Aller au contenu

Bisio

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    12

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Bisio

  1. Bisio
    Voici le résultat du fix : L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\saringres110_chs.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "sv1"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'impression Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{4648F940-EFE3-4BAB-9211-3BE45CD5029D}"="VSSShellExt" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions" "{5a61f7a0-cde1-11cf-9113-00aa00425c62}"="IIS Shell Extension" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web" "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{21B03E28-427A-49CE-850B-E1A245848F14}"="Terminal Server Redirected Drive" "{0B63475F-4D07-40CD-9325-23F1B5DDCFA8}"="Terminal Server Redirected Drive" "{91C3B2EA-A451-4E37-8B76-AB29953408F8}"="Terminal Server Redirected Drive" "{DF496528-5E69-4A5E-9616-951CA17021B2}"="Terminal Server Redirected Drive" "{606AEDCA-BC51-4C26-B5DB-15089D8E32C2}"="Terminal Server Redirected Drive" "{84D29C3A-5A16-4E04-B4C5-CF17861DA864}"="Terminal Server Redirected Drive" "{347EA9D1-99D2-40C7-AE13-467D436D2766}"="Terminal Server Redirected Drive" "{18151C96-94CD-4D23-8A63-31CB773F1C38}"="Terminal Server Redirected Drive" "{4CE0D244-1177-4093-B318-8C98B1179DFE}"="Terminal Server Redirected Drive" "{702B87BB-4D30-4582-85A6-3F26B4596615}"="Terminal Server Redirected Drive" "{9DC0DB10-E17A-4F2C-8A85-292856BE8FB2}"="Terminal Server Redirected Drive" "{CDF29311-1198-4EFD-928C-98B240256D96}"="Terminal Server Redirected Drive" "{3914A654-F0C6-4062-A9E9-8936B2732DD5}"="Terminal Server Redirected Drive" "{E7AEE3DF-4246-4DE6-993F-89E9FA6FAA1E}"="Terminal Server Redirected Drive" "{26E5E69A-15D3-4C3E-933A-05C1A60D81E3}"="Terminal Server Redirected Drive" "{C3C0EF46-A8ED-47ED-82D1-2A05B482D401}"="Terminal Server Redirected Drive" "{2F568B34-7C00-4E8C-9690-23572E232148}"="Terminal Server Redirected Drive" "{F8051080-D78D-44D6-8C39-4F99EFE8DA72}"="Terminal Server Redirected Drive" "{815FF5D8-7040-4963-A848-CA13878C6259}"="Terminal Server Redirected Drive" "{065994D0-ABFC-4638-A4B3-3F7D69CB6A77}"="Terminal Server Redirected Drive" "{BD4B4CB1-7F66-48B1-8C8E-9ED26DD06259}"="Terminal Server Redirected Drive" "{BF365623-14E9-4B14-AC16-707E24B587C0}"="Terminal Server Redirected Drive" "{9C545C0B-EE9A-422D-A712-6E138725958A}"="Terminal Server Redirected Drive" "{3FC8E1B0-6A81-4F83-9CC0-8E5F8F129C01}"="Terminal Server Redirected Drive" "{144DE0DC-7F57-40E7-8B7F-3E53A4062A6B}"="Terminal Server Redirected Drive" "{CF91AE58-53B3-4999-883E-A772B5941C12}"="Terminal Server Redirected Drive" "{CE4E6AB2-70EE-4AB8-8650-8551CCECE152}"="Terminal Server Redirected Drive" "{141236B9-A545-413D-965D-AF06F25A3BC2}"="Terminal Server Redirected Drive" "{4E1E21C3-F13F-4C58-8D28-B3A51ED7A060}"="Terminal Server Redirected Drive" "{1072245E-E814-459D-A22C-110C9B5E9511}"="Terminal Server Redirected Drive" "{607C1DA2-2EB1-4157-8829-D967143DB211}"="Terminal Server Redirected Drive" "{66B7153E-EE90-434B-A354-57CA95B6E329}"="Terminal Server Redirected Drive" "{E6903838-141E-498C-B80E-3BAF7EF9A402}"="Terminal Server Redirected Drive" "{E7BDC0AA-E923-4531-BA7C-66A0FA72446A}"="Terminal Server Redirected Drive" "{59D35C08-7A8B-46E5-B24A-A86BD2012175}"="Terminal Server Redirected Drive" "{0259EDED-773F-4FBA-B8F9-1099CCC2E6B6}"="Terminal Server Redirected Drive" "{B983CB2A-99E2-435F-92EA-E2338B3C4199}"="Terminal Server Redirected Drive" "{035C003F-A435-4391-9C86-A01C4305D0EC}"="Terminal Server Redirected Drive" "{8F165376-02BE-495F-B81F-7B1A25AEDCDB}"="Terminal Server Redirected Drive" "{CDDA9D98-D41C-4BB0-BC0C-1B7FDF68471F}"="Terminal Server Redirected Drive" "{B123AB52-A3B9-4919-8630-2DF7253E5405}"="Terminal Server Redirected Drive" "{ABCD666E-B08A-471A-AB61-C0EA8D97B328}"="Terminal Server Redirected Drive" "{A5CEFE2C-B586-48D5-A224-DDBFBBB0F7F7}"="Terminal Server Redirected Drive" "{03C5139A-F7D8-4937-84A1-5547CB2C0E8A}"="Terminal Server Redirected Drive" "{1CD535F7-4108-4B5F-8807-F25DC677FA10}"="Terminal Server Redirected Drive" "{8E404398-EEC9-42D6-BED1-6271E1A80B40}"="Terminal Server Redirected Drive" "{93319B17-60FA-4ACF-ACD9-39D8CEB07FBA}"="Terminal Server Redirected Drive" "{CE3CD22A-1711-46A7-8437-B25312AD5920}"="Terminal Server Redirected Drive" "{B52D8FC6-FE18-4E7B-AAC1-3680A278DFC2}"="Terminal Server Redirected Drive" "{3DC89CB3-0D63-4DDD-9FD3-8207FB557C37}"="Terminal Server Redirected Drive" "{F94D9FFD-5F16-4BBE-9AF0-E17E1BF0D99B}"="Terminal Server Redirected Drive" "{092408E7-934F-4B55-A53F-953C45A9F47A}"="Terminal Server Redirected Drive" "{96CFE4EB-E864-421F-AE28-97A0A840BA40}"="Terminal Server Redirected Drive" "{3A274781-3823-4DED-A895-2FAA9A8525DC}"="Terminal Server Redirected Drive" "{8CD9445B-384F-4945-B653-81468B06BAB9}"="Terminal Server Redirected Drive" "{C31400C1-86AB-4650-9E71-159891C34716}"="Terminal Server Redirected Drive" "{96AFA64F-0508-414A-BA70-AAE9FFE2E7D7}"="Terminal Server Redirected Drive" "{0115A55A-57E8-496E-AB9F-954DBC67AEB2}"="Terminal Server Redirected Drive" "{E12D4FD7-A194-4AB0-8940-7E732D60E37D}"="Terminal Server Redirected Drive" "{B60CEBF3-39B0-41E6-8CF6-298FA6420A64}"="Terminal Server Redirected Drive" "{3B3545DB-F198-4F87-8C77-424DEFEFDBF1}"="Terminal Server Redirected Drive" "{AF5FCBE8-A6CE-409F-8EDC-3F53D85D7FCC}"="Terminal Server Redirected Drive" "{AD76862F-3419-4BEC-9B95-2B070DCCBC9E}"="Terminal Server Redirected Drive" "{3827142F-F168-4B9F-96B5-50E4237980AC}"="Terminal Server Redirected Drive" "{EAAA0A05-3D0D-4CDF-B326-D239D6B97DBB}"="Terminal Server Redirected Drive" "{AADE4E4C-F3EF-49D0-A7F5-60F8323A0CE1}"="Terminal Server Redirected Drive" "{8159382C-F7D9-47A4-A716-C081DCAE3EA1}"="Terminal Server Redirected Drive" "{C28D90CA-1CC4-4413-922D-7DD62A585887}"="Terminal Server Redirected Drive" "{16ED8C08-59FF-4240-A024-A0E511905C72}"="Terminal Server Redirected Drive" "{F4E96852-38F5-40BC-B594-57F7E2ABE81E}"="Terminal Server Redirected Drive" "{640BB85D-49E4-46D7-AFB5-C125D893CC4C}"="Terminal Server Redirected Drive" "{8FF58822-BF85-4B3F-A9B7-3D33B9CE8B9B}"="Terminal Server Redirected Drive" "{BFC819ED-E6B8-467A-B443-0DE1DAD13705}"="Terminal Server Redirected Drive" "{4164D529-2949-4893-A0AC-2366C5DCCA2E}"="Terminal Server Redirected Drive" "{DE6B89ED-8B91-4D54-BDFE-B5541E6A01CB}"="Terminal Server Redirected Drive" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{892E10CB-0EDC-4EE9-B44A-D2759AE87950}"="Terminal Server Redirected Drive" "{0A630805-0A9C-44EC-9DFD-D3A9C189EF70}"="Terminal Server Redirected Drive" "{532D9B16-1DC2-47E0-B0E3-84EC1AC235A6}"="Terminal Server Redirected Drive" "{EFFE1114-9A68-489E-9BD5-3D2AF511E51E}"="Terminal Server Redirected Drive" "{17402E7F-EC14-4069-85CE-B9F4D7EF4746}"="Terminal Server Redirected Drive" "{5B1C122B-DAE1-4B46-9278-E8CFCE807F04}"="Terminal Server Redirected Drive" "{473FB294-DBC7-4C97-B3F2-2564EF82D5A6}"="Terminal Server Redirected Drive" "{5B71807B-1371-43E6-A83C-DC0ACF89F5DE}"="Terminal Server Redirected Drive" "{A2E7C4A6-56EA-43CD-AC4C-789CC205FB51}"="Terminal Server Redirected Drive" "{FB5B3F2F-3C1D-4C44-9942-CEB72C7C9507}"="Terminal Server Redirected Drive" "{FAE0F110-C67B-4988-ABDB-DC1092F7C01F}"="Terminal Server Redirected Drive" "{F269242E-E58B-4801-B2B3-BCD9356B168F}"="Terminal Server Redirected Drive" "{7A685A69-FE84-4743-B133-449F097E07F5}"="Terminal Server Redirected Drive" "{13A612BC-73CE-4595-B9AB-12471CA1EC5E}"="Terminal Server Redirected Drive" "{F222A0FD-1B93-4CA2-856A-DBE18A39E914}"="Terminal Server Redirected Drive" "{BED91186-A385-42B8-A5E1-6C2C8F97C467}"="Terminal Server Redirected Drive" "{B13DB046-2ED5-4985-B1A2-DD88F5D9EF83}"="Terminal Server Redirected Drive" "{7BE5360B-C49D-431D-95DB-E57A995FE0EB}"="Terminal Server Redirected Drive" "{54CB9311-8F31-44EF-852E-80357C3C6B9C}"="Terminal Server Redirected Drive" "{6D0CD6F4-3E59-4D36-B7A5-D4E5302D337A}"="Terminal Server Redirected Drive" "{7AE29125-722E-47ED-AA66-31F76C473A8D}"="Terminal Server Redirected Drive" "{DEF7D3EF-EFB1-4156-8E86-FB6E7618074D}"="Terminal Server Redirected Drive" "{C420E11E-FC4A-4FB6-B1FD-77CF1AF63565}"="Terminal Server Redirected Drive" "{31A90A17-4A55-4A60-9F08-E16C3AC528F0}"="Terminal Server Redirected Drive" "{5B7D0C47-532A-4B8F-8E68-DA341A77BC2A}"="Terminal Server Redirected Drive" "{098FA0E7-0FC8-4FF7-AE84-E551DD2C76EE}"="Terminal Server Redirected Drive" "{E8969187-3EB1-479B-87B0-636479475595}"="Terminal Server Redirected Drive" "{A99A5E9E-2BFC-4D64-9D21-EBBC940ADDF0}"="Terminal Server Redirected Drive" "{F1E3E9B6-D819-464C-9515-3AFBAB630546}"="Terminal Server Redirected Drive" "{CDE68AEE-715D-4BF2-8AD6-1128E8BE36E2}"="Terminal Server Redirected Drive" "{FA5859E5-2B6C-4543-818A-F9B254C035FC}"="Terminal Server Redirected Drive" "{A0784032-6627-4124-8822-C3DDC4A98FD0}"="Terminal Server Redirected Drive" "{ECBC154E-BE4F-42CA-B171-AD2C2FFE527E}"="Terminal Server Redirected Drive" "{6128B0CC-D654-4D01-BC66-6483CEC39FAF}"="Terminal Server Redirected Drive" "{548F281A-112C-4ECB-93BB-11B6226C6C34}"="Terminal Server Redirected Drive" "{D25C8555-A1F9-479A-B70A-85CE79A337DE}"="Terminal Server Redirected Drive" "{2EAB8C06-D72A-41D5-9BB2-E135ABA3250E}"="Terminal Server Redirected Drive" "{FE4AA4CE-5642-4C63-AB78-150DB64D59DE}"="Terminal Server Redirected Drive" "{9762AA35-FFDC-4469-B062-7101ED19750A}"="Terminal Server Redirected Drive" "{B2F917D9-4595-49A3-9C4E-8467BE9B4078}"="Terminal Server Redirected Drive" "{4714FB67-52FF-4E5F-9578-775AC604A54A}"="Terminal Server Redirected Drive" "{C43398E9-9026-4911-BB01-2A40A7B7FA30}"="Terminal Server Redirected Drive" "{415CA134-486B-4167-9A23-6297B9A54D6C}"="Terminal Server Redirected Drive" "{4362300D-2114-4390-8546-AA373A7D0B3D}"="Terminal Server Redirected Drive" "{F470111D-305E-496B-B819-5A62316845B2}"="Terminal Server Redirected Drive" "{F267B796-D620-492E-8142-363FF250A6AE}"="Terminal Server Redirected Drive" "{C36CF331-101F-416B-AB30-DBC97225AC80}"="Terminal Server Redirected Drive" "{7D66DE14-9290-476F-9F1E-0EDBA06E81AF}"="Terminal Server Redirected Drive" "{3BD024B5-FD79-48F1-8DD1-A517E17A7F1E}"="Terminal Server Redirected Drive" "{F168E4B3-158E-4423-A23A-53CAD6DB772D}"="Terminal Server Redirected Drive" "{18338CD7-411E-4890-8ADA-A9C3F3AD085D}"="Terminal Server Redirected Drive" "{F2D7A09F-4B8D-4A9A-8211-373774DC14C7}"="Terminal Server Redirected Drive" "{B8C53055-79F2-4A0B-B76F-8C876CBF1B18}"="Terminal Server Redirected Drive" "{3C875B7E-8ACB-4A78-AAD8-43302507B6C5}"="Terminal Server Redirected Drive" "{81F84650-CBD7-41D9-B102-126A46CE0EA1}"="Terminal Server Redirected Drive" "{8E2DF5CF-266B-4A93-BACE-428D626DE52F}"="Terminal Server Redirected Drive" "{252561F8-A91A-4963-BAAB-48C91216075D}"="Terminal Server Redirected Drive" "{437BF012-1026-4005-8044-302DECBB7320}"="Terminal Server Redirected Drive" "{678B1A2F-A19F-4343-99F0-456E805AD7A9}"="Terminal Server Redirected Drive" "{D0D1BDFB-5A5B-4AEB-8B3C-F88DB9F5AA4A}"="Terminal Server Redirected Drive" "{E8E3A7CA-C199-44FF-AF78-661067F46B90}"="Terminal Server Redirected Drive" "{CDC74A80-9CEE-4BC9-AC24-754BBF950D72}"="Terminal Server Redirected Drive" "{C95AE266-0C29-4426-B035-A564699C19EE}"="Terminal Server Redirected Drive" "{ED3444A7-14EF-404E-B349-2EC01C3148BC}"="Terminal Server Redirected Drive" "{81CFBB00-3192-4F36-85C8-145AC860A171}"="Terminal Server Redirected Drive" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{2F3EA51D-7A87-4206-BBC4-C352F1D72F4C}"="Terminal Server Redirected Drive" "{FBED52C8-EC50-4830-80DE-328EF6366EEA}"="Terminal Server Redirected Drive" "{57F024FD-1438-4DD3-B4F2-50CD029F0802}"="Terminal Server Redirected Drive" "{B55F3EBC-46FE-4C4C-B389-47A3F2D9D99E}"="Terminal Server Redirected Drive" "{C43C25D9-9672-40C0-9CC5-2491CBAF401C}"="Terminal Server Redirected Drive" "{3B01DBFC-154A-463C-BECD-9E40A56B7E3C}"="Terminal Server Redirected Drive" "{98A298DB-94DC-44BD-97B8-9DB133F2AAE0}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{98A298DB-94DC-44BD-97B8-9DB133F2AAE0}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{98A298DB-94DC-44BD-97B8-9DB133F2AAE0}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{98A298DB-94DC-44BD-97B8-9DB133F2AAE0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{98A298DB-94DC-44BD-97B8-9DB133F2AAE0}\InprocServer32] @="C:\\WINDOWS\\system32\\saringres110_chs.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ atmtd.dll Tue 12 Sep 2006 21:46:12 A.... 687 592 671,48 K browseui.dll Fri 23 Jun 2006 22:46:08 A.... 1 037 312 1013,00 K danim.dll Fri 23 Jun 2006 22:46:08 A.... 1 060 864 1,01 M dnsapi.dll Wed 12 Jul 2006 21:00:04 A.... 177 664 173,50 K dxtmsft.dll Fri 23 Jun 2006 22:46:08 A.... 363 008 354,50 K dxtrans.dll Fri 23 Jun 2006 22:46:08 A.... 212 480 207,50 K hlink.dll Tue 18 Jul 2006 0:41:06 A.... 72 704 71,00 K iepeers.dll Fri 23 Jun 2006 22:46:08 A.... 253 952 248,00 K inetcomm.dll Wed 26 Jul 2006 19:10:08 A.... 681 472 665,50 K isasss~1.dll Wed 13 Sep 2006 8:20:48 A.... 597 0,58 K jsproxy.dll Fri 23 Jun 2006 22:46:08 A.... 16 384 16,00 K kernel32.dll Tue 25 Jul 2006 14:36:56 A.... 1 106 432 1,05 M mnltus35.dll Tue 12 Sep 2006 23:14:08 ..S.R 234 272 228,78 K mshtml.dll Fri 28 Jul 2006 16:43:12 A.... 3 173 888 3,02 M mstime.dll Fri 23 Jun 2006 22:46:10 A.... 537 088 524,50 K netapi32.dll Mon 17 Jul 2006 11:52:58 A.... 349 696 341,50 K ntaudi~1.dll Wed 13 Sep 2006 8:20:46 A.... 1 513 1,48 K pngfilt.dll Fri 23 Jun 2006 22:46:10 A.... 42 496 41,50 K rasadhlp.dll Wed 12 Jul 2006 21:00:06 A.... 12 288 12,00 K saring~1.dll Wed 13 Sep 2006 8:24:32 A.... 234 272 228,78 K shdocvw.dll Tue 25 Jul 2006 22:41:12 A.... 1 514 496 1,44 M shell32.dll Thu 13 Jul 2006 14:58:28 A.... 8 439 808 8,05 M shlwapi.dll Fri 23 Jun 2006 22:46:10 A.... 322 048 314,50 K urlmon.dll Tue 25 Jul 2006 17:44:06 A.... 698 880 682,50 K w03a2409.dll Tue 25 Jul 2006 22:41:26 A.... 4 608 4,50 K wininet.dll Fri 23 Jun 2006 22:46:10 A.... 666 624 651,00 K 26 items found: 26 files (1 H/S), 0 directories. Total of file sizes: 21 902 438 bytes 20,89 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Wed 13 Sep 2006 8:24:36 A.... 235 588 230,07 K tmp10.tmp Fri 8 Sep 2006 22:48:48 A.... 0 0,00 K tmp1a.tmp Mon 11 Sep 2006 10:24:58 A.... 0 0,00 K tmpa.tmp Thu 7 Sep 2006 15:58:10 A.... 23 341 22,79 K 4 items found: 4 files, 0 directories. Total of file sizes: 258 929 bytes 252,86 K ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est F0ED-A6F5 R‚pertoire de C:\WINDOWS\System32 13/09/2006 08:24 <REP> dllcache 12/09/2006 23:14 234ÿ272 MNLTUS35.DLL 19/09/2005 16:33 <REP> Microsoft 1 fichier(s) 234ÿ272 octets 2 R‚p(s) 107ÿ625ÿ623ÿ552 octets libres
  2. Bisio
    Je revient demain malekal... J'y suis depuis 9h du matin et j'en ai un peu marre... Je te dit a demain...
  3. Bisio
    Ca marche pas !!! Il me dit : un logiciel malicieux vous a enlever des privilèges ou un truc comme ca !!!
  4. Bisio
    http://www.yourtruths.com/t164081102.html ya celle la aussi c pr un casino...
  5. Bisio
    Je recois : - http://www.allcomprehend.com/t164081102.html - un truc pr winantivir pro 2006 je crois ... - j'ai un case de recherche qui s'est mis dans la barre des taches de windows - http://www.firstnarrative.com/t164081102.html si tu en veut d'autre de lien ya qu'a demander !!! En tout cas deja merci pr ton aide !!
  6. Bisio
    La je comprend plus !!!!! j'ai fais tous ce que tu m'a demandé, jusqu'a "redemarre en mode normal" et la : bim les pubs qui reviennent et tout le reste !!! Je suis dépitée !!! QU'est-ce que j'ai pu faire comme bétise ??? Je comprend pas..... Ensuite j'ai quand même essayé le vundoxfix, et il n'affiche pas la case à cocher... et donc il ne trouve pas le malware.... Je vais faire l'analyse antivirus en attandant je t'envoie les rapports Celui d'Ewido : --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 21:20:51 12/09/2006 + Scan result: C:\Program Files\Fichiers communs\{F0EDA6F5-0710-1036-0420-051023030021}\Update.exe -> Adware.Agent : Cleaned with backup (quarantined). C:\WINDOWS\T0dJ\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined). HKLM\SOFTWARE\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). HKLM\SOFTWARE\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). HKLM\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined). C:\WINDOWS\Temp\i12.tmp -> Adware.SurfSide : Cleaned with backup (quarantined). HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined). HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined). C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\ucmoreiex[1].exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined). C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\ucmoreiex[1].exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined). C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\ucmoreiex[1].exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined). C:\Documents and Settings\Default User\Menu Démarrer\Programmes\UCmore - The Search Accelerator -> Adware.Ucmore : Cleaned with backup (quarantined). C:\Documents and Settings\Default User\Menu Démarrer\Programmes\UCmore - The Search Accelerator\How To Uninstall.lnk -> Adware.Ucmore : Cleaned with backup (quarantined). C:\Documents and Settings\Default User\Menu Démarrer\Programmes\UCmore - The Search Accelerator\UCmore - The Search Accelerator.lnk -> Adware.Ucmore : Cleaned with backup (quarantined). C:\Documents and Settings\Default User\Menu Démarrer\Programmes\UCmore - The Search Accelerator\UCmore Tour.lnk -> Adware.Ucmore : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator -> Adware.UCmore : Cleaned with backup (quarantined). C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\HZT68NF2\antec[1].jpg -> Downloader.Adload.ds : Cleaned with backup (quarantined). C:\bintheredunthat\lksjkdn.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined). C:\bintheredunthat\wsds.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined). C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\loader[1].exe -> Downloader.Adload.fg : Cleaned with backup (quarantined). C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\SS1001[1].exe -> Dropper.Small.qn : Cleaned with backup (quarantined). C:\Documents and Settings\Administrateur\Cookies\administrateur@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined). C:\Documents and Settings\Administrateur\Cookies\administrateur@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined). C:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). C:\Documents and Settings\Administrateur\Cookies\administrateur@casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined). C:\Documents and Settings\Administrateur\Cookies\administrateur@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined). C:\WINDOWS\Temp\Cookies\administrateur@casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined). C:\Documents and Settings\Administrateur\Cookies\administrateur@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined). C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined). C:\Documents and Settings\florence\Cookies\florence@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined). C:\WINDOWS\Temp\Cookies\administrateur@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined). C:\WINDOWS\Temp\Cookies\administrateur@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined). C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined). C:\WINDOWS\Temp\Cookies\administrateur@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined). C:\Documents and Settings\Administrateur\Cookies\administrateur@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined). C:\Documents and Settings\clemence\Cookies\clemence@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined). C:\Documents and Settings\Administrateur\Cookies\administrateur@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). C:\WINDOWS\Temp\Cookies\administrateur@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). ::Report end MEME HIJACKTHIS NE MARCHE PLUS !!!! IL S OUVRE ET SE REFERME 3 SECONDE APRES !!!!! Je ne sais plus quoi faire... Raport de clean : Script clean par Malekal_morte - http://www.malekal.com Microsoft Windows [version 5.2.3790] Script execute en mode sans echec *** Suppression de fichiers sur C: C:\deskbar?.exe FOUND C:\dfndr*.exe FOUND C:\drsmartload*.exe FOUND C:\Installer*.exe FOUND C:\kybr*.exe FOUND C:\fra.exe FOUND C:\powpip.exe FOUND C:\M*DoxNg.exe FOUND C:\MTE*NDI6ODoxNg*.exe FOUND C:\no-ip.exe FOUND C:\nwnm*.exe FOUND C:\plplo.exe FOUND C:\stub_*_?_?_*.exe FOUND C:\SS1001newer.exe FOUND C:\ucmoreiex.exe FOUND C:\uy*.exe FOUND C:\vhsot.exe FOUND C:\warebundlenewer.exe FOUND *** Suppression des fichiers dans C:\WINDOWS\ C:\WINDOWS\keyboard*.dat FOUND C:\WINDOWS\newname.dat FOUND *** Suppression des fichiers dans C:\WINDOWS\system32 C:\WINDOWS\system32\dsquery.exe FOUND C:\WINDOWS\system32\atmtd.dll FOUND "C:\Program Files\Deskbar\" FOUND "C:\Program Files\Network Monitor\" FOUND "C:\Program Files\TheSearchAccelerator\" FOUND "C:\Program Files\Toolbar888\" FOUND *** Suppression des clefs du registre effectuee.. Si quelqu'un peut m'aider....
  7. Bisio
    J'ai un petit problème... Un problème débile en plus !! Je suis actuellement en mode sans échec (sur l'ordinateur infecté) et ewido vient de finir son scan mais sa fenetre est tellement grosse que je ne peut pas accéder aux boutons, nottament "Apply all actions" !!!! C'est un probléme bénin mais je ne sais pas du tout comment faire !!! J'ai essayé avec tab et ca ne marche pas... Si quelqu'un à la solution ou toi "malekal_morte"
  8. Bisio
    VOici le rapport de DiagHelp C:\WINDOWS\System32\wpa.dbl -->12/09/2006 16:57:23 C:\WINDOWS\System32\asfiles.txt -->12/09/2006 16:18:10 C:\WINDOWS\System32\Uninstall.ico -->12/09/2006 16:08:23 C:\WINDOWS\System32\pavas.ico -->12/09/2006 16:08:22 C:\WINDOWS\System32\Help.ico -->12/09/2006 16:08:22 C:\WINDOWS\System32\PrntCrashReport.log -->12/09/2006 14:38:43 C:\WINDOWS\System32\asvcpk.ocx -->12/09/2006 14:38:35 C:\WINDOWS\System32\IsassStatusMesg.dll -->12/09/2006 14:38:28 C:\WINDOWS\System32\NTAudioEdit.dll -->12/09/2006 14:38:27 C:\WINDOWS\System32\atmtd.dll._ -->11/09/2006 20:07:18 C:\WINDOWS\System32\atmtd.dll -->11/09/2006 20:07:18 C:\WINDOWS\System32\Tmp1A.tmp -->11/09/2006 10:24:57 C:\WINDOWS\System32\PerfStringBackup.INI -->10/09/2006 17:10:56 C:\WINDOWS\System32\perfh00C.dat -->10/09/2006 17:10:56 C:\WINDOWS\System32\perfh009.dat -->10/09/2006 17:10:56 C:\WINDOWS\System32\perfc00C.dat -->10/09/2006 17:10:56 C:\WINDOWS\System32\perfc009.dat -->10/09/2006 17:10:56 C:\WINDOWS\System32\Tmp10.tmp -->08/09/2006 22:48:46 C:\WINDOWS\System32\direct.txt -->08/09/2006 20:37:43 C:\WINDOWS\System32\TmpA.tmp -->07/09/2006 15:58:08 C:\WINDOWS\System32\MRT.exe -->09/08/2006 21:03:04 C:\WINDOWS\System32\mshtml.dll -->28/07/2006 16:43:11 C:\WINDOWS\System32\inetcomm.dll -->26/07/2006 19:10:07 C:\WINDOWS\System32\w03a2409.dll -->25/07/2006 22:41:26 C:\WINDOWS\System32\shdocvw.dll -->25/07/2006 22:41:12 C:\WINDOWS\setupapi.log -->12/09/2006 16:17:58 C:\WINDOWS\win.ini -->12/09/2006 16:17:05 C:\WINDOWS\0.log -->12/09/2006 14:38:59 C:\WINDOWS\EpsStmMon3.log -->12/09/2006 14:38:27 C:\WINDOWS\bootstat.dat -->12/09/2006 14:38:12 C:\WINDOWS\PFRO.log -->12/09/2006 14:37:49 C:\WINDOWS\WindowsUpdate.log -->12/09/2006 08:54:28 C:\WINDOWS\keyboard1.dat -->12/09/2006 00:01:25 C:\WINDOWS\1.dat -->12/09/2006 00:01:25 C:\WINDOWS\MEMORY.DMP -->11/09/2006 09:44:14 C:\WINDOWS\Thumbs.db -->08/09/2006 12:17:43 C:\WINDOWS\KB921883.log -->08/09/2006 11:23:17 C:\WINDOWS\newname.dat -->08/09/2006 08:57:48 C:\WINDOWS\system.ini -->07/09/2006 19:10:36 C:\WINDOWS\pxsetup.rf -->07/09/2006 16:16:20 C:\WINDOWS\vimrun.exe |20/09/2005 10:53:59 C:\WINDOWS\system32\append.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\debug.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\dosx.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\dvdplay.exe |28/03/2003 01:13:22 C:\WINDOWS\system32\edlin.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\exe2bin.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\fastopen.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\Fport.exe |19/11/2005 23:00:16 C:\WINDOWS\system32\insrepim.exe |19/09/2005 17:16:40 C:\WINDOWS\system32\list.exe |19/11/2005 23:00:18 C:\WINDOWS\system32\mem.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\mscdexnt.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\nlsfunc.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\Ntrights.exe |08/09/2006 20:37:43 C:\WINDOWS\system32\nw16.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\PDFSpooler.exe |02/04/2004 09:26:22 C:\WINDOWS\system32\port.exe |04/01/2006 17:51:31 C:\WINDOWS\system32\printserver.exe |04/01/2006 17:51:28 C:\WINDOWS\system32\redir.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\rsvterm.exe |03/01/2006 16:42:36 C:\WINDOWS\system32\setver.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\share.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\strings.exe |08/09/2006 20:37:43 C:\WINDOWS\system32\vwipxspx.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\zip.exe |08/09/2006 20:37:43 C:\WINDOWS\system32\amstream.dll |20/09/2005 09:09:11 C:\WINDOWS\system32\antsjdbcodbc.dll |19/05/2006 11:33:32 C:\WINDOWS\system32\atmtd.dll |11/09/2006 20:07:18 C:\WINDOWS\system32\CNMVS58.DLL |30/09/2005 16:24:54 C:\WINDOWS\system32\EpsStmEW.DLL |05/01/2006 17:50:06 C:\WINDOWS\system32\icutu32.dll |19/05/2006 11:33:33 C:\WINDOWS\system32\ieencode.dll |20/09/2005 09:11:41 C:\WINDOWS\system32\IsassStatusMesg.dll |19/11/2005 23:01:59 C:\WINDOWS\system32\islzma.dll |11/09/2006 15:55:31 C:\WINDOWS\system32\libeay32.dll |19/11/2005 23:00:19 C:\WINDOWS\system32\msdmo.dll |20/09/2005 09:08:41 C:\WINDOWS\system32\msencode.dll |28/03/2003 14:00:00 C:\WINDOWS\system32\NavLogon.dll |30/07/2002 11:33:00 C:\WINDOWS\system32\nsldap32v50.dll |27/02/2002 10:41:26 C:\WINDOWS\system32\nsldappr32v50.dll |27/02/2002 10:41:28 C:\WINDOWS\system32\nsldapssl32v50.dll |27/02/2002 10:41:26 C:\WINDOWS\system32\NTAudioEdit.dll |19/11/2005 23:00:15 C:\WINDOWS\system32\paqsp.dll |28/03/2003 01:13:46 C:\WINDOWS\system32\pdfcmnnt.dll |11/04/2006 09:36:15 C:\WINDOWS\system32\qedwipes.dll |20/09/2005 09:08:26 C:\WINDOWS\system32\SAGEPERS.DLL |12/12/2005 10:59:24 C:\WINDOWS\system32\SharpImg.dll |05/01/2006 17:50:06 C:\WINDOWS\system32\ssleay32.dll |19/11/2005 23:00:22 C:\WINDOWS\system32\tsd32.dll |28/03/2003 14:00:00 C:\WINDOWS\system32\win87em.dll |28/03/2003 14:00:00 C:\WINDOWS\system32\wrlzma.dll |11/09/2006 15:55:31 C:\WINDOWS\system32\ZPORT4AS.dll |12/09/2006 16:10:41 C:\WINDOWS\vimrun.exe |20/09/2005 10:53:59 C:\WINDOWS\system32\append.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\debug.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\dosx.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\edlin.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\exe2bin.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\fastopen.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\Fport.exe |19/11/2005 23:00:16 C:\WINDOWS\system32\list.exe |19/11/2005 23:00:18 C:\WINDOWS\system32\mem.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\mscdexnt.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\nlsfunc.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\Ntrights.exe |08/09/2006 20:37:43 C:\WINDOWS\system32\nw16.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\port.exe |04/01/2006 17:51:31 C:\WINDOWS\system32\printserver.exe |04/01/2006 17:51:28 C:\WINDOWS\system32\redir.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\rsvterm.exe |03/01/2006 16:42:36 C:\WINDOWS\system32\setver.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\share.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\strings.exe |08/09/2006 20:37:43 C:\WINDOWS\system32\vwipxspx.exe |28/03/2003 14:00:00 C:\WINDOWS\system32\zip.exe |08/09/2006 20:37:43 C:\WINDOWS\system32\amstream.dll |20/09/2005 09:09:11 C:\WINDOWS\system32\antsjdbcodbc.dll |19/05/2006 11:33:32 C:\WINDOWS\system32\atmtd.dll |11/09/2006 20:07:18 C:\WINDOWS\system32\CNMVS58.DLL |30/09/2005 16:24:54 C:\WINDOWS\system32\icutu32.dll |19/05/2006 11:33:33 C:\WINDOWS\system32\ieencode.dll |20/09/2005 09:11:41 C:\WINDOWS\system32\IsassStatusMesg.dll |19/11/2005 23:01:59 C:\WINDOWS\system32\islzma.dll |11/09/2006 15:55:31 C:\WINDOWS\system32\libeay32.dll |19/11/2005 23:00:19 C:\WINDOWS\system32\msdmo.dll |20/09/2005 09:08:41 C:\WINDOWS\system32\msencode.dll |28/03/2003 14:00:00 C:\WINDOWS\system32\NavLogon.dll |30/07/2002 11:33:00 C:\WINDOWS\system32\nsldap32v50.dll |27/02/2002 10:41:26 C:\WINDOWS\system32\nsldappr32v50.dll |27/02/2002 10:41:28 C:\WINDOWS\system32\nsldapssl32v50.dll |27/02/2002 10:41:26 C:\WINDOWS\system32\NTAudioEdit.dll |19/11/2005 23:00:15 C:\WINDOWS\system32\pdfcmnnt.dll |11/04/2006 09:36:15 C:\WINDOWS\system32\qedwipes.dll |20/09/2005 09:08:26 C:\WINDOWS\system32\SAGEPERS.DLL |12/12/2005 10:59:24 C:\WINDOWS\system32\ssleay32.dll |19/11/2005 23:00:22 C:\WINDOWS\system32\tsd32.dll |28/03/2003 14:00:00 C:\WINDOWS\system32\win87em.dll |28/03/2003 14:00:00 C:\WINDOWS\system32\wrlzma.dll |11/09/2006 15:55:31 C:\WINDOWS\system32\ZPORT4AS.dll |12/09/2006 16:10:41 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F0ED-A6F5 Répertoire de C:\WINDOWS\system32 28/03/2003 14:00 4 096 csrss.exe 28/03/2003 14:00 46 080 csvde.exe 2 fichier(s) 50 176 octets 0 Rép(s) 107 323 699 200 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F0ED-A6F5 Répertoire de C:\WINDOWS\Downloaded Program Files 12/09/2006 16:08 <REP> . 12/09/2006 16:08 <REP> .. 11/04/2006 17:10 135 168 asinst.dll 03/04/2006 11:00 537 asinst.inf 24/06/2004 14:09 323 584 boisweb.dll 19/09/2005 16:32 65 desktop.ini 03/05/2006 03:57 876 jinstall-1_5_0_07.inf 10/08/2002 08:40 1 561 msrdp.inf 10/08/2002 08:29 600 064 msrdp.ocx 29/06/2005 18:17 227 opuc.inf 27/08/2005 14:30 5 065 swflash.inf 9 fichier(s) 1 067 147 octets Total des fichiers listés : 9 fichier(s) 1 067 147 octets 2 Rép(s) 107 323 695 104 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F0ED-A6F5 Répertoire de C:\Program Files 11/09/2006 20:07 <REP> . 11/09/2006 20:07 <REP> .. 15/05/2006 10:51 <REP> Adobe 07/02/2006 16:32 <REP> aida32 19/05/2006 11:34 <REP> antsdb 20/09/2005 11:58 <REP> Business Objects 30/09/2005 16:29 <REP> Canon 07/09/2006 16:32 <REP> CCleaner 20/09/2005 09:11 <REP> cmak 19/09/2005 16:30 <REP> ComPlus Applications 11/09/2006 20:07 <REP> Deskbar 09/01/2006 17:49 <REP> Epson 08/09/2006 11:03 <REP> Fichiers communs 05/07/2006 10:11 <REP> FourJs 13/08/2006 03:01 <REP> Internet Explorer 19/06/2006 17:01 <REP> Java 07/09/2006 16:52 <REP> Lavasoft 19/09/2005 17:05 <REP> Microsoft Office 19/09/2005 17:13 <REP> Microsoft SQL Server 19/09/2005 17:05 <REP> Microsoft Visual Studio 20/09/2005 11:58 <REP> Microsoft Visual Studio .NET 2003 21/03/2006 10:28 <REP> Microsoft Works 19/09/2005 17:04 <REP> Microsoft.NET 12/07/2006 11:30 <REP> MSAT 20/09/2005 09:09 <REP> NetMeeting 11/09/2006 20:07 <REP> Network Monitor 21/03/2006 10:32 <REP> OfficeUpdate11 13/04/2006 14:02 <REP> Outlook Express 11/04/2006 09:36 <REP> PDFCreator 12/12/2005 11:16 <REP> PMSSAARI 23/08/2006 14:35 <REP> Projet1 07/09/2006 16:38 <REP> RegCleaner 02/12/2005 12:01 <REP> Rpv 17/10/2005 17:07 <REP> schema 19/09/2005 16:32 <REP> Services en ligne 09/01/2006 11:42 <REP> SonicWALL 07/09/2006 16:45 <REP> Spybot - Search & Destroy 19/09/2005 16:49 <REP> Symantec 19/09/2005 16:49 <REP> Symantec_Client_Security 11/09/2006 20:07 <REP> TheSearchAccelerator 12/09/2006 08:54 <REP> ToolBar888 09/06/2006 11:37 <REP> UltraVNC 11/09/2006 15:55 <REP> Webroot 16/02/2006 19:01 <REP> Windows Media Player 19/09/2005 16:29 <REP> Windows NT 05/07/2006 10:07 <REP> WinZip 07/09/2006 16:32 <REP> Yahoo! 0 fichier(s) 0 octets 47 Rép(s) 107 323 695 104 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F0ED-A6F5 Répertoire de C:\Program Files\fichiers communs 08/09/2006 11:03 <REP> . 08/09/2006 11:03 <REP> .. 19/09/2005 17:42 <REP> Adobe 19/09/2005 17:56 <REP> Business Objects 23/08/2006 14:35 <REP> Crystal Decisions 17/10/2005 17:07 <REP> DESIGNER 09/01/2006 11:42 <REP> Deterministic Networks 12/12/2005 10:57 <REP> InstallShield 19/09/2005 17:56 <REP> Java 19/09/2005 17:57 <REP> Merge Modules 21/03/2006 10:29 <REP> Microsoft Shared 19/09/2005 17:24 <REP> ODBC 12/12/2005 11:00 <REP> Sage 19/09/2005 16:31 <REP> Services 19/09/2005 17:24 <REP> SpeechEngines 19/09/2005 16:49 <REP> Symantec Shared 13/04/2006 14:02 <REP> System 11/09/2006 19:04 <REP> uuwo 12/07/2006 11:30 <REP> Wise Installation Wizard 11/09/2006 19:27 <REP> {F0EDA6F5-0710-1036-0420-051023030021} 0 fichier(s) 0 octets 20 Rép(s) 107 323 691 008 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F0ED-A6F5 Répertoire de C:\ 11/09/2006 19:00 770 048 cvcv.exe 11/09/2006 20:07 251 262 deskbar3.exe 11/09/2006 20:07 86 016 dfndrff_17.exe 11/09/2006 23:32 77 824 dfndrff_18.exe 11/09/2006 23:32 36 864 drsmartload.exe 11/09/2006 20:07 20 480 drsmartload45a45r.exe 11/09/2006 20:07 20 480 drsmartload46a46r.exe 11/09/2006 20:07 20 480 drsmartload849a849r.exe 11/09/2006 17:11 138 862 fra.exe 11/09/2006 22:23 770 048 hpp.exe 11/09/2006 19:26 770 048 iijs.exe 12/09/2006 14:34 770 048 iiooi.exe 11/09/2006 20:07 578 560 Installer3.exe 11/09/2006 20:07 77 824 kybrdff_17.exe 12/09/2006 00:01 282 624 kybrdff_18.exe 11/09/2006 22:07 770 048 lklklk.exe 11/09/2006 17:43 770 048 lkslsks.exe 11/09/2006 20:26 770 048 msn_shelter@mafya.com.exe 11/09/2006 20:07 25 105 MTE3NDI6ODoxNg.exe 11/09/2006 20:07 25 105 MTE3NDI6ODoxNgnew.exe 11/09/2006 21:10 770 048 no-ip.exe 11/09/2006 20:07 32 768 nwnmff_17.exe 11/09/2006 23:32 57 344 nwnmff_18.exe 12/09/2006 14:24 770 048 plplo.exe 11/09/2006 20:42 770 048 powpip.exe 11/09/2006 20:07 30 208 SS1001newer.exe 11/09/2006 20:07 14 848 stub_113_4_0_4_0newer.exe 11/09/2006 20:07 517 168 ucmoreiex.exe 11/09/2006 19:27 138 862 usihsjksb.exe 11/09/2006 20:06 770 048 uyuy.exe 11/09/2006 20:24 770 048 uyuyes.exe 11/09/2006 20:34 770 048 uyuyesee.exe 11/09/2006 23:32 770 048 vhsot.exe 11/09/2006 20:07 578 560 warebundlenewer.exe 34 fichier(s) 13 791 916 octets 0 Rép(s) 107 323 691 008 octets libres c:\Documents and Settings\Administrateur\Bureau\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\Administrateur\Mes documents\Pilotes\ZUDv54616.exe c:\Documents and Settings\Administrateur\Mes documents\Pilotes\Clavier\sp26554.exe c:\Documents and Settings\Administrateur\Mes documents\Pilotes\Epson TM-U6000II\Apsmpl_301.exe c:\Documents and Settings\Administrateur\Mes documents\Pilotes\Epson TM-U6000II\ATM_301fE.exe c:\Documents and Settings\Administrateur\Mes documents\Pilotes\Modem\modem830.exe c:\Documents and Settings\Administrateur\Mes documents\Pilotes\Modem Sitecom\DC014_9xME2kXP.exe c:\Documents and Settings\Administrateur\Mes documents\Pilotes\NVidia\SP26481.exe c:\Documents and Settings\Administrateur\Mes documents\Pilotes\Pdf Creator\PDFCreator-0_8_0_GNUGhostscript.exe c:\Documents and Settings\Administrateur\Mes documents\Tsweb\tswebsetup.exe c:\Documents and Settings\Administrateur\WINDOWS\IsUn040c.exe c:\Documents and Settings\Administrateur\WINDOWS\IsUninst.exe c:\Documents and Settings\Administrateur\WINDOWS\ltmsg.exe c:\Documents and Settings\Administrateur\WINDOWS\ltremove.exe c:\Documents and Settings\Administrateur\WINDOWS\I560\uninstall.exe c:\Documents and Settings\All Users\Application Data\Prevx\PXSetup.exe c:\Documents and Settings\clemence\Bureau\diaghelp\diaghelp\FilesInfoCmd.exe c:\Documents and Settings\clemence\Bureau\diaghelp\diaghelp\Fport.exe c:\Documents and Settings\clemence\Bureau\diaghelp\diaghelp\grep.exe c:\Documents and Settings\clemence\Bureau\diaghelp\diaghelp\LFiles.exe c:\Documents and Settings\clemence\Bureau\diaghelp\diaghelp\LISTDLLS.exe c:\Documents and Settings\clemence\Bureau\diaghelp\diaghelp\pslist.exe c:\Documents and Settings\clemence\Bureau\diaghelp\diaghelp\streams.exe c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\56IR75CM\drsmartload849a[1].exe c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\56IR75CM\nwnmff_18[1].exe c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\HZT68NF2\drsmartload45a[1].exe c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\HZT68NF2\Installer[1].exe c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\HZT68NF2\kybrdff_17[1].exe c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\HZT68NF2\MTE3NDI6ODoxNg[1].exe c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SLA2028N\dfndrff_17[1].exe c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SLA2028N\dfndrff_18[1].exe c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SLA2028N\drsmartload46a[1].exe c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SLA2028N\stub_113_4_0_4_0[1].exe c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\deskbar[1].exe c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\installer[2].exe c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\kybrdff_18[1].exe c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\loader[1].exe c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\nwnmff_17[1].exe c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\SS1001[1].exe c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\ucmoreiex[1].exe c:\Documents and Settings\florence\Local Settings\Temporary Internet Files\Content.IE5\E9XANU1O\WinAntiSpyware2006FreeInstall_fr[1].exe c:\Documents and Settings\jerome\Application Data\Microsoft\Installer\{AF5116D9-A075-4669-8148-79E51EDAACEF}\IconAF5116D91.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\tdr160e.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\L2301FRX.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\L2305FRX.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\Win2000\CAP1TRSK.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\Win2000\CAP1UNIK.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\Win2000\CAPAFEN.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\Win2000\CAPONN.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\Win2000\CAPPSWK.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\Win2000\CAPRPCSK.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\WinXP\CAP1TRSK.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\WinXP\CAP1UNIK.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\WinXP\CAPAFEN.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\WinXP\CAPONN.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\WinXP\CAPPSWK.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\WinXP\CAPRPCSK.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\easyphp1.5\easyphp1-5_setup.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\epson\TMU375\Tdr161e.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\ftp\Setup.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\ftp2\FileZilla_1_6setup.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\HP 1220C\dj1075fr.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\HP 640C\640-fra-2kinfu.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\HP 820 Cxi\dj380fr.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\HP 895 CXi\dj896fr.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Light Modem COM1\tech0721.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Meto\METO.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Meto\PrnInst.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Netgear\FA410-TX\FA410\BASDIAG.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Netgear\FA410-TX\FA410\DFCD.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Netgear\FA410-TX\FA410\DIAG.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Netgear\FA410-TX\FA410\HELP.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Netgear\FA410-TX\FA410\NETDIAG.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Netgear\FA410-TX\FA410\NETX.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Netgear\FA410-TX\FA410\PCMINFO.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Netgear\FA511\DIAG.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Netgear\FA511\HELP.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\OLITEC\pci-ntv2.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\OLITEC\SpeedCom2000\oli2000.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\OLITEC\SpeedCom2000_NT4\olitec.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\php\123logsetup.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\php\r2p3setup.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\php\setup_light_0_9_1.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\php\php\php.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\rom compaq\SP8979.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\scanner hp4p\sj166fr.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\scanner hp4p\temp\DISK1\_isdel.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\scanner hp4p\temp\DISK1\fix_pnp.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\scanner hp4p\temp\DISK1\hpresset.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\scanner hp4p\temp\DISK1\hpsjrreg.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\scanner hp4p\temp\DISK1\setup.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\scanner hp4p\temp\DISK1\swtchset.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\scanner hp4p\temp\DISK3\hpresset.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\video compaq\SP9250.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\video compaq\RPW9H\DISK1\BIOS16.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\video compaq\RPW9H\DISK1\DRVSETUP.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\video compaq\RPW9H\DISK1\SETUP.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\winzip-winrar\quickzip.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\winzip-winrar\wrar28fr.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Editions\rpv200e.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Editions\rpv22freng.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Fax\fax\Faxogi.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Fax\fax\Fourniture 4JS\fjs-cliwtk-3[1].50.1a-wnt0403.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Fax\fax\Fourniture 4JS\fjs-f4gl-3[1].50.1a-wnt0403.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Macros\Mac10.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Macros\MacPro.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Macros\mteceval.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Macros\TrayMacroSetup.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\OPEN4X\Technique\IfmxtoSQL.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Reform\Enterprise\ReformEEval.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Reform\FreeWare\ReformFreeWare.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Reform\REFORM\ReformSEval.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Reform\Standard\ReformSEval.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\Crystal\CE8\ce80win_en_sp1.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\Crystal\CR85\cr85win_en_sp2.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\FRN_SQL2KDeskSP2.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\FRN_SQL2KSP2.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\bcp.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\cdw.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\cnfgsvr.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\distrib.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\dtsrun.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\dtsrunui.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\isqlw.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\logread.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\osql.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\profiler.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\purgeset.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\qrdrsvc.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\rebuildm.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\redirexe.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\redirexec.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\remsetup.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\replmerg.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\scm.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\snapshot.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\sqladhlp.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\sqlagent.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\sqldiag.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\sqlmaint.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\sqlmangr.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\sqlservr.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\svrnetcn.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\wzcnflct.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\xpadsi.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\fulltext\ftsetup.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\fulltext\sqlftwiz.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\fulltext\mssearch\search\catutil.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\fulltext\mssearch\search\mssdmn.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\fulltext\mssearch\search\mssearch.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\fulltext\mssearch\search\pstoreutl.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\fulltext\mssearch\search\SearchStp.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\other\sqlredis.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\other\sdi\sqldbreg.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\setup\_isdel.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\setup\setupsql.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\setup\sqlstp.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\upgrade\cnvsvc.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP3 Office XP\OfficeXpSp3-kb832671-fullfile-fra.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP3 SQL2000\frn_sql2kasp3.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP3 SQL2000\Analysis\frn_sql2kasp3.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP3 SQL2000\Desktop\FRN_SQL2KDeskSP3.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP4 W2000\w2ksp4_fr.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\SQL Server\SQL MSDE\FRN_MSDE2000A.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\TSE_(Web)\tswebsetup.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Exec(anc)\ProtExe.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Macros\Mac10.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Macros\MacPro.EXE c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Macros\mteceval.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Macros\TrayMacroSetup.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Protexe\Fv27Setup.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Protexe\PPSJcore.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Protexe\PPS-Lite.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Session\tslw2k.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Session\ok\lockerFR.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Session\ok\winpwd.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\VNC\vnc-3.3.4-x86_win32.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\VSO_2003_JUL\AccSQL02.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\VSO_2003_JUL\Upsize02.exe c:\Reunion\Documents and Settings\Administrateur\Mes documents\WinZip\winzip81.exe c:\Reunion\Stagiaire Bisio Sauv 11-04-2006\Documents Stagiaire BISIO\HIE3_Pro.exe c:\Reunion\Stagiaire Bisio Sauv 11-04-2006\Documents Stagiaire BISIO\scrippy202.exe c:\Reunion\Stagiaire Bisio Sauv 11-04-2006\Documents Stagiaire BISIO\Thunderbird Setup 1.5.exe c:\Reunion\Stagiaire Bisio Sauv 11-04-2006\Documents Stagiaire BISIO\FireFox\Firefox Setup 1.5.0.1.exe c:\Reunion\Stagiaire Bisio Sauv 11-04-2006\Documents Stagiaire BISIO\FireFox\firefox.exe c:\Reunion\Stagiaire Bisio Sauv 11-04-2006\Documents Stagiaire BISIO\FireFox\updater.exe c:\Reunion\Stagiaire Bisio Sauv 11-04-2006\Documents Stagiaire BISIO\FireFox\xpicleanup.exe c:\Reunion\Stagiaire Bisio Sauv 11-04-2006\Documents Stagiaire BISIO\FireFox\plugins\GetFlash.exe c:\Reunion\Stagiaire Bisio Sauv 11-04-2006\Documents Stagiaire BISIO\FireFox\uninstall\UninstallFirefox.exe c:\Documents and Settings\All Users\Application Data\Prevx\msvcp71.dll c:\Documents and Settings\All Users\Application Data\Prevx\msvcr71.dll c:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll c:\Documents and Settings\All Users\Application Data\Prevx\qt-mt336.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\VD223803.VDB\CCERASER.DLL c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\VD223803.VDB\ECMSVR32.DLL c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\VD223803.VDB\NAVENG16.DLL c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\VD223803.VDB\NAVENG32.DLL c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\VD223803.VDB\NAVEX16A.DLL c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\VD223803.VDB\NAVEX32A.DLL
  9. Bisio
    Je crois que looktome est encore la...
  10. Bisio
    Voici le log de looktome destroyer Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 12/09/2006 14:21:00 Infected! C:\WINDOWS\system32\en02l1do1.dll Infected! C:\WINDOWS\system32\cousapi.dll Infected! C:\WINDOWS\system32\en02l1do1.dll Infected! C:\WINDOWS\system32\fpj6031se.dll Infected! C:\WINDOWS\system32\g2jolc131f.dll Infected! C:\WINDOWS\system32\lnbOCAHelper-2-13.dll Infected! C:\WINDOWS\system32\guard.tmp Attempting to delete infected files... Attempting to delete: C:\WINDOWS\system32\en02l1do1.dll C:\WINDOWS\system32\en02l1do1.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\cousapi.dll C:\WINDOWS\system32\cousapi.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\en02l1do1.dll C:\WINDOWS\system32\en02l1do1.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\fpj6031se.dll C:\WINDOWS\system32\fpj6031se.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\g2jolc131f.dll C:\WINDOWS\system32\g2jolc131f.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\lnbOCAHelper-2-13.dll C:\WINDOWS\system32\lnbOCAHelper-2-13.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\guard.tmp Deleted successfully! Making registry repairs. Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Dynamic Directory Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7CB98891-7E7A-49B3-9582-7EF8FBE5DAF2}" HKCR\Clsid\{7CB98891-7E7A-49B3-9582-7EF8FBE5DAF2} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0D5B228D-AEC6-49C9-9B3E-55D6871D1A5D}" HKCR\Clsid\{0D5B228D-AEC6-49C9-9B3E-55D6871D1A5D} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{07615452-2507-440C-A221-898249F5DC19}" HKCR\Clsid\{07615452-2507-440C-A221-898249F5DC19} Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administrateurs - Succeeded Voici le log de hijack this : Logfile of HijackThis v1.99.1 Scan saved at 14:49:03, on 12/09/2006 Platform: Windows 2003 SP1 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830) Running processes: C:\Documents and Settings\clemence\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\certsrv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\EpStsSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\FourJs\gwc\bin\gasd.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\Isass.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\dllcache\mslogon.exe C:\Program Files\Network Monitor\netmon.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\printserver.exe C:\WINDOWS\system32\rsvterm.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\lserver.exe C:\Program Files\Fichiers communs\System\MSSearch\Bin\mssearch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\rdpclip.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.maintronic.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file) O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O10 - Broken Internet access because of LSP provider 'c:\documents and settings\clemence\windows\system32\mswsock.dll' missing O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://localhost/tsweb/msrdp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AA0266EB-4E2B-43AE-9E65-1217CD1E3AEE}: NameServer = 193.252.19.3,193.252.19.4 O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Service Application Experience Lookup (AeLookupSvc) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\alg.exe (file missing) O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing) O23 - Service: Audio Windows (AudioSrv) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Explorateur d'ordinateurs (Browser) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service d'indexation (CiSvc) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T0dJ\command.exe (file missing) O23 - Service: Services de cryptographie (CryptSvc) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Lanceur de processus serveur DCOM (DcomLaunch) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Système de fichiers distribués (Dfs) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\Dfssvc.exe (file missing) O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: EPSON ESC/POS Status Service (EPSON ESCPOS Status Service) - Unknown owner - EpStsSrv.exe (file missing) O23 - Service: Service de rapport d'erreurs (ERSvc) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\services.exe (file missing) O23 - Service: Fax - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Genero Application Server for the Web Client (GWC-1.32.1f) (fglas_1.32.1f_190606171357) - Unknown owner - C:\Program Files\FourJs\gwc\bin\gasd.exe" --as-directory "C:\Program Files\FourJs\gwc" --service-start (file missing) O23 - Service: Aide et support (helpsvc) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing) O23 - Service: IIsass Sql Server (IIsass) - Cat Soft - C:\WINDOWS\system32\Isass.exe O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Serveur d'impression TCP/IP (LPDSVC) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\tcpsvcs.exe (file missing) O23 - Service: Microsoft Logon Service - Unknown owner - C:\WINDOWS\system32\dllcache\mslogon.exe O23 - Service: Service de publication FTP (MSFtpsvc) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\inetsrv\inetinfo.exe (file missing) O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Connexions réseau (Netman) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: NLA (Network Location Awareness) (Nla) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Réplication de fichiers (NtFrs) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\ntfrs.exe (file missing) O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Stockage amovible (NtmsSvc) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: OCX-Base-Settings (ocxset) - Unknown owner - c:\windows\addins\addin\msdtc32.exe (file missing) O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\services.exe (file missing) O23 - Service: Services IPSEC (PolicyAgent) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\lsass.exe (file missing) O23 - Service: HP Printserver (prnter) - Unknown owner - C:\WINDOWS\system32\printserver.exe O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\lsass.exe (file missing) O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Routage et accès distant (RemoteAccess) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Accès à distance au Registre (RemoteRegistry) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Localisateur d'appels de procédure distante (RPC) (RpcLocator) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\locator.exe (file missing) O23 - Service: Appel de procédure distante (RPC) (RpcSs) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Fournisseur d'un jeu de stratégie résultant (RSoPProv) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\RSoPProv.exe (file missing) O23 - Service: RSV Term Advise (RSV-ID) - Unknown owner - C:\WINDOWS\system32\rsvterm.exe O23 - Service: Application d'assistance de la Console d'administration spéciale (sacsvr) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\SCardSvr.exe (file missing) O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Ouverture de session secondaire (seclogon) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Notification d'événement système (SENS) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Détection matériel noyau (ShellHWDetection) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\spoolsv.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Microsoft Software Shadow Copy Provider (swprv) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\smlogsvc.exe (file missing) O23 - Service: Téléphonie (TapiSrv) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Services Terminal Server (TermService) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Gestion de licences Terminal Server (TermServLicensing) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\lserver.exe (file missing) O23 - Service: Thèmes (Themes) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Gestionnaire de téléchargement (uploadmgr) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Onduleur (UPS) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\ups.exe (file missing) O23 - Service: Service de disque virtuel (vds) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\vds.exe (file missing) O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service de publication World Wide Web (W3SVC) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing) O23 - Service: WebClient - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service de découverte automatique de Proxy Web pour les services HTTP Windows (WinHttpAutoProxySvc) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Infrastructure de gestion Windows (winmgmt) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service de numéro de série du lecteur multimédia portable (WmdmPmSN) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Configuration sans fil (WZCSVC) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service d'approvisionnement réseau (xmlprov) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
  11. Bisio
    J'ai oublié de dire que j'ai norton comme antivirus. Que hier j'ai lancé looktome remover et il a planté, ensuite j'ai lancé looktome destroyer et ca a bien fonctionné mais aujourd'hui en lancant spysweeper il a retrouvé looktome et maxifiles et depuis, les pubs et tout le reste est revenu...
  12. Bisio
    Je suis infesté jusqu'au coup !!! Si quelqu'un pouvez m'aider ? Voici mon rapport Hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 09:15:10, on 12/09/2006 Platform: Windows 2003 SP1 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830) Running processes: C:\Documents and Settings\Administrateur\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\certsrv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\EpStsSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\FourJs\gwc\bin\gasd.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\Isass.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\dllcache\mslogon.exe C:\Program Files\Network Monitor\netmon.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\printserver.exe C:\WINDOWS\system32\rsvterm.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\lserver.exe C:\Program Files\Fichiers communs\System\MSSearch\Bin\mssearch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\windows\system32\inetsrv\w3wp.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\rdpclip.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\FourJs\gdc\bin\gdc.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\vi.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\rdpclip.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\FourJs\gdc\bin\gdc.exe C:\Spy\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file) O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - Startup: gdc.exe.lnk = C:\Program Files\FourJs\gdc\bin\gdc.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrateur\windows\system32\mswsock.dll' missing O15 - Trusted Zone: http://*.pavilion O15 - Trusted IP range: http://193.251.69.103 O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://localhost/tsweb/msrdp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AA0266EB-4E2B-43AE-9E65-1217CD1E3AEE}: NameServer = 193.252.19.3,193.252.19.4 O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\en02l1do1.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Service Application Experience Lookup (AeLookupSvc) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\alg.exe (file missing) O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing) O23 - Service: Audio Windows (AudioSrv) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Explorateur d'ordinateurs (Browser) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service d'indexation (CiSvc) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T0dJ\command.exe (file missing) O23 - Service: Services de cryptographie (CryptSvc) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Lanceur de processus serveur DCOM (DcomLaunch) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Système de fichiers distribués (Dfs) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\Dfssvc.exe (file missing) O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: EPSON ESC/POS Status Service (EPSON ESCPOS Status Service) - Unknown owner - EpStsSrv.exe (file missing) O23 - Service: Service de rapport d'erreurs (ERSvc) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\services.exe (file missing) O23 - Service: Fax - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Genero Application Server for the Web Client (GWC-1.32.1f) (fglas_1.32.1f_190606171357) - Unknown owner - C:\Program Files\FourJs\gwc\bin\gasd.exe" --as-directory "C:\Program Files\FourJs\gwc" --service-start (file missing) O23 - Service: Aide et support (helpsvc) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing) O23 - Service: IIsass Sql Server (IIsass) - Cat Soft - C:\WINDOWS\system32\Isass.exe O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Serveur d'impression TCP/IP (LPDSVC) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\tcpsvcs.exe (file missing) O23 - Service: Microsoft Logon Service - Unknown owner - C:\WINDOWS\system32\dllcache\mslogon.exe O23 - Service: Service de publication FTP (MSFtpsvc) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\inetsrv\inetinfo.exe (file missing) O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Connexions réseau (Netman) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: NLA (Network Location Awareness) (Nla) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Réplication de fichiers (NtFrs) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\ntfrs.exe (file missing) O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Stockage amovible (NtmsSvc) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: OCX-Base-Settings (ocxset) - Unknown owner - c:\windows\addins\addin\msdtc32.exe (file missing) O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\services.exe (file missing) O23 - Service: Services IPSEC (PolicyAgent) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\lsass.exe (file missing) O23 - Service: HP Printserver (prnter) - Unknown owner - C:\WINDOWS\system32\printserver.exe O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\lsass.exe (file missing) O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Routage et accès distant (RemoteAccess) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Accès à distance au Registre (RemoteRegistry) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Localisateur d'appels de procédure distante (RPC) (RpcLocator) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\locator.exe (file missing) O23 - Service: Appel de procédure distante (RPC) (RpcSs) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Fournisseur d'un jeu de stratégie résultant (RSoPProv) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\RSoPProv.exe (file missing) O23 - Service: RSV Term Advise (RSV-ID) - Unknown owner - C:\WINDOWS\system32\rsvterm.exe O23 - Service: Application d'assistance de la Console d'administration spéciale (sacsvr) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\SCardSvr.exe (file missing) O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Ouverture de session secondaire (seclogon) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Notification d'événement système (SENS) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Détection matériel noyau (ShellHWDetection) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\spoolsv.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Microsoft Software Shadow Copy Provider (swprv) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\smlogsvc.exe (file missing) O23 - Service: Téléphonie (TapiSrv) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Services Terminal Server (TermService) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Gestion de licences Terminal Server (TermServLicensing) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\lserver.exe (file missing) O23 - Service: Thèmes (Themes) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Gestionnaire de téléchargement (uploadmgr) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Onduleur (UPS) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\ups.exe (file missing) O23 - Service: Service de disque virtuel (vds) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\vds.exe (file missing) O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service de publication World Wide Web (W3SVC) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing) O23 - Service: WebClient - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service de découverte automatique de Proxy Web pour les services HTTP Windows (WinHttpAutoProxySvc) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Infrastructure de gestion Windows (winmgmt) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service de numéro de série du lecteur multimédia portable (WmdmPmSN) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Configuration sans fil (WZCSVC) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service d'approvisionnement réseau (xmlprov) - Unknown owner - C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
×
×
  • Créer...