Bisio
-
Compteur de contenus
12 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Messages posté(e)s par Bisio
-
-
Je revient demain malekal... J'y suis depuis 9h du matin et j'en ai un peu marre...
Je te dit a demain...
-
Ca marche pas !!! Il me dit : un logiciel malicieux vous a enlever des privilèges ou un truc comme ca !!!
-
-
Je recois :
- http://www.allcomprehend.com/t164081102.html
- un truc pr winantivir pro 2006 je crois ...
- j'ai un case de recherche qui s'est mis dans la barre des taches de windows
- http://www.firstnarrative.com/t164081102.html
si tu en veut d'autre de lien ya qu'a demander !!!
En tout cas deja merci pr ton aide !!
-
La je comprend plus !!!!!
j'ai fais tous ce que tu m'a demandé, jusqu'a "redemarre en mode normal" et la : bim les pubs qui reviennent et tout le reste !!! Je suis dépitée !!! QU'est-ce que j'ai pu faire comme bétise ??? Je comprend pas..... Ensuite j'ai quand même essayé le vundoxfix, et il n'affiche pas la case à cocher... et donc il ne trouve pas le malware....
Je vais faire l'analyse antivirus en attandant je t'envoie les rapports
Celui d'Ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 21:20:51 12/09/2006
+ Scan result:
C:\Program Files\Fichiers communs\{F0EDA6F5-0710-1036-0420-051023030021}\Update.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\T0dJ\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\i12.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\ucmoreiex[1].exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\ucmoreiex[1].exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\ucmoreiex[1].exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Menu Démarrer\Programmes\UCmore - The Search Accelerator -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Menu Démarrer\Programmes\UCmore - The Search Accelerator\How To Uninstall.lnk -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Menu Démarrer\Programmes\UCmore - The Search Accelerator\UCmore - The Search Accelerator.lnk -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Menu Démarrer\Programmes\UCmore - The Search Accelerator\UCmore Tour.lnk -> Adware.Ucmore : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\HZT68NF2\antec[1].jpg -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\bintheredunthat\lksjkdn.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\bintheredunthat\wsds.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\loader[1].exe -> Downloader.Adload.fg : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\SS1001[1].exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Cookies\administrateur@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Cookies\administrateur@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Cookies\administrateur@casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Cookies\administrateur@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\administrateur@casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Cookies\administrateur@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\florence\Cookies\florence@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\administrateur@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\administrateur@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\administrateur@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Cookies\administrateur@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
C:\Documents and Settings\clemence\Cookies\clemence@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Cookies\administrateur@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrateur\Local Settings\Temp\Cookies\administrateur@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\administrateur@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
::Report end
MEME HIJACKTHIS NE MARCHE PLUS !!!! IL S OUVRE ET SE REFERME 3 SECONDE APRES !!!!!
Je ne sais plus quoi faire...
Raport de clean :
Script clean par Malekal_morte - http://www.malekal.com
Microsoft Windows [version 5.2.3790]
Script execute en mode sans echec
*** Suppression de fichiers sur C:
C:\deskbar?.exe FOUND
C:\dfndr*.exe FOUND
C:\drsmartload*.exe FOUND
C:\Installer*.exe FOUND
C:\kybr*.exe FOUND
C:\fra.exe FOUND
C:\powpip.exe FOUND
C:\M*DoxNg.exe FOUND
C:\MTE*NDI6ODoxNg*.exe FOUND
C:\no-ip.exe FOUND
C:\nwnm*.exe FOUND
C:\plplo.exe FOUND
C:\stub_*_?_?_*.exe FOUND
C:\SS1001newer.exe FOUND
C:\ucmoreiex.exe FOUND
C:\uy*.exe FOUND
C:\vhsot.exe FOUND
C:\warebundlenewer.exe FOUND
*** Suppression des fichiers dans C:\WINDOWS\
C:\WINDOWS\keyboard*.dat FOUND
C:\WINDOWS\newname.dat FOUND
*** Suppression des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\dsquery.exe FOUND
C:\WINDOWS\system32\atmtd.dll FOUND
"C:\Program Files\Deskbar\" FOUND
"C:\Program Files\Network Monitor\" FOUND
"C:\Program Files\TheSearchAccelerator\" FOUND
"C:\Program Files\Toolbar888\" FOUND
*** Suppression des clefs du registre effectuee..
Si quelqu'un peut m'aider....
-
J'ai un petit problème... Un problème débile en plus !!
Je suis actuellement en mode sans échec (sur l'ordinateur infecté) et ewido vient de finir son scan mais sa fenetre est tellement grosse que je ne peut pas accéder aux boutons, nottament "Apply all actions" !!!! C'est un probléme bénin mais je ne sais pas du tout comment faire !!! J'ai essayé avec tab et ca ne marche pas...
Si quelqu'un à la solution ou toi "malekal_morte"
-
VOici le rapport de DiagHelp
C:\WINDOWS\System32\wpa.dbl -->12/09/2006 16:57:23
C:\WINDOWS\System32\asfiles.txt -->12/09/2006 16:18:10
C:\WINDOWS\System32\Uninstall.ico -->12/09/2006 16:08:23
C:\WINDOWS\System32\pavas.ico -->12/09/2006 16:08:22
C:\WINDOWS\System32\Help.ico -->12/09/2006 16:08:22
C:\WINDOWS\System32\PrntCrashReport.log -->12/09/2006 14:38:43
C:\WINDOWS\System32\asvcpk.ocx -->12/09/2006 14:38:35
C:\WINDOWS\System32\IsassStatusMesg.dll -->12/09/2006 14:38:28
C:\WINDOWS\System32\NTAudioEdit.dll -->12/09/2006 14:38:27
C:\WINDOWS\System32\atmtd.dll._ -->11/09/2006 20:07:18
C:\WINDOWS\System32\atmtd.dll -->11/09/2006 20:07:18
C:\WINDOWS\System32\Tmp1A.tmp -->11/09/2006 10:24:57
C:\WINDOWS\System32\PerfStringBackup.INI -->10/09/2006 17:10:56
C:\WINDOWS\System32\perfh00C.dat -->10/09/2006 17:10:56
C:\WINDOWS\System32\perfh009.dat -->10/09/2006 17:10:56
C:\WINDOWS\System32\perfc00C.dat -->10/09/2006 17:10:56
C:\WINDOWS\System32\perfc009.dat -->10/09/2006 17:10:56
C:\WINDOWS\System32\Tmp10.tmp -->08/09/2006 22:48:46
C:\WINDOWS\System32\direct.txt -->08/09/2006 20:37:43
C:\WINDOWS\System32\TmpA.tmp -->07/09/2006 15:58:08
C:\WINDOWS\System32\MRT.exe -->09/08/2006 21:03:04
C:\WINDOWS\System32\mshtml.dll -->28/07/2006 16:43:11
C:\WINDOWS\System32\inetcomm.dll -->26/07/2006 19:10:07
C:\WINDOWS\System32\w03a2409.dll -->25/07/2006 22:41:26
C:\WINDOWS\System32\shdocvw.dll -->25/07/2006 22:41:12
C:\WINDOWS\setupapi.log -->12/09/2006 16:17:58
C:\WINDOWS\win.ini -->12/09/2006 16:17:05
C:\WINDOWS\0.log -->12/09/2006 14:38:59
C:\WINDOWS\EpsStmMon3.log -->12/09/2006 14:38:27
C:\WINDOWS\bootstat.dat -->12/09/2006 14:38:12
C:\WINDOWS\PFRO.log -->12/09/2006 14:37:49
C:\WINDOWS\WindowsUpdate.log -->12/09/2006 08:54:28
C:\WINDOWS\keyboard1.dat -->12/09/2006 00:01:25
C:\WINDOWS\1.dat -->12/09/2006 00:01:25
C:\WINDOWS\MEMORY.DMP -->11/09/2006 09:44:14
C:\WINDOWS\Thumbs.db -->08/09/2006 12:17:43
C:\WINDOWS\KB921883.log -->08/09/2006 11:23:17
C:\WINDOWS\newname.dat -->08/09/2006 08:57:48
C:\WINDOWS\system.ini -->07/09/2006 19:10:36
C:\WINDOWS\pxsetup.rf -->07/09/2006 16:16:20
C:\WINDOWS\vimrun.exe |20/09/2005 10:53:59
C:\WINDOWS\system32\append.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\debug.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\dosx.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\dvdplay.exe |28/03/2003 01:13:22
C:\WINDOWS\system32\edlin.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\exe2bin.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\fastopen.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\Fport.exe |19/11/2005 23:00:16
C:\WINDOWS\system32\insrepim.exe |19/09/2005 17:16:40
C:\WINDOWS\system32\list.exe |19/11/2005 23:00:18
C:\WINDOWS\system32\mem.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\mscdexnt.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\nlsfunc.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\Ntrights.exe |08/09/2006 20:37:43
C:\WINDOWS\system32\nw16.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\PDFSpooler.exe |02/04/2004 09:26:22
C:\WINDOWS\system32\port.exe |04/01/2006 17:51:31
C:\WINDOWS\system32\printserver.exe |04/01/2006 17:51:28
C:\WINDOWS\system32\redir.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\rsvterm.exe |03/01/2006 16:42:36
C:\WINDOWS\system32\setver.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\share.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\strings.exe |08/09/2006 20:37:43
C:\WINDOWS\system32\vwipxspx.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\zip.exe |08/09/2006 20:37:43
C:\WINDOWS\system32\amstream.dll |20/09/2005 09:09:11
C:\WINDOWS\system32\antsjdbcodbc.dll |19/05/2006 11:33:32
C:\WINDOWS\system32\atmtd.dll |11/09/2006 20:07:18
C:\WINDOWS\system32\CNMVS58.DLL |30/09/2005 16:24:54
C:\WINDOWS\system32\EpsStmEW.DLL |05/01/2006 17:50:06
C:\WINDOWS\system32\icutu32.dll |19/05/2006 11:33:33
C:\WINDOWS\system32\ieencode.dll |20/09/2005 09:11:41
C:\WINDOWS\system32\IsassStatusMesg.dll |19/11/2005 23:01:59
C:\WINDOWS\system32\islzma.dll |11/09/2006 15:55:31
C:\WINDOWS\system32\libeay32.dll |19/11/2005 23:00:19
C:\WINDOWS\system32\msdmo.dll |20/09/2005 09:08:41
C:\WINDOWS\system32\msencode.dll |28/03/2003 14:00:00
C:\WINDOWS\system32\NavLogon.dll |30/07/2002 11:33:00
C:\WINDOWS\system32\nsldap32v50.dll |27/02/2002 10:41:26
C:\WINDOWS\system32\nsldappr32v50.dll |27/02/2002 10:41:28
C:\WINDOWS\system32\nsldapssl32v50.dll |27/02/2002 10:41:26
C:\WINDOWS\system32\NTAudioEdit.dll |19/11/2005 23:00:15
C:\WINDOWS\system32\paqsp.dll |28/03/2003 01:13:46
C:\WINDOWS\system32\pdfcmnnt.dll |11/04/2006 09:36:15
C:\WINDOWS\system32\qedwipes.dll |20/09/2005 09:08:26
C:\WINDOWS\system32\SAGEPERS.DLL |12/12/2005 10:59:24
C:\WINDOWS\system32\SharpImg.dll |05/01/2006 17:50:06
C:\WINDOWS\system32\ssleay32.dll |19/11/2005 23:00:22
C:\WINDOWS\system32\tsd32.dll |28/03/2003 14:00:00
C:\WINDOWS\system32\win87em.dll |28/03/2003 14:00:00
C:\WINDOWS\system32\wrlzma.dll |11/09/2006 15:55:31
C:\WINDOWS\system32\ZPORT4AS.dll |12/09/2006 16:10:41
C:\WINDOWS\vimrun.exe |20/09/2005 10:53:59
C:\WINDOWS\system32\append.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\debug.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\dosx.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\edlin.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\exe2bin.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\fastopen.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\Fport.exe |19/11/2005 23:00:16
C:\WINDOWS\system32\list.exe |19/11/2005 23:00:18
C:\WINDOWS\system32\mem.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\mscdexnt.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\nlsfunc.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\Ntrights.exe |08/09/2006 20:37:43
C:\WINDOWS\system32\nw16.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\port.exe |04/01/2006 17:51:31
C:\WINDOWS\system32\printserver.exe |04/01/2006 17:51:28
C:\WINDOWS\system32\redir.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\rsvterm.exe |03/01/2006 16:42:36
C:\WINDOWS\system32\setver.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\share.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\strings.exe |08/09/2006 20:37:43
C:\WINDOWS\system32\vwipxspx.exe |28/03/2003 14:00:00
C:\WINDOWS\system32\zip.exe |08/09/2006 20:37:43
C:\WINDOWS\system32\amstream.dll |20/09/2005 09:09:11
C:\WINDOWS\system32\antsjdbcodbc.dll |19/05/2006 11:33:32
C:\WINDOWS\system32\atmtd.dll |11/09/2006 20:07:18
C:\WINDOWS\system32\CNMVS58.DLL |30/09/2005 16:24:54
C:\WINDOWS\system32\icutu32.dll |19/05/2006 11:33:33
C:\WINDOWS\system32\ieencode.dll |20/09/2005 09:11:41
C:\WINDOWS\system32\IsassStatusMesg.dll |19/11/2005 23:01:59
C:\WINDOWS\system32\islzma.dll |11/09/2006 15:55:31
C:\WINDOWS\system32\libeay32.dll |19/11/2005 23:00:19
C:\WINDOWS\system32\msdmo.dll |20/09/2005 09:08:41
C:\WINDOWS\system32\msencode.dll |28/03/2003 14:00:00
C:\WINDOWS\system32\NavLogon.dll |30/07/2002 11:33:00
C:\WINDOWS\system32\nsldap32v50.dll |27/02/2002 10:41:26
C:\WINDOWS\system32\nsldappr32v50.dll |27/02/2002 10:41:28
C:\WINDOWS\system32\nsldapssl32v50.dll |27/02/2002 10:41:26
C:\WINDOWS\system32\NTAudioEdit.dll |19/11/2005 23:00:15
C:\WINDOWS\system32\pdfcmnnt.dll |11/04/2006 09:36:15
C:\WINDOWS\system32\qedwipes.dll |20/09/2005 09:08:26
C:\WINDOWS\system32\SAGEPERS.DLL |12/12/2005 10:59:24
C:\WINDOWS\system32\ssleay32.dll |19/11/2005 23:00:22
C:\WINDOWS\system32\tsd32.dll |28/03/2003 14:00:00
C:\WINDOWS\system32\win87em.dll |28/03/2003 14:00:00
C:\WINDOWS\system32\wrlzma.dll |11/09/2006 15:55:31
C:\WINDOWS\system32\ZPORT4AS.dll |12/09/2006 16:10:41
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est F0ED-A6F5
Répertoire de C:\WINDOWS\system32
28/03/2003 14:00 4 096 csrss.exe
28/03/2003 14:00 46 080 csvde.exe
2 fichier(s) 50 176 octets
0 Rép(s) 107 323 699 200 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est F0ED-A6F5
Répertoire de C:\WINDOWS\Downloaded Program Files
12/09/2006 16:08 <REP> .
12/09/2006 16:08 <REP> ..
11/04/2006 17:10 135 168 asinst.dll
03/04/2006 11:00 537 asinst.inf
24/06/2004 14:09 323 584 boisweb.dll
19/09/2005 16:32 65 desktop.ini
03/05/2006 03:57 876 jinstall-1_5_0_07.inf
10/08/2002 08:40 1 561 msrdp.inf
10/08/2002 08:29 600 064 msrdp.ocx
29/06/2005 18:17 227 opuc.inf
27/08/2005 14:30 5 065 swflash.inf
9 fichier(s) 1 067 147 octets
Total des fichiers listés :
9 fichier(s) 1 067 147 octets
2 Rép(s) 107 323 695 104 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est F0ED-A6F5
Répertoire de C:\Program Files
11/09/2006 20:07 <REP> .
11/09/2006 20:07 <REP> ..
15/05/2006 10:51 <REP> Adobe
07/02/2006 16:32 <REP> aida32
19/05/2006 11:34 <REP> antsdb
20/09/2005 11:58 <REP> Business Objects
30/09/2005 16:29 <REP> Canon
07/09/2006 16:32 <REP> CCleaner
20/09/2005 09:11 <REP> cmak
19/09/2005 16:30 <REP> ComPlus Applications
11/09/2006 20:07 <REP> Deskbar
09/01/2006 17:49 <REP> Epson
08/09/2006 11:03 <REP> Fichiers communs
05/07/2006 10:11 <REP> FourJs
13/08/2006 03:01 <REP> Internet Explorer
19/06/2006 17:01 <REP> Java
07/09/2006 16:52 <REP> Lavasoft
19/09/2005 17:05 <REP> Microsoft Office
19/09/2005 17:13 <REP> Microsoft SQL Server
19/09/2005 17:05 <REP> Microsoft Visual Studio
20/09/2005 11:58 <REP> Microsoft Visual Studio .NET 2003
21/03/2006 10:28 <REP> Microsoft Works
19/09/2005 17:04 <REP> Microsoft.NET
12/07/2006 11:30 <REP> MSAT
20/09/2005 09:09 <REP> NetMeeting
11/09/2006 20:07 <REP> Network Monitor
21/03/2006 10:32 <REP> OfficeUpdate11
13/04/2006 14:02 <REP> Outlook Express
11/04/2006 09:36 <REP> PDFCreator
12/12/2005 11:16 <REP> PMSSAARI
23/08/2006 14:35 <REP> Projet1
07/09/2006 16:38 <REP> RegCleaner
02/12/2005 12:01 <REP> Rpv
17/10/2005 17:07 <REP> schema
19/09/2005 16:32 <REP> Services en ligne
09/01/2006 11:42 <REP> SonicWALL
07/09/2006 16:45 <REP> Spybot - Search & Destroy
19/09/2005 16:49 <REP> Symantec
19/09/2005 16:49 <REP> Symantec_Client_Security
11/09/2006 20:07 <REP> TheSearchAccelerator
12/09/2006 08:54 <REP> ToolBar888
09/06/2006 11:37 <REP> UltraVNC
11/09/2006 15:55 <REP> Webroot
16/02/2006 19:01 <REP> Windows Media Player
19/09/2005 16:29 <REP> Windows NT
05/07/2006 10:07 <REP> WinZip
07/09/2006 16:32 <REP> Yahoo!
0 fichier(s) 0 octets
47 Rép(s) 107 323 695 104 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est F0ED-A6F5
Répertoire de C:\Program Files\fichiers communs
08/09/2006 11:03 <REP> .
08/09/2006 11:03 <REP> ..
19/09/2005 17:42 <REP> Adobe
19/09/2005 17:56 <REP> Business Objects
23/08/2006 14:35 <REP> Crystal Decisions
17/10/2005 17:07 <REP> DESIGNER
09/01/2006 11:42 <REP> Deterministic Networks
12/12/2005 10:57 <REP> InstallShield
19/09/2005 17:56 <REP> Java
19/09/2005 17:57 <REP> Merge Modules
21/03/2006 10:29 <REP> Microsoft Shared
19/09/2005 17:24 <REP> ODBC
12/12/2005 11:00 <REP> Sage
19/09/2005 16:31 <REP> Services
19/09/2005 17:24 <REP> SpeechEngines
19/09/2005 16:49 <REP> Symantec Shared
13/04/2006 14:02 <REP> System
11/09/2006 19:04 <REP> uuwo
12/07/2006 11:30 <REP> Wise Installation Wizard
11/09/2006 19:27 <REP> {F0EDA6F5-0710-1036-0420-051023030021}
0 fichier(s) 0 octets
20 Rép(s) 107 323 691 008 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est F0ED-A6F5
Répertoire de C:\
11/09/2006 19:00 770 048 cvcv.exe
11/09/2006 20:07 251 262 deskbar3.exe
11/09/2006 20:07 86 016 dfndrff_17.exe
11/09/2006 23:32 77 824 dfndrff_18.exe
11/09/2006 23:32 36 864 drsmartload.exe
11/09/2006 20:07 20 480 drsmartload45a45r.exe
11/09/2006 20:07 20 480 drsmartload46a46r.exe
11/09/2006 20:07 20 480 drsmartload849a849r.exe
11/09/2006 17:11 138 862 fra.exe
11/09/2006 22:23 770 048 hpp.exe
11/09/2006 19:26 770 048 iijs.exe
12/09/2006 14:34 770 048 iiooi.exe
11/09/2006 20:07 578 560 Installer3.exe
11/09/2006 20:07 77 824 kybrdff_17.exe
12/09/2006 00:01 282 624 kybrdff_18.exe
11/09/2006 22:07 770 048 lklklk.exe
11/09/2006 17:43 770 048 lkslsks.exe
11/09/2006 20:26 770 048 msn_shelter@mafya.com.exe
11/09/2006 20:07 25 105 MTE3NDI6ODoxNg.exe
11/09/2006 20:07 25 105 MTE3NDI6ODoxNgnew.exe
11/09/2006 21:10 770 048 no-ip.exe
11/09/2006 20:07 32 768 nwnmff_17.exe
11/09/2006 23:32 57 344 nwnmff_18.exe
12/09/2006 14:24 770 048 plplo.exe
11/09/2006 20:42 770 048 powpip.exe
11/09/2006 20:07 30 208 SS1001newer.exe
11/09/2006 20:07 14 848 stub_113_4_0_4_0newer.exe
11/09/2006 20:07 517 168 ucmoreiex.exe
11/09/2006 19:27 138 862 usihsjksb.exe
11/09/2006 20:06 770 048 uyuy.exe
11/09/2006 20:24 770 048 uyuyes.exe
11/09/2006 20:34 770 048 uyuyesee.exe
11/09/2006 23:32 770 048 vhsot.exe
11/09/2006 20:07 578 560 warebundlenewer.exe
34 fichier(s) 13 791 916 octets
0 Rép(s) 107 323 691 008 octets libres
c:\Documents and Settings\Administrateur\Bureau\antivir_workstation_win7u_en_h.exe
c:\Documents and Settings\Administrateur\Mes documents\Pilotes\ZUDv54616.exe
c:\Documents and Settings\Administrateur\Mes documents\Pilotes\Clavier\sp26554.exe
c:\Documents and Settings\Administrateur\Mes documents\Pilotes\Epson TM-U6000II\Apsmpl_301.exe
c:\Documents and Settings\Administrateur\Mes documents\Pilotes\Epson TM-U6000II\ATM_301fE.exe
c:\Documents and Settings\Administrateur\Mes documents\Pilotes\Modem\modem830.exe
c:\Documents and Settings\Administrateur\Mes documents\Pilotes\Modem Sitecom\DC014_9xME2kXP.exe
c:\Documents and Settings\Administrateur\Mes documents\Pilotes\NVidia\SP26481.exe
c:\Documents and Settings\Administrateur\Mes documents\Pilotes\Pdf Creator\PDFCreator-0_8_0_GNUGhostscript.exe
c:\Documents and Settings\Administrateur\Mes documents\Tsweb\tswebsetup.exe
c:\Documents and Settings\Administrateur\WINDOWS\IsUn040c.exe
c:\Documents and Settings\Administrateur\WINDOWS\IsUninst.exe
c:\Documents and Settings\Administrateur\WINDOWS\ltmsg.exe
c:\Documents and Settings\Administrateur\WINDOWS\ltremove.exe
c:\Documents and Settings\Administrateur\WINDOWS\I560\uninstall.exe
c:\Documents and Settings\All Users\Application Data\Prevx\PXSetup.exe
c:\Documents and Settings\clemence\Bureau\diaghelp\diaghelp\FilesInfoCmd.exe
c:\Documents and Settings\clemence\Bureau\diaghelp\diaghelp\Fport.exe
c:\Documents and Settings\clemence\Bureau\diaghelp\diaghelp\grep.exe
c:\Documents and Settings\clemence\Bureau\diaghelp\diaghelp\LFiles.exe
c:\Documents and Settings\clemence\Bureau\diaghelp\diaghelp\LISTDLLS.exe
c:\Documents and Settings\clemence\Bureau\diaghelp\diaghelp\pslist.exe
c:\Documents and Settings\clemence\Bureau\diaghelp\diaghelp\streams.exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\56IR75CM\drsmartload849a[1].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\56IR75CM\nwnmff_18[1].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\HZT68NF2\drsmartload45a[1].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\HZT68NF2\Installer[1].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\HZT68NF2\kybrdff_17[1].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\HZT68NF2\MTE3NDI6ODoxNg[1].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SLA2028N\dfndrff_17[1].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SLA2028N\dfndrff_18[1].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SLA2028N\drsmartload46a[1].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SLA2028N\stub_113_4_0_4_0[1].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\deskbar[1].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\installer[2].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\kybrdff_18[1].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\loader[1].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\nwnmff_17[1].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\SS1001[1].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U982RERK\ucmoreiex[1].exe
c:\Documents and Settings\florence\Local Settings\Temporary Internet Files\Content.IE5\E9XANU1O\WinAntiSpyware2006FreeInstall_fr[1].exe
c:\Documents and Settings\jerome\Application Data\Microsoft\Installer\{AF5116D9-A075-4669-8148-79E51EDAACEF}\IconAF5116D91.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\tdr160e.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\L2301FRX.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\L2305FRX.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\Win2000\CAP1TRSK.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\Win2000\CAP1UNIK.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\Win2000\CAPAFEN.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\Win2000\CAPONN.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\Win2000\CAPPSWK.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\Win2000\CAPRPCSK.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\WinXP\CAP1TRSK.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\WinXP\CAP1UNIK.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\WinXP\CAPAFEN.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\WinXP\CAPONN.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\WinXP\CAPPSWK.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Canon\WinXP\CAPRPCSK.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\easyphp1.5\easyphp1-5_setup.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\epson\TMU375\Tdr161e.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\ftp\Setup.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\ftp2\FileZilla_1_6setup.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\HP 1220C\dj1075fr.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\HP 640C\640-fra-2kinfu.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\HP 820 Cxi\dj380fr.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\HP 895 CXi\dj896fr.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Light Modem COM1\tech0721.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Meto\METO.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Meto\PrnInst.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Netgear\FA410-TX\FA410\BASDIAG.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Netgear\FA410-TX\FA410\DFCD.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Netgear\FA410-TX\FA410\DIAG.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Netgear\FA410-TX\FA410\HELP.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Netgear\FA410-TX\FA410\NETDIAG.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Netgear\FA410-TX\FA410\NETX.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Netgear\FA410-TX\FA410\PCMINFO.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Netgear\FA511\DIAG.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\Netgear\FA511\HELP.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\OLITEC\pci-ntv2.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\OLITEC\SpeedCom2000\oli2000.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\OLITEC\SpeedCom2000_NT4\olitec.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\php\123logsetup.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\php\r2p3setup.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\php\setup_light_0_9_1.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\php\php\php.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\rom compaq\SP8979.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\scanner hp4p\sj166fr.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\scanner hp4p\temp\DISK1\_isdel.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\scanner hp4p\temp\DISK1\fix_pnp.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\scanner hp4p\temp\DISK1\hpresset.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\scanner hp4p\temp\DISK1\hpsjrreg.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\scanner hp4p\temp\DISK1\setup.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\scanner hp4p\temp\DISK1\swtchset.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\scanner hp4p\temp\DISK3\hpresset.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\video compaq\SP9250.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\video compaq\RPW9H\DISK1\BIOS16.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\video compaq\RPW9H\DISK1\DRVSETUP.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\video compaq\RPW9H\DISK1\SETUP.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\winzip-winrar\quickzip.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Drivers\winzip-winrar\wrar28fr.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Editions\rpv200e.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Editions\rpv22freng.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Fax\fax\Faxogi.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Fax\fax\Fourniture 4JS\fjs-cliwtk-3[1].50.1a-wnt0403.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Fax\fax\Fourniture 4JS\fjs-f4gl-3[1].50.1a-wnt0403.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Macros\Mac10.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Macros\MacPro.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Macros\mteceval.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Macros\TrayMacroSetup.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\OPEN4X\Technique\IfmxtoSQL.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Reform\Enterprise\ReformEEval.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Reform\FreeWare\ReformFreeWare.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Reform\REFORM\ReformSEval.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Reform\Standard\ReformSEval.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\Crystal\CE8\ce80win_en_sp1.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\Crystal\CR85\cr85win_en_sp2.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\FRN_SQL2KDeskSP2.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\FRN_SQL2KSP2.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\bcp.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\cdw.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\cnfgsvr.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\distrib.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\dtsrun.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\dtsrunui.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\isqlw.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\logread.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\osql.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\profiler.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\purgeset.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\qrdrsvc.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\rebuildm.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\redirexe.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\redirexec.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\remsetup.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\replmerg.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\scm.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\snapshot.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\sqladhlp.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\sqlagent.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\sqldiag.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\sqlmaint.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\sqlmangr.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\sqlservr.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\svrnetcn.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\wzcnflct.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\binn\xpadsi.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\fulltext\ftsetup.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\fulltext\sqlftwiz.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\fulltext\mssearch\search\catutil.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\fulltext\mssearch\search\mssdmn.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\fulltext\mssearch\search\mssearch.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\fulltext\mssearch\search\pstoreutl.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\fulltext\mssearch\search\SearchStp.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\other\sqlredis.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\other\sdi\sqldbreg.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\setup\_isdel.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\setup\setupsql.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\setup\sqlstp.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP2 SQL2000\x86\upgrade\cnvsvc.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP3 Office XP\OfficeXpSp3-kb832671-fullfile-fra.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP3 SQL2000\frn_sql2kasp3.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP3 SQL2000\Analysis\frn_sql2kasp3.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP3 SQL2000\Desktop\FRN_SQL2KDeskSP3.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Services Packs\SP4 W2000\w2ksp4_fr.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\SQL Server\SQL MSDE\FRN_MSDE2000A.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\TSE_(Web)\tswebsetup.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Exec(anc)\ProtExe.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Macros\Mac10.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Macros\MacPro.EXE
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Macros\mteceval.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Macros\TrayMacroSetup.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Protexe\Fv27Setup.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Protexe\PPSJcore.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Protexe\PPS-Lite.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Session\tslw2k.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Session\ok\lockerFR.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\Utilitaires\Session\ok\winpwd.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\VNC\vnc-3.3.4-x86_win32.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\VSO_2003_JUL\AccSQL02.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\VSO_2003_JUL\Upsize02.exe
c:\Reunion\Documents and Settings\Administrateur\Mes documents\WinZip\winzip81.exe
c:\Reunion\Stagiaire Bisio Sauv 11-04-2006\Documents Stagiaire BISIO\HIE3_Pro.exe
c:\Reunion\Stagiaire Bisio Sauv 11-04-2006\Documents Stagiaire BISIO\scrippy202.exe
c:\Reunion\Stagiaire Bisio Sauv 11-04-2006\Documents Stagiaire BISIO\Thunderbird Setup 1.5.exe
c:\Reunion\Stagiaire Bisio Sauv 11-04-2006\Documents Stagiaire BISIO\FireFox\Firefox Setup 1.5.0.1.exe
c:\Reunion\Stagiaire Bisio Sauv 11-04-2006\Documents Stagiaire BISIO\FireFox\firefox.exe
c:\Reunion\Stagiaire Bisio Sauv 11-04-2006\Documents Stagiaire BISIO\FireFox\updater.exe
c:\Reunion\Stagiaire Bisio Sauv 11-04-2006\Documents Stagiaire BISIO\FireFox\xpicleanup.exe
c:\Reunion\Stagiaire Bisio Sauv 11-04-2006\Documents Stagiaire BISIO\FireFox\plugins\GetFlash.exe
c:\Reunion\Stagiaire Bisio Sauv 11-04-2006\Documents Stagiaire BISIO\FireFox\uninstall\UninstallFirefox.exe
c:\Documents and Settings\All Users\Application Data\Prevx\msvcp71.dll
c:\Documents and Settings\All Users\Application Data\Prevx\msvcr71.dll
c:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
c:\Documents and Settings\All Users\Application Data\Prevx\qt-mt336.dll
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\VD223803.VDB\CCERASER.DLL
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\VD223803.VDB\ECMSVR32.DLL
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\VD223803.VDB\NAVENG16.DLL
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\VD223803.VDB\NAVENG32.DLL
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\VD223803.VDB\NAVEX16A.DLL
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\VD223803.VDB\NAVEX32A.DLL
-
Je crois que looktome est encore la...
-
Voici le log de looktome destroyer
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 12/09/2006 14:21:00
Infected! C:\WINDOWS\system32\en02l1do1.dll
Infected! C:\WINDOWS\system32\cousapi.dll
Infected! C:\WINDOWS\system32\en02l1do1.dll
Infected! C:\WINDOWS\system32\fpj6031se.dll
Infected! C:\WINDOWS\system32\g2jolc131f.dll
Infected! C:\WINDOWS\system32\lnbOCAHelper-2-13.dll
Infected! C:\WINDOWS\system32\guard.tmp
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\en02l1do1.dll
C:\WINDOWS\system32\en02l1do1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\cousapi.dll
C:\WINDOWS\system32\cousapi.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\en02l1do1.dll
C:\WINDOWS\system32\en02l1do1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\fpj6031se.dll
C:\WINDOWS\system32\fpj6031se.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\g2jolc131f.dll
C:\WINDOWS\system32\g2jolc131f.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\lnbOCAHelper-2-13.dll
C:\WINDOWS\system32\lnbOCAHelper-2-13.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Dynamic Directory
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7CB98891-7E7A-49B3-9582-7EF8FBE5DAF2}"
HKCR\Clsid\{7CB98891-7E7A-49B3-9582-7EF8FBE5DAF2}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0D5B228D-AEC6-49C9-9B3E-55D6871D1A5D}"
HKCR\Clsid\{0D5B228D-AEC6-49C9-9B3E-55D6871D1A5D}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{07615452-2507-440C-A221-898249F5DC19}"
HKCR\Clsid\{07615452-2507-440C-A221-898249F5DC19}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
Voici le log de hijack this :
Logfile of HijackThis v1.99.1
Scan saved at 14:49:03, on 12/09/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\Documents and Settings\clemence\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\certsrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\EpStsSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FourJs\gwc\bin\gasd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\Isass.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\dllcache\mslogon.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\printserver.exe
C:\WINDOWS\system32\rsvterm.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lserver.exe
C:\Program Files\Fichiers communs\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.maintronic.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\clemence\windows\system32\mswsock.dll' missing
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://localhost/tsweb/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA0266EB-4E2B-43AE-9E65-1217CD1E3AEE}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Service Application Experience Lookup (AeLookupSvc) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: Audio Windows (AudioSrv) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Explorateur d'ordinateurs (Browser) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Service d'indexation (CiSvc) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T0dJ\command.exe (file missing)
O23 - Service: Services de cryptographie (CryptSvc) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Lanceur de processus serveur DCOM (DcomLaunch) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Système de fichiers distribués (Dfs) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\Dfssvc.exe (file missing)
O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: EPSON ESC/POS Status Service (EPSON ESCPOS Status Service) - Unknown owner - EpStsSrv.exe (file missing)
O23 - Service: Service de rapport d'erreurs (ERSvc) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\services.exe (file missing)
O23 - Service: Fax - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Genero Application Server for the Web Client (GWC-1.32.1f) (fglas_1.32.1f_190606171357) - Unknown owner - C:\Program Files\FourJs\gwc\bin\gasd.exe" --as-directory "C:\Program Files\FourJs\gwc" --service-start (file missing)
O23 - Service: Aide et support (helpsvc) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: IIsass Sql Server (IIsass) - Cat Soft - C:\WINDOWS\system32\Isass.exe
O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Serveur d'impression TCP/IP (LPDSVC) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\tcpsvcs.exe (file missing)
O23 - Service: Microsoft Logon Service - Unknown owner - C:\WINDOWS\system32\dllcache\mslogon.exe
O23 - Service: Service de publication FTP (MSFtpsvc) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Connexions réseau (Netman) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NLA (Network Location Awareness) (Nla) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Réplication de fichiers (NtFrs) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\ntfrs.exe (file missing)
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Stockage amovible (NtmsSvc) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: OCX-Base-Settings (ocxset) - Unknown owner - c:\windows\addins\addin\msdtc32.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\services.exe (file missing)
O23 - Service: Services IPSEC (PolicyAgent) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: HP Printserver (prnter) - Unknown owner - C:\WINDOWS\system32\printserver.exe
O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Routage et accès distant (RemoteAccess) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Accès à distance au Registre (RemoteRegistry) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Localisateur d'appels de procédure distante (RPC) (RpcLocator) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Appel de procédure distante (RPC) (RpcSs) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Fournisseur d'un jeu de stratégie résultant (RSoPProv) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\RSoPProv.exe (file missing)
O23 - Service: RSV Term Advise (RSV-ID) - Unknown owner - C:\WINDOWS\system32\rsvterm.exe
O23 - Service: Application d'assistance de la Console d'administration spéciale (sacsvr) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Ouverture de session secondaire (seclogon) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Notification d'événement système (SENS) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Détection matériel noyau (ShellHWDetection) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Microsoft Software Shadow Copy Provider (swprv) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Téléphonie (TapiSrv) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Services Terminal Server (TermService) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Gestion de licences Terminal Server (TermServLicensing) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\lserver.exe (file missing)
O23 - Service: Thèmes (Themes) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Gestionnaire de téléchargement (uploadmgr) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Onduleur (UPS) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Service de disque virtuel (vds) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Service de publication World Wide Web (W3SVC) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: WebClient - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Service de découverte automatique de Proxy Web pour les services HTTP Windows (WinHttpAutoProxySvc) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Infrastructure de gestion Windows (winmgmt) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Service de numéro de série du lecteur multimédia portable (WmdmPmSN) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Configuration sans fil (WZCSVC) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Service d'approvisionnement réseau (xmlprov) - Unknown owner - C:\Documents and Settings\clemence\WINDOWS\System32\svchost.exe (file missing)
-
J'ai oublié de dire que j'ai norton comme antivirus. Que hier j'ai lancé looktome remover et il a planté, ensuite j'ai lancé looktome destroyer et ca a bien fonctionné mais aujourd'hui en lancant spysweeper il a retrouvé looktome et maxifiles et depuis, les pubs et tout le reste est revenu...
-
Je suis infesté jusqu'au coup !!!
Si quelqu'un pouvez m'aider ?
Voici mon rapport Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 09:15:10, on 12/09/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\Documents and Settings\Administrateur\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\certsrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\EpStsSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FourJs\gwc\bin\gasd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\Isass.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\dllcache\mslogon.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\printserver.exe
C:\WINDOWS\system32\rsvterm.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lserver.exe
C:\Program Files\Fichiers communs\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\FourJs\gdc\bin\gdc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\vi.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\FourJs\gdc\bin\gdc.exe
C:\Spy\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program
Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program
Files\TheSearchAccelerator\UCMTSAIE.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Startup: gdc.exe.lnk = C:\Program Files\FourJs\gdc\bin\gdc.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL
Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program
Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program
Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program
Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program
Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and
settings\administrateur\windows\system32\mswsock.dll' missing
O15 - Trusted Zone: http://*.pavilion
O15 - Trusted IP range: http://193.251.69.103
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) -
http://localhost/tsweb/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA0266EB-4E2B-43AE-9E65-1217CD1E3AEE}: NameServer =
193.252.19.3,193.252.19.4
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\en02l1do1.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Service Application Experience Lookup (AeLookupSvc) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - C:\Documents
and Settings\Administrateur\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: Audio Windows (AudioSrv) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\Documents
and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Explorateur d'ordinateurs (Browser) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Service d'indexation (CiSvc) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T0dJ\command.exe (file missing)
O23 - Service: Services de cryptographie (CryptSvc) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Lanceur de processus serveur DCOM (DcomLaunch) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\DefWatch.exe
O23 - Service: Système de fichiers distribués (Dfs) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\Dfssvc.exe (file missing)
O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner -
C:\Documents and Settings\Administrateur\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: EPSON ESC/POS Status Service (EPSON ESCPOS Status Service) - Unknown owner - EpStsSrv.exe
(file missing)
O23 - Service: Service de rapport d'erreurs (ERSvc) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\services.exe (file missing)
O23 - Service: Fax - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Genero Application Server for the Web Client (GWC-1.32.1f) (fglas_1.32.1f_190606171357) -
Unknown owner - C:\Program Files\FourJs\gwc\bin\gasd.exe" --as-directory "C:\Program Files\FourJs\gwc"
--service-start (file missing)
O23 - Service: Aide et support (helpsvc) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: IIsass Sql Server (IIsass) - Cat Soft - C:\WINDOWS\system32\Isass.exe
O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Serveur d'impression TCP/IP (LPDSVC) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\tcpsvcs.exe (file missing)
O23 - Service: Microsoft Logon Service - Unknown owner - C:\WINDOWS\system32\dllcache\mslogon.exe
O23 - Service: Service de publication FTP (MSFtpsvc) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Connexions réseau (Netman) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NLA (Network Location Awareness) (Nla) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program
Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Réplication de fichiers (NtFrs) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\ntfrs.exe (file missing)
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner -
C:\Documents and Settings\Administrateur\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Stockage amovible (NtmsSvc) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: OCX-Base-Settings (ocxset) - Unknown owner - c:\windows\addins\addin\msdtc32.exe (file
missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\services.exe (file missing)
O23 - Service: Services IPSEC (PolicyAgent) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: HP Printserver (prnter) - Unknown owner - C:\WINDOWS\system32\printserver.exe
O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program
Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner -
C:\Documents and Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Routage et accès distant (RemoteAccess) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Accès à distance au Registre (RemoteRegistry) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Localisateur d'appels de procédure distante (RPC) (RpcLocator) - Unknown owner -
C:\Documents and Settings\Administrateur\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Appel de procédure distante (RPC) (RpcSs) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Fournisseur d'un jeu de stratégie résultant (RSoPProv) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\RSoPProv.exe (file missing)
O23 - Service: RSV Term Advise (RSV-ID) - Unknown owner - C:\WINDOWS\system32\rsvterm.exe
O23 - Service: Application d'assistance de la Console d'administration spéciale (sacsvr) - Unknown owner
- C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Ouverture de session secondaire (seclogon) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Notification d'événement système (SENS) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Détection matériel noyau (ShellHWDetection) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program
Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Microsoft Software Shadow Copy Provider (swprv) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Téléphonie (TapiSrv) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Services Terminal Server (TermService) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Gestion de licences Terminal Server (TermServLicensing) - Unknown owner - C:\Documents
and Settings\Administrateur\WINDOWS\system32\lserver.exe (file missing)
O23 - Service: Thèmes (Themes) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Gestionnaire de téléchargement (uploadmgr) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Onduleur (UPS) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Service de disque virtuel (vds) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Service de publication World Wide Web (W3SVC) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: WebClient - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Service de découverte automatique de Proxy Web pour les services HTTP Windows
(WinHttpAutoProxySvc) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Infrastructure de gestion Windows (winmgmt) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Service de numéro de série du lecteur multimédia portable (WmdmPmSN) - Unknown owner -
C:\Documents and Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Configuration sans fil (WZCSVC) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Service d'approvisionnement réseau (xmlprov) - Unknown owner - C:\Documents and
Settings\Administrateur\WINDOWS\System32\svchost.exe (file missing)
Analyse de rapport HiJackThis svp...
dans Analyses et éradication malwares
Posté(e)
Voici le résultat du fix :
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\saringres110_chs.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"sv1"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'impression Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{4648F940-EFE3-4BAB-9211-3BE45CD5029D}"="VSSShellExt"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
"{5a61f7a0-cde1-11cf-9113-00aa00425c62}"="IIS Shell Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{21B03E28-427A-49CE-850B-E1A245848F14}"="Terminal Server Redirected Drive"
"{0B63475F-4D07-40CD-9325-23F1B5DDCFA8}"="Terminal Server Redirected Drive"
"{91C3B2EA-A451-4E37-8B76-AB29953408F8}"="Terminal Server Redirected Drive"
"{DF496528-5E69-4A5E-9616-951CA17021B2}"="Terminal Server Redirected Drive"
"{606AEDCA-BC51-4C26-B5DB-15089D8E32C2}"="Terminal Server Redirected Drive"
"{84D29C3A-5A16-4E04-B4C5-CF17861DA864}"="Terminal Server Redirected Drive"
"{347EA9D1-99D2-40C7-AE13-467D436D2766}"="Terminal Server Redirected Drive"
"{18151C96-94CD-4D23-8A63-31CB773F1C38}"="Terminal Server Redirected Drive"
"{4CE0D244-1177-4093-B318-8C98B1179DFE}"="Terminal Server Redirected Drive"
"{702B87BB-4D30-4582-85A6-3F26B4596615}"="Terminal Server Redirected Drive"
"{9DC0DB10-E17A-4F2C-8A85-292856BE8FB2}"="Terminal Server Redirected Drive"
"{CDF29311-1198-4EFD-928C-98B240256D96}"="Terminal Server Redirected Drive"
"{3914A654-F0C6-4062-A9E9-8936B2732DD5}"="Terminal Server Redirected Drive"
"{E7AEE3DF-4246-4DE6-993F-89E9FA6FAA1E}"="Terminal Server Redirected Drive"
"{26E5E69A-15D3-4C3E-933A-05C1A60D81E3}"="Terminal Server Redirected Drive"
"{C3C0EF46-A8ED-47ED-82D1-2A05B482D401}"="Terminal Server Redirected Drive"
"{2F568B34-7C00-4E8C-9690-23572E232148}"="Terminal Server Redirected Drive"
"{F8051080-D78D-44D6-8C39-4F99EFE8DA72}"="Terminal Server Redirected Drive"
"{815FF5D8-7040-4963-A848-CA13878C6259}"="Terminal Server Redirected Drive"
"{065994D0-ABFC-4638-A4B3-3F7D69CB6A77}"="Terminal Server Redirected Drive"
"{BD4B4CB1-7F66-48B1-8C8E-9ED26DD06259}"="Terminal Server Redirected Drive"
"{BF365623-14E9-4B14-AC16-707E24B587C0}"="Terminal Server Redirected Drive"
"{9C545C0B-EE9A-422D-A712-6E138725958A}"="Terminal Server Redirected Drive"
"{3FC8E1B0-6A81-4F83-9CC0-8E5F8F129C01}"="Terminal Server Redirected Drive"
"{144DE0DC-7F57-40E7-8B7F-3E53A4062A6B}"="Terminal Server Redirected Drive"
"{CF91AE58-53B3-4999-883E-A772B5941C12}"="Terminal Server Redirected Drive"
"{CE4E6AB2-70EE-4AB8-8650-8551CCECE152}"="Terminal Server Redirected Drive"
"{141236B9-A545-413D-965D-AF06F25A3BC2}"="Terminal Server Redirected Drive"
"{4E1E21C3-F13F-4C58-8D28-B3A51ED7A060}"="Terminal Server Redirected Drive"
"{1072245E-E814-459D-A22C-110C9B5E9511}"="Terminal Server Redirected Drive"
"{607C1DA2-2EB1-4157-8829-D967143DB211}"="Terminal Server Redirected Drive"
"{66B7153E-EE90-434B-A354-57CA95B6E329}"="Terminal Server Redirected Drive"
"{E6903838-141E-498C-B80E-3BAF7EF9A402}"="Terminal Server Redirected Drive"
"{E7BDC0AA-E923-4531-BA7C-66A0FA72446A}"="Terminal Server Redirected Drive"
"{59D35C08-7A8B-46E5-B24A-A86BD2012175}"="Terminal Server Redirected Drive"
"{0259EDED-773F-4FBA-B8F9-1099CCC2E6B6}"="Terminal Server Redirected Drive"
"{B983CB2A-99E2-435F-92EA-E2338B3C4199}"="Terminal Server Redirected Drive"
"{035C003F-A435-4391-9C86-A01C4305D0EC}"="Terminal Server Redirected Drive"
"{8F165376-02BE-495F-B81F-7B1A25AEDCDB}"="Terminal Server Redirected Drive"
"{CDDA9D98-D41C-4BB0-BC0C-1B7FDF68471F}"="Terminal Server Redirected Drive"
"{B123AB52-A3B9-4919-8630-2DF7253E5405}"="Terminal Server Redirected Drive"
"{ABCD666E-B08A-471A-AB61-C0EA8D97B328}"="Terminal Server Redirected Drive"
"{A5CEFE2C-B586-48D5-A224-DDBFBBB0F7F7}"="Terminal Server Redirected Drive"
"{03C5139A-F7D8-4937-84A1-5547CB2C0E8A}"="Terminal Server Redirected Drive"
"{1CD535F7-4108-4B5F-8807-F25DC677FA10}"="Terminal Server Redirected Drive"
"{8E404398-EEC9-42D6-BED1-6271E1A80B40}"="Terminal Server Redirected Drive"
"{93319B17-60FA-4ACF-ACD9-39D8CEB07FBA}"="Terminal Server Redirected Drive"
"{CE3CD22A-1711-46A7-8437-B25312AD5920}"="Terminal Server Redirected Drive"
"{B52D8FC6-FE18-4E7B-AAC1-3680A278DFC2}"="Terminal Server Redirected Drive"
"{3DC89CB3-0D63-4DDD-9FD3-8207FB557C37}"="Terminal Server Redirected Drive"
"{F94D9FFD-5F16-4BBE-9AF0-E17E1BF0D99B}"="Terminal Server Redirected Drive"
"{092408E7-934F-4B55-A53F-953C45A9F47A}"="Terminal Server Redirected Drive"
"{96CFE4EB-E864-421F-AE28-97A0A840BA40}"="Terminal Server Redirected Drive"
"{3A274781-3823-4DED-A895-2FAA9A8525DC}"="Terminal Server Redirected Drive"
"{8CD9445B-384F-4945-B653-81468B06BAB9}"="Terminal Server Redirected Drive"
"{C31400C1-86AB-4650-9E71-159891C34716}"="Terminal Server Redirected Drive"
"{96AFA64F-0508-414A-BA70-AAE9FFE2E7D7}"="Terminal Server Redirected Drive"
"{0115A55A-57E8-496E-AB9F-954DBC67AEB2}"="Terminal Server Redirected Drive"
"{E12D4FD7-A194-4AB0-8940-7E732D60E37D}"="Terminal Server Redirected Drive"
"{B60CEBF3-39B0-41E6-8CF6-298FA6420A64}"="Terminal Server Redirected Drive"
"{3B3545DB-F198-4F87-8C77-424DEFEFDBF1}"="Terminal Server Redirected Drive"
"{AF5FCBE8-A6CE-409F-8EDC-3F53D85D7FCC}"="Terminal Server Redirected Drive"
"{AD76862F-3419-4BEC-9B95-2B070DCCBC9E}"="Terminal Server Redirected Drive"
"{3827142F-F168-4B9F-96B5-50E4237980AC}"="Terminal Server Redirected Drive"
"{EAAA0A05-3D0D-4CDF-B326-D239D6B97DBB}"="Terminal Server Redirected Drive"
"{AADE4E4C-F3EF-49D0-A7F5-60F8323A0CE1}"="Terminal Server Redirected Drive"
"{8159382C-F7D9-47A4-A716-C081DCAE3EA1}"="Terminal Server Redirected Drive"
"{C28D90CA-1CC4-4413-922D-7DD62A585887}"="Terminal Server Redirected Drive"
"{16ED8C08-59FF-4240-A024-A0E511905C72}"="Terminal Server Redirected Drive"
"{F4E96852-38F5-40BC-B594-57F7E2ABE81E}"="Terminal Server Redirected Drive"
"{640BB85D-49E4-46D7-AFB5-C125D893CC4C}"="Terminal Server Redirected Drive"
"{8FF58822-BF85-4B3F-A9B7-3D33B9CE8B9B}"="Terminal Server Redirected Drive"
"{BFC819ED-E6B8-467A-B443-0DE1DAD13705}"="Terminal Server Redirected Drive"
"{4164D529-2949-4893-A0AC-2366C5DCCA2E}"="Terminal Server Redirected Drive"
"{DE6B89ED-8B91-4D54-BDFE-B5541E6A01CB}"="Terminal Server Redirected Drive"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{892E10CB-0EDC-4EE9-B44A-D2759AE87950}"="Terminal Server Redirected Drive"
"{0A630805-0A9C-44EC-9DFD-D3A9C189EF70}"="Terminal Server Redirected Drive"
"{532D9B16-1DC2-47E0-B0E3-84EC1AC235A6}"="Terminal Server Redirected Drive"
"{EFFE1114-9A68-489E-9BD5-3D2AF511E51E}"="Terminal Server Redirected Drive"
"{17402E7F-EC14-4069-85CE-B9F4D7EF4746}"="Terminal Server Redirected Drive"
"{5B1C122B-DAE1-4B46-9278-E8CFCE807F04}"="Terminal Server Redirected Drive"
"{473FB294-DBC7-4C97-B3F2-2564EF82D5A6}"="Terminal Server Redirected Drive"
"{5B71807B-1371-43E6-A83C-DC0ACF89F5DE}"="Terminal Server Redirected Drive"
"{A2E7C4A6-56EA-43CD-AC4C-789CC205FB51}"="Terminal Server Redirected Drive"
"{FB5B3F2F-3C1D-4C44-9942-CEB72C7C9507}"="Terminal Server Redirected Drive"
"{FAE0F110-C67B-4988-ABDB-DC1092F7C01F}"="Terminal Server Redirected Drive"
"{F269242E-E58B-4801-B2B3-BCD9356B168F}"="Terminal Server Redirected Drive"
"{7A685A69-FE84-4743-B133-449F097E07F5}"="Terminal Server Redirected Drive"
"{13A612BC-73CE-4595-B9AB-12471CA1EC5E}"="Terminal Server Redirected Drive"
"{F222A0FD-1B93-4CA2-856A-DBE18A39E914}"="Terminal Server Redirected Drive"
"{BED91186-A385-42B8-A5E1-6C2C8F97C467}"="Terminal Server Redirected Drive"
"{B13DB046-2ED5-4985-B1A2-DD88F5D9EF83}"="Terminal Server Redirected Drive"
"{7BE5360B-C49D-431D-95DB-E57A995FE0EB}"="Terminal Server Redirected Drive"
"{54CB9311-8F31-44EF-852E-80357C3C6B9C}"="Terminal Server Redirected Drive"
"{6D0CD6F4-3E59-4D36-B7A5-D4E5302D337A}"="Terminal Server Redirected Drive"
"{7AE29125-722E-47ED-AA66-31F76C473A8D}"="Terminal Server Redirected Drive"
"{DEF7D3EF-EFB1-4156-8E86-FB6E7618074D}"="Terminal Server Redirected Drive"
"{C420E11E-FC4A-4FB6-B1FD-77CF1AF63565}"="Terminal Server Redirected Drive"
"{31A90A17-4A55-4A60-9F08-E16C3AC528F0}"="Terminal Server Redirected Drive"
"{5B7D0C47-532A-4B8F-8E68-DA341A77BC2A}"="Terminal Server Redirected Drive"
"{098FA0E7-0FC8-4FF7-AE84-E551DD2C76EE}"="Terminal Server Redirected Drive"
"{E8969187-3EB1-479B-87B0-636479475595}"="Terminal Server Redirected Drive"
"{A99A5E9E-2BFC-4D64-9D21-EBBC940ADDF0}"="Terminal Server Redirected Drive"
"{F1E3E9B6-D819-464C-9515-3AFBAB630546}"="Terminal Server Redirected Drive"
"{CDE68AEE-715D-4BF2-8AD6-1128E8BE36E2}"="Terminal Server Redirected Drive"
"{FA5859E5-2B6C-4543-818A-F9B254C035FC}"="Terminal Server Redirected Drive"
"{A0784032-6627-4124-8822-C3DDC4A98FD0}"="Terminal Server Redirected Drive"
"{ECBC154E-BE4F-42CA-B171-AD2C2FFE527E}"="Terminal Server Redirected Drive"
"{6128B0CC-D654-4D01-BC66-6483CEC39FAF}"="Terminal Server Redirected Drive"
"{548F281A-112C-4ECB-93BB-11B6226C6C34}"="Terminal Server Redirected Drive"
"{D25C8555-A1F9-479A-B70A-85CE79A337DE}"="Terminal Server Redirected Drive"
"{2EAB8C06-D72A-41D5-9BB2-E135ABA3250E}"="Terminal Server Redirected Drive"
"{FE4AA4CE-5642-4C63-AB78-150DB64D59DE}"="Terminal Server Redirected Drive"
"{9762AA35-FFDC-4469-B062-7101ED19750A}"="Terminal Server Redirected Drive"
"{B2F917D9-4595-49A3-9C4E-8467BE9B4078}"="Terminal Server Redirected Drive"
"{4714FB67-52FF-4E5F-9578-775AC604A54A}"="Terminal Server Redirected Drive"
"{C43398E9-9026-4911-BB01-2A40A7B7FA30}"="Terminal Server Redirected Drive"
"{415CA134-486B-4167-9A23-6297B9A54D6C}"="Terminal Server Redirected Drive"
"{4362300D-2114-4390-8546-AA373A7D0B3D}"="Terminal Server Redirected Drive"
"{F470111D-305E-496B-B819-5A62316845B2}"="Terminal Server Redirected Drive"
"{F267B796-D620-492E-8142-363FF250A6AE}"="Terminal Server Redirected Drive"
"{C36CF331-101F-416B-AB30-DBC97225AC80}"="Terminal Server Redirected Drive"
"{7D66DE14-9290-476F-9F1E-0EDBA06E81AF}"="Terminal Server Redirected Drive"
"{3BD024B5-FD79-48F1-8DD1-A517E17A7F1E}"="Terminal Server Redirected Drive"
"{F168E4B3-158E-4423-A23A-53CAD6DB772D}"="Terminal Server Redirected Drive"
"{18338CD7-411E-4890-8ADA-A9C3F3AD085D}"="Terminal Server Redirected Drive"
"{F2D7A09F-4B8D-4A9A-8211-373774DC14C7}"="Terminal Server Redirected Drive"
"{B8C53055-79F2-4A0B-B76F-8C876CBF1B18}"="Terminal Server Redirected Drive"
"{3C875B7E-8ACB-4A78-AAD8-43302507B6C5}"="Terminal Server Redirected Drive"
"{81F84650-CBD7-41D9-B102-126A46CE0EA1}"="Terminal Server Redirected Drive"
"{8E2DF5CF-266B-4A93-BACE-428D626DE52F}"="Terminal Server Redirected Drive"
"{252561F8-A91A-4963-BAAB-48C91216075D}"="Terminal Server Redirected Drive"
"{437BF012-1026-4005-8044-302DECBB7320}"="Terminal Server Redirected Drive"
"{678B1A2F-A19F-4343-99F0-456E805AD7A9}"="Terminal Server Redirected Drive"
"{D0D1BDFB-5A5B-4AEB-8B3C-F88DB9F5AA4A}"="Terminal Server Redirected Drive"
"{E8E3A7CA-C199-44FF-AF78-661067F46B90}"="Terminal Server Redirected Drive"
"{CDC74A80-9CEE-4BC9-AC24-754BBF950D72}"="Terminal Server Redirected Drive"
"{C95AE266-0C29-4426-B035-A564699C19EE}"="Terminal Server Redirected Drive"
"{ED3444A7-14EF-404E-B349-2EC01C3148BC}"="Terminal Server Redirected Drive"
"{81CFBB00-3192-4F36-85C8-145AC860A171}"="Terminal Server Redirected Drive"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{2F3EA51D-7A87-4206-BBC4-C352F1D72F4C}"="Terminal Server Redirected Drive"
"{FBED52C8-EC50-4830-80DE-328EF6366EEA}"="Terminal Server Redirected Drive"
"{57F024FD-1438-4DD3-B4F2-50CD029F0802}"="Terminal Server Redirected Drive"
"{B55F3EBC-46FE-4C4C-B389-47A3F2D9D99E}"="Terminal Server Redirected Drive"
"{C43C25D9-9672-40C0-9CC5-2491CBAF401C}"="Terminal Server Redirected Drive"
"{3B01DBFC-154A-463C-BECD-9E40A56B7E3C}"="Terminal Server Redirected Drive"
"{98A298DB-94DC-44BD-97B8-9DB133F2AAE0}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{98A298DB-94DC-44BD-97B8-9DB133F2AAE0}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{98A298DB-94DC-44BD-97B8-9DB133F2AAE0}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{98A298DB-94DC-44BD-97B8-9DB133F2AAE0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{98A298DB-94DC-44BD-97B8-9DB133F2AAE0}\InprocServer32]
@="C:\\WINDOWS\\system32\\saringres110_chs.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
atmtd.dll Tue 12 Sep 2006 21:46:12 A.... 687 592 671,48 K
browseui.dll Fri 23 Jun 2006 22:46:08 A.... 1 037 312 1013,00 K
danim.dll Fri 23 Jun 2006 22:46:08 A.... 1 060 864 1,01 M
dnsapi.dll Wed 12 Jul 2006 21:00:04 A.... 177 664 173,50 K
dxtmsft.dll Fri 23 Jun 2006 22:46:08 A.... 363 008 354,50 K
dxtrans.dll Fri 23 Jun 2006 22:46:08 A.... 212 480 207,50 K
hlink.dll Tue 18 Jul 2006 0:41:06 A.... 72 704 71,00 K
iepeers.dll Fri 23 Jun 2006 22:46:08 A.... 253 952 248,00 K
inetcomm.dll Wed 26 Jul 2006 19:10:08 A.... 681 472 665,50 K
isasss~1.dll Wed 13 Sep 2006 8:20:48 A.... 597 0,58 K
jsproxy.dll Fri 23 Jun 2006 22:46:08 A.... 16 384 16,00 K
kernel32.dll Tue 25 Jul 2006 14:36:56 A.... 1 106 432 1,05 M
mnltus35.dll Tue 12 Sep 2006 23:14:08 ..S.R 234 272 228,78 K
mshtml.dll Fri 28 Jul 2006 16:43:12 A.... 3 173 888 3,02 M
mstime.dll Fri 23 Jun 2006 22:46:10 A.... 537 088 524,50 K
netapi32.dll Mon 17 Jul 2006 11:52:58 A.... 349 696 341,50 K
ntaudi~1.dll Wed 13 Sep 2006 8:20:46 A.... 1 513 1,48 K
pngfilt.dll Fri 23 Jun 2006 22:46:10 A.... 42 496 41,50 K
rasadhlp.dll Wed 12 Jul 2006 21:00:06 A.... 12 288 12,00 K
saring~1.dll Wed 13 Sep 2006 8:24:32 A.... 234 272 228,78 K
shdocvw.dll Tue 25 Jul 2006 22:41:12 A.... 1 514 496 1,44 M
shell32.dll Thu 13 Jul 2006 14:58:28 A.... 8 439 808 8,05 M
shlwapi.dll Fri 23 Jun 2006 22:46:10 A.... 322 048 314,50 K
urlmon.dll Tue 25 Jul 2006 17:44:06 A.... 698 880 682,50 K
w03a2409.dll Tue 25 Jul 2006 22:41:26 A.... 4 608 4,50 K
wininet.dll Fri 23 Jun 2006 22:46:10 A.... 666 624 651,00 K
26 items found: 26 files (1 H/S), 0 directories.
Total of file sizes: 21 902 438 bytes 20,89 M
Locate .tmp files:
C:\WINDOWS\SYSTEM32\
guard.tmp Wed 13 Sep 2006 8:24:36 A.... 235 588 230,07 K
tmp10.tmp Fri 8 Sep 2006 22:48:48 A.... 0 0,00 K
tmp1a.tmp Mon 11 Sep 2006 10:24:58 A.... 0 0,00 K
tmpa.tmp Thu 7 Sep 2006 15:58:10 A.... 23 341 22,79 K
4 items found: 4 files, 0 directories.
Total of file sizes: 258 929 bytes 252,86 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est F0ED-A6F5
R‚pertoire de C:\WINDOWS\System32
13/09/2006 08:24 <REP> dllcache
12/09/2006 23:14 234ÿ272 MNLTUS35.DLL
19/09/2005 16:33 <REP> Microsoft
1 fichier(s) 234ÿ272 octets
2 R‚p(s) 107ÿ625ÿ623ÿ552 octets libres