 8.0\Reader\Tracker\email_initiator.gif
C:\Program Files\Adobe\Reader 8.0\Reader\Tracker\info.gif
C:\Program Files\Adobe\Reader 8.0\Reader\Tracker\joined_lg.gif
C:\Program Files\Adobe\Reader 8.0\Reader\Tracker\main.css
C:\Program Files\Adobe\Reader 8.0\Reader\Tracker\review_browser.gif
C:\Program Files\Adobe\Reader 8.0\Reader\Tracker\review_email.gif
C:\Program Files\Adobe\Reader 8.0\Reader\Tracker\review_shared.gif
C:\Program Files\Adobe\Reader 8.0\Reader\Tracker\reviewers.gif
C:\Program Files\Adobe\Reader 8.0\Reader\Tracker\sent_lg.gif
C:\Program Files\Adobe\Reader 8.0\Reader\Tracker\server_issue.gif
C:\Program Files\Adobe\Reader 8.0\Reader\Tracker\server_lg.gif
C:\Program Files\Adobe\Reader 8.0\Reader\Tracker\server_ok.gif
C:\Program Files\Adobe\Reader 8.0\Reader\Tracker\trash.gif
C:\Program Files\Adobe\Reader 8.0\Reader\vdk150.dll
C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll
C:\Program Files\Adobe\Reader 8.0\Resource\CMap\Identity-H
C:\Program Files\Adobe\Reader 8.0\Resource\CMap\Identity-V
C:\Program Files\Adobe\Reader 8.0\Resource\ENUtxt.pdf
C:\Program Files\Adobe\Reader 8.0\Resource\Font\AdobePiStd.otf
C:\Program Files\Adobe\Reader 8.0\Resource\Font\CourierStd-Bold.otf
C:\Program Files\Adobe\Reader 8.0\Resource\Font\CourierStd-BoldOblique.otf
C:\Program Files\Adobe\Reader 8.0\Resource\Font\CourierStd-Oblique.otf
C:\Program Files\Adobe\Reader 8.0\Resource\Font\CourierStd.otf
C:\Program Files\Adobe\Reader 8.0\Resource\Font\MinionPro-Bold.otf
C:\Program Files\Adobe\Reader 8.0\Resource\Font\MinionPro-BoldIt.otf
C:\Program Files\Adobe\Reader 8.0\Resource\Font\MinionPro-It.otf
C:\Program Files\Adobe\Reader 8.0\Resource\Font\MinionPro-Regular.otf
C:\Program Files\Adobe\Reader 8.0\Resource\Font\MyriadPro-Bold.otf
C:\Program Files\Adobe\Reader 8.0\Resource\Font\MyriadPro-BoldIt.otf
C:\Program Files\Adobe\Reader 8.0\Resource\Font\MyriadPro-It.otf
C:\Program Files\Adobe\Reader 8.0\Resource\Font\MyriadPro-Regular.otf
C:\Program Files\Adobe\Reader 8.0\Resource\Font\PFM\SY______.PFM
C:\Program Files\Adobe\Reader 8.0\Resource\Font\PFM\zx______.pfm
C:\Program Files\Adobe\Reader 8.0\Resource\Font\PFM\zy______.pfm
C:\Program Files\Adobe\Reader 8.0\Resource\Font\SY______.PFB
C:\Program Files\Adobe\Reader 8.0\Resource\Font\ZX______.PFB
C:\Program Files\Adobe\Reader 8.0\Resource\Font\ZY______.PFB
C:\Program Files\Adobe\Reader 8.0\Resource\Linguistics\LanguageNames\DisplayLanguageNames.fr_FR.txt
C:\Program Files\Adobe\Reader 8.0\Resource\Linguistics\Providers\Proximity\cfr32.clx
C:\Program Files\Adobe\Reader 8.0\Resource\Linguistics\Providers\Proximity\cfr68.lex
C:\Program Files\Adobe\Reader 8.0\Resource\Linguistics\Providers\Proximity\cfrphon.env
C:\Program Files\Adobe\Reader 8.0\Resource\Linguistics\Providers\Proximity\frn21.lex
C:\Program Files\Adobe\Reader 8.0\Resource\Linguistics\Providers\Proximity\frn32.clx
C:\Program Files\Adobe\Reader 8.0\Resource\Linguistics\Providers\Proximity\frnphon.env
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1036-7B44-A81200000003}\abcpy.ini
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1036-7B44-A81200000003}\AcroRead.msi
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1036-7B44-A81200000003}\Data1.cab
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1036-7B44-A81200000003}\RunTimeProp
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1036-7B44-A81200000003}\Setup.exe
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1036-7B44-A81200000003}\setup.ini
C:\Program Files\Java\j2re1.4.2_03
C:\Program Files\Java\j2re1.4.2_03\bin\awt.dll
C:\Program Files\Java\j2re1.4.2_03\bin\axbridge.dll
C:\Program Files\Java\j2re1.4.2_03\bin\client\jvm.dll
C:\Program Files\Java\j2re1.4.2_03\bin\client\Xusage.txt
C:\Program Files\Java\j2re1.4.2_03\bin\cmm.dll
C:\Program Files\Java\j2re1.4.2_03\bin\dcpr.dll
C:\Program Files\Java\j2re1.4.2_03\bin\dt_shmem.dll
C:\Program Files\Java\j2re1.4.2_03\bin\dt_socket.dll
C:\Program Files\Java\j2re1.4.2_03\bin\eula.dll
C:\Program Files\Java\j2re1.4.2_03\bin\fontmanager.dll
C:\Program Files\Java\j2re1.4.2_03\bin\hpi.dll
C:\Program Files\Java\j2re1.4.2_03\bin\hprof.dll
C:\Program Files\Java\j2re1.4.2_03\bin\ioser12.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jaas_nt.dll
C:\Program Files\Java\j2re1.4.2_03\bin\java.dll
C:\Program Files\Java\j2re1.4.2_03\bin\java.exe
C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jawt.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jcov.dll
C:\Program Files\Java\j2re1.4.2_03\bin\JdbcOdbc.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jdwp.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jpeg.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jpicom32.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jpicpl32.cpl
C:\Program Files\Java\j2re1.4.2_03\bin\jpicpl32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jpiexp32.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jpins4.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jpins6.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jpins7.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jpinsp.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jpishare.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jsound.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\keytool.exe
C:\Program Files\Java\j2re1.4.2_03\bin\kinit.exe
C:\Program Files\Java\j2re1.4.2_03\bin\klist.exe
C:\Program Files\Java\j2re1.4.2_03\bin\ktab.exe
C:\Program Files\Java\j2re1.4.2_03\bin\msvcrt.dll
C:\Program Files\Java\j2re1.4.2_03\bin\net.dll
C:\Program Files\Java\j2re1.4.2_03\bin\nio.dll
C:\Program Files\Java\j2re1.4.2_03\bin\NPJava11.dll
C:\Program Files\Java\j2re1.4.2_03\bin\NPJava12.dll
C:\Program Files\Java\j2re1.4.2_03\bin\NPJava13.dll
C:\Program Files\Java\j2re1.4.2_03\bin\NPJava14.dll
C:\Program Files\Java\j2re1.4.2_03\bin\NPJava32.dll
C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
C:\Program Files\Java\j2re1.4.2_03\bin\NPOJI610.dll
C:\Program Files\Java\j2re1.4.2_03\bin\orbd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\policytool.exe
C:\Program Files\Java\j2re1.4.2_03\bin\RegUtils.dll
C:\Program Files\Java\j2re1.4.2_03\bin\rmi.dll
C:\Program Files\Java\j2re1.4.2_03\bin\rmid.exe
C:\Program Files\Java\j2re1.4.2_03\bin\rmiregistry.exe
C:\Program Files\Java\j2re1.4.2_03\bin\servertool.exe
C:\Program Files\Java\j2re1.4.2_03\bin\tnameserv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\verify.dll
C:\Program Files\Java\j2re1.4.2_03\bin\w2k_lsa_auth.dll
C:\Program Files\Java\j2re1.4.2_03\bin\zip.dll
C:\Program Files\Java\j2re1.4.2_03\CHANGES
C:\Program Files\Java\j2re1.4.2_03\COPYRIGHT
C:\Program Files\Java\j2re1.4.2_03\javaws\cacerts
C:\Program Files\Java\j2re1.4.2_03\javaws\JavaCup.ico
C:\Program Files\Java\j2re1.4.2_03\javaws\javalogo52x88.gif
C:\Program Files\Java\j2re1.4.2_03\javaws\JavaWebStart.dll
C:\Program Files\Java\j2re1.4.2_03\javaws\javaws-l10n.jar
C:\Program Files\Java\j2re1.4.2_03\javaws\javaws-license.txt
C:\Program Files\Java\j2re1.4.2_03\javaws\javaws.exe
C:\Program Files\Java\j2re1.4.2_03\javaws\javaws.jar
C:\Program Files\Java\j2re1.4.2_03\javaws\javaws.policy
C:\Program Files\Java\j2re1.4.2_03\javaws\javawspl.dll
C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_de.html
C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_es.html
C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_fr.html
C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_it.html
C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_ja.html
C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_ko.html
C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_sv.html
C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_zh_CN.html
C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_zh_TW.html
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\copyright.jpg
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages_de.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages_es.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages_fr.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages_it.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages_ja.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages_ko.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages_sv.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages_zh_CN.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages_zh_TW.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\miniSplash.jpg
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\splash.jpg
C:\Program Files\Java\j2re1.4.2_03\javaws\sunlogo64x30.gif
C:\Program Files\Java\j2re1.4.2_03\lib\audio\soundbank.gm
C:\Program Files\Java\j2re1.4.2_03\lib\charsets.jar
C:\Program Files\Java\j2re1.4.2_03\lib\cmm\CIEXYZ.pf
C:\Program Files\Java\j2re1.4.2_03\lib\cmm\GRAY.pf
C:\Program Files\Java\j2re1.4.2_03\lib\cmm\LINEAR_RGB.pf
C:\Program Files\Java\j2re1.4.2_03\lib\cmm\PYCC.pf
C:\Program Files\Java\j2re1.4.2_03\lib\cmm\sRGB.pf
C:\Program Files\Java\j2re1.4.2_03\lib\content-types.properties
C:\Program Files\Java\j2re1.4.2_03\lib\ext\dnsns.jar
C:\Program Files\Java\j2re1.4.2_03\lib\ext\ldapsec.jar
C:\Program Files\Java\j2re1.4.2_03\lib\ext\localedata.jar
C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
C:\Program Files\Java\j2re1.4.2_03\lib\ext\sunjce_provider.jar
C:\Program Files\Java\j2re1.4.2_03\lib\flavormap.properties
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.CP1250
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.CP1251
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.CP1253
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.CP1254
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.CP1256
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.CP1257
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.hi
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.iw
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.ja
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.ko
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.MS950_HKSCS
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.ru
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.th
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.zh
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.zh.98
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.zh_CN_GB18030
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.zh_TW
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.zh_TW.95
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.zh_TW_MS950_HKSCS
C:\Program Files\Java\j2re1.4.2_03\lib\fonts\LucidaBrightDemiBold.ttf
C:\Program Files\Java\j2re1.4.2_03\lib\fonts\LucidaBrightDemiItalic.ttf
C:\Program Files\Java\j2re1.4.2_03\lib\fonts\LucidaBrightItalic.ttf
C:\Program Files\Java\j2re1.4.2_03\lib\fonts\LucidaBrightRegular.ttf
C:\Program Files\Java\j2re1.4.2_03\lib\fonts\LucidaSansDemiBold.ttf
C:\Program Files\Java\j2re1.4.2_03\lib\fonts\LucidaSansRegular.ttf
C:\Program Files\Java\j2re1.4.2_03\lib\fonts\LucidaTypewriterBold.ttf
C:\Program Files\Java\j2re1.4.2_03\lib\fonts\LucidaTypewriterRegular.ttf
C:\Program Files\Java\j2re1.4.2_03\lib\i386\jvm.cfg
C:\Program Files\Java\j2re1.4.2_03\lib\im\indicim.jar
C:\Program Files\Java\j2re1.4.2_03\lib\im\thaiim.jar
C:\Program Files\Java\j2re1.4.2_03\lib\images\cursors\cursors.properties
C:\Program Files\Java\j2re1.4.2_03\lib\images\cursors\invalid32x32.gif
C:\Program Files\Java\j2re1.4.2_03\lib\images\cursors\win32_CopyDrop32x32.gif
C:\Program Files\Java\j2re1.4.2_03\lib\images\cursors\win32_CopyNoDrop32x32.gif
C:\Program Files\Java\j2re1.4.2_03\lib\images\cursors\win32_LinkDrop32x32.gif
C:\Program Files\Java\j2re1.4.2_03\lib\images\cursors\win32_LinkNoDrop32x32.gif
C:\Program Files\Java\j2re1.4.2_03\lib\images\cursors\win32_MoveDrop32x32.gif
C:\Program Files\Java\j2re1.4.2_03\lib\images\cursors\win32_MoveNoDrop32x32.gif
C:\Program Files\Java\j2re1.4.2_03\lib\jce.jar
C:\Program Files\Java\j2re1.4.2_03\lib\jsse.jar
C:\Program Files\Java\j2re1.4.2_03\lib\jvm.hprof.txt
C:\Program Files\Java\j2re1.4.2_03\lib\jvm.jcov.txt
C:\Program Files\Java\j2re1.4.2_03\lib\logging.properties
C:\Program Files\Java\j2re1.4.2_03\lib\plugin.jar
C:\Program Files\Java\j2re1.4.2_03\lib\psfont.properties.ja
C:\Program Files\Java\j2re1.4.2_03\lib\psfontj2d.properties
C:\Program Files\Java\j2re1.4.2_03\lib\rt.jar
C:\Program Files\Java\j2re1.4.2_03\lib\security\cacerts
C:\Program Files\Java\j2re1.4.2_03\lib\security\java.policy
C:\Program Files\Java\j2re1.4.2_03\lib\security\java.security
C:\Program Files\Java\j2re1.4.2_03\lib\security\local_policy.jar
C:\Program Files\Java\j2re1.4.2_03\lib\security\US_export_policy.jar
C:\Program Files\Java\j2re1.4.2_03\lib\sunrsasign.jar
C:\Program Files\Java\j2re1.4.2_03\lib\tzmappings
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Abidjan
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Accra
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Addis_Ababa
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Algiers
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Asmera
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Bamako
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Bangui
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Banjul
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Bissau
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Blantyre
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Brazzaville
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Bujumbura
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Cairo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Casablanca
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Ceuta
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Conakry
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Dakar
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Dar_es_Salaam
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Djibouti
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Douala
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\El_Aaiun
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Freetown
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Gaborone
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Harare
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Johannesburg
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Kampala
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Khartoum
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Kigali
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Kinshasa
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Lagos
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Libreville
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Lome
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Luanda
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Lubumbashi
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Lusaka
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Malabo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Maputo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Maseru
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Mbabane
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Mogadishu
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Monrovia
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Nairobi
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Ndjamena
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Niamey
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Nouakchott
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Ouagadougou
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Porto-Novo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Sao_Tome
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Timbuktu
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Tripoli
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Tunis
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Windhoek
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Adak
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Anchorage
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Anguilla
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Antigua
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Araguaina
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Aruba
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Asuncion
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Barbados
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Belem
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Belize
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Boa_Vista
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Bogota
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Boise
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Buenos_Aires
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Cambridge_Bay
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Cancun
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Caracas
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Catamarca
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Cayenne
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Cayman
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Chicago
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Chihuahua
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Cordoba
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Costa_Rica
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Cuiaba
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Curacao
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Danmarkshavn
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Dawson
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Dawson_Creek
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Denver
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Detroit
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Dominica
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Edmonton
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Eirunepe
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\El_Salvador
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Fortaleza
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Glace_Bay
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Godthab
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Goose_Bay
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Grand_Turk
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Grenada
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Guadeloupe
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Guatemala
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Guayaquil
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Guyana
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Halifax
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Havana
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Hermosillo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Indiana\Knox
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Indiana\Marengo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Indiana\Vevay
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Indianapolis
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Inuvik
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Iqaluit
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Jamaica
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Jujuy
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Juneau
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Kentucky\Monticello
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\La_Paz
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Lima
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Los_Angeles
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Louisville
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Maceio
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Managua
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Manaus
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Martinique
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Mazatlan
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Mendoza
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Menominee
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Merida
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Mexico_City
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Miquelon
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Monterrey
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Montevideo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Montreal
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Montserrat
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Nassau
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\New_York
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Nipigon
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Nome
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Noronha
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\North_Dakota\Center
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Panama
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Pangnirtung
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Paramaribo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Phoenix
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Port-au-Prince
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Port_of_Spain
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Porto_Velho
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Puerto_Rico
C:\Program Files
0
Réponse 7 / 12
Utilisateur anonyme
30 juil. 2008 à 13:02
Re ,

Trop long à mon avis.

Relance Combofix normalement et poste le rapport.

( n'oublie pas de désactiver ton Anti-virus , etc ... )

++
0
Réponse 8 / 12
portal
30 juil. 2008 à 13:47
Merci de ton aide
Voilà, j’ai relancer ComboFix le plus simplement possible, le rapport est effectivement plus court :


ComboFix 08-07-28.6 - AurélienB 2008-07-30 13:20:45.3 - NTFSx86
Endroit: C:\Documents and Settings\AurélienB\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))))))
.

2008-07-29 17:09 . 2008-07-29 17:09 <REP> d-------- C:\Documents and Settings\AurÚlienB
2008-07-29 12:24 . 2008-07-29 12:24 <REP> d-------- C:\Program Files\Trend Micro
2008-07-29 06:26 . 2008-07-29 06:26 <REP> d-------- C:\Program Files\Alwil Software
2008-07-28 18:24 . 2008-07-29 10:40 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-27 17:47 . 2008-07-27 17:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-27 17:47 . 2008-07-27 17:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-26 22:22 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-07-26 22:22 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\dllcache\mstee.sys
2008-07-26 22:20 . 2008-07-26 22:20 <REP> d-------- C:\Program Files\Fichiers communs\logishrd
2008-07-26 22:20 . 2004-08-04 00:55 91,648 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-07-26 22:20 . 2004-08-04 00:55 91,648 --a------ C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-07-26 22:20 . 2004-08-04 00:55 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-07-26 22:20 . 2004-08-04 00:55 61,952 --a------ C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-07-26 22:20 . 2004-08-04 00:54 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-07-26 22:20 . 2004-08-04 00:54 54,784 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-07-26 22:20 . 2004-08-04 00:55 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-07-26 22:20 . 2004-08-04 00:55 43,008 --a------ C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-07-26 22:20 . 2004-08-04 00:55 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-07-26 22:20 . 2004-08-04 00:55 28,672 --a------ C:\WINDOWS\system32\dllcache\vidcap.ax
2008-07-26 22:18 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-26 22:18 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-19 18:10 . 2008-07-19 18:10 1,099,380 --a------ C:\WINDOWS\system32\Beautiful India.msf
2008-07-19 18:10 . 2008-07-19 18:10 412,160 --a------ C:\WINDOWS\system32\Beautiful India.scr
2008-06-26 20:40 . 2008-07-30 12:01 <REP> d-------- C:\Documents and Settings\AurélienB\Application Data\skypePM
2008-06-26 20:40 . 2008-06-26 20:40 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-26 20:37 . 2008-06-26 20:37 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-06-25 09:18 . 2008-06-25 09:18 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-25 08:50 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-25 08:50 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-20 19:41 . 2008-06-20 19:41 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-18 19:52 . 2008-06-18 19:52 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-11 02:07 . 2008-06-11 02:07 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-06-11 02:07 . 2008-06-11 02:07 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-06-11 02:04 . 2008-06-11 02:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-06-11 02:04 . 2008-06-11 02:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 11:01 --------- d-----w C:\Documents and Settings\AurélienB\Application Data\Skype
2008-07-30 09:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-30 03:15 --------- d-----w C:\Program Files\Java
2008-07-29 14:05 94,208 ----a-w C:\WINDOWS\system32\35.tmp
2008-07-29 12:27 94,208 ----a-w C:\WINDOWS\system32\1F3.tmp
2008-07-29 12:27 94,208 ----a-w C:\WINDOWS\system32\1F2.tmp
2008-07-29 12:26 94,208 ----a-w C:\WINDOWS\system32\1F1.tmp
2008-07-29 12:26 94,208 ----a-w C:\WINDOWS\system32\1F0.tmp
2008-07-29 12:26 94,208 ----a-w C:\WINDOWS\system32\1EF.tmp
2008-07-29 12:25 94,208 ----a-w C:\WINDOWS\system32\1EE.tmp
2008-07-29 11:15 94,208 ----a-w C:\WINDOWS\system32\1ED.tmp
2008-07-29 11:14 94,208 ----a-w C:\WINDOWS\system32\1CF.tmp
2008-07-29 11:14 94,208 ----a-w C:\WINDOWS\system32\1CE.tmp
2008-07-29 11:12 94,208 ----a-w C:\WINDOWS\system32\1CD.tmp
2008-07-29 10:47 94,208 ----a-w C:\WINDOWS\system32\1CC.tmp
2008-07-29 10:43 94,208 ----a-w C:\WINDOWS\system32\1C6.tmp
2008-07-29 10:14 94,208 ----a-w C:\WINDOWS\system32\11B.tmp
2008-07-29 10:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-07-29 09:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-29 09:28 --------- d-----w C:\Program Files\Windows Live
2008-07-29 09:27 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-29 09:27 --------- d-----w C:\Program Files\QuickTime
2008-07-29 09:27 --------- d-----w C:\Program Files\Picasa2
2008-07-29 09:27 --------- d-----w C:\Program Files\Modem Helper
2008-07-29 09:27 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-07-29 09:27 --------- d-----w C:\Program Files\DivX
2008-07-29 09:27 --------- d-----w C:\Program Files\Dell
2008-07-29 09:27 --------- d-----w C:\Program Files\DC++
2008-07-29 08:49 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-26 18:37 --------- d-----w C:\Program Files\Skype
2008-06-26 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-02-08 20:34 8,282,187 ----a-w C:\Program Files\vlc-0.8.5-win32.exe
2007-02-06 15:07 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
2007-01-30 06:52 20,193,072 ----a-w C:\Program Files\SkypeSetup.exe
2006-12-19 17:21 1,127,520 ----a-w C:\Program Files\wrar361fr.exe
2006-12-15 09:59 665,934 ----a-w C:\Program Files\notepad-_notepad_2.6_francais_9567.exe
2006-08-29 14:31 251 ----a-w C:\Program Files\wt3d.ini
2006-12-15 09:13 5,642 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-29_17.08.15.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-28 16:26:07 73,158 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-29 15:06:22 73,158 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-28 16:26:08 87,004 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-07-29 15:06:22 87,004 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-07-28 16:26:08 446,204 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-29 15:06:22 446,204 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-07-28 16:26:08 515,698 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-07-29 15:06:22 515,698 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-07-30 04:27:56 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_e0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24 20480]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 22:28 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 12:56 761947]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 15:58 1032192]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29 49152]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-30 03:22 1836544]
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2004-01-14 17:16 45108]
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2004-01-14 17:42 36864]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 15:49 1121280]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 15:35 397312 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-22 00:34:08 113664]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-08 23:25:04 24576]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-02-06 18:44:22 124912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 16:22]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2006-12-05 22:43]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f9b12c3-7822-11dc-a086-0015c5191c7d}]
\Shell\AutoRun\command - G:\autoverify.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{444935ee-3dbf-11dc-a04a-0015c5191c7d}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c0f56ea-9053-11dc-a096-0015c5191c7d}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{669a75f3-fd0a-11da-83ee-00038a000015}]
\Shell\AutoRun\command - F:\jdwx.exe
\Shell\explore\Command - F:\jdwx.exe
\Shell\open\Command - F:\jdwx.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d8e6de0-0857-11dc-a01d-0015c5191c7d}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74ecb279-cb34-11db-9fc4-0015c5191c7d}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{830dbc1c-7b11-11db-8ca5-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a99d8103-8506-11db-8cbd-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3faa5a3-7f11-11db-8cb3-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8bf22e8-def9-11db-9fe7-0015c5191c7d}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

2006-06-16 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-10 13:00]

2008-07-25 C:\WINDOWS\Tasks\Recherche de virus de McAfee.com - Mon ordinateur (Aurélien-AurélienB).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.fr/
R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{0304EC79-35A5-4BBE-A3E9-B681482ED603}: NameServer = 10.0.0.1


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 13:25:44
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-30 13:30:43
ComboFix-quarantined-files.txt 2008-07-30 11:30:20
ComboFix2.txt 2008-07-30 03:31:07
ComboFix3.txt 2008-07-29 15:08:55

Pre-Run: 4,163,121,152 octets libres
Post-Run: 4,159,389,696 octets libres

221 --- E O F --- 2008-07-23 17:42:34
0
Réponse 9 / 12
Utilisateur anonyme
30 juil. 2008 à 14:07
Re ,

Supprime ces fichiers :


C:\WINDOWS\system32\35.tmp
C:\WINDOWS\system32\1F3.tmp
C:\WINDOWS\system32\1F2.tmp
C:\WINDOWS\system32\1F1.tmp
C:\WINDOWS\system32\1F0.tmp
C:\WINDOWS\system32\1EF.tmp
C:\WINDOWS\system32\1EE.tmp
C:\WINDOWS\system32\1ED.tmp
C:\WINDOWS\system32\1CF.tmp
C:\WINDOWS\system32\1CE.tmp
C:\WINDOWS\system32\1CD.tmp
C:\WINDOWS\system32\1CC.tmp
C:\WINDOWS\system32\1C6.tmp
C:\WINDOWS\system32\11B.tmp

****************************************

Pour cela , clique sur ' démarrer ' > ' executer ' > tape ' regedit ' et valide.

L'éditeur de registre s'ouvre devant toi.

Clique sur le + a gauche de HKEY_CURRENT_USER puis software puis microsoft puis windows puis currentversion puis explorer & enfin mountpoints . Arrivé ici supprime : ( clique droit > supprimer )

{4c0f56d2-9053-11dc-a096-0015c5191c7d}

{4c0f56de-9053-11dc-a096-0015c5191c7d}

{5af05323-fe64-11dc-a0cc-0015c5191c7d}

{5d28952c-f9eb-11dc-a0cb-0015c5191c7d}

{74ecb27a-cb34-11db-9fc4-0015c5191c7d}

{846e06d2-9035-11db-9f4c-0015c5191c7d}

{b13ff134-8d10-11db-9f42-806d6172696f}

{f2333b28-b2d1-11dc-a0a9-0015c5191c7d}


Dit moi quand tout aura été fait.

++
0
Réponse 10 / 12
portal
30 juil. 2008 à 14:33
Si je suis tes indications seuls 2 points similaires à ceux que tu m’as donnée apparaissent , ceux ci n’apparaissent pas :
{4c0f56d2-9053-11dc-a096-0015c5191c7d}

{5af05323-fe64-11dc-a0cc-0015c5191c7d}

{5d28952c-f9eb-11dc-a0cb-0015c5191c7d}

{74ecb27a-cb34-11db-9fc4-0015c5191c7d}

{846e06d2-9035-11db-9f4c-0015c5191c7d}

{b13ff134-8d10-11db-9f42-806d6172696f}
Que dois je faire, ne supprimer que les deux similaires, ne rien faire ?
Merci
0
Réponse 11 / 12
Utilisateur anonyme
30 juil. 2008 à 16:18
Re ,

Supprime ceux que tu trouves dans la liste que j'ai donné , les autres que tu ne trouves pas , laisse tomber.

Fait ceci après :


Imprime ou enregistre ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

→ Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau.

→ A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

→ Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

→ Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

→ MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

→ Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

→ MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

→ A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

→ Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. ►► FAIT LE

→ MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

→ Ferme MBAM en cliquant sur Quitter.

Poste le rapport dans ta réponse


Tutorial : https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm


++
0
Réponse 12 / 12
portal
30 juil. 2008 à 18:46
Voici le rapport de MBAM qui à l'air d'avoir trouver et suprimer des choses:

Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1008
Windows 5.1.2600 Service Pack 2

18:39:08 30/07/2008
mbam-log-7-30-2008 (18-39-08).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 112064
Temps écoulé: 1 hour(s), 3 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 21

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc17oj0evdp (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\system32\pphc57oj0evdp.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\11B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1C6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1CC.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1CD.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1CE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1CF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1ED.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1EE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1EF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1F0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1F1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1F2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1F3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\35.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\DOSSAR.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\feu.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\guevara.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\sexy_spanish_erasmus_girls_v_2_0.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\sexy_spanish_woman.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses
infecté par HackTool:Win32/AutoKMS
fredo1968 -
fredo1968 -

5 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Que fait le virus LPI Win32 Pup-Gen
Tristan Chrome -
Tristan Chrome -

2 réponses