Sujet Précédent Sujet Suivant

Virus-Redirection Site Publicitaire

Résolu/Fermé
orel59000 Messages postés 49 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 mars 2009 - 27 févr. 2009 à 10:21
orel59000 Messages postés 49 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 mars 2009 - 27 mars 2009 à 08:20
Bonjour à tous,

Voilà mon problème dernièrement j'ai cliqué sur le lien d'une amie pour une video, il m'a demandé d'installé une version flash... je n'ai jamais réussi à lire la vidéo... mais ce lien pour flash était en fait un virus...VDM
Depuis à chaque fois que je fais une recherche sur google, il me donne mes résultats mais si je veux ouvrir le site recherché, je suis redirigé sur un site :

http://findfebruary.com/?q=hotmail ou encore http://www.searchfeed.com/

Il m'est donc impossible de rentrer sur les sites désirés. Pourriez vous me donner les démarches à suivre pour supprimer ce virus ou spyware ou quoique ce soit...

PS: En recherchant sur le forum je suis tombé sur une solution ( http://www.commentcamarche.net/forum/affich 7384376 http www web search feed com ) j'ai réalisé la démarche décrite mais le problème est revenu ce matin...

Merci d'avance...

oReL59000
A voir également:

87 réponses

Réponse 1 / 87
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
21 mars 2009 à 14:28
---> Télécharge SDFix (créé par AndyManchesta) sur ton Bureau.
- Double-clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
- Redémarre ton ordinateur en mode sans échec.

---> Pour redémarrer en mode sans échec :
- Redémarre ton PC.
- Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
- Dans le menu d'options avancées, choisis Mode sans échec.
- Choisis ta session.

---> Déroule la liste des instructions ci-dessous :
- Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer le script.
- Appuie sur Y pour commencer le processus de nettoyage.
- Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
- Appuie sur une touche pour redémarrer le PC.
- Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
- Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
- Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
- Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
- Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse.
1
Réponse 2 / 87
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
27 févr. 2009 à 11:02
Bonjourrr;

poste un rapport hijackthis (outil de diagnostic)
Télécharge http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

--) Enregistre HJTInstall.exe sur ton bureau
--) Double-clique sur HJTInstall.exe pour lancer le programme
--) Par défaut, il s'installera içi C:\Programme Files\Trend Micro\HijackThis
--) Accepte la license en cliquant sur le bouton "I Accept"
--) Choisis l'option "Do a system scan and save a log file"
--) Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
--) Clique sur "Édition -> Sélectionner tout", puis sur "Édition -> Copier" pour copier tout le contenu du rapport
--) Colle le rapport que tu viens de copier sur ce forum
--) Ne fixe encore AUCUNE ligne,
0
Réponse 3 / 87
OREL59000
27 févr. 2009 à 11:33
BONJOUR, MERCI POUR TA REPONSE RAPIDE VOICI LE RAPPORT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:27, on 2009-02-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\websrvx\websrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\UNIVER~1\PDFDriver.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Documents and Settings\phisela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\windows\nfra.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.archi-services.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Universal PDF Driver] "C:\PROGRA~1\UNIVER~1\PDFDriver.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sysnltray2] c:\windows\nl08.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\phisela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [nfra] c:\windows\nfra.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.inoculer.com
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = archicab.com
O17 - HKLM\Software\..\Telephony: DomainName = archicab.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{020E32F5-5A62-42C3-AE01-71663C0ABDFB}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = archicab.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{020E32F5-5A62-42C3-AE01-71663C0ABDFB}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = archicab.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{020E32F5-5A62-42C3-AE01-71663C0ABDFB}: NameServer = 192.168.0.1
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O20 - AppInit_DLLs: kmmcju.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Client de gestion Symantec (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: websrvx - Unknown owner - C:\Program Files\websrvx\websrvx.exe
0
Réponse 4 / 87
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
27 févr. 2009 à 11:40
1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 87
orel59000 Messages postés 49 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 mars 2009
27 févr. 2009 à 11:49
Voilà le rapport:

SmitFraudFix v2.398

Rapport fait à 11:45:59.83, 2009-02-27
Executé à partir de C:\Documents and Settings\phisela\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\websrvx\websrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\UNIVER~1\PDFDriver.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Documents and Settings\phisela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\windows\nfra.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\AutoCAD LT 2009\acadlt.exe
C:\DOCUME~1\phisela\LOCALS~1\Temp\AdskCleanup.0001
C:\Program Files\Fichiers communs\Autodesk Shared\WSCommCntr1.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\phisela


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\phisela\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\phisela\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\phisela\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="kmmcju.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetXtreme Gigabit Ethernet - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{020E32F5-5A62-42C3-AE01-71663C0ABDFB}: NameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{020E32F5-5A62-42C3-AE01-71663C0ABDFB}: NameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{020E32F5-5A62-42C3-AE01-71663C0ABDFB}: NameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 6 / 87
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
27 févr. 2009 à 11:57
Suit bien toute les instructions il faut lire tout le message

Telecharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

-Attention Pendant la durée de cette étape, ne te sert pas du PC et n'ouvre aucun programmes. risque de figer l'ordi

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordi (plantage complet)

::Si combofix detecte quelque chose et de demande a redemarer tu accepte
0
Réponse 7 / 87
orel59000 Messages postés 49 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 mars 2009
27 févr. 2009 à 12:26
Alors voilà j'ai bien suivi toute la démarche. Je te poste le rapport suivant.

ComboFix 09-02-26.02 - phisela 2009-02-27 12:04:43.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1465 [GMT 1:00]
Lancé depuis: c:\documents and settings\phisela\Mes documents\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\patch.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE


((((((((((((((((((((((((((((( Fichiers créés du 2009-01-27 au 2009-02-27 ))))))))))))))))))))))))))))))))))))
.

2009-02-27 11:55 . 2009-02-27 12:08 118,784 --a------ c:\windows\system32\chg.exe
2009-02-26 16:34 . 2009-02-26 16:40 <REP> d-------- c:\program files\FindyKill
2009-02-26 15:20 . 2009-02-27 12:00 23,040 ---h----- c:\windows\nl09.exe
2009-02-26 14:50 . 2009-02-26 14:50 <REP> d-------- c:\program files\CCleaner
2009-02-26 12:57 . 2009-02-26 12:57 0 --a------ c:\windows\nfr.assembly
2009-02-26 12:38 . 2009-02-26 15:31 606 ---h----- c:\windows\f5087.dat
2009-02-26 12:37 . 2009-02-26 16:23 <REP> d-------- c:\windows\system32\887164
2009-02-26 12:37 . 2009-02-26 12:37 <REP> d-------- c:\program files\websrvx
2009-02-26 12:37 . 2009-02-26 12:37 23,040 ---h----- c:\windows\nl08.exe
2009-02-26 12:37 . 2009-02-26 12:37 11,776 ---h----- c:\windows\nfra.exe
2009-02-26 12:37 . 2009-02-26 12:37 1 ---h----- c:\windows\t55ft3949f44.dat
2009-02-26 12:37 . 2009-02-26 12:37 1 ---h----- c:\windows\t55ft3532f44.dat
2009-02-26 12:37 . 2009-02-26 12:37 1 ---h----- c:\windows\nlmark2.dat
2009-02-26 12:34 . 2009-02-26 12:34 1 ---h----- c:\windows\f23567.dat
2009-02-19 16:06 . 2009-02-19 16:06 <REP> d-------- c:\program files\Skyline
2009-02-19 16:06 . 2009-02-19 16:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Skyline
2009-02-17 14:26 . 2009-02-17 14:26 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 14:26 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 14:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-13 12:40 . 2009-02-13 12:40 <REP> d-------- c:\documents and settings\phisela\Application Data\vlc
2009-02-13 12:39 . 2009-02-13 12:39 <REP> d-------- c:\program files\VideoLAN
2009-02-13 09:19 . 2009-02-13 09:19 <REP> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-09 17:26 . 2009-02-09 17:26 <REP> d-------- c:\windows\SchCache
2009-02-09 12:08 . 2009-02-09 12:08 244 --ah----- C:\sqmnoopt19.sqm
2009-02-09 12:08 . 2009-02-09 12:08 232 --ah----- C:\sqmdata19.sqm
2009-01-30 16:54 . 2009-01-30 16:54 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-01-30 16:51 . 2009-01-30 16:51 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
2009-01-30 16:50 . 2009-01-30 16:50 <REP> d-------- c:\windows\system32\Adobe
2009-01-30 16:50 . 2004-08-17 02:40 16,384 --a------ c:\windows\system32\FileOps.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 11:12 --------- d-----w c:\program files\DNA
2009-02-27 11:12 --------- d-----w c:\documents and settings\phisela\Application Data\DNA
2009-02-26 15:42 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-13 08:21 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-13 08:19 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-30 15:50 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-14 16:15 --------- d-----w c:\documents and settings\phisela\Application Data\BitTorrent
2009-01-13 10:03 --------- d-----w c:\program files\Fichiers communs\Nikon
2009-01-13 09:03 --------- d-----w c:\documents and settings\phisela\Application Data\Nikon
2009-01-13 08:32 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-01-12 17:14 --------- d-----w c:\program files\Nikon
2009-01-12 17:12 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15
2009-01-12 17:12 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp
2009-01-12 16:36 --------- d-----w c:\program files\BitTorrent
2008-10-30 14:54 19,884 ----a-w c:\documents and settings\All Users\Application Data\awoqesevin.exe
2008-10-30 14:54 19,392 ----a-w c:\documents and settings\phisela\Application Data\ugakacune.reg
2008-10-30 14:54 11,868 ----a-w c:\documents and settings\phisela\Application Data\doly.bat
2008-10-30 14:54 11,447 ----a-w c:\program files\Fichiers communs\omeh.lib
2008-10-30 14:54 10,185 ----a-w c:\program files\Fichiers communs\byboqu.exe
2008-10-30 14:54 10,038 ----a-w c:\documents and settings\All Users\Application Data\ucub.exe
2008-08-13 18:02 35,840 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( snapshot_2008-11-12_17.00.15.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-03 09:50:27 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP3QFE\strmdll.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB954600\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB954600\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB954600\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB954600\update\update.exe
+ 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB954600\update\updspapi.dll
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:44:51 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:03:54 18,296 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:03:55 234,872 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:03:54 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-10-16 19:33:14 124,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\advpack.dll
+ 2008-10-16 19:33:14 347,136 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtmsft.dll
+ 2008-10-16 19:33:14 214,528 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtrans.dll
+ 2008-10-16 19:33:14 132,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\extmgr.dll
+ 2008-10-16 19:33:14 63,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\icardie.dll
+ 2008-10-16 12:46:08 70,656 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ie4uinit.exe
+ 2008-10-16 19:33:14 153,088 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakeng.dll
+ 2008-10-16 19:33:14 230,400 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieaksie.dll
+ 2008-10-15 06:33:26 161,792 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dat
+ 2008-10-16 19:33:15 380,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dll
+ 2008-10-16 19:33:15 388,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-16 19:33:16 6,068,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieframe.dll
+ 2008-10-16 19:33:16 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iernonce.dll
+ 2008-10-16 19:33:16 267,776 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iertutil.dll
+ 2008-10-16 12:46:08 13,824 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieudinit.exe
+ 2008-10-15 06:34:58 633,632 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
+ 2008-10-16 19:33:17 27,648 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\jsproxy.dll
+ 2008-10-16 19:33:18 459,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeeds.dll
+ 2008-10-16 19:33:18 52,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeedsbs.dll
+ 2008-10-16 19:33:19 3,595,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
+ 2008-10-16 19:33:20 477,696 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtmled.dll
+ 2008-10-16 19:33:20 193,024 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msrating.dll
+ 2008-10-16 19:33:21 671,232 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mstime.dll
+ 2008-10-16 19:33:21 102,912 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\occache.dll
+ 2008-10-16 19:33:21 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\pngfilt.dll
+ 2008-10-16 19:33:21 105,984 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\url.dll
+ 2008-10-16 19:33:21 1,163,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\urlmon.dll
+ 2008-10-16 19:33:22 233,472 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\webcheck.dll
+ 2008-10-16 19:33:22 827,904 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:34:33 15,072 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\updspapi.dll
+ 2008-12-11 12:33:59 333,952 ----a-w c:\windows\$hf_mig$\KB958687\SP3QFE\srv.sys
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB958687\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB958687\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB958687\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB958687\update\update.exe
+ 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB958687\update\updspapi.dll
+ 2008-12-13 06:27:45 3,594,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
+ 2007-03-06 01:34:33 15,072 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\update.exe
+ 2007-03-06 01:35:47 394,976 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\updspapi.dll
+ 2005-01-28 11:44:28 96,768 -c----w c:\windows\$NtUninstallKB952069_WM9$\logagent.exe
+ 2007-07-27 06:28:58 234,872 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe
+ 2007-07-27 08:41:48 382,840 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\updspapi.dll
+ 2005-01-28 11:44:28 1,027,072 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmnetmgr.dll
+ 2006-12-07 05:29:34 2,374,472 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmvcore.dll
+ 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe
+ 2007-11-30 11:19:10 406,392 -c----w c:\windows\$NtUninstallKB954600$\spuninst\updspapi.dll
+ 2008-04-14 02:33:46 246,814 -c----w c:\windows\$NtUninstallKB954600$\strmdll.dll
+ 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe
+ 2007-11-30 12:39:31 406,392 -c----w c:\windows\$NtUninstallKB955839$\spuninst\updspapi.dll
+ 2008-07-11 12:42:28 62,976 -c----w c:\windows\$NtUninstallKB955839$\tzchange.exe
+ 2008-04-14 02:33:25 285,184 -c----w c:\windows\$NtUninstallKB956802$\gdi32.dll
+ 2008-07-08 13:03:55 234,872 -c----w c:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe
+ 2008-07-09 07:40:35 406,392 -c----w c:\windows\$NtUninstallKB956802$\spuninst\updspapi.dll
+ 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe
+ 2007-11-30 11:19:10 406,392 -c----w c:\windows\$NtUninstallKB958687$\spuninst\updspapi.dll
+ 2008-09-08 10:41:42 333,824 -c----w c:\windows\$NtUninstallKB958687$\srv.sys
+ 2008-11-20 08:31:12 31,560 ----a-w c:\windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL
+ 2008-11-20 08:31:12 16,712 ----a-w c:\windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll
+ 2008-11-20 08:31:13 404,296 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll
+ 2008-11-20 08:31:10 88,896 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2008-11-20 08:31:10 146,232 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2008-11-20 08:31:13 12,616 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2008-11-20 08:31:13 12,616 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll
- 2008-08-22 09:12:53 68,608 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-11-17 09:43:07 69,120 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-08-22 09:12:55 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-11-17 09:43:11 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-11-21 13:18:06 120,408 ----a-w c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
- 2008-09-02 15:49:06 151,552 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-11-17 09:44:45 151,552 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-11-20 08:31:15 367,400 ----a-w c:\windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
- 2008-08-22 09:12:55 4,308,992 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-11-17 09:42:57 4,444,160 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2008-09-02 15:49:20 3,915,776 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2008-11-17 09:44:49 4,174,336 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2008-08-22 09:12:56 482,304 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-11-17 09:43:12 483,840 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-08-22 09:12:54 2,902,016 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-11-17 09:43:02 3,036,160 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2008-08-22 09:12:51 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-11-17 09:43:13 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-08-22 09:12:51 114,176 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-11-17 09:43:13 113,664 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2008-09-02 15:49:21 344,064 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2008-11-17 09:44:49 346,624 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2008-08-22 09:12:57 260,096 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-11-17 09:43:11 261,120 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-08-22 09:12:53 5,156,864 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-11-17 09:43:01 5,431,296 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-08-22 09:12:52 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-11-17 09:43:05 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-08-22 09:12:51 507,904 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-11-17 09:43:01 507,904 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2008-08-22 09:12:51 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-11-17 09:43:07 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-08-22 09:12:54 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-11-17 09:43:09 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-08-22 09:12:55 36,864 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-11-17 09:43:09 77,824 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-08-22 09:12:55 5,632 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-11-17 09:43:10 6,656 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2008-08-22 09:12:51 413,696 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-11-17 09:43:14 348,160 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-08-22 09:12:52 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-11-17 09:43:14 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-08-22 09:12:52 647,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-11-17 09:43:15 655,360 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2008-08-22 09:12:52 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-11-17 09:43:15 77,824 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2008-08-22 09:12:51 749,568 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-11-17 09:43:10 749,568 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-11-21 13:18:06 611,392 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2008-11-20 08:31:12 43,840 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll
+ 2008-11-20 08:31:13 39,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll
+ 2008-11-20 08:31:13 60,200 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll
- 2008-09-02 15:49:06 352,256 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2008-11-17 09:44:45 397,312 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2008-08-22 09:12:57 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-11-17 09:43:09 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-08-22 09:12:57 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-11-17 09:43:08 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-08-22 09:12:49 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-11-17 09:43:12 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-08-22 09:12:57 667,648 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-11-17 09:43:08 671,744 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-08-22 09:12:57 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-11-17 09:42:59 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-11-20 08:29:09 11,560 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.resources.dll
+ 2008-11-20 08:31:14 211,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll
+ 2008-11-20 08:29:09 12,600 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.resources.dll
+ 2008-11-20 08:31:14 105,248 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll
+ 2008-11-20 08:29:08 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.resources.dll
+ 2008-11-20 08:31:14 330,520 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll
+ 2008-11-20 08:29:09 11,064 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.resources.dll
+ 2008-11-20 08:31:14 39,712 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll
+ 2008-11-20 08:31:14 39,704 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll
+ 2008-11-20 08:29:08 13,104 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.resources.dll
+ 2008-11-20 08:31:14 72,472 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll
- 2008-08-22 09:12:50 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-11-17 09:43:13 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-08-22 09:12:50 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-11-17 09:43:08 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-11-19 13:16:55 884,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Web.Services3\3.0.0.0__31bf3856ad364e35\Microsoft.Web.Services3.dll
- 2008-08-22 09:12:50 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-11-17 09:43:08 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-09-02 15:49:20 593,920 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2008-11-17 09:44:42 602,112 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2008-09-02 15:49:20 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2008-11-17 09:44:49 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
- 2008-09-02 15:49:21 184,320 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2008-11-17 09:44:47 184,320 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2008-09-02 15:49:21 126,976 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2008-11-17 09:44:47 131,072 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2008-09-02 15:49:21 376,832 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2008-11-17 09:44:47 376,832 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2008-09-02 15:49:21 151,552 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2008-11-17 09:44:47 151,552 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2008-09-02 15:49:20 4,972,544 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2008-11-17 09:44:46 5,210,112 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2008-09-02 15:49:20 897,024 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2008-11-17 09:44:46 897,024 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2008-09-02 15:49:21 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2008-11-17 09:44:49 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2008-09-02 15:49:06 94,208 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2008-11-17 09:44:45 102,400 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2008-08-22 09:12:56 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-11-17 09:43:10 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-11-20 08:31:14 47,832 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2008-11-20 08:31:14 39,624 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll
- 2008-08-22 09:12:53 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-11-17 09:43:11 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2008-08-22 09:12:56 413,696 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-11-17 09:43:02 425,984 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-08-22 09:12:56 716,800 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-11-17 09:43:03 741,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2008-08-22 09:12:51 888,832 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-11-17 09:43:03 933,888 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2008-08-22 09:12:54 5,001,216 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-11-17 09:43:16 5,070,848 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2008-08-22 09:12:53 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-11-17 09:43:14 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-08-22 09:12:53 397,312 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-11-17 09:43:05 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-08-22 09:12:53 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-11-17 09:43:13 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-08-22 09:12:56 577,536 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-11-17 09:42:59 630,784 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-09-02 15:49:06 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2008-11-17 09:44:50 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2008-09-02 15:49:06 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2008-11-17 09:44:50 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2008-09-02 15:49:07 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2008-11-17 09:44:45 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2008-08-22 09:12:56 372,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-11-17 09:43:13 372,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-08-22 09:12:57 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-11-17 09:43:13 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-08-22 09:12:56 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-11-17 09:43:12 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-08-22 09:12:56 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-11-17 09:43:12 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-09-02 15:49:07 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2008-11-17 09:44:45 929,792 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2008-08-22 09:12:53 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-11-17 09:42:59 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-09-02 15:49:07 159,744 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2008-11-17 09:44:43 159,744 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
- 2008-09-02 15:49:07 16,384 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2008-11-17 09:44:43 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2008-09-02 15:49:07 5,623,808 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2008-11-17 09:44:43 5,971,968 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2008-08-22 09:12:53 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-11-17 09:43:00 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-09-02 15:49:21 688,128 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2008-11-17 09:44:42 688,128 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2008-08-22 09:12:57 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-11-17 09:43:05 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-08-22 09:12:53 86,016 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-11-17 09:43:05 90,112 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-08-22 09:12:54 823,296 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-11-17 09:43:04 839,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-08-22 09:12:54 5,152,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-11-17 09:43:07 5,013,504 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-09-02 15:50:50 1,108,784 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2008-11-17 09:44:50 1,152,040 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
- 2008-09-02 15:50:50 1,641,272 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2008-11-17 09:44:50 1,635,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2008-09-02 15:50:50 588,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2008-11-17 09:44:50 578,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2008-08-22 09:12:54 2,027,520 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-11-17 09:43:00 2,068,480 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2008-08-22 09:12:56 2,940,928 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-11-17 09:43:03 3,076,096 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2008-09-02 15:49:21 163,840 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2008-11-17 09:44:42 163,840 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2008-09-02 15:49:21 372,736 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2008-11-17 09:44:42 372,736 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2008-09-02 15:49:20 32,768 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2008-11-17 09:44:49 32,768 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2008-09-02 15:49:20 86,016 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2008-11-17 09:44:48 86,016 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2008-09-02 15:49:20 1,167,360 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2008-11-17 09:44:48 1,204,224 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2008-09-02 15:49:21 81,920 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2008-11-17 09:44:42 81,920 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2008-11-17 09:45:48 27,136 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2008-11-17 14:55:56 7,929,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\acdbmgd\6b6bf44d9ee468aee23a2931e7600830\acdbmgd.ni.dll
+ 2008-11-17 14:56:00 1,671,168 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AcLayer\7e43cfa22280641800c6733daf223cf0\AcLayer.ni.dll
+ 2008-11-18 08:22:11 2,494,464 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\acmgd\6ec6a145e55c688e098e1c8df6cb97bd\acmgd.ni.dll
+ 2008-11-18 08:22:13 1,650,688 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\acmgdinternal\a9487ad6be841545040313665abeca60\acmgdinternal.ni.dll
+ 2008-11-18 08:22:15 2,154,496 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AdWindows\4dbb41b69ed510670c31a8b05e001b1b\AdWindows.ni.dll
+ 2008-11-18 08:22:17 458,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AdWindowsWrapper\f82c0e973264d7021e6b2589e89e63b6\AdWindowsWrapper.ni.dll
+ 2008-11-17 14:55:50 884,736 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2008-11-18 08:22:21 499,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\989b1b7c60423c5b87a9c01fd88a27fb\BCMCommon.ni.dll
+ 2008-11-18 08:22:48 487,424 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\BCMMSIDCRL.Managed\524e46cd10f40eed400cf4b7053825be\BCMMSIDCRL.Managed.ni.dll
+ 2008-11-18 08:22:24 1,646,592 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\BCMRes\c022303fdb703c77139112c34408c4a8\BCMRes.ni.dll
+ 2008-11-18 08:22:32 4,112,384 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\[u]0/uebb2d4a87fb81c67e4872813c02f57e\BusinessLayer.ni.dll
+ 2008-11-18 09:44:48 503,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\bb3c2f59a821abc54f420f3a9e051d6a\ComSvcConfig.ni.exe
+ 2008-11-18 09:44:53 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2008-11-18 09:44:47 15,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2008-11-18 08:22:53 15,872 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Extensibility\94a4a0dfa026ebd61d29fe1020d4fd42\Extensibility.ni.dll
+ 2009-01-13 10:03:36 2,453,504 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\GUI_Common_Managed\1ed9960e8ba4b3bf85fc468ed9fd7244\GUI_Common_Managed.ni.dll
+ 2009-01-13 10:00:33 2,461,696 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\GUI_Common_Managed\1f851d9af485262e129c9a93500071dd\GUI_Common_Managed.ni.dll
+ 2008-11-18 08:22:36 22,528 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ILoader\1b9b5388c90a90bc7d7f326013d99872\ILoader.ni.dll
+ 2008-11-18 08:22:40 430,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\5a45816c1354aa1c3aa0007b828b52f9\Iris.Mapi.MessageStore.ni.dll
+ 2008-11-18 09:44:53 876,544 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2008-11-18 09:44:54 81,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2008-11-18 09:44:55 1,695,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2008-11-18 09:44:56 167,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2008-11-18 08:22:39 516,096 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\2502986f9a9fec2884e447e3b943be02\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll
+ 2008-11-18 08:22:52 2,584,576 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\5a1d0a9ebc8b20454a4f20d8bbead150\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll
+ 2008-11-18 08:22:48 4,554,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\74b9d6afbdadadbbdeea8fe92696f26e\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll
+ 2008-11-18 08:22:54 2,891,776 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\8dbb50092ad78f10e4889141d74a687d\Microsoft.BusinessSolutions.eCRM.Reports2.ni.dll
+ 2008-11-18 08:22:59 950,272 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\e31c4e5672ddd01bc7820c08827cd889\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ImportExportUI.ni.dll
+ 2008-11-18 08:22:24 131,072 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.eCRM.AxSH#\1e839166b401645eb3813d9ea1b33532\Microsoft.eCRM.AxSHDocVw.ni.dll
+ 2008-11-18 08:22:37 491,520 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.eCRM.Offi#\785aa37e5a241fb6e747803604b8d2f5\Microsoft.eCRM.Office.ni.dll
+ 2008-11-18 08:22:52 643,072 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\[u]0/uf5815cf243164ea45403e2614a34a57\Microsoft.Interop.eCRM.MSComCtl.ni.dll
+ 2008-11-18 08:22:41 483,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\12d858eedb5694e954c6e55890b95650\Microsoft.Interop.eCRM.Publisher.ni.dll
+ 2008-11-18 08:22:42 1,028,096 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\217d334de1f2ea7013857d13b99fdecb\Microsoft.Interop.eCRM.msforms.ni.dll
+ 2008-11-18 08:22:25 352,256 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\4a352082573d183fcb9900136ca694d7\Microsoft.Interop.eCRM.SHDocVw.ni.dll
+ 2008-11-18 08:22:33 39,424 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\4c8ed82ce88ab33d05d968dfa95b292f\Microsoft.Interop.eCRM.NetFw.ni.dll
+ 2008-11-18 08:22:22 86,016 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\8c9598f9efccf8e7eec30217122d0754\Microsoft.Interop.eCRM.Ole.ni.dll
+ 2008-11-18 08:22:57 2,453,504 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\ccdec8263328b6d58195b3bb3b560f53\Microsoft.Interop.eCRM.Excel.ni.dll
+ 2008-11-18 08:22:37 1,490,944 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\d1f0dab6fffe34b206567eb3d4101dd6\Microsoft.Interop.eCRM.Word.ni.dll
+ 2008-11-18 08:22:25 192,512 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\[u]0/u45b10f95f21acf84db50618f712faef\Microsoft.Interop.Mapi.PropTags.ni.dll
+ 2008-11-18 08:22:25 1,085,440 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\93c92706fec0ebe5ec6d96c5f086f679\Microsoft.Interop.Mapi.Impl.ni.dll
+ 2008-11-18 08:22:21 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\b8a39db2df055fa9f0e564f159f9d364\Microsoft.Interop.Mapi.Interfaces.ni.dll
+ 2008-11-18 08:22:58 729,088 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Iris.Impo#\18022436a9c0cb47081ea7e9d9b5ce61\Microsoft.Iris.ImportExportDataAccess.ni.dll
+ 2008-11-18 09:44:21 671,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Iris.Impo#\928e4fb0187a90befa1f20a6cb45f8fd\Microsoft.Iris.ImportExport.ni.dll
+ 2008-11-18 08:22:35 2,441,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b3b62fe820b416515420a6ec17b247c3\Microsoft.JScript.ni.dll
+ 2008-11-18 09:44:56 249,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\d62b526d1272eeaecfd853c43e71aa4f\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2008-11-18 09:44:56 94,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\f882efb7d0be250f5fc9b8d58b7b0f01\microsoft.netenterpriseservers.exceptionmessagebox.resources.ni.dll
+ 2008-11-18 09:44:22 1,720,320 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\3309af8e525e292e8581fbabd307c138\Microsoft.Office.Interop.Word.ni.dll
+ 2008-11-18 08:22:57 73,728 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\9051fd47ff32afa54298db29ee0859d1\Microsoft.Office.Interop.OutlookViewCtl.ni.dll
+ 2008-11-18 08:22:28 2,355,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\dbf558515086a8b650533cc6650d6bbd\Microsoft.Office.Interop.Outlook.ni.dll
+ 2008-11-18 09:44:57 90,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\12e799894c1489f12ca14adcbbb211a1\Microsoft.SqlServer.CustomControls.ni.dll
+ 2008-11-18 09:44:59 54,272 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\17c9d8ee3f5b87247a49ae0fee665fd1\microsoft.sqlserver.setup.resources.ni.dll
+ 2008-11-18 09:44:57 561,152 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\84d53b2db1d75c1e776fcf7b77493836\Microsoft.SqlServer.GridControl.ni.dll
+ 2008-11-18 09:44:59 1,028,096 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\bef302ed13baa690c3333ffe54a14f1d\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2008-11-18 09:44:58 20,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c51b38141c1e26e9591ce48d5a8f793b\microsoft.sqlserver.gridcontrol.resources.ni.dll
+ 2008-11-18 09:44:58 376,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d7b4b5139c4f2ba122b5c92493806fae\Microsoft.SqlServer.Setup.ni.dll
+ 2008-11-18 09:45:00 360,448 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d91029266fdbe30425e2353eecd4738d\microsoft.sqlserver.wizardframeworklite.resources.ni.dll
+ 2008-11-18 09:44:50 1,232,896 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e3dce636e798c53ec2b44d1d4aadb850\Microsoft.Transactions.Bridge.ni.dll
+ 2008-11-18 09:44:50 401,408 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f3902a808549b40d648206c9303f2788\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-11-18 08:22:37 139,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vbe.Inter#\4775ef34f6cec26921cb414883c65d51\Microsoft.Vbe.Interop.ni.dll
+ 2008-11-18 08:22:44 1,740,800 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2008-11-17 09:45:49 17,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd0730694ba5927a6efd32129783e1b4\Microsoft.VisualC.ni.dll
+ 2008-11-18 08:22:36 77,824 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\e674ba75a514e00b26329e212da938e0\Microsoft.Vsa.ni.dll
+ 2008-11-17 09:44:21 11,722,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
+ 2009-01-13 10:00:39 307,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\nik.Base\1285f2372fdffb57a6f7c7b706fd37a2\nik.Base.ni.dll
+ 2009-01-13 10:03:33 307,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\nik.Base\2cb8cf6467af42beb4e7271a1302c067\nik.Base.ni.dll
+ 2009-01-13 10:00:41 4,358,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\nik.GUIBase.Resourc#\9a17758826fb3373fd5ddc1d46c12e69\nik.GUIBase.Resources.ni.dll
+ 2009-01-13 10:03:43 4,358,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\nik.GUIBase.Resourc#\fd74ba21b6071d918b824757d0349096\nik.GUIBase.Resources.ni.dll
+ 2009-01-13 10:00:40 1,077,248 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\nik.GUIBase\[u]0/u153673de2668c58f2bd368f797f80a8\nik.GUIBase.ni.dll
+ 2009-01-13 10:03:33 1,081,344 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\nik.GUIBase\ffeeb9911b8dbe4fbe0478b648e97341\nik.GUIBase.ni.dll
+ 2009-01-12 17:15:53 5,713,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\NxController\1176b38ea41fa45bcb0c603d1af2e888\NxController.ni.dll
+ 2009-01-13 10:03:41 5,718,016 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\NxController\c60046cde206b1435a56390607d561a2\NxController.ni.dll
+ 2009-01-13 10:00:38 5,713,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\NxController\ecb8006c981b3e18d2d59ad83c6eee00\NxController.ni.dll
+ 2009-01-13 10:00:21 40,448 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\NxCursors\1bc41fbc4e2aefa0edb11ae6c4f230ae\NxCursors.ni.dll
+ 2009-01-13 10:03:30 40,448 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\NxCursors\b2a904131f6171757fd48e876266621a\NxCursors.ni.dll
+ 2008-11-18 08:22:22 925,696 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\office\8657f3dbec58d39947b97d84f6f770c2\office.ni.dll
+ 2008-11-18 09:45:01 1,581,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\ab2b2664932688ae7c8e0bd9d10448ef\PresentationBuildTasks.ni.dll
+ 2008-11-17 09:46:03 40,960 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3df824565150953afd560ca20237b881\PresentationCFFRasterizer.ni.dll
+ 2008-11-17 09:46:02 12,570,624 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\[u]0/u11f8e31d197b4ccb6a61c2267a38e5c\PresentationCore.ni.dll
+ 2008-11-17 09:45:29 48,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a\PresentationFontCache.ni.exe
+ 2008-11-17 09:49:46 393,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36c6cfd5d4e80d5c548f823b2bbf5457\PresentationFramework.Aero.ni.dll
+ 2008-11-17 09:49:47 552,960 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3f18bff5107c9a8accae6c248fdf3c2e\PresentationFramework.Luna.ni.dll
+ 2008-11-17 09:48:40 15,036,416 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60421dda88800b14dc101ed9dca422fe\PresentationFramework.ni.dll
+ 2008-11-17 09:49:47 274,432 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\81d2540bc1c18190d0431d9a61bee65b\PresentationFramework.Royale.ni.dll
+ 2008-11-17 09:49:46 245,760 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9df61ec7aad39fe0bac82139cd84e5e5\PresentationFramework.Classic.ni.dll
+ 2008-11-17 09:48:58 2,035,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6d2716a55eb8ce6fc4cbf83f3ab329e3\PresentationUI.ni.dll
+ 2008-11-17 09:49:04 2,416,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\840c64bba900a6ed333ca39e63a9ca3b\ReachFramework.ni.dll
+ 2008-11-18 08:22:33 532,480 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBAIAPI\2fe04212897aaa6b168936df94d6343b\SBAIAPI.ni.dll
+ 2008-11-18 08:22:36 643,072 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBAIAPIV2\33f681d2f41592ce430d0568f4a58590\SBAIAPIV2.ni.dll
+ 2008-11-18 08:22:36 122,880 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBAIREPORTING\c26b3d391d9e693a95fb78ea83fb0b59\SBAIREPORTING.ni.dll
+ 2008-11-18 08:22:36 16,896 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBAIUI\[u]0/ue6dc67e78333b403f2a16e15346d143\SBAIUI.ni.dll
+ 2008-11-18 09:44:51 139,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\feac66e81309d67b48f7a9f4cb98f7c8\ServiceModelReg.ni.exe
+ 2008-11-18 09:44:51 299,008 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\169ba2fe1a4d87ede3ab8dd3d44d867e\SMDiagnostics.ni.dll
+ 2008-11-18 09:44:52 323,584 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\a098c66aa40d958878f3f5344e6ae1a4\SMSvcHost.ni.exe
+ 2008-11-18 08:22:22 44,544 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\5eef2f32e44870fde9f65d34d523ef3e\stdole.ni.dll
+ 2008-11-18 09:45:08 262,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\6a075eb8e0f13de87d1278aa8562d51e\sysglobl.ni.dll
+ 2008-11-17 09:45:38 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll
+ 2008-11-17 09:45:31 1,011,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2008-11-17 09:49:42 1,183,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abdb47765d0696a2fc0a1095bac0249\System.Data.OracleClient.ni.dll
+ 2008-11-17 09:45:37 2,756,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll
+ 2008-11-17 09:49:14 7,049,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2008-11-17 09:45:49 1,798,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2008-11-17 09:49:40 10,969,088 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2008-11-17 09:49:08 1,224,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2008-11-17 09:49:44 512,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2008-11-17 09:49:41 229,376 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
+ 2008-11-17 09:45:40 1,667,072 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\[u]0/ue83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2008-11-17 09:49:17 659,456 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2008-11-17 09:49:17 294,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2008-11-18 09:44:26 241,664 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\492d16599426c7ab35ad2c499a9d4ae6\System.IdentityModel.Selectors.ni.dll
+ 2008-11-18 09:44:26 1,118,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\bdd94a4c46e4424787dfed9381196cb3\System.IdentityModel.ni.dll
+ 2008-11-18 09:44:27 417,792 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e1e6aa5272543f1d9dad98be897b693e\System.IO.Log.ni.dll
+ 2008-11-18 08:22:34 1,064,960 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\29c7192327cf3999961560bf3a3995c6\System.Management.ni.dll
+ 2008-11-18 09:45:18 655,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\[u]0/u0e3750e478bac4913ee7a6c3b7cd392\System.Messaging.ni.dll
+ 2008-11-17 09:49:06 1,134,592 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\f94fbbe7d7c6e76d02cd9fb94ee8d910\System.Printing.ni.dll
+ 2008-11-17 09:49:19 815,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\[u]0/u898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll
+ 2008-11-17 09:45:39 339,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2008-11-18 09:44:29 2,445,312 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e27527e67611d8acc0d8dff6d286af23\System.Runtime.Serialization.ni.dll
+ 2008-11-17 09:45:38 733,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2008-11-18 09:44:45 18,071,552 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\350903c091629396c08742c996c1caba\System.ServiceModel.ni.dll
+ 2008-11-17 09:45:30 233,472 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2008-11-18 09:45:07 2,039,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\d4147c99010667b5c547fcfc56ed7bd5\System.Speech.ni.dll
+ 2008-11-17 09:49:16 679,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2008-11-18 09:45:10 2,342,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2008-11-17 09:49:43 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2008-11-17 09:49:32 1,986,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2008-11-17 09:49:28 12,509,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2008-11-17 09:45:48 13,193,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2008-11-18 09:45:12 3,084,288 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\9798b3ba448ba7d5f1dd70a8a1fb7562\System.Workflow.Activities.ni.dll
+ 2008-11-18 09:45:16 4,579,328 ----a-w c:\windows\assembly\NativeImages_v2.0.507
0
Réponse 8 / 87
orel59000 Messages postés 49 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 mars 2009
27 févr. 2009 à 14:36
Alors après avoir fait toutes les manip, j'ai encore le même problème de redirection...mais pas à chaque fois... si je tape l'adresse sa marche si je clik sur un lien google il va me renvoyer sur les sites pubicitaire

Autre chose que je vien de remarqué dans la barre d'adresse à coté de google ce n'est plus un G mais une sorte de feuille avec un rectangle rouge enfin cela n'a ptet rien a voir...
0
Réponse 9 / 87
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
27 févr. 2009 à 19:57
re

le rapport combo pas complet fait ceci

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )


File::
c:\windows\nl09.exe
c:\windows\nfr.assembly
c:\windows\f5087.dat
c:\windows\system32\887164
c:\windows\nl08.exe
c:\windows\nfra.exe
c:\windows\t55ft3949f44.dat
c:\windows\t55ft3532f44.dat
c:\windows\nlmark2.dat
c:\windows\f23567.dat
C:\sqmnoopt19.sqm
C:\sqmdata19.sqm
c:\documents and settings\All Users\Application Data\ucub.exe


Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.



Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.
0
Réponse 10 / 87
orel59000 Messages postés 49 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 mars 2009
2 mars 2009 à 13:11
Bonjour, je reviens de week end et viens de voir ton mail...
j'ai effectué les opérations que tu m'a donné...
après les avoir effectué je ne peux plus du tout aller sur internet ... les pages sont introuvables... ce n'est pas un probleme de connexion, je suis connecté à msn mais ne peux pas lire mes mails par explorer...
je te post à la suite les rapport

ComboFix 09-03-01.01 - phisela 2009-03-02 10:50:56.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1087 [GMT 1:00]
Lancé depuis: c:\documents and settings\phisela\Mes documents\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\phisela\Bureau\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated)
* Un nouveau point de restauration a été créé

FILE ::
c:\documents and settings\All Users\Application Data\ucub.exe
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
c:\windows\f23567.dat
c:\windows\f5087.dat
c:\windows\nfr.assembly
c:\windows\nfra.exe
c:\windows\nl08.exe
c:\windows\nl09.exe
c:\windows\nlmark2.dat
c:\windows\system32\887164
c:\windows\t55ft3532f44.dat
c:\windows\t55ft3949f44.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\ucub.exe
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
c:\windows\f23567.dat
c:\windows\f5087.dat
c:\windows\nfr.assembly
c:\windows\nl08.exe
c:\windows\nl09.exe
c:\windows\nlmark2.dat
c:\windows\t55ft3532f44.dat
c:\windows\t55ft3949f44.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-02 au 2009-03-02 ))))))))))))))))))))))))))))))))))))
.

2009-03-02 09:23 . 2009-03-02 09:23 11,264 --a------ c:\windows\system32\nfr.dll
2009-03-02 09:23 . 2009-03-02 09:23 0 --a------ c:\windows\system32\nfr.gpref
2009-03-02 09:23 . 2009-03-02 09:23 0 --a------ c:\windows\system32\nfr.assembly
2009-02-27 11:55 . 2009-03-02 09:33 118,784 --a------ c:\windows\system32\chg.exe
2009-02-26 16:34 . 2009-02-26 16:40 <REP> d-------- c:\program files\FindyKill
2009-02-26 14:50 . 2009-02-26 14:50 <REP> d-------- c:\program files\CCleaner
2009-02-26 12:37 . 2009-02-26 16:23 <REP> d-------- c:\windows\system32\887164
2009-02-26 12:37 . 2009-03-02 09:26 <REP> d-------- c:\program files\websrvx
2009-02-19 16:06 . 2009-02-19 16:06 <REP> d-------- c:\program files\Skyline
2009-02-19 16:06 . 2009-02-19 16:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Skyline
2009-02-17 14:26 . 2009-02-17 14:26 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 14:26 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 14:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-13 12:40 . 2009-02-13 12:40 <REP> d-------- c:\documents and settings\phisela\Application Data\vlc
2009-02-13 12:39 . 2009-02-13 12:39 <REP> d-------- c:\program files\VideoLAN
2009-02-13 09:19 . 2009-02-13 09:19 <REP> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-09 17:26 . 2009-02-09 17:26 <REP> d-------- c:\windows\SchCache

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 09:44 --------- d-----w c:\documents and settings\phisela\Application Data\DNA
2009-03-02 08:34 --------- d-----w c:\program files\DNA
2009-02-27 15:43 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-27 15:27 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-26 15:42 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-13 08:21 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-13 08:19 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-30 15:54 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2009-01-30 15:51 --------- d-----w c:\program files\Fichiers communs\Adobe Systems Shared
2009-01-30 15:50 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-16 20:15 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2009-01-14 16:15 --------- d-----w c:\documents and settings\phisela\Application Data\BitTorrent
2009-01-13 10:03 --------- d-----w c:\program files\Fichiers communs\Nikon
2009-01-13 09:03 --------- d-----w c:\documents and settings\phisela\Application Data\Nikon
2009-01-13 08:32 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-01-12 17:14 45,572,104 ----a-w c:\windows\system32\xa34105656.exe
2009-01-12 17:14 45,572,104 ----a-w c:\windows\system32\xa34104812.exe
2009-01-12 17:14 --------- d-----w c:\program files\Nikon
2009-01-12 17:12 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15
2009-01-12 17:12 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp
2009-01-12 17:11 45,572,104 ----a-w c:\windows\system32\xa33960000.exe
2009-01-12 17:11 45,572,104 ----a-w c:\windows\system32\xa33959203.exe
2009-01-12 16:36 --------- d-----w c:\program files\BitTorrent
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 22:47 826,368 ------w c:\windows\system32\dllcache\wininet.dll
2008-12-20 22:47 671,232 ------w c:\windows\system32\dllcache\mstime.dll
2008-12-20 22:47 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll
2008-12-20 22:47 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll
2008-12-20 22:47 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
2008-12-20 22:47 193,024 ------w c:\windows\system32\dllcache\msrating.dll
2008-12-20 22:47 105,984 ------w c:\windows\system32\dllcache\url.dll
2008-12-20 22:47 102,912 ------w c:\windows\system32\dllcache\occache.dll
2008-12-20 22:47 1,160,192 ------w c:\windows\system32\dllcache\urlmon.dll
2008-12-19 09:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-10-30 14:54 19,884 ----a-w c:\documents and settings\All Users\Application Data\awoqesevin.exe
2008-10-30 14:54 19,392 ----a-w c:\documents and settings\phisela\Application Data\ugakacune.reg
2008-10-30 14:54 11,868 ----a-w c:\documents and settings\phisela\Application Data\doly.bat
2008-10-30 14:54 11,447 ----a-w c:\program files\Fichiers communs\omeh.lib
2008-10-30 14:54 10,185 ----a-w c:\program files\Fichiers communs\byboqu.exe
2008-08-13 18:02 35,840 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-02-27_12.14.35.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-24 08:14:21 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-02 08:22:13 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-24 08:14:21 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-03-02 08:22:13 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2009-02-24 08:14:21 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-02 08:22:13 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-02 08:33:15 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2dc.dat
+ 2009-03-02 08:33:42 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_434.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-11-19 2295072]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-23 68856]
"Google Update"="c:\documents and settings\phisela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-12 342848]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-12-11 331800]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-21 8466432]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-08-26 115560]
"Universal PDF Driver"="c:\progra~1\UNIVER~1\PDFDriver.exe" [2004-03-11 1567744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-07-21 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kmmcju.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Reminder"=c:\windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:nfra
"7070:TCP"= 7070:TCP:nfra

R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-08-11 540184]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-08-14 102208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
S2 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys --> c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 108864]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2012132227-3078694279-312344761-1116.job
- c:\documents and settings\phisela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 08:04]

2009-03-02 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-nfra - c:\windows\nfra.exe
HKLM-Run-sysnltray2 - c:\windows\nl08.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.archi-services.com/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7070
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: inoculer.com\www
Trusted Zone: secuser.com\www
TCP: {020E32F5-5A62-42C3-AE01-71663C0ABDFB} = 192.168.0.1
Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - c:\program files\Skyline\TerraExplorer\TerraExplorerX.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\phisela\Application Data\Mozilla\Firefox\Profiles\5zodb8a4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\phisela\Application Data\Mozilla\Firefox\Profiles\5zodb8a4.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\documents and settings\phisela\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

---- PARAMETRES FIREFOX ----
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 10:52:46
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(1204)
c:\program files\Bonjour\mdnsNSP.dll
.
Heure de fin: 2009-03-02 10:53:45
ComboFix-quarantined-files.txt 2009-03-02 09:53:43
ComboFix2.txt 2009-02-27 11:15:05
ComboFix3.txt 2008-11-12 16:00:30
ComboFix4.txt 2008-11-12 09:04:56

Avant-CF: 185,825,976,320 octets libres
Après-CF: 185,850,417,152 octets libres

243 --- E O F --- 2009-02-26 15:40:57
0
Réponse 11 / 87
orel59000 Messages postés 49 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 mars 2009
2 mars 2009 à 13:12
LE RAPPORT HIJACK

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55, on 2009-03-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\UNIVER~1\PDFDriver.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Documents and Settings\phisela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AutoCAD LT 2009\acadlt.exe
C:\Program Files\Fichiers communs\Autodesk Shared\WSCommCntr1.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.archi-services.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Universal PDF Driver] "C:\PROGRA~1\UNIVER~1\PDFDriver.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sysnltray2] c:\windows\nl08.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\phisela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.inoculer.com
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = archicab.com
O17 - HKLM\Software\..\Telephony: DomainName = archicab.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{020E32F5-5A62-42C3-AE01-71663C0ABDFB}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = archicab.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{020E32F5-5A62-42C3-AE01-71663C0ABDFB}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = archicab.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{020E32F5-5A62-42C3-AE01-71663C0ABDFB}: NameServer = 192.168.0.1
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O20 - AppInit_DLLs: kmmcju.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Client de gestion Symantec (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
0
Réponse 12 / 87
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
2 mars 2009 à 14:48
salut

je voit sur ton rapport findykill qui sert pour bagle

et combofix a supprimer des reste on va voir s'il ont reste pas

* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp

* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.

* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse

Si, dans le rapport,elibaga tu vois un texte semblable à celui-ci

Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24
a "virus@satinfo.es". Gracias;

envoie ce(s) fichier(s) (dans l'exemple C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es).

/!\ N'hésites pas à le lancer 2-3fois /!\


apres en fera un script pour cette ligne

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kmmcju.dll
0
Réponse 13 / 87
orel59000 Messages postés 49 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 mars 2009
2 mars 2009 à 16:04
Alors jai telecharger ebilagla je l'ai lancé 3 fois je n'ai aucun element infectés.... par contre j'ai pu recevoir deux messages "acceso denegado a la carpeta" c:/doc and settings/ all users/ApplicationData................pendant l'analyse.

Je n'ai toujours pas d internet explorer... c'est à dire qu'avant j'étais redirigé vers un site publicitaire, (l'origine du probleme) a chaque recherche.... maintenant rien ne charge comme si je n'était pas connecté .... mais j'ai accès à msn ou encore outlook ....


Je n'ai par contre pas compris quest ce que je devais faire quand tu dis:

"apres en fera un script pour cette ligne

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kmmcju.dll
0
Réponse 14 / 87
orel59000 Messages postés 49 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 mars 2009
2 mars 2009 à 16:32
Au fait merci pour ta patience
0
Réponse 15 / 87
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
2 mars 2009 à 19:53
c'est sa

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-


Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.


Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.
0
Réponse 16 / 87
orel59000 Messages postés 49 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 mars 2009
3 mars 2009 à 10:10
Je te poste le rapport Combofix


ComboFix 09-03-02.01 - phisela 2009-03-03 9:21:56.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1391 [GMT 1:00]
Lancé depuis: c:\documents and settings\phisela\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\phisela\Bureau\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
.

2009-03-02 09:23 . 2009-03-02 09:23 11,264 --a------ c:\windows\system32\nfr.dll
2009-03-02 09:23 . 2009-03-02 09:23 0 --a------ c:\windows\system32\nfr.gpref
2009-03-02 09:23 . 2009-03-02 09:23 0 --a------ c:\windows\system32\nfr.assembly
2009-02-26 16:34 . 2009-02-26 16:40 <REP> d-------- c:\program files\FindyKill
2009-02-26 14:50 . 2009-02-26 14:50 <REP> d-------- c:\program files\CCleaner
2009-02-26 12:37 . 2009-02-26 16:23 <REP> d-------- c:\windows\system32\887164
2009-02-26 12:37 . 2009-03-02 09:26 <REP> d-------- c:\program files\websrvx
2009-02-19 16:06 . 2009-02-19 16:06 <REP> d-------- c:\program files\Skyline
2009-02-19 16:06 . 2009-02-19 16:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Skyline
2009-02-17 14:26 . 2009-02-17 14:26 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 14:26 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 14:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-13 12:40 . 2009-02-13 12:40 <REP> d-------- c:\documents and settings\phisela\Application Data\vlc
2009-02-13 12:39 . 2009-02-13 12:39 <REP> d-------- c:\program files\VideoLAN
2009-02-13 09:19 . 2009-02-13 09:19 <REP> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-09 17:26 . 2009-02-09 17:26 <REP> d-------- c:\windows\SchCache

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 08:15 --------- d-----w c:\program files\DNA
2009-03-03 08:15 --------- d-----w c:\documents and settings\phisela\Application Data\DNA
2009-03-02 16:00 --------- d-----w c:\program files\Bridge Building Game
2009-03-02 13:13 --------- d-----w c:\program files\Fichiers communs\Nikon
2009-03-02 13:12 --------- d-----w c:\program files\ma-config.com
2009-03-02 13:12 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-03-02 13:11 --------- d-----w c:\program files\Fichiers communs\Apple
2009-03-02 13:08 --------- d-----w c:\program files\Bonjour
2009-03-02 11:17 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-02 11:15 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-26 15:42 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-13 08:21 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-13 08:19 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-30 15:54 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2009-01-30 15:51 --------- d-----w c:\program files\Fichiers communs\Adobe Systems Shared
2009-01-30 15:50 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-16 20:15 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2009-01-14 16:15 --------- d-----w c:\documents and settings\phisela\Application Data\BitTorrent
2009-01-13 09:03 --------- d-----w c:\documents and settings\phisela\Application Data\Nikon
2009-01-13 08:32 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-01-12 17:14 45,572,104 ----a-w c:\windows\system32\xa34105656.exe
2009-01-12 17:14 45,572,104 ----a-w c:\windows\system32\xa34104812.exe
2009-01-12 17:14 --------- d-----w c:\program files\Nikon
2009-01-12 17:12 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15
2009-01-12 17:12 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp
2009-01-12 17:11 45,572,104 ----a-w c:\windows\system32\xa33960000.exe
2009-01-12 17:11 45,572,104 ----a-w c:\windows\system32\xa33959203.exe
2009-01-12 16:36 --------- d-----w c:\program files\BitTorrent
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 22:47 826,368 ------w c:\windows\system32\dllcache\wininet.dll
2008-12-20 22:47 671,232 ------w c:\windows\system32\dllcache\mstime.dll
2008-12-20 22:47 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll
2008-12-20 22:47 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll
2008-12-20 22:47 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
2008-12-20 22:47 193,024 ------w c:\windows\system32\dllcache\msrating.dll
2008-12-20 22:47 105,984 ------w c:\windows\system32\dllcache\url.dll
2008-12-20 22:47 102,912 ------w c:\windows\system32\dllcache\occache.dll
2008-12-20 22:47 1,160,192 ------w c:\windows\system32\dllcache\urlmon.dll
2008-12-19 09:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-10-30 14:54 19,884 ----a-w c:\documents and settings\All Users\Application Data\awoqesevin.exe
2008-10-30 14:54 19,392 ----a-w c:\documents and settings\phisela\Application Data\ugakacune.reg
2008-10-30 14:54 11,868 ----a-w c:\documents and settings\phisela\Application Data\doly.bat
2008-10-30 14:54 11,447 ----a-w c:\program files\Fichiers communs\omeh.lib
2008-10-30 14:54 10,185 ----a-w c:\program files\Fichiers communs\byboqu.exe
2008-08-13 18:02 35,840 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-02-27_12.14.35.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-09-26 16:32:30 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2007-09-26 17:32:30 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
- 2009-02-24 08:14:21 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-03 08:18:46 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-24 08:14:21 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-03-03 08:18:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-03-03 08:14:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_430.dat
+ 2009-03-03 08:15:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_778.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-11-19 2295072]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-23 68856]
"Google Update"="c:\documents and settings\phisela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-12 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-12-11 331800]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-21 8466432]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-08-26 115560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"sysnltray2"="c:\windows\nl08.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-07-21 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kmmcju.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Reminder"=c:\windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-08-11 540184]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-08-14 102208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
S2 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys --> c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 108864]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2012132227-3078694279-312344761-1116.job
- c:\documents and settings\phisela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 08:04]

2009-03-03 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7070
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: inoculer.com\www
Trusted Zone: secuser.com\www
TCP: {020E32F5-5A62-42C3-AE01-71663C0ABDFB} = 192.168.0.1
Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - c:\program files\Skyline\TerraExplorer\TerraExplorerX.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\phisela\Application Data\Mozilla\Firefox\Profiles\5zodb8a4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\phisela\Application Data\Mozilla\Firefox\Profiles\5zodb8a4.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\documents and settings\phisela\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

---- PARAMETRES FIREFOX ----
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 09:23:53
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(1204)
c:\program files\Bonjour\mdnsNSP.dll
.
Heure de fin: 2009-03-03 9:25:12
ComboFix-quarantined-files.txt 2009-03-03 08:25:02
ComboFix2.txt 2009-03-02 10:09:31
ComboFix3.txt 2009-03-02 09:53:46
ComboFix4.txt 2009-02-27 11:15:05
ComboFix5.txt 2009-03-03 08:20:57

Avant-CF: 185,360,068,608 octets libres
Après-CF: 185,355,890,688 octets libres

206 --- E O F --- 2009-03-02 17:08:07
0
Réponse 17 / 87
orel59000 Messages postés 49 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 mars 2009
3 mars 2009 à 10:11
le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:26, on 2009-03-03
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\phisela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sysnltray2] c:\windows\nl08.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\phisela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.inoculer.com
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = archicab.com
O17 - HKLM\Software\..\Telephony: DomainName = archicab.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{020E32F5-5A62-42C3-AE01-71663C0ABDFB}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = archicab.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{020E32F5-5A62-42C3-AE01-71663C0ABDFB}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = archicab.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{020E32F5-5A62-42C3-AE01-71663C0ABDFB}: NameServer = 192.168.0.1
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O20 - AppInit_DLLs: kmmcju.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Client de gestion Symantec (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
0
Réponse 18 / 87
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
3 mars 2009 à 14:32
re

j'ai bien reçu ton mp

le script na pas fonctionner tu peut refaire la manip du message 14


0
Réponse 19 / 87
stefan-claes Messages postés 200 Date d'inscription mardi 3 mars 2009 Statut Membre Dernière intervention 8 janvier 2011 44
3 mars 2009 à 14:44
Il y a plus simple mdr, tu va dans le menu démarrer --> Tous les programmes --> Accessoires --> Restauration du système.

Ca sauve vraiment la vie du pc et ça bouge cette crasse de hijjack qui ta infecté.
0
Réponse 20 / 87
orel59000 Messages postés 49 Date d'inscription jeudi 26 février 2009 Statut Membre Dernière intervention 27 mars 2009
3 mars 2009 à 15:28
le rapport combofix... tu avais rais raison jai oublié de coller le début "registry"

ComboFix 09-03-02.03 - phisela 2009-03-03 15:20:13.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1067 [GMT 1:00]
Lancé depuis: c:\documents and settings\phisela\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\phisela\Bureau\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
.

2009-03-02 09:23 . 2009-03-02 09:23 0 --a------ c:\windows\system32\nfr.gpref
2009-03-02 09:23 . 2009-03-02 09:23 0 --a------ c:\windows\system32\nfr.assembly
2009-02-26 16:34 . 2009-02-26 16:40 <REP> d-------- c:\program files\FindyKill
2009-02-26 12:37 . 2009-02-26 16:23 <REP> d-------- c:\windows\system32\887164
2009-02-26 12:37 . 2009-03-02 09:26 <REP> d-------- c:\program files\websrvx
2009-02-19 16:06 . 2009-02-19 16:06 <REP> d-------- c:\program files\Skyline
2009-02-19 16:06 . 2009-02-19 16:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Skyline
2009-02-17 14:26 . 2009-02-17 14:26 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 14:26 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 14:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-13 12:40 . 2009-02-13 12:40 <REP> d-------- c:\documents and settings\phisela\Application Data\vlc
2009-02-13 12:39 . 2009-02-13 12:39 <REP> d-------- c:\program files\VideoLAN
2009-02-13 09:19 . 2009-02-13 09:19 <REP> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-09 17:26 . 2009-02-09 17:26 <REP> d-------- c:\windows\SchCache

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 14:15 --------- d-----w c:\documents and settings\phisela\Application Data\DNA
2009-03-03 08:15 --------- d-----w c:\program files\DNA
2009-03-02 16:00 --------- d-----w c:\program files\Bridge Building Game
2009-03-02 13:13 --------- d-----w c:\program files\Fichiers communs\Nikon
2009-03-02 13:12 --------- d-----w c:\program files\ma-config.com
2009-03-02 13:12 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-03-02 13:11 --------- d-----w c:\program files\Fichiers communs\Apple
2009-03-02 13:08 --------- d-----w c:\program files\Bonjour
2009-03-02 11:17 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-02 11:15 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-26 15:42 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-13 08:21 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-13 08:19 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-30 15:54 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2009-01-30 15:51 --------- d-----w c:\program files\Fichiers communs\Adobe Systems Shared
2009-01-30 15:50 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-16 20:15 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2009-01-14 16:15 --------- d-----w c:\documents and settings\phisela\Application Data\BitTorrent
2009-01-13 09:03 --------- d-----w c:\documents and settings\phisela\Application Data\Nikon
2009-01-13 08:32 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-01-12 17:14 45,572,104 ----a-w c:\windows\system32\xa34105656.exe
2009-01-12 17:14 45,572,104 ----a-w c:\windows\system32\xa34104812.exe
2009-01-12 17:14 --------- d-----w c:\program files\Nikon
2009-01-12 17:12 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15
2009-01-12 17:12 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp
2009-01-12 17:11 45,572,104 ----a-w c:\windows\system32\xa33960000.exe
2009-01-12 17:11 45,572,104 ----a-w c:\windows\system32\xa33959203.exe
2009-01-12 16:36 --------- d-----w c:\program files\BitTorrent
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 22:47 826,368 ------w c:\windows\system32\dllcache\wininet.dll
2008-12-20 22:47 671,232 ------w c:\windows\system32\dllcache\mstime.dll
2008-12-20 22:47 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll
2008-12-20 22:47 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll
2008-12-20 22:47 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
2008-12-20 22:47 193,024 ------w c:\windows\system32\dllcache\msrating.dll
2008-12-20 22:47 105,984 ------w c:\windows\system32\dllcache\url.dll
2008-12-20 22:47 102,912 ------w c:\windows\system32\dllcache\occache.dll
2008-12-20 22:47 1,160,192 ------w c:\windows\system32\dllcache\urlmon.dll
2008-12-19 09:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-10-30 14:54 19,884 ----a-w c:\documents and settings\All Users\Application Data\awoqesevin.exe
2008-10-30 14:54 19,392 ----a-w c:\documents and settings\phisela\Application Data\ugakacune.reg
2008-10-30 14:54 11,868 ----a-w c:\documents and settings\phisela\Application Data\doly.bat
2008-10-30 14:54 11,447 ----a-w c:\program files\Fichiers communs\omeh.lib
2008-10-30 14:54 10,185 ----a-w c:\program files\Fichiers communs\byboqu.exe
2008-08-13 18:02 35,840 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-02-27_12.14.35.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-09-26 16:32:30 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2007-09-26 17:32:30 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
- 2009-02-24 08:14:21 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-03 08:18:46 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-24 08:14:21 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-03-03 08:18:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-03-03 08:14:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_430.dat
+ 2009-03-03 08:15:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_778.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-11-19 2295072]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-23 68856]
"Google Update"="c:\documents and settings\phisela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-12 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-12-11 331800]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-21 8466432]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-08-26 115560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"sysnltray2"="c:\windows\nl08.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-07-21 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Reminder"=c:\windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-08-11 540184]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-08-14 102208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
S2 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys --> c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 108864]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2012132227-3078694279-312344761-1116.job
- c:\documents and settings\phisela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 08:04]

2009-03-03 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7070
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: inoculer.com\www
Trusted Zone: secuser.com\www
TCP: {020E32F5-5A62-42C3-AE01-71663C0ABDFB} = 192.168.0.1
Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - c:\program files\Skyline\TerraExplorer\TerraExplorerX.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\phisela\Application Data\Mozilla\Firefox\Profiles\5zodb8a4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\phisela\Application Data\Mozilla\Firefox\Profiles\5zodb8a4.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\documents and settings\phisela\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

---- PARAMETRES FIREFOX ----
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 15:21:33
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(1204)
c:\program files\Bonjour\mdnsNSP.dll
.
Heure de fin: 2009-03-03 15:22:44
ComboFix-quarantined-files.txt 2009-03-03 14:22:42
ComboFix2.txt 2009-03-03 08:25:13
ComboFix3.txt 2009-03-02 10:09:31
ComboFix4.txt 2009-03-02 09:53:46
ComboFix5.txt 2009-03-03 14:14:17

Avant-CF: 185,202,192,384 octets libres
Après-CF: 185,255,301,120 octets libres

198 --- E O F --- 2009-03-02 17:08:07
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
'Votre colis est dans le site de livraison qui dessert votre adresse' que faire
relakztek82 -
Unemeuf -

25 réponses
Colis en cours de transport vers votre site de livraison ?
Ninan_5568 -
senda -

8 réponses
sites de vidéo choc
paddynon -
anim -

5 réponses