Virus trojan downloader swizzor

Résolu
benjy92260 Messages postés 24 Statut Membre -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
bonjour,

j'ai le virus trojan32 download32 swizzor.

une fetre grise s'ouvre avec un message en anglais.

j'ai scanner avec nod32.

j'ai deleter le fichier

mais la fnetre grise apparais toujour.

le fenetre met message de microsoft à alert le 15/04/2007 19:55:2007

stop windows require immediate attention

je me suis servis de adware et spybot.

il a trouvé des espions

je les effacés mais le virus est toujours là.

car la fenetre gris se lance tous les 10 minutes

je peux pas relancer en mode sans echer car j'ai un fichier endommagé
Configuration: Windows XP
Firefox 1.0.1

21 réponses

  • 1
  • 2
Résumé de la discussion

Un message en anglais apparaît dans une fenêtre grise en présence d’un virus trojan32 (download32 swizzor) sur Windows XP, malgré un scan Nod32 et la suppression du fichier. La fenêtre se réveille toutes les 10 minutes et le mode sans échec est difficile à atteindre, l’utilisateur citant des tentatives avec Adware et Spybot sans éradication complète. Plusieurs éléments de réponse suggèrent de supprimer en mode sécurité puis de nettoyer le fichier Hosts, d’évoquer une erreur VBScript lors d’un script et de communiquer un rapport système détaillé. En parallèle, un extrait de journal répertorie des répertoires et fichiers variés (Microsoft, Spybot, Google notamment), illustrant une collecte de données système et des pistes techniques évoquées.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    télécharge HijackThis ici:
    http://telechargement.zebulon.fr/138-hijackthis-1991.html

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum

    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    Bon courage

    A+
    0
    1. benjy92260 Messages postés 24 Statut Membre
       
      voiçi le log

      Logfile of HijackThis v1.99.1
      Scan saved at 20:55:41, on 15/04/2007
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Eset\nod32krn.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\wltrysvc.exe
      C:\WINDOWS\System32\bcmwltry.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\ltmoh\Ltmoh.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
      C:\Program Files\Launch Manager\QtDTAcer.EXE
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\Logitech\iTouch\iTouch.exe
      C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
      C:\PROGRA~1\MESSAG~1\StartMessager.exe
      C:\Program Files\MessengerPlus! 3\MsgPlus.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\WINDOWS\System32\dslagent.exe
      C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
      C:\PROGRA~1\Wanadoo\CnxMon.exe
      C:\PROGRA~1\Wanadoo\taskbaricon.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe
      C:\PROGRA~1\Wanadoo\Watch.exe
      C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\AIM95\aim.exe
      C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
      C:\Program Files\Eset\nod32.exe
      C:\Program Files\WinRAR\WinRAR.exe
      C:\DOCUME~1\benjy\LOCALS~1\Temp\Rar$EX00.562\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avi-vcd.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
      O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtDTAcer.EXE
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
      O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
      O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
      O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
      O4 - HKLM\..\Run: [Bike Real Book Meal] C:\Documents and Settings\All Users\Application Data\LITEGREATBIKEREAL\TRANS ERROR.exe
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
      O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
      O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
      O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
      O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
      O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
      O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O17 - HKLM\System\CCS\Services\Tcpip\..\{D219CC0E-95EF-4D5D-898B-DB6B8DD4CF64}: NameServer = 80.10.246.1 80.10.246.132
      O18 - Protocol: bw+0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: offline-8876480 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
      0
  2. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    Télécharge LopxpMH sur ton Bureau.

    http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip

    Dézippe-le (clic droit >> Extraire ici) et double clique sur le fichier lopxpMH.bat.

    Poste le contenu du rapport qui va s'ouvrir.

    A+
    0
    1. benjy92260 Messages postés 24 Statut Membre
       
      Rapport lopxpMH2 version 2.0 fait à 7:56:44,82 le 16/04/2007
      C:\Documents and Settings\benjy\Bureau

      ******************************************
      ## Répertoires Application Data

      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\Documents and Settings\All Users\Application Data

      11/02/2004 17:21 <REP> .
      11/02/2004 17:21 <REP> ..
      11/02/2004 17:43 <REP> Adobe
      11/04/2007 11:41 <REP> AOL
      11/04/2007 11:32 <REP> AOL Downloads
      11/04/2007 11:41 <REP> AOL OCP
      10/04/2006 12:56 <REP> CanonBJ
      11/02/2004 17:45 <REP> CyberLink
      11/02/2004 17:21 <REP> Microsoft
      15/04/2007 09:11 <REP> Spybot - Search & Destroy
      13/08/2004 08:56 <REP> Symantec
      25/04/2005 20:16 <REP> Viewpoint
      11/02/2004 17:22 62 desktop.ini
      1 fichier(s) 62 octets
      12 Rép(s) 15 105 560 576 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\Documents and Settings\benjy\Application Data

      25/05/2004 19:49 <REP> .
      25/05/2004 19:49 <REP> ..
      11/04/2007 11:41 <REP> acccore
      23/08/2004 13:23 <REP> Adobe
      23/08/2004 13:24 <REP> AdobeUM
      04/08/2004 14:09 <REP> Aim
      14/08/2004 13:56 <REP> CyberLink
      09/11/2006 19:39 <REP> Google
      20/04/2006 08:40 <REP> Help
      25/05/2004 19:49 <REP> Identities
      15/04/2007 13:08 <REP> Lavasoft
      25/04/2005 20:18 <REP> Macromedia
      25/05/2004 19:49 <REP> Microsoft
      24/04/2005 17:02 <REP> Mozilla
      10/04/2006 13:29 <REP> Real
      30/04/2005 16:16 <REP> SmartFTP
      25/05/2004 19:49 <REP> Sun
      13/08/2004 08:56 <REP> Symantec
      24/04/2005 17:18 <REP> Talkback
      10/04/2007 09:40 <REP> vlc
      25/05/2004 19:49 62 desktop.ini
      1 fichier(s) 62 octets
      20 Rép(s) 15 105 560 576 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\Documents and Settings\benjy\Local Settings\Application Data

      25/05/2004 19:49 <REP> .
      25/05/2004 19:49 <REP> ..
      25/05/2004 19:49 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142010}
      23/08/2004 13:24 <REP> Adobe
      11/04/2007 11:40 <REP> AOL OCP
      09/11/2006 19:39 <REP> Google
      20/04/2006 08:40 <REP> Help
      04/08/2004 14:11 <REP> Identities
      25/05/2004 19:49 <REP> Microsoft
      25/04/2005 20:20 <REP> Wildtangent
      25/05/2004 20:58 193 536 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      11/04/2006 20:59 7 489 078 IconCache.db
      2 fichier(s) 7 682 614 octets
      10 Rép(s) 15 105 560 576 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\Documents and Settings\Default User\Application Data

      11/02/2004 17:21 <REP> .
      11/02/2004 17:21 <REP> ..
      25/05/2004 19:48 <REP> Identities
      11/02/2004 17:21 <REP> Microsoft
      25/05/2004 19:48 <REP> Sun
      11/02/2004 17:22 62 desktop.ini
      1 fichier(s) 62 octets
      5 Rép(s) 15 105 560 576 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

      11/02/2004 17:22 <REP> .
      11/02/2004 17:22 <REP> ..
      25/05/2004 19:48 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142010}
      25/05/2004 19:48 <REP> Microsoft
      25/05/2004 19:48 3 185 718 IconCache.db
      1 fichier(s) 3 185 718 octets
      4 Rép(s) 15 105 556 480 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\Documents and Settings\LocalService\Application Data

      11/02/2004 17:28 <REP> .
      11/02/2004 17:28 <REP> ..
      11/02/2004 17:28 <REP> Microsoft
      0 fichier(s) 0 octets
      3 Rép(s) 15 105 556 480 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

      11/02/2004 17:28 <REP> .
      11/02/2004 17:28 <REP> ..
      11/02/2004 17:28 <REP> Microsoft
      0 fichier(s) 0 octets
      3 Rép(s) 15 105 556 480 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\Documents and Settings\NetworkService\Application Data

      11/02/2004 17:28 <REP> .
      11/02/2004 17:28 <REP> ..
      11/02/2004 17:28 <REP> Microsoft
      0 fichier(s) 0 octets
      3 Rép(s) 15 105 556 480 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

      11/02/2004 17:28 <REP> .
      11/02/2004 17:28 <REP> ..
      11/02/2004 17:28 <REP> Microsoft
      0 fichier(s) 0 octets
      3 Rép(s) 15 105 556 480 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\Documents and Settings\Propriétaire

      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

      11/02/2004 17:28 <REP> .
      11/02/2004 17:28 <REP> ..
      25/05/2004 19:48 <REP> Identities
      11/02/2004 17:28 <REP> Microsoft
      25/05/2004 19:48 <REP> Sun
      11/02/2004 17:28 62 desktop.ini
      1 fichier(s) 62 octets
      5 Rép(s) 15 105 556 480 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

      11/02/2004 17:28 <REP> .
      11/02/2004 17:28 <REP> ..
      25/05/2004 19:48 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142010}
      25/05/2004 19:46 <REP> Microsoft
      25/05/2004 19:48 3 185 718 IconCache.db
      1 fichier(s) 3 185 718 octets
      4 Rép(s) 15 105 556 480 octets libres

      ******************************************
      Recherche des taches planifiées dans C:\WINDOWS\tasks

      ******************************************
      ## Répertoires de C:\Program Files

      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\Program Files

      15/04/2007 20:03 <REP> .
      15/04/2007 20:03 <REP> ..
      11/02/2004 17:39 <REP> Acer Inc
      11/02/2004 17:43 <REP> Adobe
      14/04/2007 15:08 <REP> adslTV
      11/04/2007 11:41 <REP> AIM6
      26/04/2005 08:33 <REP> AIM95
      11/02/2004 17:53 <REP> Aspire screensaver
      11/02/2004 17:31 <REP> AvRack
      11/02/2004 17:33 <REP> Broadcom
      19/08/2005 11:07 <REP> C2Media
      03/08/2005 15:43 <REP> Canon
      15/04/2007 16:08 <REP> CleanUp!
      09/06/2005 01:00 1 152 409 cnb_2600.tb_
      28/04/2005 01:00 130 379 cnb78ca0.ic_
      09/06/2005 01:00 131 999 cnb78cb0.ic_
      28/03/2005 01:00 132 013 cnb78cc0.ic_
      28/03/2005 01:00 128 135 cnb78db0.ic_
      28/03/2005 01:00 131 477 cnb78eb0.ic_
      28/03/2005 01:00 128 783 cnb78ed0.ic_
      30/03/2001 01:00 5 617 cnbjprn2.ic_
      27/01/2005 05:30 224 cnm.in_
      09/06/2005 06:00 32 527 cnm_0260.dl_
      15/04/2005 06:00 18 389 cnmbr260.dl_
      15/04/2005 06:00 273 149 cnmdrv.dl_
      15/04/2005 06:00 63 127 cnmdump5.dl_
      15/04/2005 06:00 10 577 cnmfus.dl_
      19/05/2005 15:00 48 128 cnmi0404.dll
      25/05/2005 02:10 57 344 cnmi0405.dll
      25/05/2005 02:10 57 856 cnmi0406.dll
      25/05/2005 02:10 65 024 cnmi0407.dll
      25/05/2005 02:10 61 440 cnmi0408.dll
      08/03/2005 19:16 56 832 cnmi0409.dll
      25/05/2005 02:10 57 344 cnmi040b.dll
      25/05/2005 02:10 64 512 cnmi040c.dll
      25/05/2005 02:10 58 368 cnmi040e.dll
      25/05/2005 02:10 59 392 cnmi0410.dll
      08/03/2005 19:16 50 688 cnmi0411.dll
      19/05/2005 15:00 50 688 cnmi0412.dll
      25/05/2005 02:10 59 904 cnmi0413.dll
      25/05/2005 02:10 57 856 cnmi0414.dll
      25/05/2005 02:10 58 368 cnmi0415.dll
      25/05/2005 02:10 58 368 cnmi0419.dll
      25/05/2005 02:10 57 856 cnmi041d.dll
      19/05/2005 15:00 56 320 cnmi041e.dll
      25/05/2005 02:10 57 344 cnmi041F.dll
      19/05/2005 15:00 47 616 cnmi0804.dll
      25/05/2005 02:10 59 392 cnmi0816.dll
      25/05/2005 02:10 59 392 cnmi0c0a.dll
      15/04/2005 06:00 3 128 cnminst.dl_
      09/05/2002 22:10 7 204 cnminst2.dll
      08/03/2005 19:16 61 952 cnmis.dll
      08/03/2005 19:16 5 632 cnmis4.dll
      08/03/2005 19:16 18 944 cnmis5.dll
      15/04/2005 06:00 70 431 cnmlmon2.dl_
      15/04/2005 06:00 10 940 cnmlr.dl_
      19/05/2005 15:00 8 854 cnmlrcn.dl_
      25/05/2005 06:10 12 700 cnmlrcz.dl_
      25/05/2005 06:10 13 322 cnmlrde.dl_
      25/05/2005 06:10 12 554 cnmlrdk.dl_
      25/05/2005 06:10 12 906 cnmlres.dl_
      25/05/2005 06:10 12 050 cnmlrfi.dl_
      25/05/2005 06:10 13 000 cnmlrfr.dl_
      25/05/2005 06:10 14 548 cnmlrgr.dl_
      25/05/2005 06:10 13 198 cnmlrhu.dl_
      25/05/2005 06:10 12 280 cnmlrit.dl_
      15/04/2005 06:00 9 457 cnmlrj.dl_
      19/05/2005 15:00 9 770 cnmlrkr.dl_
      25/05/2005 06:10 12 412 cnmlrnl.dl_
      25/05/2005 06:10 12 050 cnmlrno.dl_
      25/05/2005 06:10 13 792 cnmlrpl.dl_
      25/05/2005 06:10 12 406 cnmlrpt.dl_
      25/05/2005 06:10 12 766 cnmlrru.dl_
      25/05/2005 06:10 12 426 cnmlrse.dl_
      19/05/2005 15:00 10 808 cnmlrth.dl_
      25/05/2005 06:10 11 882 cnmlrTr.dl_
      19/05/2005 15:00 9 112 cnmlrtw.dl_
      09/06/2005 06:00 12 362 cnmop78.dl_
      15/04/2005 06:00 26 063 cnmp_260.dl_
      15/04/2005 06:00 1 104 cnmp0.da_
      15/04/2005 06:00 1 076 cnmp1.da_
      15/04/2005 06:00 1 676 cnmp2.da_
      01/02/2002 17:29 15 300 cnmpar21.sys
      15/04/2005 06:00 16 539 cnmpcomm.dl_
      15/04/2005 06:00 10 028 cnmpd.dl_
      15/04/2005 06:00 31 054 cnmpp.dl_
      15/04/2005 06:00 41 376 cnmpv.dl_
      15/04/2005 06:00 12 631 cnmqueue.dl_
      15/04/2005 06:00 13 222 cnmsmsd.dl_
      15/04/2005 06:00 8 402 cnmsr.dl_
      19/05/2005 15:00 6 630 cnmsrcn.dl_
      25/05/2005 06:10 9 666 cnmsrcz.dl_
      25/05/2005 06:10 10 110 cnmsrde.dl_
      25/05/2005 06:10 9 324 cnmsrdk.dl_
      25/05/2005 06:10 9 804 cnmsres.dl_
      25/05/2005 06:10 8 830 cnmsrfi.dl_
      25/05/2005 06:10 9 700 cnmsrfr.dl_
      25/05/2005 06:10 11 030 cnmsrgr.dl_
      25/05/2005 06:10 9 904 cnmsrhu.dl_
      25/05/2005 06:10 9 368 cnmsrit.dl_
      15/04/2005 06:00 7 089 cnmsrj.dl_
      19/05/2005 15:00 7 572 cnmsrkr.dl_
      25/05/2005 06:10 9 240 cnmsrnl.dl_
      25/05/2005 06:10 9 036 cnmsrno.dl_
      25/05/2005 06:10 10 328 cnmsrpl.dl_
      25/05/2005 06:10 9 414 cnmsrpt.dl_
      25/05/2005 06:10 9 736 cnmsrru.dl_
      25/05/2005 06:10 9 362 cnmsrse.dl_
      19/05/2005 15:00 8 100 cnmsrth.dl_
      25/05/2005 06:10 8 680 cnmsrTr.dl_
      19/05/2005 15:00 6 722 cnmsrtw.dl_
      15/04/2005 06:00 85 620 cnmstmn.dl_
      15/04/2005 06:00 16 116 cnmstsr.sm_
      15/04/2005 06:00 361 166 cnmui.dl_
      08/03/2005 19:17 90 112 cnmunins.exe
      15/04/2005 06:00 30 236 cnmur.dl_
      19/05/2005 15:00 26 496 cnmurcn.dl_
      25/05/2005 06:10 32 800 cnmurcz.dl_
      25/05/2005 06:20 33 490 cnmurde.dl_
      25/05/2005 06:10 31 910 cnmurdk.dl_
      25/05/2005 06:10 32 810 cnmures.dl_
      25/05/2005 06:10 31 606 cnmurfi.dl_
      25/05/2005 06:10 33 038 cnmurfr.dl_
      25/05/2005 06:10 35 962 cnmurgr.dl_
      25/05/2005 06:10 32 898 cnmurhu.dl_
      25/05/2005 06:10 32 106 cnmurit.dl_
      15/04/2005 06:00 28 671 cnmurj.dl_
      19/05/2005 15:00 28 372 cnmurkr.dl_
      25/05/2005 06:10 32 082 cnmurnl.dl_
      25/05/2005 06:10 31 034 cnmurno.dl_
      25/05/2005 06:10 33 918 cnmurpl.dl_
      25/05/2005 06:10 32 242 cnmurpt.dl_
      25/05/2005 06:10 34 088 cnmurru.dl_
      25/05/2005 06:10 31 936 cnmurse.dl_
      19/05/2005 15:00 30 386 cnmurth.dl_
      25/05/2005 06:10 31 744 cnmurTr.dl_
      19/05/2005 15:00 26 876 cnmurtw.dl_
      15/04/2005 06:00 3 672 cnmvs.dl_
      08/03/2005 19:16 23 040 cnmvsa.exe
      15/04/2005 06:00 3 124 cnmw3.dl_
      11/02/2004 17:25 <REP> ComPlus Applications
      05/11/2006 16:32 <REP> Creative
      25/05/2004 20:39 <REP> Cucusoft
      11/02/2004 17:45 <REP> CyberLink
      21/08/2004 18:23 <REP> DCPro
      12/03/2002 22:54 45 056 devid.dll
      09/04/2007 17:08 <REP> ECI Telecom
      15/04/2007 10:28 <REP> ESET
      12/05/2005 17:38 5 133 eula0404.txt
      08/02/2005 12:04 11 504 eula0405.txt
      24/06/2005 11:46 12 728 eula0406.txt
      13/05/2005 14:54 18 199 eula0407.txt
      08/02/2005 11:48 13 484 eula0408.txt
      28/03/2005 17:00 11 665 eula0409_euro.txt
      06/01/2005 18:20 8 824 eula0409_us.txt
      08/02/2005 11:31 12 438 eula040b.txt
      10/06/2005 16:05 11 558 eula040c_euro.txt
      08/02/2005 10:16 10 796 eula040c_us.txt
      08/02/2005 12:04 13 205 eula040e.txt
      08/02/2005 11:32 12 202 eula0410.txt
      12/01/2005 17:41 6 297 eula0411.txt
      16/02/2005 16:37 7 100 eula0412.txt
      08/02/2005 11:31 15 126 eula0413.txt
      08/02/2005 11:32 11 761 eula0414.txt
      08/02/2005 12:03 12 374 eula0415.txt
      24/06/2005 11:56 15 315 eula0419.txt
      08/02/2005 11:32 12 307 eula041d.txt
      22/02/2005 12:24 7 596 eula041e.txt
      01/03/2005 09:52 11 966 eula041F.txt
      16/02/2005 16:36 4 798 eula0804.txt
      08/02/2005 11:32 12 781 eula0816_euro.txt
      08/02/2005 10:17 9 227 eula0816_us.txt
      24/06/2005 12:15 13 086 eula0c0a_euro.txt
      08/02/2005 10:17 9 739 eula0c0a_us.txt
      14/04/2007 22:08 <REP> Fichiers communs
      15/04/2007 16:09 <REP> FlashFXP
      09/11/2006 19:37 <REP> Google
      15/04/2005 06:00 22 241 helpkicker.ex_
      11/02/2004 17:29 <REP> Intel
      11/02/2004 17:25 <REP> Internet Explorer
      10/04/2006 12:55 <REP> ip4200
      01/08/2005 01:11 69 716 ip4200.cat
      19/07/2005 06:12 18 740 ip4200.inf
      11/02/2004 17:40 <REP> Java
      15/04/2007 18:44 <REP> jv16 PowerTools 2006
      10/11/2004 18:29 <REP> Kaspersky Lab
      26/05/2004 04:00 <REP> K-Lite Codec Pack
      11/02/2004 17:41 <REP> Launch Manager
      15/04/2007 13:07 <REP> Lavasoft
      11/02/2004 17:44 <REP> Ligos
      18/06/2004 03:07 <REP> Logitech
      11/02/2004 17:34 <REP> ltmoh
      04/08/2004 01:20 <REP> Messager Wanadoo
      11/02/2004 17:24 <REP> Messenger
      24/04/2005 20:14 <REP> MessengerPlus! 3
      20/05/2005 15:00 122 417 mh78cn.ch_
      25/05/2005 01:00 120 589 mh78cz.ch_
      25/05/2005 01:00 121 717 mh78de.ch_
      25/05/2005 01:00 114 973 mh78dk.ch_
      25/05/2005 01:00 122 491 mh78es.ch_
      25/05/2005 06:00 114 493 mh78fi.ch_
      25/05/2005 01:00 119 091 mh78fr.ch_
      25/05/2005 01:00 132 377 mh78gr.ch_
      25/05/2005 01:00 122 605 mh78hu.ch_
      25/05/2005 01:00 117 397 mh78it.ch_
      15/04/2005 01:00 139 053 mh78jp.ch_
      20/05/2005 15:00 135 231 mh78kr.ch_
      25/05/2005 01:00 115 999 mh78nl.ch_
      25/05/2005 01:00 112 917 mh78no.ch_
      25/05/2005 01:00 124 661 mh78pl.ch_
      25/05/2005 01:00 117 451 mh78pt.ch_
      25/05/2005 01:00 124 611 mh78ru.ch_
      25/05/2005 01:00 113 449 mh78se.ch_
      20/05/2005 15:00 137 361 mh78th.ch_
      25/05/2005 06:00 115 241 mh78Tr.ch_
      20/05/2005 15:00 123 259 mh78tw.ch_
      15/04/2005 01:00 108 777 mh78us.ch_
      11/02/2004 17:26 <REP> microsoft frontpage
      16/02/2004 16:53 <REP> Microsoft Works
      11/02/2004 17:25 <REP> Movie Maker
      15/04/2007 16:09 <REP> Mozilla Firefox
      11/02/2004 17:24 <REP> MSN
      04/08/2004 18:13 <REP> MSN Apps
      11/02/2004 17:24 <REP> MSN Gaming Zone
      24/04/2005 20:26 <REP> MSN Messenger
      18/06/2004 03:06 <REP> MUSICMATCH
      11/02/2004 17:25 <REP> NetMeeting
      11/02/2004 17:44 <REP> NewTech Infosystems
      25/05/2004 19:50 <REP> O2Micro
      11/02/2004 17:25 <REP> Outlook Express
      26/05/2004 03:21 <REP> Pegasys Inc
      24/09/2004 14:40 <REP> Philips ToUcam Camera
      16/11/2006 19:40 <REP> RadioBlogClub Downloader
      25/05/2005 06:10 29 124 Readme_Czech.txt
      25/05/2005 06:10 31 844 Readme_Danish.txt
      25/05/2005 06:10 33 561 Readme_Dutch.txt
      19/04/2005 16:54 29 281 readme_english.txt
      25/05/2005 06:10 29 619 Readme_Finnish.txt
      25/05/2005 06:10 35 043 Readme_French.txt
      25/05/2005 06:10 34 813 Readme_German.txt
      25/05/2005 06:10 38 518 Readme_Greek.txt
      25/05/2005 06:10 31 559 Readme_Hungarian.txt
      25/05/2005 06:10 34 109 Readme_Italian.txt
      15/04/2005 11:36 27 503 readme_japanese.txt
      19/05/2005 16:00 25 991 Readme_Korean.txt
      25/05/2005 06:10 30 683 Readme_Norwegian.txt
      25/05/2005 06:10 35 455 Readme_Polish.txt
      25/05/2005 06:10 34 281 Readme_Portuguese.txt
      25/05/2005 06:10 32 243 Readme_Russian.txt
      19/05/2005 16:00 20 093 Readme_Simplified_Chinese.txt
      25/05/2005 06:10 34 527 Readme_Spanish.txt
      25/05/2005 06:10 30 549 Readme_Swedish.txt
      19/05/2005 16:00 27 904 Readme_Thai.txt
      19/05/2005 16:00 20 061 Readme_Traditional_Chinese.txt
      25/05/2005 06:10 30 360 readme_Turkish.txt
      24/09/2004 14:38 <REP> Real
      11/02/2004 17:31 <REP> Realtek Sound Manager
      11/02/2004 17:24 <REP> Services en ligne
      08/03/2005 19:17 167 936 setup.exe
      15/04/2005 06:00 1 960 setup.ini
      20/05/2005 15:00 39 507 sh78cn.ch_
      25/05/2005 01:00 40 581 sh78cz.ch_
      25/05/2005 01:00 40 277 sh78de.ch_
      25/05/2005 01:00 39 883 sh78dk.ch_
      25/05/2005 01:00 40 433 sh78es.ch_
      25/05/2005 06:00 39 919 sh78fi.ch_
      25/05/2005 01:00 40 873 sh78fr.ch_
      25/05/2005 01:00 41 615 sh78gr.ch_
      25/05/2005 01:00 40 359 sh78hu.ch_
      25/05/2005 01:00 40 067 sh78it.ch_
      15/04/2005 01:00 40 925 sh78jp.ch_
      20/05/2005 15:00 40 567 sh78kr.ch_
      25/05/2005 01:00 39 523 sh78nl.ch_
      25/05/2005 01:00 39 739 sh78no.ch_
      25/05/2005 01:00 40 741 sh78pl.ch_
      25/05/2005 01:00 40 317 sh78pt.ch_
      25/05/2005 01:00 41 295 sh78ru.ch_
      25/05/2005 01:00 39 679 sh78se.ch_
      20/05/2005 15:00 40 559 sh78th.ch_
      25/05/2005 06:00 39 385 sh78Tr.ch_
      20/05/2005 15:00 39 847 sh78tw.ch_
      15/04/2005 01:00 39 231 sh78us.ch_
      30/04/2005 16:16 <REP> SmartFTP
      30/04/2005 16:16 <REP> SmartFTP Setup Files
      15/04/2007 09:15 <REP> Spybot - Search & Destroy
      11/02/2004 17:35 <REP> Synaptics
      24/09/2004 14:39 <REP> Ulead Systems
      10/04/2007 09:38 <REP> VideoLAN
      24/09/2004 14:40 <REP> VideoLink Mail
      11/04/2007 11:40 <REP> Viewpoint
      16/04/2007 07:51 <REP> Wanadoo
      25/04/2005 20:54 <REP> WildTangent
      15/07/2005 11:36 <REP> Winamp
      05/11/2006 16:33 <REP> Windows Media Player
      11/02/2004 17:24 <REP> Windows NT
      28/05/2004 22:31 <REP> WinRAR
      25/05/2004 19:50 <REP> WLAN 802.11g mini-PCI Module
      11/02/2004 17:26 <REP> xerox
      225 fichier(s) 10 542 851 octets
      73 Rép(s) 15 105 540 096 octets libres

      ******************************************
      ## Popups autorisées

      * Internet Explorer

      * Mozilla Firefox (1 autorisé 2 interdit)

      ******************************************
      ## Registre

      * [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      Bike Real Book Meal REG_SZ C:\Documents and Settings\All Users\Application Data\LITEGREATBIKEREAL\TRANS ERROR.exe

      ******************************************
      ## Zones de sécurité

      * HKCU Domains (4)

      * P3P History (5)

      ******************************************
      ## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"


      *************** Fin du rapport ****************
      0
  3. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Bonjour,

    Imprime, ou enregistre la manip dans un fichier dans le bloc notes pour être sur ne rien oublier et de tout faire dans l'ordre.

    1/Telecharge ceci: Clean Up 40:
    http://pageperso.aol.fr/balltrap34/CleanUp40.exe
    -aide en image:(merci à Balltrap34).
    http://pageperso.aol.fr/balltrap34/democleanup.htm

    Déconnecte toi d'Internet et ferme tout les programmes en cours.

    Redémarre en mode sans échec
    Redémarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
    Choisis le mode sans échec dans les options et valide avec entrée.
    (Si F8 ne marche pas, essai F5)

    Rend visible les fichiers cachés et système
    panneau de configuration > options des dossiers > onglet affichage
    Cocher la case devant " afficher les fichiers et dossiers cachés "
    Décocher la case devant " masquer les extensions des fichiers dont le type est connu"
    Décocher la case devant " masquer les fichiers protégés du système"
    clic sur [Appliquer] puis sur [ok] pour valider

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    Lance hijackthis et clic sur [do a system scan only]
    cocher la case au début des lignes suivantes:

    O4 - HKLM\..\Run: [Bike Real Book Meal] C:\Documents and Settings\All Users\Application Data\LITEGREATBIKEREAL\TRANS ERROR.exe

    valider en cliquant sur le bouton [fix checked]

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    Recherche et supprime ces dossiers:

    Supprimer les fichiers en suivant le chemin des fichiers infectés si possible, plutot que d'utiliser la fonction "Rechercher"

    S'ils sont présents, supprime:

    C:\Documents and Settings\All Users\Application Data\LITEGREATBIKEREAL

    C:\Program Files\C2Media

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    Ensuite, très important:

    :: Supprimer les fichiers temporaires ::

    Exécute cleanup40.

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    Redémarre normalement et reposte un Hijackthis sur le poste…

    Précises moi ou en sont tes soucis…

    A+
    0
    1. benjy92260 Messages postés 24 Statut Membre
       
      salut,

      j'ai fais ce que tu m'a dis.

      ka fenetre grise avec le message en anglais n'apparis plus.

      par contrte nod32 m'a decouvert un virs qui se trouve dans c:\windows\system32\.exe.

      l'antivirus ne l'efface pas.

      j'ai refais un rapport comme tu m'a demandé

      Logfile of HijackThis v1.99.1
      Scan saved at 11:06:54, on 16/04/2007
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Eset\nod32krn.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\wltrysvc.exe
      C:\WINDOWS\System32\bcmwltry.exe
      C:\Program Files\Logitech\iTouch\iTouch.exe
      C:\PROGRA~1\Wanadoo\taskbaricon.exe
      C:\PROGRA~1\Wanadoo\CnxMon.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
      C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
      C:\Program Files\MessengerPlus! 3\MsgPlus.exe
      C:\PROGRA~1\MESSAG~1\StartMessager.exe
      C:\Program Files\ltmoh\Ltmoh.exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      C:\Program Files\Launch Manager\QtDTAcer.EXE
      C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
      C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
      C:\WINDOWS\System32\dslagent.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\PROGRA~1\Wanadoo\Watch.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe
      C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
      C:\Program Files\WinRAR\WinRAR.exe
      C:\DOCUME~1\benjy\LOCALS~1\Temp\Rar$EX00.016\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avi-vcd.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
      O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
      O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
      O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtDTAcer.EXE
      O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
      O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
      O4 - HKLM\..\Run: [Bike Real Book Meal] C:\Documents and Settings\All Users\Application Data\LITEGREATBIKEREAL\TRANS ERROR.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
      O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
      O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
      O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
      O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
      O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O17 - HKLM\System\CCS\Services\Tcpip\..\{D219CC0E-95EF-4D5D-898B-DB6B8DD4CF64}: NameServer = 80.10.246.1 80.10.246.132
      O18 - Protocol: bw+0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: offline-8876480 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O20 - AppInit_DLLs: MsgPlusLoader.dll
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
      0
  4. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Tu as supprimé:
    C:\Documents and Settings\All Users\Application Data\LITEGREATBIKEREAL?

    Et aussi:

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. benjy92260 Messages postés 24 Statut Membre
     
    voila, j"ai pas entendu de bip, lors du redemarrage du pc.

    quand je tape sur y, rine ne se passe la fnetre sdfix se ferme.

    j'ai toujours cette fenetre grise, elle est revenu avec un message en anglais.

    C:\Documents and Settings\All Users\Application Data\LITEGREATBIKEREAL impossible de trouver ce fichier

    byzarre tout ça
    0
    1. benjy92260 Messages postés 24 Statut Membre
       
      maintenant j'ai ça Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window. Please submit the file to ESET for analysis.
      0
  7. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Télécharge ceci:
    http://sosvirus.changelog.fr/Green_day/Lopxp.exe

    Lance Lopxp.bat.
    Au menu, choisis l'option 1 "Rechercher / Générer un rapport"
    Patiente et lorsque l'on te demande d'appuyer sur une touche, appuie.
    Ensuite, le rapport s'ouvre, copie colle le en entier sur le forum.

    A+
    0
    1. benjy92260 Messages postés 24 Statut Membre
       
      je poste le rapport


      _____________ Rapport Lopxp fait le 16/04/2007 à 21:24:31,53 _______________


      /!\ Attention /!\

      Les résultats de ce rapport sont sujets à interprétations,
      Et ne démontrent pas systématiquement des dossiers infectés...


      _________________________ Recherche prédéterminé __________________________


      [X] C:\Program Files\MessengerPlus! 3 Présent !

      Date d'installation/Création du dossier: 24/04/2005 à 20:12
      Dernière modification du dossier le: 24/04/2005 à 20:14

      Recherche des dossiers crées le: 24/04/2005

      C:\Program Files

      24/04/2005 20:12 <REP> C2Media
      24/04/2005 20:12 <REP> MESSEN~2 MessengerPlus! 3
      24/04/2005 17:02 <REP> MOZILL~1 Mozilla Firefox

      C:\Documents and Settings\benjy\Application Data

      24/04/2005 17:18 <REP> Talkback
      24/04/2005 17:02 <REP> Mozilla


      _________________________ Recherche heuristique __________________________


      Recherche négative


      ___________________________ Tâches planifiées _____________________________

      Listing de toutes les tâches planifiées:



      __________ Détection des paramètres de désinstallation du sponsor _________

      Sponsor P2P:

      Sponsor MSN+:

      MessengerPlus !3

      /!\ Sponsor accepté lors de la dernière installation.

      Impossibilité de désinstaller le sponsor dans Ajout/Suppression de programme.
      Le fichier C:\Program Files\Adverts\uninst.exe est manquant.


      __________________ Listing des dossiers Application Data __________________


      C:\Documents and Settings\All Users\Application Data

      Date/heure Création Nom court Nom long

      15/04/2007 à 09:11 | SPYBOT~1 Spybot - Search & Destroy
      11/04/2007 à 11:41 | AOLOCP~1 AOL OCP
      11/04/2007 à 11:41 | AOL
      11/04/2007 à 11:32 | AOLDOW~1 AOL Downloads
      10/04/2006 à 12:56 | CanonBJ
      25/04/2005 à 20:16 | VIEWPO~1 Viewpoint
      13/08/2004 à 08:56 | Symantec
      11/02/2004 à 17:45 | CYBERL~1 CyberLink
      11/02/2004 à 17:43 | Adobe
      11/02/2004 à 17:21 | MICROS~1 Microsoft


      C:\Documents and Settings\benjy\Application Data

      Date/heure Création Nom court Nom long

      15/04/2007 à 13:08 | Lavasoft
      11/04/2007 à 11:41 | acccore
      10/04/2007 à 09:40 | vlc
      09/11/2006 à 19:39 | Google
      20/04/2006 à 08:40 | Help
      10/04/2006 à 13:29 | Real
      30/04/2005 à 16:16 | SmartFTP
      25/04/2005 à 20:18 | MACROM~1 Macromedia
      24/04/2005 à 17:18 | Talkback
      24/04/2005 à 17:02 | Mozilla
      23/08/2004 à 13:24 | AdobeUM
      23/08/2004 à 13:23 | Adobe
      14/08/2004 à 13:56 | CYBERL~1 CyberLink
      13/08/2004 à 08:56 | Symantec
      04/08/2004 à 14:09 | Aim
      25/05/2004 à 19:49 | MICROS~1 Microsoft
      25/05/2004 à 19:49 | Sun
      25/05/2004 à 19:49 | IDENTI~1 Identities


      C:\Documents and Settings\benjy\Local Settings\Application Data

      Date/heure Création Nom court Nom long

      11/04/2007 à 11:40 | AOLOCP~1 AOL OCP
      09/11/2006 à 19:39 | Google
      20/04/2006 à 08:40 | Help
      25/04/2005 à 20:20 | WILDTA~1 Wildtangent
      23/08/2004 à 13:24 | Adobe
      04/08/2004 à 14:11 | IDENTI~1 Identities
      25/05/2004 à 19:49 | {7148F~1 {7148F0A6-6813-11D6-A77B-00B0D0142010}
      25/05/2004 à 19:49 | MICROS~1 Microsoft


      ____________________ Listing du dossier Program Files _____________________

      C:\Program Files

      Date/heure Création Nom court Nom long

      15/04/2007 à 18:44 | JV16PO~1 jv16 PowerTools 2006
      15/04/2007 à 16:08 | CleanUp!
      15/04/2007 à 13:07 | Lavasoft
      15/04/2007 à 09:11 | SPYBOT~1 Spybot - Search & Destroy
      15/04/2007 à 08:34 | ESET
      14/04/2007 à 15:06 | adslTV
      11/04/2007 à 11:36 | AIM6
      10/04/2007 à 09:38 | VideoLAN
      09/04/2007 à 17:08 | ECITEL~1 ECI Telecom
      16/11/2006 à 19:40 | RADIOB~1 RadioBlogClub Downloader
      09/11/2006 à 19:37 | Google
      05/11/2006 à 16:28 | Creative
      10/04/2006 à 12:55 | ip4200
      03/08/2005 à 15:32 | Canon
      15/07/2005 à 11:34 | Winamp
      30/04/2005 à 16:16 | SmartFTP
      30/04/2005 à 16:16 | SMARTF~1 SmartFTP Setup Files
      25/04/2005 à 20:20 | WILDTA~1 WildTangent
      24/04/2005 à 20:12 | C2Media
      24/04/2005 à 20:12 | MESSEN~2 MessengerPlus! 3
      24/04/2005 à 17:02 | MOZILL~1 Mozilla Firefox
      10/11/2004 à 18:29 | KASPER~1 Kaspersky Lab
      24/09/2004 à 14:40 | VIDEOL~1 VideoLink Mail
      24/09/2004 à 14:39 | ULEADS~1 Ulead Systems
      24/09/2004 à 14:38 | Real
      24/09/2004 à 14:35 | PHILIP~1 Philips ToUcam Camera
      20/08/2004 à 08:45 | FlashFXP
      18/08/2004 à 17:45 | DCPro
      04/08/2004 à 17:15 | MSNAPP~1 MSN Apps
      04/08/2004 à 16:31 | MSNMES~1 MSN Messenger
      04/08/2004 à 14:08 | VIEWPO~1 Viewpoint
      04/08/2004 à 14:08 | AIM95
      04/08/2004 à 01:20 | MESSAG~1 Messager Wanadoo
      04/08/2004 à 01:19 | Wanadoo
      18/06/2004 à 03:06 | MUSICM~1 MUSICMATCH
      18/06/2004 à 03:04 | Logitech
      28/05/2004 à 22:31 | WinRAR
      26/05/2004 à 04:00 | K-LITE~1 K-Lite Codec Pack
      26/05/2004 à 03:21 | PEGASY~1 Pegasys Inc
      25/05/2004 à 20:31 | Cucusoft
      25/05/2004 à 19:50 | O2Micro
      16/02/2004 à 16:53 | MICROS~2 Microsoft Works
      11/02/2004 à 17:53 | ASPIRE~1 Aspire screensaver
      11/02/2004 à 17:45 | CYBERL~1 CyberLink
      11/02/2004 à 17:44 | Ligos
      11/02/2004 à 17:44 | NEWTEC~1 NewTech Infosystems
      11/02/2004 à 17:43 | Adobe
      11/02/2004 à 17:41 | LAUNCH~1 Launch Manager
      11/02/2004 à 17:40 | Java
      11/02/2004 à 17:39 | ACERIN~1 Acer Inc
      11/02/2004 à 17:35 | SYNAPT~1 Synaptics
      11/02/2004 à 17:34 | ltmoh
      11/02/2004 à 17:33 | Broadcom
      11/02/2004 à 17:31 | REALTE~1 Realtek Sound Manager
      11/02/2004 à 17:31 | AvRack
      11/02/2004 à 17:30 | UNINST~1 Uninstall Information
      11/02/2004 à 17:29 | Intel
      11/02/2004 à 17:29 | INSTAL~1 InstallShield Installation Information
      11/02/2004 à 17:26 | xerox
      11/02/2004 à 17:26 | MICROS~1 microsoft frontpage
      11/02/2004 à 17:25 | MOVIEM~1 Movie Maker
      11/02/2004 à 17:25 | NETMEE~1 NetMeeting
      11/02/2004 à 17:25 | OUTLOO~1 Outlook Express
      11/02/2004 à 17:25 | INTERN~1 Internet Explorer
      11/02/2004 à 17:25 | COMPLU~1 ComPlus Applications
      11/02/2004 à 17:24 | WINDOW~3 WindowsUpdate
      11/02/2004 à 17:24 | SERVIC~1 Services en ligne
      11/02/2004 à 17:24 | WINDOW~2 Windows Media Player
      11/02/2004 à 17:24 | MESSEN~1 Messenger
      11/02/2004 à 17:24 | MSNGAM~1 MSN Gaming Zone
      11/02/2004 à 17:24 | MSN
      11/02/2004 à 17:24 | WINDOW~1 Windows NT
      11/02/2004 à 17:22 | FICHIE~1 Fichiers communs


      __________________________ Recherche dans le registre _____________________


      # Clés de démarrage :

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      Bike Real Book Meal REG_SZ C:\Documents and Settings\All Users\Application Data\LITEGREATBIKEREAL\TRANS ERROR.exe

      _____________________ Modification du fichier Hosts _______________________


      127.0.0.1= Url bloquée Autre= Redirection

      127.0.0.1 bin.errorprotector.com ## added by CiD
      127.0.0.1 br.errorsafe.com ## added by CiD
      127.0.0.1 br.winantivirus.com ## added by CiD
      127.0.0.1 br.winfixer.com ## added by CiD
      127.0.0.1 cdn.drivecleaner.com ## added by CiD
      127.0.0.1 cdn.errorsafe.com ## added by CiD
      127.0.0.1 cdn.winsoftware.com ## added by CiD
      127.0.0.1 de.errorsafe.com ## added by CiD
      127.0.0.1 de.winantivirus.com ## added by CiD
      127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
      127.0.0.1 download.cdn.errorsafe.com ## added by CiD
      127.0.0.1 download.cdn.winsoftware.com ## added by CiD
      127.0.0.1 download.errorsafe.com ## added by CiD
      127.0.0.1 download.systemdoctor.com ## added by CiD
      127.0.0.1 download.winantispyware.com ## added by CiD
      127.0.0.1 download.windrivecleaner.com ## added by CiD
      127.0.0.1 download.winfixer.com ## added by CiD
      127.0.0.1 drivecleaner.com ## added by CiD
      127.0.0.1 dynamique.drivecleaner.com ## added by CiD
      127.0.0.1 errorprotector.com ## added by CiD
      127.0.0.1 errorsafe.com ## added by CiD
      127.0.0.1 es.winantivirus.com ## added by CiD
      127.0.0.1 fr.winantivirus.com ## added by CiD
      127.0.0.1 fr.winfixer.com ## added by CiD
      127.0.0.1 go.drivecleaner.com ## added by CiD
      127.0.0.1 go.errorsafe.com ## added by CiD
      127.0.0.1 go.winantispyware.com ## added by CiD
      127.0.0.1 go.winantivirus.com ## added by CiD
      127.0.0.1 hk.winantivirus.com ## added by CiD
      127.0.0.1 instlog.errorsafe.com ## added by CiD
      127.0.0.1 instlog.winantivirus.com ## added by CiD
      127.0.0.1 instlog.winfixer.com ## added by CiD
      127.0.0.1 jsp.drivecleaner.com ## added by CiD
      127.0.0.1 kb.errorsafe.com ## added by CiD
      127.0.0.1 kb.winantivirus.com ## added by CiD
      127.0.0.1 nl.errorsafe.com ## added by CiD
      127.0.0.1 se.errorsafe.com ## added by CiD
      127.0.0.1 secure.drivecleaner.com ## added by CiD
      127.0.0.1 secure.errorsafe.com ## added by CiD
      127.0.0.1 secure.winantispam.com ## added by CiD
      127.0.0.1 secure.winantispy.com ## added by CiD
      127.0.0.1 secure.winantivirus.com ## added by CiD
      127.0.0.1 support.winantivirus.com ## added by CiD
      127.0.0.1 trial.updates.winsoftware.com ## added by CiD
      127.0.0.1 ulog.winantivirus.com ## added by CiD
      127.0.0.1 utils.errorsafe.com ## added by CiD
      127.0.0.1 utils.winantivirus.com ## added by CiD
      127.0.0.1 utils.winfixer.com ## added by CiD
      127.0.0.1 winantispyware.com ## added by CiD
      127.0.0.1 winantivirus.com ## added by CiD
      127.0.0.1 winfixer.com ## added by CiD
      127.0.0.1 winfixer2006.com ## added by CiD
      127.0.0.1 winsoftware.com ## added by CiD
      127.0.0.1 www.drivecleaner.com ## added by CiD
      127.0.0.1 www.errorprotector.com ## added by CiD
      127.0.0.1 www.errorsafe.com ## added by CiD
      127.0.0.1 www.systemdoctor.com ## added by CiD
      127.0.0.1 www.utils.winfixer.com ## added by CiD
      127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
      127.0.0.1 www.win-virus-pro.com ## added by CiD
      127.0.0.1 www.winantispam.com ## added by CiD
      127.0.0.1 www.winantispy.com ## added by CiD
      127.0.0.1 www.winantispyware.com ## added by CiD
      127.0.0.1 www.winantivirus.com ## added by CiD
      127.0.0.1 www.winantiviruspro.com ## added by CiD
      127.0.0.1 www.windrivecleaner.com ## added by CiD
      127.0.0.1 www.windrivesafe.com ## added by CiD
      127.0.0.1 www.winfixer.com ## added by CiD
      127.0.0.1 www.winfixer2006.com ## added by CiD
      127.0.0.1 www.winsoftware.com ## added by CiD


      __________________________ Popups autorisées ______________________________


      # Internet Explorer



      # Mozilla Firefox (1 autorisé 2 interdit)

      # Suite Mozilla / SeaMonkey (1 autorisé 2 interdit)


      ___________________________ Zones de sécurité _____________________________


      # HKCU Domains (4)

      # P3P History (5)


      ___________________ Suggestion nettoyage registre _______________

      (Pour désinfection manuelle)

      REGEDIT4

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Bike Real Book Meal"=-


      _________________________ Fin du rapport ________________________
      0
  8. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Ouvre le dossier lopxp.
    Ensuite, ouvre le fichier fix et execute fix et accepte la fusion avec le registre.

    Ensuite relance lopxp.bat et choisis option 2 [mode avancé]
    Puis option 2 [Fix mode]
    Rentre ce chemin de fichier a supprimer:
    C:\Program Files\C2Media
    Confirme le choix.

    Accepte de resaisir un nouveau nom:
    C:\Program Files\Adverts
    Confirme le choix.

    Choisis l'option de ne plus rajouter de fichiers.

    Aucune tache planifiée est à rajouter.

    Valide le récapitulatif de suppression.

    Un rapport s'ouvrira en fin de nettoyage avec le résultat des manœuvres (lopfix.txt). Copie colle le.

    A+
    0
    1. benjy92260 Messages postés 24 Statut Membre
       
      bonjour,

      voila j'ai supprimé les repertoires que tu m'a dis


      _____________ Rapport Lopxp fait le 17/04/2007 à 9:02:37,96 _______________


      /!\ Attention /!\

      Les résultats de ce rapport sont sujets à interprétations,
      Et ne démontrent pas systématiquement des dossiers infectés...


      _________________________ Recherche prédéterminé __________________________


      [X] C:\Program Files\MessengerPlus! 3 Présent !

      Date d'installation/Création du dossier: 24/04/2005 à 20:12
      Dernière modification du dossier le: 24/04/2005 à 20:14

      Recherche des dossiers crées le: 24/04/2005

      C:\Program Files

      24/04/2005 20:12 <REP> C2Media
      24/04/2005 20:12 <REP> MESSEN~2 MessengerPlus! 3
      24/04/2005 17:02 <REP> MOZILL~1 Mozilla Firefox

      C:\Documents and Settings\benjy\Application Data

      24/04/2005 17:18 <REP> Talkback
      24/04/2005 17:02 <REP> Mozilla


      _________________________ Recherche heuristique __________________________


      Recherche négative


      ___________________________ Tâches planifiées _____________________________

      Listing de toutes les tâches planifiées:



      __________ Détection des paramètres de désinstallation du sponsor _________

      Sponsor P2P:

      Sponsor MSN+:

      MessengerPlus !3

      /!\ Sponsor accepté lors de la dernière installation.

      Impossibilité de désinstaller le sponsor dans Ajout/Suppression de programme.
      Le fichier C:\Program Files\Adverts\uninst.exe est manquant.


      __________________ Listing des dossiers Application Data __________________


      C:\Documents and Settings\All Users\Application Data

      Date/heure Création Nom court Nom long

      15/04/2007 à 09:11 | SPYBOT~1 Spybot - Search & Destroy
      11/04/2007 à 11:41 | AOLOCP~1 AOL OCP
      11/04/2007 à 11:41 | AOL
      11/04/2007 à 11:32 | AOLDOW~1 AOL Downloads
      10/04/2006 à 12:56 | CanonBJ
      25/04/2005 à 20:16 | VIEWPO~1 Viewpoint
      13/08/2004 à 08:56 | Symantec
      11/02/2004 à 17:45 | CYBERL~1 CyberLink
      11/02/2004 à 17:43 | Adobe
      11/02/2004 à 17:21 | MICROS~1 Microsoft


      C:\Documents and Settings\benjy\Application Data

      Date/heure Création Nom court Nom long

      15/04/2007 à 13:08 | Lavasoft
      11/04/2007 à 11:41 | acccore
      10/04/2007 à 09:40 | vlc
      09/11/2006 à 19:39 | Google
      20/04/2006 à 08:40 | Help
      10/04/2006 à 13:29 | Real
      30/04/2005 à 16:16 | SmartFTP
      25/04/2005 à 20:18 | MACROM~1 Macromedia
      24/04/2005 à 17:18 | Talkback
      24/04/2005 à 17:02 | Mozilla
      23/08/2004 à 13:24 | AdobeUM
      23/08/2004 à 13:23 | Adobe
      14/08/2004 à 13:56 | CYBERL~1 CyberLink
      13/08/2004 à 08:56 | Symantec
      04/08/2004 à 14:09 | Aim
      25/05/2004 à 19:49 | MICROS~1 Microsoft
      25/05/2004 à 19:49 | Sun
      25/05/2004 à 19:49 | IDENTI~1 Identities


      C:\Documents and Settings\benjy\Local Settings\Application Data

      Date/heure Création Nom court Nom long

      11/04/2007 à 11:40 | AOLOCP~1 AOL OCP
      09/11/2006 à 19:39 | Google
      20/04/2006 à 08:40 | Help
      25/04/2005 à 20:20 | WILDTA~1 Wildtangent
      23/08/2004 à 13:24 | Adobe
      04/08/2004 à 14:11 | IDENTI~1 Identities
      25/05/2004 à 19:49 | {7148F~1 {7148F0A6-6813-11D6-A77B-00B0D0142010}
      25/05/2004 à 19:49 | MICROS~1 Microsoft


      ____________________ Listing du dossier Program Files _____________________

      C:\Program Files

      Date/heure Création Nom court Nom long

      15/04/2007 à 18:44 | JV16PO~1 jv16 PowerTools 2006
      15/04/2007 à 16:08 | CleanUp!
      15/04/2007 à 13:07 | Lavasoft
      15/04/2007 à 09:11 | SPYBOT~1 Spybot - Search & Destroy
      15/04/2007 à 08:34 | ESET
      14/04/2007 à 15:06 | adslTV
      11/04/2007 à 11:36 | AIM6
      10/04/2007 à 09:38 | VideoLAN
      09/04/2007 à 17:08 | ECITEL~1 ECI Telecom
      16/11/2006 à 19:40 | RADIOB~1 RadioBlogClub Downloader
      09/11/2006 à 19:37 | Google
      05/11/2006 à 16:28 | Creative
      10/04/2006 à 12:55 | ip4200
      03/08/2005 à 15:32 | Canon
      15/07/2005 à 11:34 | Winamp
      30/04/2005 à 16:16 | SmartFTP
      30/04/2005 à 16:16 | SMARTF~1 SmartFTP Setup Files
      25/04/2005 à 20:20 | WILDTA~1 WildTangent
      24/04/2005 à 20:12 | C2Media
      24/04/2005 à 20:12 | MESSEN~2 MessengerPlus! 3
      24/04/2005 à 17:02 | MOZILL~1 Mozilla Firefox
      10/11/2004 à 18:29 | KASPER~1 Kaspersky Lab
      24/09/2004 à 14:40 | VIDEOL~1 VideoLink Mail
      24/09/2004 à 14:39 | ULEADS~1 Ulead Systems
      24/09/2004 à 14:38 | Real
      24/09/2004 à 14:35 | PHILIP~1 Philips ToUcam Camera
      20/08/2004 à 08:45 | FlashFXP
      18/08/2004 à 17:45 | DCPro
      04/08/2004 à 17:15 | MSNAPP~1 MSN Apps
      04/08/2004 à 16:31 | MSNMES~1 MSN Messenger
      04/08/2004 à 14:08 | VIEWPO~1 Viewpoint
      04/08/2004 à 14:08 | AIM95
      04/08/2004 à 01:20 | MESSAG~1 Messager Wanadoo
      04/08/2004 à 01:19 | Wanadoo
      18/06/2004 à 03:06 | MUSICM~1 MUSICMATCH
      18/06/2004 à 03:04 | Logitech
      28/05/2004 à 22:31 | WinRAR
      26/05/2004 à 04:00 | K-LITE~1 K-Lite Codec Pack
      26/05/2004 à 03:21 | PEGASY~1 Pegasys Inc
      25/05/2004 à 20:31 | Cucusoft
      25/05/2004 à 19:50 | O2Micro
      16/02/2004 à 16:53 | MICROS~2 Microsoft Works
      11/02/2004 à 17:53 | ASPIRE~1 Aspire screensaver
      11/02/2004 à 17:45 | CYBERL~1 CyberLink
      11/02/2004 à 17:44 | Ligos
      11/02/2004 à 17:44 | NEWTEC~1 NewTech Infosystems
      11/02/2004 à 17:43 | Adobe
      11/02/2004 à 17:41 | LAUNCH~1 Launch Manager
      11/02/2004 à 17:40 | Java
      11/02/2004 à 17:39 | ACERIN~1 Acer Inc
      11/02/2004 à 17:35 | SYNAPT~1 Synaptics
      11/02/2004 à 17:34 | ltmoh
      11/02/2004 à 17:33 | Broadcom
      11/02/2004 à 17:31 | REALTE~1 Realtek Sound Manager
      11/02/2004 à 17:31 | AvRack
      11/02/2004 à 17:30 | UNINST~1 Uninstall Information
      11/02/2004 à 17:29 | Intel
      11/02/2004 à 17:29 | INSTAL~1 InstallShield Installation Information
      11/02/2004 à 17:26 | xerox
      11/02/2004 à 17:26 | MICROS~1 microsoft frontpage
      11/02/2004 à 17:25 | MOVIEM~1 Movie Maker
      11/02/2004 à 17:25 | NETMEE~1 NetMeeting
      11/02/2004 à 17:25 | OUTLOO~1 Outlook Express
      11/02/2004 à 17:25 | INTERN~1 Internet Explorer
      11/02/2004 à 17:25 | COMPLU~1 ComPlus Applications
      11/02/2004 à 17:24 | WINDOW~3 WindowsUpdate
      11/02/2004 à 17:24 | SERVIC~1 Services en ligne
      11/02/2004 à 17:24 | WINDOW~2 Windows Media Player
      11/02/2004 à 17:24 | MESSEN~1 Messenger
      11/02/2004 à 17:24 | MSNGAM~1 MSN Gaming Zone
      11/02/2004 à 17:24 | MSN
      11/02/2004 à 17:24 | WINDOW~1 Windows NT
      11/02/2004 à 17:22 | FICHIE~1 Fichiers communs


      __________________________ Recherche dans le registre _____________________


      # Clés de démarrage :


      _____________________ Modification du fichier Hosts _______________________


      127.0.0.1= Url bloquée Autre= Redirection

      127.0.0.1 bin.errorprotector.com ## added by CiD
      127.0.0.1 br.errorsafe.com ## added by CiD
      127.0.0.1 br.winantivirus.com ## added by CiD
      127.0.0.1 br.winfixer.com ## added by CiD
      127.0.0.1 cdn.drivecleaner.com ## added by CiD
      127.0.0.1 cdn.errorsafe.com ## added by CiD
      127.0.0.1 cdn.winsoftware.com ## added by CiD
      127.0.0.1 de.errorsafe.com ## added by CiD
      127.0.0.1 de.winantivirus.com ## added by CiD
      127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
      127.0.0.1 download.cdn.errorsafe.com ## added by CiD
      127.0.0.1 download.cdn.winsoftware.com ## added by CiD
      127.0.0.1 download.errorsafe.com ## added by CiD
      127.0.0.1 download.systemdoctor.com ## added by CiD
      127.0.0.1 download.winantispyware.com ## added by CiD
      127.0.0.1 download.windrivecleaner.com ## added by CiD
      127.0.0.1 download.winfixer.com ## added by CiD
      127.0.0.1 drivecleaner.com ## added by CiD
      127.0.0.1 dynamique.drivecleaner.com ## added by CiD
      127.0.0.1 errorprotector.com ## added by CiD
      127.0.0.1 errorsafe.com ## added by CiD
      127.0.0.1 es.winantivirus.com ## added by CiD
      127.0.0.1 fr.winantivirus.com ## added by CiD
      127.0.0.1 fr.winfixer.com ## added by CiD
      127.0.0.1 go.drivecleaner.com ## added by CiD
      127.0.0.1 go.errorsafe.com ## added by CiD
      127.0.0.1 go.winantispyware.com ## added by CiD
      127.0.0.1 go.winantivirus.com ## added by CiD
      127.0.0.1 hk.winantivirus.com ## added by CiD
      127.0.0.1 instlog.errorsafe.com ## added by CiD
      127.0.0.1 instlog.winantivirus.com ## added by CiD
      127.0.0.1 instlog.winfixer.com ## added by CiD
      127.0.0.1 jsp.drivecleaner.com ## added by CiD
      127.0.0.1 kb.errorsafe.com ## added by CiD
      127.0.0.1 kb.winantivirus.com ## added by CiD
      127.0.0.1 nl.errorsafe.com ## added by CiD
      127.0.0.1 se.errorsafe.com ## added by CiD
      127.0.0.1 secure.drivecleaner.com ## added by CiD
      127.0.0.1 secure.errorsafe.com ## added by CiD
      127.0.0.1 secure.winantispam.com ## added by CiD
      127.0.0.1 secure.winantispy.com ## added by CiD
      127.0.0.1 secure.winantivirus.com ## added by CiD
      127.0.0.1 support.winantivirus.com ## added by CiD
      127.0.0.1 trial.updates.winsoftware.com ## added by CiD
      127.0.0.1 ulog.winantivirus.com ## added by CiD
      127.0.0.1 utils.errorsafe.com ## added by CiD
      127.0.0.1 utils.winantivirus.com ## added by CiD
      127.0.0.1 utils.winfixer.com ## added by CiD
      127.0.0.1 winantispyware.com ## added by CiD
      127.0.0.1 winantivirus.com ## added by CiD
      127.0.0.1 winfixer.com ## added by CiD
      127.0.0.1 winfixer2006.com ## added by CiD
      127.0.0.1 winsoftware.com ## added by CiD
      127.0.0.1 www.drivecleaner.com ## added by CiD
      127.0.0.1 www.errorprotector.com ## added by CiD
      127.0.0.1 www.errorsafe.com ## added by CiD
      127.0.0.1 www.systemdoctor.com ## added by CiD
      127.0.0.1 www.utils.winfixer.com ## added by CiD
      127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
      127.0.0.1 www.win-virus-pro.com ## added by CiD
      127.0.0.1 www.winantispam.com ## added by CiD
      127.0.0.1 www.winantispy.com ## added by CiD
      127.0.0.1 www.winantispyware.com ## added by CiD
      127.0.0.1 www.winantivirus.com ## added by CiD
      127.0.0.1 www.winantiviruspro.com ## added by CiD
      127.0.0.1 www.windrivecleaner.com ## added by CiD
      127.0.0.1 www.windrivesafe.com ## added by CiD
      127.0.0.1 www.winfixer.com ## added by CiD
      127.0.0.1 www.winfixer2006.com ## added by CiD
      127.0.0.1 www.winsoftware.com ## added by CiD


      __________________________ Popups autorisées ______________________________


      # Internet Explorer



      # Mozilla Firefox (1 autorisé 2 interdit)

      # Suite Mozilla / SeaMonkey (1 autorisé 2 interdit)


      ___________________________ Zones de sécurité _____________________________


      # HKCU Domains (4)

      # P3P History (5)


      ___________________ Suggestion nettoyage registre _______________

      (Pour désinfection manuelle)

      - Aucune suggestion

      _________________________ Fin du rapport ________________________
      0
      1. benjy92260 Messages postés 24 Statut Membre > benjy92260 Messages postés 24 Statut Membre
         
        nod32 detecte toujours le virus c:\windows\syteme32\.exe
        0
  9. benjy92260 Messages postés 24 Statut Membre
     
    j'ai toujours cette fenetre grise avec un message en anglais
    0
  10. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Tu peux supprimer ceci manuellement?
    c:\windows\syteme32\.exe

    Rend toi ici
    demarer < poste de travail < c < windows < system32 < drivers < etc < HOSTS < ouvre le avec le bloc note
    Copie colle tout ce qui se trouve dedans.

    a+
    0
    1. benjy92260 Messages postés 24 Statut Membre
       
      impossible de supprimer le, fichier c:\windows\system32\.exe et j'ai la focntion recherche qui marche plus


      # Ceci est un exemple de fichier HOSTS utilisé par Microsoft TCP/IP
      # pour Windows.
      #
      # Ce fichier contient les correspondances des adresses IP aux noms d'hôtes.
      # Chaque entrée doit être sur une ligne propre. L'adresse IP doit être placée
      # dans la première colonne, suivie par le nom d'hôte correspondant. L'adresse
      # IP et le nom d'hôte doivent être séparés par au moins un espace.
      #
      # De plus, des commentaires (tels que celui-ci) peuvent être insérés sur des
      # lignes propres ou après le nom d'ordinateur. Ils sont indiqué par le
      # symbole '#'.
      #
      # Par exemple :
      #
      # 102.54.94.97 rhino.acme.com # serveur source
      # 38.25.63.10 x.acme.com # hôte client x

      127.0.0.1 localhost
      127.0.0.1 bin.errorprotector.com ## added by CiD
      127.0.0.1 br.errorsafe.com ## added by CiD
      127.0.0.1 br.winantivirus.com ## added by CiD
      127.0.0.1 br.winfixer.com ## added by CiD
      127.0.0.1 cdn.drivecleaner.com ## added by CiD
      127.0.0.1 cdn.errorsafe.com ## added by CiD
      127.0.0.1 cdn.winsoftware.com ## added by CiD
      127.0.0.1 de.errorsafe.com ## added by CiD
      127.0.0.1 de.winantivirus.com ## added by CiD
      127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
      127.0.0.1 download.cdn.errorsafe.com ## added by CiD
      127.0.0.1 download.cdn.winsoftware.com ## added by CiD
      127.0.0.1 download.errorsafe.com ## added by CiD
      127.0.0.1 download.systemdoctor.com ## added by CiD
      127.0.0.1 download.winantispyware.com ## added by CiD
      127.0.0.1 download.windrivecleaner.com ## added by CiD
      127.0.0.1 download.winfixer.com ## added by CiD
      127.0.0.1 drivecleaner.com ## added by CiD
      127.0.0.1 dynamique.drivecleaner.com ## added by CiD
      127.0.0.1 errorprotector.com ## added by CiD
      127.0.0.1 errorsafe.com ## added by CiD
      127.0.0.1 es.winantivirus.com ## added by CiD
      127.0.0.1 fr.winantivirus.com ## added by CiD
      127.0.0.1 fr.winfixer.com ## added by CiD
      127.0.0.1 go.drivecleaner.com ## added by CiD
      127.0.0.1 go.errorsafe.com ## added by CiD
      127.0.0.1 go.winantispyware.com ## added by CiD
      127.0.0.1 go.winantivirus.com ## added by CiD
      127.0.0.1 hk.winantivirus.com ## added by CiD
      127.0.0.1 instlog.errorsafe.com ## added by CiD
      127.0.0.1 instlog.winantivirus.com ## added by CiD
      127.0.0.1 instlog.winfixer.com ## added by CiD
      127.0.0.1 jsp.drivecleaner.com ## added by CiD
      127.0.0.1 kb.errorsafe.com ## added by CiD
      127.0.0.1 kb.winantivirus.com ## added by CiD
      127.0.0.1 nl.errorsafe.com ## added by CiD
      127.0.0.1 se.errorsafe.com ## added by CiD
      127.0.0.1 secure.drivecleaner.com ## added by CiD
      127.0.0.1 secure.errorsafe.com ## added by CiD
      127.0.0.1 secure.winantispam.com ## added by CiD
      127.0.0.1 secure.winantispy.com ## added by CiD
      127.0.0.1 secure.winantivirus.com ## added by CiD
      127.0.0.1 support.winantivirus.com ## added by CiD
      127.0.0.1 trial.updates.winsoftware.com ## added by CiD
      127.0.0.1 ulog.winantivirus.com ## added by CiD
      127.0.0.1 utils.errorsafe.com ## added by CiD
      127.0.0.1 utils.winantivirus.com ## added by CiD
      127.0.0.1 utils.winfixer.com ## added by CiD
      127.0.0.1 winantispyware.com ## added by CiD
      127.0.0.1 winantivirus.com ## added by CiD
      127.0.0.1 winfixer.com ## added by CiD
      127.0.0.1 winfixer2006.com ## added by CiD
      127.0.0.1 winsoftware.com ## added by CiD
      127.0.0.1 www.drivecleaner.com ## added by CiD
      127.0.0.1 www.errorprotector.com ## added by CiD
      127.0.0.1 www.errorsafe.com ## added by CiD
      127.0.0.1 www.systemdoctor.com ## added by CiD
      127.0.0.1 www.utils.winfixer.com ## added by CiD
      127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
      127.0.0.1 www.win-virus-pro.com ## added by CiD
      127.0.0.1 www.winantispam.com ## added by CiD
      127.0.0.1 www.winantispy.com ## added by CiD
      127.0.0.1 www.winantispyware.com ## added by CiD
      127.0.0.1 www.winantivirus.com ## added by CiD
      127.0.0.1 www.winantiviruspro.com ## added by CiD
      127.0.0.1 www.windrivecleaner.com ## added by CiD
      127.0.0.1 www.windrivesafe.com ## added by CiD
      127.0.0.1 www.winfixer.com ## added by CiD
      127.0.0.1 www.winfixer2006.com ## added by CiD
      127.0.0.1 www.winsoftware.com ## added by CiD
      0
  11. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    OK

    supprime le en mode sans echec:
    c:\windows\system32\.exe

    redemarre en normal

    Réouvre le HOSTS, supprime tout ce qu il y a dedans et met ceci:

    # Ceci est un exemple de fichier HOSTS utilisé par Microsoft TCP/IP
    # pour Windows.
    #
    # Ce fichier contient les correspondances des adresses IP aux noms d'hôtes.
    # Chaque entrée doit être sur une ligne propre. L'adresse IP doit être placée
    # dans la première colonne, suivie par le nom d'hôte correspondant. L'adresse
    # IP et le nom d'hôte doivent être séparés par au moins un espace.
    #
    # De plus, des commentaires (tels que celui-ci) peuvent être insérés sur des
    # lignes propres ou après le nom d'ordinateur. Ils sont indiqué par le
    # symbole '#'.
    #
    # Par exemple :
    #
    # 102.54.94.97 rhino.acme.com # serveur source
    # 38.25.63.10 x.acme.com # hôte client x

    127.0.0.1 localhost

    Enregistre !

    a+
    0
    1. benjy92260 Messages postés 24 Statut Membre
       
      a priori le feneetre grise ne souvre plus, mais la focntion recherche sous xp ne fonctionne plus donc impossible d'effacer ce fichier .exe.

      merci de ton aide
      0
      1. benjy92260 Messages postés 24 Statut Membre > benjy92260 Messages postés 24 Statut Membre
         
        j'ai toujours la fenetre grise qui s'ouvre avec le message en anglais
        0
  12. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Pas besoin de la fonction recherche.
    Tu fais demarer < poste de travail < c: < windows < system32 < et la tu recherche .exe (c'est par odre alphabétique)

    a+
    0
    1. benjy92260 Messages postés 24 Statut Membre
       
      je trouve pas le .exe

      j'ai toujours cette fenetre grise avec ce message en anglais.

      en general la connexion tiens 1 heures et je suis obligé de redemarrer le pc.

      Time Module Event User
      17/04/2007 10:12:58 Kernel The virus signature database has been successfully updated to version 2196 (20070417).
      17/04/2007 09:13:43 Kernel The file '\??\C:\WINDOWS\system32\.exe' has been sent to ESET's labs for analysis.
      17/04/2007 09:12:55 Update Function: gethostbyname, parameters: , return value: 11001
      17/04/2007 09:12:54 Update Update attempt failed (Server connection failure.)
      17/04/2007 08:12:21 Update Function: gethostbyname, parameters: , return value: 11001
      17/04/2007 08:12:20 Update Update attempt failed (Server connection failure.)
      16/04/2007 21:12:34 Kernel The file '\??\C:\WINDOWS\system32\.exe' has been sent to ESET's labs for analysis.
      16/04/2007 21:06:59 Kernel The file '\??\C:\WINDOWS\system32\.exe' has been sent to ESET's labs for analysis.
      16/04/2007 20:08:35 Kernel Statistical information has been sent to ESET, spol. s r.o.
      16/04/2007 17:06:45 Kernel The virus signature database has been successfully updated to version 2194 (20070416).
      16/04/2007 16:01:51 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
      16/04/2007 15:48:39 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
      16/04/2007 14:05:10 Update Function: gethostbyname, parameters: , return value: 11001
      16/04/2007 14:05:10 Update Update attempt failed (Server connection failure.)
      16/04/2007 13:18:28 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
      16/04/2007 13:10:50 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
      16/04/2007 13:05:06 Kernel Statistical information has been sent to ESET, spol. s r.o.
      16/04/2007 11:38:36 Kernel The file '\??\C:\WINDOWS\system32\.exe' has been sent to ESET's labs for analysis.
      16/04/2007 11:03:16 Update Function: gethostbyname, parameters: , return value: 11001
      16/04/2007 11:03:16 Update Update attempt failed (Server connection failure.)
      16/04/2007 08:51:37 Kernel The virus signature database has been successfully updated to version 2193 (20070416).
      16/04/2007 07:51:17 Update Function: gethostbyname, parameters: , return value: 11001
      16/04/2007 07:51:16 Update Update attempt failed (Server connection failure.)
      15/04/2007 21:45:54 Kernel The virus signature database has been successfully updated to version 2191 (20070415).
      15/04/2007 20:59:04 Kernel The file '\??\C:\WINDOWS\system32\.exe' has been sent to ESET's labs for analysis.
      15/04/2007 20:49:15 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
      15/04/2007 20:45:51 Update Function: gethostbyname, parameters: , return value: 11001
      15/04/2007 20:45:51 Update Update attempt failed (Server connection failure.)
      15/04/2007 17:44:35 Kernel The virus signature database has been successfully updated to version 2190 (20070415).
      15/04/2007 16:57:48 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
      15/04/2007 15:43:05 Update Function: gethostbyname, parameters: , return value: 11001
      15/04/2007 15:43:05 Update Update attempt failed (Server connection failure.)
      15/04/2007 12:49:36 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
      15/04/2007 12:43:17 Update Function: gethostbyname, parameters: , return value: 11001
      15/04/2007 12:43:17 Update Update attempt failed (Server connection failure.)
      15/04/2007 11:36:18 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
      15/04/2007 10:42:14 Kernel Statistical information has been sent to ESET, spol. s r.o.
      15/04/2007 10:39:46 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
      15/04/2007 09:55:09 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
      15/04/2007 09:41:31 Update Function: gethostbyname, parameters: , return value: 11001
      15/04/2007 09:41:31 Update Update attempt failed (Server connection failure.)
      15/04/2007 08:39:08 Update Function: gethostbyname, parameters: , return value: 11001
      15/04/2007 08:39:08 Update Update attempt failed (Server connection failure.)


      voila ce que met nod32
      0
  13. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    ok

    - Télécharge DiagHelp.zip sur ton bureau - Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
    - Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
    - Un nouveau dossier chercher va être créé DiagHelp
    - Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
    - Une fenêtre va s'ouvrir, choisis l'option 1
    - L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.

    ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

    - A la fin de l'analyse, il peut-être (pas obligatoire) demandé de redemanderl'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
    - Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
    -- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
    -- A nouveau menu Edition / copier
    -- Dans un nouveau message ici, faire un clic droit / coller
    0
    1. benjy92260 Messages postés 24 Statut Membre
       
      voici le repport :

      C:\WINDOWS\System32/drivers\nod32drv.sys -->15/04/2007 08:34:24
      C:\WINDOWS\System32/drivers\amon.sys -->15/04/2007 08:34:24
      C:\WINDOWS\System32/drivers\MxlW2k.sys -->10/04/2007 17:50:26
      C:\WINDOWS\System32/drivers\wpdusb.sys -->11/10/2004 12:20:38
      C:\WINDOWS\System32/drivers\NTIDrvr.sys -->11/02/2004 17:44:06
      C:\WINDOWS\System32/drivers\nv4_mini.sys -->08/01/2004 00:08:00
      C:\WINDOWS\System32/drivers\alcxinit.dat -->31/12/2003 12:00:04

      C:\WINDOWS\System32\ccabbea1_s.ocx -->15/04/2007 18:45:02
      C:\WINDOWS\System32\bbadcbab4_s.dll -->15/04/2007 18:45:02
      C:\WINDOWS\System32\imon.dll -->15/04/2007 08:34:25
      C:\WINDOWS\System32\bdod.bin -->14/04/2007 22:20:21
      C:\WINDOWS\System32\tmpE66A4.FOT -->09/04/2007 17:41:43
      C:\WINDOWS\System32\tmpAF6A4.FOT -->09/04/2007 17:41:43
      C:\WINDOWS\System32\tmp697A4.FOT -->09/04/2007 17:41:43
      C:\WINDOWS\System32\tmp455A4.FOT -->09/04/2007 17:41:42
      C:\WINDOWS\System32\tmp1E5A4.FOT -->09/04/2007 17:41:42
      C:\WINDOWS\System32\wpa.dbl -->09/04/2007 17:06:09
      C:\WINDOWS\System32\PerfStringBackup.INI -->05/04/2007 13:50:23
      C:\WINDOWS\System32\perfh00C.dat -->05/04/2007 13:50:23
      C:\WINDOWS\System32\perfh009.dat -->05/04/2007 13:50:23
      C:\WINDOWS\System32\perfc00C.dat -->05/04/2007 13:50:23
      C:\WINDOWS\System32\perfc009.dat -->05/04/2007 13:50:23
      C:\WINDOWS\System32\nscompat.tlb -->05/11/2006 16:33:37
      C:\WINDOWS\System32\amcompat.tlb -->05/11/2006 16:33:37
      C:\WINDOWS\System32\isxdl_fr.dll -->21/07/2006 20:31:08
      C:\WINDOWS\System32\rmocx.dll -->01/07/2006 14:36:56
      C:\WINDOWS\System32\rmoc3260.dll -->01/07/2006 14:36:56
      C:\WINDOWS\System32\pndx5032.dll -->10/04/2006 13:29:56
      C:\WINDOWS\System32\pndx5016.dll -->10/04/2006 13:29:56
      C:\WINDOWS\System32\pncrt.dll -->10/04/2006 13:29:51
      C:\WINDOWS\System32\wucltui.dll -->26/05/2005 04:16:32
      C:\WINDOWS\System32\wuaueng1.dll -->26/05/2005 04:16:32

      C:\WINDOWS\0.log -->17/04/2007 12:29:28
      C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt -->17/04/2007 12:29:25
      C:\WINDOWS\wiaservc.log -->17/04/2007 12:29:09
      C:\WINDOWS\wiadebug.log -->17/04/2007 12:29:09
      C:\WINDOWS\bootstat.dat -->17/04/2007 12:28:53
      C:\WINDOWS\WindowsUpdate.log -->17/04/2007 11:38:48
      C:\WINDOWS\SchedLgU.Txt -->17/04/2007 11:38:18
      C:\WINDOWS\WIN.INI -->17/04/2007 10:44:49
      C:\WINDOWS\system.ini -->17/04/2007 10:44:49
      C:\WINDOWS\setupapi.log -->15/04/2007 16:51:30
      C:\WINDOWS\ntbtlog.txt -->15/04/2007 10:09:04
      C:\WINDOWS\winamp.ini -->12/04/2007 12:59:25
      C:\WINDOWS\nsreg.dat -->11/04/2007 11:36:02
      C:\WINDOWS\Windows Update.log -->09/04/2007 18:16:35
      C:\WINDOWS\wwdslcfg.log -->09/04/2007 17:10:14

      C:\WINDOWS\agrsmdel.exe |01/01/1980 00:00:00
      C:\WINDOWS\AGRSMMSG.exe |01/01/1980 00:00:00
      C:\WINDOWS\ALAUNCH.EXE |11/02/2004 17:28:55
      C:\WINDOWS\alcrmv.exe |11/02/2004 17:31:38
      C:\WINDOWS\alcupd.exe |11/02/2004 17:31:38
      C:\WINDOWS\AMOVE.EXE |11/02/2004 17:28:55
      C:\WINDOWS\APANEL.EXE |11/02/2004 17:28:55
      C:\WINDOWS\BJPSUNST.EXE |03/08/2005 15:43:22
      C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe |18/06/2004 03:07:49
      C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe |08/08/2004 08:37:42
      C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe |26/04/2005 09:30:00
      C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe |01/07/2006 15:25:54
      C:\WINDOWS\IsUn040c.exe |24/09/2004 14:34:06
      C:\WINDOWS\IsUninst.exe |11/02/2004 17:39:19
      C:\WINDOWS\LOGI_MWX.EXE |18/06/2004 03:05:19
      C:\WINDOWS\PQDISK.EXE |11/02/2004 17:28:55
      C:\WINDOWS\SOUNDMAN.EXE |11/02/2004 17:31:39
      C:\WINDOWS\twunk_16.exe |01/01/1980 00:00:00
      C:\WINDOWS\twunk_32.exe |01/01/1980 00:00:00
      C:\WINDOWS\UNINST32.EXE |01/01/1980 00:00:00
      C:\WINDOWS\UninstallFirefox.exe |24/04/2005 17:18:24
      C:\WINDOWS\twain.dll |01/01/1980 00:00:00
      C:\WINDOWS\twain_32.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\agrsmdel.exe |11/02/2004 17:34:09
      C:\WINDOWS\system32\append.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\bcmwlhom.exe |17/07/2003 16:40:08
      C:\WINDOWS\system32\bcmwltry.exe |17/07/2003 16:40:08
      C:\WINDOWS\system32\bcmwlu00.exe |17/07/2003 16:40:08
      C:\WINDOWS\system32\CNMCP6d.exe |03/08/2005 15:35:29
      C:\WINDOWS\system32\CNMCP78.exe |10/04/2006 12:56:45
      C:\WINDOWS\system32\debug.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\delaySpawn.exe |09/04/2007 17:08:57
      C:\WINDOWS\system32\dosx.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\DProcess.exe |06/06/2003 17:12:18
      C:\WINDOWS\system32\dslagent.exe |09/04/2007 17:08:58
      C:\WINDOWS\system32\dvdplay.exe |23/08/2001 17:47:34
      C:\WINDOWS\system32\edlin.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\exe2bin.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\fastopen.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\gsicon.exe |09/04/2007 17:09:00
      C:\WINDOWS\system32\hkcmd.exe |11/02/2004 18:50:11
      C:\WINDOWS\system32\igfxcfg.exe |11/02/2004 18:50:11
      C:\WINDOWS\system32\igfxdiag.exe |11/02/2004 18:50:11
      C:\WINDOWS\system32\igfxext.exe |11/02/2004 18:50:11
      C:\WINDOWS\system32\igfxtray.exe |11/02/2004 18:50:13
      C:\WINDOWS\system32\java.exe |11/02/2004 17:40:49
      C:\WINDOWS\system32\javaw.exe |11/02/2004 17:40:49
      C:\WINDOWS\system32\mem.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\mscdexnt.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\nlsfunc.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvappbar.exe |11/02/2004 18:41:14
      C:\WINDOWS\system32\nvsvc32.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvudisp.exe |11/02/2004 18:16:20
      C:\WINDOWS\system32\nwiz.exe |11/02/2004 18:41:14
      C:\WINDOWS\system32\pxhpinst.exe |26/05/2004 03:21:00
      C:\WINDOWS\system32\redir.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\RM_ABG.exe |12/02/2003 16:50:06
      C:\WINDOWS\system32\RTLCPL.EXE |11/02/2004 17:31:40
      C:\WINDOWS\system32\setver.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\Set_ABG.exe |05/12/2002 13:18:56
      C:\WINDOWS\system32\share.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\usrmlnka.exe |23/08/2001 17:47:48
      C:\WINDOWS\system32\usrprbda.exe |23/08/2001 17:47:48
      C:\WINDOWS\system32\usrshuta.exe |23/08/2001 17:47:48
      C:\WINDOWS\system32\wltrysvc.exe |17/07/2003 16:40:12
      C:\WINDOWS\system32\3ivx.dll |18/11/2003 13:49:28
      C:\WINDOWS\system32\3ivxVfWCodec.dll |18/11/2003 13:49:44
      C:\WINDOWS\system32\a3d.dll |11/02/2004 17:31:39
      C:\WINDOWS\system32\amstream.dll |12/12/2002 00:14:32
      C:\WINDOWS\system32\atmfd.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\atmlib.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\Audio3D.dll |11/02/2004 17:31:39
      C:\WINDOWS\system32\bbadcbab4_s.dll |15/04/2007 18:45:02
      C:\WINDOWS\system32\btw_ci.dll |11/02/2004 17:46:21
      C:\WINDOWS\system32\CNMLM6d.DLL |03/08/2005 15:35:36
      C:\WINDOWS\system32\CNMLM78.DLL |10/04/2006 12:56:52
      C:\WINDOWS\system32\CNMVS6d.DLL |03/08/2005 15:35:00
      C:\WINDOWS\system32\CNMVS78.DLL |10/04/2006 12:56:41
      C:\WINDOWS\system32\CoInst.dll |09/04/2007 17:08:58
      C:\WINDOWS\system32\COMNCTR.DLL |18/06/2004 03:05:27
      C:\WINDOWS\system32\compatUI.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\cpuinf32.dll |17/09/2001 13:20:02
      C:\WINDOWS\system32\dgrpsetu.dll |11/02/2004 17:22:08
      C:\WINDOWS\system32\dgsetup.dll |11/02/2004 17:22:08
      C:\WINDOWS\system32\divx.dll |22/05/2003 13:27:24
      C:\WINDOWS\system32\DivXc32.dll |01/08/2002 11:03:40
      C:\WINDOWS\system32\DivXc32f.dll |22/08/2002 06:00:00
      C:\WINDOWS\system32\DSCam.Dll |24/09/2004 14:40:54
      C:\WINDOWS\system32\EqnClass.Dll |11/02/2004 17:22:08
      C:\WINDOWS\system32\FEELIT.DLL |18/06/2004 03:05:28
      C:\WINDOWS\system32\fpxlib.dll |24/09/2004 14:40:55
      C:\WINDOWS\system32\GCPL_FRENCH.dll |09/04/2007 17:08:44
      C:\WINDOWS\system32\GsiDi32.dll |09/04/2007 17:08:30
      C:\WINDOWS\system32\gspnDll.dll |09/04/2007 17:08:44
      C:\WINDOWS\system32\hccutils.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\Hmpg12.dll |03/09/2001 23:46:38
      C:\WINDOWS\system32\HMPV2_ENC.dll |30/07/2001 16:33:56
      C:\WINDOWS\system32\HMPV2_ENC_MMX.dll |23/07/2001 22:04:36
      C:\WINDOWS\system32\hticons.dll |11/02/2004 17:24:33
      C:\WINDOWS\system32\huffyuv.dll |23/08/2000 17:00:40
      C:\WINDOWS\system32\hypertrm.dll |11/02/2004 17:24:33
      C:\WINDOWS\system32\iacenc.dll |11/02/2004 17:44:35
      C:\WINDOWS\system32\iAlmCoIn_v3666.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\ialmdd5.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\ialmdev5.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\ialmdnt5.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\ialmgdev.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\ialmgicd.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\ialmrem.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\ialmrnt5.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\iccvid.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\ifc21.dll |18/06/2004 03:05:28
      C:\WINDOWS\system32\igfxdev.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\igfxdgps.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\igfxdo.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\igfxeud.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\igfxexps.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\igfxhk.dll |11/02/2004 18:50:12
      C:\WINDOWS\system32\igfxpph.dll |11/02/2004 18:50:12
      C:\WINDOWS\system32\igfxres.dll |11/02/2004 18:52:12
      C:\WINDOWS\system32\igfxress.dll |11/02/2004 18:50:12
      C:\WINDOWS\system32\igfxsrvc.dll |11/02/2004 18:50:13
      C:\WINDOWS\system32\imon.dll |15/04/2007 08:35:15
      C:\WINDOWS\system32\instDll.dll |09/04/2007 17:08:43
      C:\WINDOWS\system32\ir32_32.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\Ir41_qc.dll |22/03/1998 15:34:14
      C:\WINDOWS\system32\Ir41_qcx.dll |22/03/1998 15:34:14
      C:\WINDOWS\system32\Ir50_32.dll |11/02/2004 17:44:35
      C:\WINDOWS\system32\ir50_lcs.dll |06/11/1997 14:53:30
      C:\WINDOWS\system32\Ir50_qc.dll |22/06/2000 16:31:00
      C:\WINDOWS\system32\Ir50_qcx.dll |22/06/2000 16:31:46
      C:\WINDOWS\system32\isrdbg32.dll |11/02/2004 17:25:36
      C:\WINDOWS\system32\isxdl_fr.dll |16/11/2006 19:40:10
      C:\WINDOWS\system32\iyvu9_32.dll |11/02/2004 17:44:35
      C:\WINDOWS\system32\jgaw400.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\jgdw400.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\jgmd400.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\jgpl400.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\jgsd400.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\jgsh400.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\jpeglib.dll |24/09/2004 14:40:55
      C:\WINDOWS\system32\LCOINST.DLL |18/06/2004 03:05:18
      C:\WINDOWS\system32\lfavi11n.dll |24/09/2004 14:38:03
      C:\WINDOWS\system32\lfbmp11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\LFCMP11n.DLL |07/06/2002 04:02:00
      C:\WINDOWS\system32\lfeps11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\lffax11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\lffpx11n.dll |24/09/2004 14:38:02
      C:\WINDOWS\system32\lffpx7.dll |24/09/2004 14:38:02
      C:\WINDOWS\system32\lfgif11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\LFKODAK.DLL |24/09/2004 14:38:02
      C:\WINDOWS\system32\lfpcd11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\lfpct11n.dll |24/09/2004 14:38:02
      C:\WINDOWS\system32\lfpcx11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\Lfpng11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\lfpsd11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\lftga11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\lftif11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\lfwfx11n.dll |24/09/2004 14:38:02
      C:\WINDOWS\system32\lfwmf11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\LGUICOM.DLL |18/06/2004 03:05:27
      C:\WINDOWS\system32\lmoufrc.dll |18/06/2004 03:05:19
      C:\WINDOWS\system32\LMOUSE16.DLL |18/06/2004 03:05:27
      C:\WINDOWS\system32\LMOUSE32.DLL |18/06/2004 03:05:27
      C:\WINDOWS\system32\LTDIS11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\ltefx11n.dll |24/09/2004 14:38:02
      C:\WINDOWS\system32\ltfil11n.DLL |07/06/2002 04:02:00
      C:\WINDOWS\system32\ltimg11n.dll |07/06/2002 04:02:02
      C:\WINDOWS\system32\ltkrn11n.dll |07/06/2002 04:02:02
      C:\WINDOWS\system32\lttwn11n.dll |24/09/2004 14:38:03
      C:\WINDOWS\system32\Ltwvc11n.dll |07/06/2002 04:02:02
      C:\WINDOWS\system32\mciqtz32.dll |12/12/2002 00:14:32
      C:\WINDOWS\system32\mdwmdmsp.dll |23/08/2001 17:47:06
      C:\WINDOWS\system32\mplaa6.dll |31/10/2001 11:14:40
      C:\WINDOWS\system32\mplam6.dll |31/10/2001 11:14:40
      C:\WINDOWS\system32\mplapx.dll |31/10/2001 11:14:40
      C:\WINDOWS\system32\mplaw7.dll |31/10/2001 11:14:40
      C:\WINDOWS\system32\mplva6.dll |31/10/2001 11:14:40
      C:\WINDOWS\system32\mplvm6.dll |31/10/2001 11:14:40
      C:\WINDOWS\system32\mplvpx.dll |31/10/2001 11:14:40
      C:\WINDOWS\system32\mplvw7.dll |31/10/2001 11:14:40
      C:\WINDOWS\system32\msdmo.dll |12/12/2002 00:14:32
      C:\WINDOWS\system32\msencode.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\MsgPlusLoader.dll |16/04/2007 10:41:18
      C:\WINDOWS\system32\multiplex_vcd.dll |26/12/2001 16:12:30
      C:\WINDOWS\system32\NTICDMK32.dll |11/02/2004 17:44:07
      C:\WINDOWS\system32\NTIMPEG2.dll |11/02/2004 17:44:07
      C:\WINDOWS\system32\nv4_disp.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvcod.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvcodins.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvcpl.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\nview.dll |11/02/2004 18:41:14
      C:\WINDOWS\system32\nviewimg.dll |11/02/2004 18:41:14
      C:\WINDOWS\system32\nvinstnt.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvmctray.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvoglnt.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvrsda.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrsde.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrseng.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrses.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrsfr.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrsit.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrsja.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrsko.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrsnl.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrsru.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrssv.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrszhc.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrszht.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvshell.dll |11/02/2004 18:41:14
      C:\WINDOWS\system32\nvwddi.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvwdmcpl.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvwrsda.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrsde.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrseng.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrses.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrsfr.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrsit.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrsja.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrsko.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrsnl.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrsru.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrssv.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrszhc.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrszht.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\ogg.dll |16/09/2003 17:41:44
      C:\WINDOWS\system32\OpenQuicktimeLib.dll |18/11/2003 13:50:24
      C:\WINDOWS\system32\paqsp.dll |23/08/2001 17:47:16
      C:\WINDOWS\system32\PCDLIB32.DLL |07/06/2002 04:02:02
      C:\WINDOWS\system32\pncrt.dll |24/09/2004 14:38:20
      C:\WINDOWS\system32\pndx5016.dll |24/09/2004 14:38:21
      C:\WINDOWS\system32\pndx5032.dll |24/09/2004 14:38:21
      C:\WINDOWS\system32\psisdecd.dll |11/02/2004 17:47:11
      C:\WINDOWS\system32\px.dll |26/05/2004 03:21:00
      C:\WINDOWS\system32\pxdrv.dll |26/05/2004 03:21:00
      C:\WINDOWS\system32\pxmas.dll |26/05/2004 03:21:00
      C:\WINDOWS\system32\pxwave.dll |26/05/2004 03:21:00
      C:\WINDOWS\system32\pxwma.dll |26/05/2004 03:21:00
      C:\WINDOWS\system32\qedwipes.dll |12/12/2002 00:14:32
      C:\WINDOWS\system32\rmoc3260.dll |24/09/2004 14:38:22
      C:\WINDOWS\system32\rmocx.dll |01/07/2006 14:36:55
      C:\WINDOWS\system32\RTLCPAPI.dll |11/02/2004 17:31:39
      C:\WINDOWS\system32\sbe.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\slbcsp.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\slbiop.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\slbrccsp.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\spnike.dll |23/08/2001 17:47:18
      C:\WINDOWS\system32\sprio600.dll |23/08/2001 17:47:18
      C:\WINDOWS\system32\sprio800.dll |23/08/2001 17:47:18
      C:\WINDOWS\system32\spxcoins.dll |11/02/2004 17:22:08
      C:\WINDOWS\system32\SynCOM.dll |11/02/2004 17:35:21
      C:\WINDOWS\system32\SynCtrl.dll |11/02/2004 17:35:21
      C:\WINDOWS\system32\SynTPAPI.dll |11/02/2004 17:35:21
      C:\WINDOWS\system32\SynTPCoI.dll |11/02/2004 17:35:21
      C:\WINDOWS\system32\SynTPFcs.dll |11/02/2004 17:35:22
      C:\WINDOWS\system32\tsd32.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\usrcntra.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrcoina.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrdpa.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrdtea.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrfaxa.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrlbva.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrrtosa.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrsdpia.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrsvpia.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrv42a.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrv80a.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrvoica.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrvpa.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\vboxs430.dll |12/09/2000 20:24:29
      C:\WINDOWS\system32\vobsub.dll |11/12/2002 10:19:34
      C:\WINDOWS\system32\vorbis.dll |16/09/2003 17:52:30
      C:\WINDOWS\system32\vortm.dll |24/09/2004 14:40:55
      C:\WINDOWS\system32\vp31vfw.dll |14/02/2002 11:48:12
      C:\WINDOWS\system32\vp6vfw.dll |21/10/2003 10:49:20
      C:\WINDOWS\system32\vsfilter.dll |24/11/2003 01:45:14
      C:\WINDOWS\system32\vxblock.dll |26/05/2004 03:21:00
      C:\WINDOWS\system32\win87em.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\winvocon.dll |24/09/2004 14:40:54
      C:\WINDOWS\system32\WooDial2000.dll |04/08/2004 01:20:22
      C:\WINDOWS\system32\xvid.dll |14/05/2003 16:54:02
      C:\WINDOWS\system32\_Source21.Dll |24/09/2004 14:40:54

      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\WINDOWS\system

      25/12/1998 08:15 345 983 RCDSETUP.EXE
      23/08/2001 12:00 9 728 regsvr32.exe
      2 fichier(s) 355 711 octets
      0 Rép(s) 10 107 502 592 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\WINDOWS\system32

      24/04/2003 12:00 4 096 csrss.exe
      1 fichier(s) 4 096 octets
      0 Rép(s) 10 107 502 592 octets libres

      Contenu de Downloaded Program Files
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\WINDOWS\Downloaded Program Files

      11/04/2007 11:40 <REP> .
      11/04/2007 11:40 <REP> ..
      24/01/2007 03:41 841 304 ampAx3.0.84.2.dll
      11/02/2004 17:26 65 desktop.ini
      11/04/2007 11:40 2 849 install.log
      22/06/2006 11:41 5 032 swflash.inf
      11/04/2007 11:40 38 428 unagiuninst.exe
      5 fichier(s) 887 678 octets

      Total des fichiers listés :
      5 fichier(s) 887 678 octets
      2 Rép(s) 10 107 502 592 octets libres

      Recherche de rootkit! (Merci S!Ri)

      Recherche d'infections connues



      catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
      http://www.gmer.net

      scanning hidden processes ...

      scanning hidden services ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 0

      Liste des programmes installes

      Ad-Aware SE Personal
      Adobe Flash Player 9 ActiveX
      Adobe Reader 6.0
      adsl TV
      Agere Systems AC'97 Modem
      AIM
      AIM 6
      Archiveur WinRAR
      Aspire screensaver
      Barre d'outils MSN
      BCM Wireless Network Adapter
      Broadcom Gigabit Integrated Controller
      Broadcom Gigabit Integrated Controller
      Canon iP4200
      Canon PhotoRecord
      Canon PIXMA iP5000
      Canon Utilities Easy-PhotoPrint
      Canon Utilities Easy-PrintToolBox
      CD-LabelPrint
      CleanUp!
      Complément MSN pour Windows Messenger
      Correctif Windows XP - KB824146
      Correctif Windows XP (SP2) Q811493
      Creative System Information
      Creative Zen MicroPhoto
      DCPro (remove only)
      Easy-WebPrint
      GDc++ v0.668 (v1.9 RC9 Fixed) powered by Glesius.it
      Gestionnaire de disques amovible Creative
      Google Earth
      HijackThis 1.99.1
      Indeo® Software
      Intel(R) Extreme Graphics 2 Driver
      Java 2 Runtime Environment, SE v1.4.2_01
      jv16 PowerTools 2006
      K-Lite Codec Pack 2.20 Full
      Launch Manager
      Lecteur Windows Media 10
      Logiciel iTouch de Logitech
      Logitech Desktop Messenger
      Logitech MouseWare 9.79
      Logitech Resource Center
      Messager Wanadoo
      Messenger Plus! 3
      Microsoft Works 7.0
      Modem DSL ECI Telecom
      Mozilla Firefox (1.0.1)
      MSN Messenger 7.0
      MUSICMATCH(R) Jukebox
      NOD32 antivirus system
      NOD32 FiX v2.1
      NTI CD & DVD-Maker
      NTI CD & DVD-Maker 6.5 Gold
      NVIDIA Display Driver
      Outlook Express Update Q330994
      Philips ToUcam Fun Camera
      PowerDVD
      RadioBlogClub Downloader v1.0
      Reality Fusion GameCam SE
      Reality Fusion VBall
      RealPlayer
      Realtek AC'97 Audio
      SmartFTP
      SpotLife
      Spybot - Search & Destroy 1.4
      SuperDJ(TM) 1.10.0
      Synaptics Pointing Device Driver
      TMPGEnc DVD Author 1.5
      Ulead Photo Explorer 6.0
      VideoLAN VLC media player 0.8.6a
      VideoLink Mail
      Viewpoint Media Player
      Wanadoo
      WebFldrs XP
      Winamp (remove only)
      Windows Media Format Runtime
      WLAN
      WLAN 802.11g mini-PCI Module



      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\Program Files

      16/04/2007 15:54 <REP> .
      16/04/2007 15:54 <REP> ..
      11/02/2004 17:39 <REP> Acer Inc
      11/02/2004 17:43 <REP> Adobe
      14/04/2007 15:08 <REP> adslTV
      11/04/2007 11:41 <REP> AIM6
      26/04/2005 08:33 <REP> AIM95
      11/02/2004 17:53 <REP> Aspire screensaver
      11/02/2004 17:31 <REP> AvRack
      11/02/2004 17:33 <REP> Broadcom
      19/08/2005 11:07 <REP> C2Media
      03/08/2005 15:43 <REP> Canon
      16/04/2007 10:59 <REP> CleanUp!
      09/06/2005 01:00 1 152 409 cnb_2600.tb_
      28/04/2005 01:00 130 379 cnb78ca0.ic_
      09/06/2005 01:00 131 999 cnb78cb0.ic_
      28/03/2005 01:00 132 013 cnb78cc0.ic_
      28/03/2005 01:00 128 135 cnb78db0.ic_
      28/03/2005 01:00 131 477 cnb78eb0.ic_
      28/03/2005 01:00 128 783 cnb78ed0.ic_
      30/03/2001 01:00 5 617 cnbjprn2.ic_
      27/01/2005 05:30 224 cnm.in_
      09/06/2005 06:00 32 527 cnm_0260.dl_
      15/04/2005 06:00 18 389 cnmbr260.dl_
      15/04/2005 06:00 273 149 cnmdrv.dl_
      15/04/2005 06:00 63 127 cnmdump5.dl_
      15/04/2005 06:00 10 577 cnmfus.dl_
      19/05/2005 15:00 48 128 cnmi0404.dll
      25/05/2005 02:10 57 344 cnmi0405.dll
      25/05/2005 02:10 57 856 cnmi0406.dll
      25/05/2005 02:10 65 024 cnmi0407.dll
      25/05/2005 02:10 61 440 cnmi0408.dll
      08/03/2005 19:16 56 832 cnmi0409.dll
      25/05/2005 02:10 57 344 cnmi040b.dll
      25/05/2005 02:10 64 512 cnmi040c.dll
      25/05/2005 02:10 58 368 cnmi040e.dll
      25/05/2005 02:10 59 392 cnmi0410.dll
      08/03/2005 19:16 50 688 cnmi0411.dll
      19/05/2005 15:00 50 688 cnmi0412.dll
      25/05/2005 02:10 59 904 cnmi0413.dll
      25/05/2005 02:10 57 856 cnmi0414.dll
      25/05/2005 02:10 58 368 cnmi0415.dll
      25/05/2005 02:10 58 368 cnmi0419.dll
      25/05/2005 02:10 57 856 cnmi041d.dll
      19/05/2005 15:00 56 320 cnmi041e.dll
      25/05/2005 02:10 57 344 cnmi041F.dll
      19/05/2005 15:00 47 616 cnmi0804.dll
      25/05/2005 02:10 59 392 cnmi0816.dll
      25/05/2005 02:10 59 392 cnmi0c0a.dll
      15/04/2005 06:00 3 128 cnminst.dl_
      09/05/2002 22:10 7 204 cnminst2.dll
      08/03/2005 19:16 61 952 cnmis.dll
      08/03/2005 19:16 5 632 cnmis4.dll
      08/03/2005 19:16 18 944 cnmis5.dll
      15/04/2005 06:00 70 431 cnmlmon2.dl_
      15/04/2005 06:00 10 940 cnmlr.dl_
      19/05/2005 15:00 8 854 cnmlrcn.dl_
      25/05/2005 06:10 12 700 cnmlrcz.dl_
      25/05/2005 06:10 13 322 cnmlrde.dl_
      25/05/2005 06:10 12 554 cnmlrdk.dl_
      25/05/2005 06:10 12 906 cnmlres.dl_
      25/05/2005 06:10 12 050 cnmlrfi.dl_
      25/05/2005 06:10 13 000 cnmlrfr.dl_
      25/05/2005 06:10 14 548 cnmlrgr.dl_
      25/05/2005 06:10 13 198 cnmlrhu.dl_
      25/05/2005 06:10 12 280 cnmlrit.dl_
      15/04/2005 06:00 9 457 cnmlrj.dl_
      19/05/2005 15:00 9 770 cnmlrkr.dl_
      25/05/2005 06:10 12 412 cnmlrnl.dl_
      25/05/2005 06:10 12 050 cnmlrno.dl_
      25/05/2005 06:10 13 792 cnmlrpl.dl_
      25/05/2005 06:10 12 406 cnmlrpt.dl_
      25/05/2005 06:10 12 766 cnmlrru.dl_
      25/05/2005 06:10 12 426 cnmlrse.dl_
      19/05/2005 15:00 10 808 cnmlrth.dl_
      25/05/2005 06:10 11 882 cnmlrTr.dl_
      19/05/2005 15:00 9 112 cnmlrtw.dl_
      09/06/2005 06:00 12 362 cnmop78.dl_
      15/04/2005 06:00 26 063 cnmp_260.dl_
      15/04/2005 06:00 1 104 cnmp0.da_
      15/04/2005 06:00 1 076 cnmp1.da_
      15/04/2005 06:00 1 676 cnmp2.da_
      01/02/2002 17:29 15 300 cnmpar21.sys
      15/04/2005 06:00 16 539 cnmpcomm.dl_
      15/04/2005 06:00 10 028 cnmpd.dl_
      15/04/2005 06:00 31 054 cnmpp.dl_
      15/04/2005 06:00 41 376 cnmpv.dl_
      15/04/2005 06:00 12 631 cnmqueue.dl_
      15/04/2005 06:00 13 222 cnmsmsd.dl_
      15/04/2005 06:00 8 402 cnmsr.dl_
      19/05/2005 15:00 6 630 cnmsrcn.dl_
      25/05/2005 06:10 9 666 cnmsrcz.dl_
      25/05/2005 06:10 10 110 cnmsrde.dl_
      25/05/2005 06:10 9 324 cnmsrdk.dl_
      25/05/2005 06:10 9 804 cnmsres.dl_
      25/05/2005 06:10 8 830 cnmsrfi.dl_
      25/05/2005 06:10 9 700 cnmsrfr.dl_
      25/05/2005 06:10 11 030 cnmsrgr.dl_
      25/05/2005 06:10 9 904 cnmsrhu.dl_
      25/05/2005 06:10 9 368 cnmsrit.dl_
      15/04/2005 06:00 7 089 cnmsrj.dl_
      19/05/2005 15:00 7 572 cnmsrkr.dl_
      25/05/2005 06:10 9 240 cnmsrnl.dl_
      25/05/2005 06:10 9 036 cnmsrno.dl_
      25/05/2005 06:10 10 328 cnmsrpl.dl_
      25/05/2005 06:10 9 414 cnmsrpt.dl_
      25/05/2005 06:10 9 736 cnmsrru.dl_
      25/05/2005 06:10 9 362 cnmsrse.dl_
      19/05/2005 15:00 8 100 cnmsrth.dl_
      25/05/2005 06:10 8 680 cnmsrTr.dl_
      19/05/2005 15:00 6 722 cnmsrtw.dl_
      15/04/2005 06:00 85 620 cnmstmn.dl_
      15/04/2005 06:00 16 116 cnmstsr.sm_
      15/04/2005 06:00 361 166 cnmui.dl_
      08/03/2005 19:17 90 112 cnmunins.exe
      15/04/2005 06:00 30 236 cnmur.dl_
      19/05/2005 15:00 26 496 cnmurcn.dl_
      25/05/2005 06:10 32 800 cnmurcz.dl_
      25/05/2005 06:20 33 490 cnmurde.dl_
      25/05/2005 06:10 31 910 cnmurdk.dl_
      25/05/2005 06:10 32 810 cnmures.dl_
      25/05/2005 06:10 31 606 cnmurfi.dl_
      25/05/2005 06:10 33 038 cnmurfr.dl_
      25/05/2005 06:10 35 962 cnmurgr.dl_
      25/05/2005 06:10 32 898 cnmurhu.dl_
      25/05/2005 06:10 32 106 cnmurit.dl_
      15/04/2005 06:00 28 671 cnmurj.dl_
      19/05/2005 15:00 28 372 cnmurkr.dl_
      25/05/2005 06:10 32 082 cnmurnl.dl_
      25/05/2005 06:10 31 034 cnmurno.dl_
      25/05/2005 06:10 33 918 cnmurpl.dl_
      25/05/2005 06:10 32 242 cnmurpt.dl_
      25/05/2005 06:10 34 088 cnmurru.dl_
      25/05/2005 06:10 31 936 cnmurse.dl_
      19/05/2005 15:00 30 386 cnmurth.dl_
      25/05/2005 06:10 31 744 cnmurTr.dl_
      19/05/2005 15:00 26 876 cnmurtw.dl_
      15/04/2005 06:00 3 672 cnmvs.dl_
      08/03/2005 19:16 23 040 cnmvsa.exe
      15/04/2005 06:00 3 124 cnmw3.dl_
      11/02/2004 17:25 <REP> ComPlus Applications
      05/11/2006 16:32 <REP> Creative
      25/05/2004 20:39 <REP> Cucusoft
      11/02/2004 17:45 <REP> CyberLink
      21/08/2004 18:23 <REP> DCPro
      12/03/2002 22:54 45 056 devid.dll
      09/04/2007 17:08 <REP> ECI Telecom
      15/04/2007 10:28 <REP> ESET
      12/05/2005 17:38 5 133 eula0404.txt
      08/02/2005 12:04 11 504 eula0405.txt
      24/06/2005 11:46 12 728 eula0406.txt
      13/05/2005 14:54 18 199 eula0407.txt
      08/02/2005 11:48 13 484 eula0408.txt
      28/03/2005 17:00 11 665 eula0409_euro.txt
      06/01/2005 18:20 8 824 eula0409_us.txt
      08/02/2005 11:31 12 438 eula040b.txt
      10/06/2005 16:05 11 558 eula040c_euro.txt
      08/02/2005 10:16 10 796 eula040c_us.txt
      08/02/2005 12:04 13 205 eula040e.txt
      08/02/2005 11:32 12 202 eula0410.txt
      12/01/2005 17:41 6 297 eula0411.txt
      16/02/2005 16:37 7 100 eula0412.txt
      08/02/2005 11:31 15 126 eula0413.txt
      08/02/2005 11:32 11 761 eula0414.txt
      08/02/2005 12:03 12 374 eula0415.txt
      24/06/2005 11:56 15 315 eula0419.txt
      08/02/2005 11:32 12 307 eula041d.txt
      22/02/2005 12:24 7 596 eula041e.txt
      01/03/2005 09:52 11 966 eula041F.txt
      16/02/2005 16:36 4 798 eula0804.txt
      08/02/2005 11:32 12 781 eula0816_euro.txt
      08/02/2005 10:17 9 227 eula0816_us.txt
      24/06/2005 12:15 13 086 eula0c0a_euro.txt
      08/02/2005 10:17 9 739 eula0c0a_us.txt
      14/04/2007 22:08 <REP> Fichiers communs
      15/04/2007 16:09 <REP> FlashFXP
      09/11/2006 19:37 <REP> Google
      15/04/2005 06:00 22 241 helpkicker.ex_
      11/02/2004 17:29 <REP> Intel
      11/02/2004 17:25 <REP> Internet Explorer
      10/04/2006 12:55 <REP> ip4200
      01/08/2005 01:11 69 716 ip4200.cat
      19/07/2005 06:12 18 740 ip4200.inf
      11/02/2004 17:40 <REP> Java
      15/04/2007 18:44 <REP> jv16 PowerTools 2006
      10/11/2004 18:29 <REP> Kaspersky Lab
      26/05/2004 04:00 <REP> K-Lite Codec Pack
      11/02/2004 17:41 <REP> Launch Manager
      15/04/2007 13:07 <REP> Lavasoft
      11/02/2004 17:44 <REP> Ligos
      18/06/2004 03:07 <REP> Logitech
      11/02/2004 17:34 <REP> ltmoh
      04/08/2004 01:20 <REP> Messager Wanadoo
      11/02/2004 17:24 <REP> Messenger
      24/04/2005 20:14 <REP> MessengerPlus! 3
      20/05/2005 15:00 122 417 mh78cn.ch_
      25/05/2005 01:00 120 589 mh78cz.ch_
      25/05/2005 01:00 121 717 mh78de.ch_
      25/05/2005 01:00 114 973 mh78dk.ch_
      25/05/2005 01:00 122 491 mh78es.ch_
      25/05/2005 06:00 114 493 mh78fi.ch_
      25/05/2005 01:00 119 091 mh78fr.ch_
      25/05/2005 01:00 132 377 mh78gr.ch_
      25/05/2005 01:00 122 605 mh78hu.ch_
      25/05/2005 01:00 117 397 mh78it.ch_
      15/04/2005 01:00 139 053 mh78jp.ch_
      20/05/2005 15:00 135 231 mh78kr.ch_
      25/05/2005 01:00 115 999 mh78nl.ch_
      25/05/2005 01:00 112 917 mh78no.ch_
      25/05/2005 01:00 124 661 mh78pl.ch_
      25/05/2005 01:00 117 451 mh78pt.ch_
      25/05/2005 01:00 124 611 mh78ru.ch_
      25/05/2005 01:00 113 449 mh78se.ch_
      20/05/2005 15:00 137 361 mh78th.ch_
      25/05/2005 06:00 115 241 mh78Tr.ch_
      20/05/2005 15:00 123 259 mh78tw.ch_
      15/04/2005 01:00 108 777 mh78us.ch_
      11/02/2004 17:26 <REP> microsoft frontpage
      16/02/2004 16:53 <REP> Microsoft Works
      11/02/2004 17:25 <REP> Movie Maker
      15/04/2007 16:09 <REP> Mozilla Firefox
      11/02/2004 17:24 <REP> MSN
      04/08/2004 18:13 <REP> MSN Apps
      11/02/2004 17:24 <REP> MSN Gaming Zone
      24/04/2005 20:26 <REP> MSN Messenger
      18/06/2004 03:06 <REP> MUSICMATCH
      11/02/2004 17:25 <REP> NetMeeting
      11/02/2004 17:44 <REP> NewTech Infosystems
      25/05/2004 19:50 <REP> O2Micro
      11/02/2004 17:25 <REP> Outlook Express
      26/05/2004 03:21 <REP> Pegasys Inc
      24/09/2004 14:40 <REP> Philips ToUcam Camera
      16/11/2006 19:40 <REP> RadioBlogClub Downloader
      25/05/2005 06:10 29 124 Readme_Czech.txt
      25/05/2005 06:10 31 844 Readme_Danish.txt
      25/05/2005 06:10 33 561 Readme_Dutch.txt
      19/04/2005 16:54 29 281 readme_english.txt
      25/05/2005 06:10 29 619 Readme_Finnish.txt
      25/05/2005 06:10 35 043 Readme_French.txt
      25/05/2005 06:10 34 813 Readme_German.txt
      25/05/2005 06:10 38 518 Readme_Greek.txt
      25/05/2005 06:10 31 559 Readme_Hungarian.txt
      25/05/2005 06:10 34 109 Readme_Italian.txt
      15/04/2005 11:36 27 503 readme_japanese.txt
      19/05/2005 16:00 25 991 Readme_Korean.txt
      25/05/2005 06:10 30 683 Readme_Norwegian.txt
      25/05/2005 06:10 35 455 Readme_Polish.txt
      25/05/2005 06:10 34 281 Readme_Portuguese.txt
      25/05/2005 06:10 32 243 Readme_Russian.txt
      19/05/2005 16:00 20 093 Readme_Simplified_Chinese.txt
      25/05/2005 06:10 34 527 Readme_Spanish.txt
      25/05/2005 06:10 30 549 Readme_Swedish.txt
      19/05/2005 16:00 27 904 Readme_Thai.txt
      19/05/2005 16:00 20 061 Readme_Traditional_Chinese.txt
      25/05/2005 06:10 30 360 readme_Turkish.txt
      24/09/2004 14:38 <REP> Real
      11/02/2004 17:31 <REP> Realtek Sound Manager
      11/02/2004 17:24 <REP> Services en ligne
      08/03/2005 19:17 167 936 setup.exe
      15/04/2005 06:00 1 960 setup.ini
      20/05/2005 15:00 39 507 sh78cn.ch_
      25/05/2005 01:00 40 581 sh78cz.ch_
      25/05/2005 01:00 40 277 sh78de.ch_
      25/05/2005 01:00 39 883 sh78dk.ch_
      25/05/2005 01:00 40 433 sh78es.ch_
      25/05/2005 06:00 39 919 sh78fi.ch_
      25/05/2005 01:00 40 873 sh78fr.ch_
      25/05/2005 01:00 41 615 sh78gr.ch_
      25/05/2005 01:00 40 359 sh78hu.ch_
      25/05/2005 01:00 40 067 sh78it.ch_
      15/04/2005 01:00 40 925 sh78jp.ch_
      20/05/2005 15:00 40 567 sh78kr.ch_
      25/05/2005 01:00 39 523 sh78nl.ch_
      25/05/2005 01:00 39 739 sh78no.ch_
      25/05/2005 01:00 40 741 sh78pl.ch_
      25/05/2005 01:00 40 317 sh78pt.ch_
      25/05/2005 01:00 41 295 sh78ru.ch_
      25/05/2005 01:00 39 679 sh78se.ch_
      20/05/2005 15:00 40 559 sh78th.ch_
      25/05/2005 06:00 39 385 sh78Tr.ch_
      20/05/2005 15:00 39 847 sh78tw.ch_
      15/04/2005 01:00 39 231 sh78us.ch_
      30/04/2005 16:16 <REP> SmartFTP
      30/04/2005 16:16 <REP> SmartFTP Setup Files
      15/04/2007 09:15 <REP> Spybot - Search & Destroy
      11/02/2004 17:35 <REP> Synaptics
      24/09/2004 14:39 <REP> Ulead Systems
      10/04/2007 09:38 <REP> VideoLAN
      24/09/2004 14:40 <REP> VideoLink Mail
      11/04/2007 11:40 <REP> Viewpoint
      17/04/2007 12:31 <REP> Wanadoo
      25/04/2005 20:54 <REP> WildTangent
      15/07/2005 11:36 <REP> Winamp
      05/11/2006 16:33 <REP> Windows Media Player
      11/02/2004 17:24 <REP> Windows NT
      28/05/2004 22:31 <REP> WinRAR
      25/05/2004 19:50 <REP> WLAN 802.11g mini-PCI Module
      11/02/2004 17:26 <REP> xerox
      225 fichier(s) 10 542 851 octets
      73 Rép(s) 10 107 392 000 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\Program Files\fichiers communs

      14/04/2007 22:08 <REP> .
      14/04/2007 22:08 <REP> ..
      23/08/2004 13:23 <REP> Adobe
      11/04/2007 11:39 <REP> AOL
      05/11/2006 16:25 <REP> InstallShield
      11/02/2004 17:40 <REP> Java
      18/06/2004 03:04 <REP> Logitech
      11/02/2004 17:22 <REP> Microsoft Shared
      11/02/2004 17:25 <REP> MSSoap
      11/02/2004 17:22 <REP> ODBC
      10/04/2006 13:30 <REP> Real
      11/02/2004 17:25 <REP> Services
      24/09/2004 14:40 <REP> Smith Micro Shared
      14/04/2007 22:09 <REP> Softwin
      11/02/2004 17:22 <REP> SpeechEngines
      07/07/2005 17:28 <REP> Symantec Shared
      11/02/2004 17:25 <REP> System
      10/04/2006 13:30 <REP> xing shared
      0 fichier(s) 0 octets
      18 Rép(s) 10 107 392 000 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

      11/02/2004 17:30 <REP> .
      11/02/2004 17:30 <REP> ..
      18/05/2001 17:57 561 209 MSONSEXT.DLL
      03/06/1999 14:09 122 937 MSOWS409.DLL
      07/03/2001 09:00 127 033 MSOWS40c.DLL
      3 fichier(s) 811 179 octets
      2 Rép(s) 10 107 392 000 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\

      11/11/2001 00:00 68 096 diff.exe
      27/08/2006 14:10 103 424 grep.exe
      2 fichier(s) 171 520 octets
      0 Rép(s) 10 107 392 000 octets libres
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\AIMinst.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\AIMLang.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\alsetup.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\aoldlmgr.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\migrator.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\ocpinst.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\postproc.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\setup.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\tbsetup.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\unagi3.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\Vwpt.exe
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\Cnmvsa.exe
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\helpkicker.exe
      c:\Documents and Settings\benjy\LDCPlusPlus.exe
      c:\Documents and Settings\benjy\MpSetup.exe
      c:\Documents and Settings\benjy\.housecall6.6\getMac.exe
      c:\Documents and Settings\benjy\.housecall6.6\patch.exe
      c:\Documents and Settings\benjy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
      c:\Documents and Settings\benjy\Bureau\a2AntiMalwareSetup.exe
      c:\Documents and Settings\benjy\Bureau\aawsepersonal.exe
      c:\Documents and Settings\benjy\Bureau\CleanUp40.exe
      c:\Documents and Settings\benjy\Bureau\CleanUp40-1.exe
      c:\Documents and Settings\benjy\Bureau\CleanUp40-2.exe
      c:\Documents and Settings\benjy\Bureau\dotnetfx.exe
      c:\Documents and Settings\benjy\Bureau\FlashFXP_302_Setup.exe
      c:\Documents and Settings\benjy\Bureau\FlashFXP_31_RC1_Setup.exe
      c:\Documents and Settings\benjy\Bureau\GoogleEarthWin.exe
      c:\Documents and Settings\benjy\Bureau\GoogleEarthWin_EARE.exe
      c:\Documents and Settings\benjy\Bureau\GoogleEarthWin-1.exe
      c:\Documents and Settings\benjy\Bureau\Installer_AIM.exe
      c:\Documents and Settings\benjy\Bureau\jv16pt_setup.exe
      c:\Documents and Settings\benjy\Bureau\Lopxp.exe
      c:\Documents and Settings\benjy\Bureau\mwav.exe
      c:\Documents and Settings\benjy\Bureau\new_uninstall.exe
      c:\Documents and Settings\benjy\Bureau\RadioBlogClub_Downloader_setup.exe
      c:\Documents and Settings\benjy\Bureau\SDFix.exe
      c:\Documents and Settings\benjy\Bureau\SFTPMSI.exe
      c:\Documents and Settings\benjy\Bureau\SFTPMSI-1.exe
      c:\Documents and Settings\benjy\Bureau\spybotsd14.exe
      c:\Documents and Settings\benjy\Bureau\BitDefender 10.0\BitDefender 10.0\bitdefender_antivirus_plus.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\catchme.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\diff.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\dumphive.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\FilesInfoCmd.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\Fport.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\grep.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\LFiles.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\LISTDLLS.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\pslist.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\streams.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\swreg.exe
      c:\Documents and Settings\benjy\Bureau\Lopxp\tools\EchoX.exe
      c:\Documents and Settings\benjy\Bureau\Lopxp\tools\lsTasks.exe
      c:\Documents and Settings\benjy\Bureau\Lopxp\tools\Process.exe
      c:\Documents and Settings\benjy\Bureau\Lopxp\tools\Str.exe
      c:\Documents and Settings\benjy\Bureau\NO\NOD32.Antivirus2.70.16 FINAL\NOD32.exe
      c:\Documents and Settings\benjy\Bureau\NO\NOD32.Antivirus2.70.16 FINAL\NOD32.FiX.v2.1-nsane.exe
      c:\Documents and Settings\benjy\Downloads\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\PtokaX.exe
      c:\Documents and Settings\benjy\Downloads\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\upx.exe
      c:\Documents and Settings\benjy\Downloads\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\PtokaX.exe
      c:\Documents and Settings\benjy\Downloads\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\upx.exe
      c:\Documents and Settings\benjy\Mes documents\vlc-0.8.5-win32.exe
      c:\Documents and Settings\benjy\Mes documents\migneau.benjamin\DCPro.Installer.v.45E\DCPro.Installer.v.45E.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\Catchme.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\cliptext.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\download.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\LS.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\MD5File.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\MoveEx.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\Process.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\RegDACL.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\RestartIt!.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\sc.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\SF.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\swreg.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\swsc.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\unzip.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\zip.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\Replace\W2K.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\Replace\XP.exe
      c:\Documents and Settings\Default User\MpSetup.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\AOLFirewallMgr.dll
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\gui.dll
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\imappver.dll
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\instSup.dll
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\ocpchk.dll
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\postinst.dll
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\ProgUpd.dll
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\tbinst.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0404\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0404\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0404\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0405\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0405\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0405\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0406\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0406\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0406\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0407\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0407\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0407\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0408\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0408\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0408\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0409\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0409\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0409\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040b\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040b\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040b\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040c\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040c\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040c\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040e\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040e\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040e\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0410\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0410\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0410\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0411\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0411\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0411\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0412\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0412\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0412\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0413\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0413\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0413\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0414\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0414\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0414\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0415\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0415\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0415\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0419\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0419\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0419\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041D\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041D\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041D\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041E\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041E\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041E\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041F\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041F\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041F\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0804\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0804\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0804\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0816\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0816\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0816\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0c0a\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0c0a\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0c0a\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNM_0260.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMBR260.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMDRV.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMDUMP5.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMFUS.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMINST.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLMON2.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLR.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRCN.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRCZ.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRDE.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRDK.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRES.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRFI.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRFR.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRGR.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRHU.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRIT.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRJ.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRKR.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRNL.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRNO.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRPL.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRPT.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRRU.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRSE.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTH.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTR.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTW.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMOP78.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMP_260.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPCOMM.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPD.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPP.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPV.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMQUEUE.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSMSD.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSR.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRCN.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRCZ.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRDE.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRDK.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRES.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRFI.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRFR.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRGR.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRHU.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRIT.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRJ.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRKR.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRNL.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRNO.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOW
      0
  14. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    OK;

    Telecharge ceci
    https://www.silentrunners.org/Silent%20Runners.vbs
    Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

    A+
    0
  15. benjy92260 Messages postés 24 Statut Membre
     
    voici le rapport du fichier vbs

    'Silent Runners.vbs -- find out what starts up with Windows!
    '(compatible with Windows 95/98/Millennium/NT 4.0/2000 Pro/XP Home & Pro/Vista RC1)
    '
    'DO NOT REMOVE THIS HEADER!
    '
    'Copyright Andrew ARONOFF 14 January 2007, https://www.silentrunners.org/
    'This script is provided without any warranty, either express or implied
    'It may not be copied or distributed without permission
    '
    '** YOU RUN THIS SCRIPT AT YOUR OWN RISK! ** (END OF HEADER)

    Option Explicit

    Dim strRevNo : strRevNo = "R50"

    Public flagTest : flagTest = False 'True if in testing mode
    'flagTest = True 'Uncomment to put in testing mode
    Public arSecTest : arSecTest = Array() 'array of section numbers to test

    Public intSection : intSection = 0 'section counter

    'This script is divided into 28 sections.

    'malware launch points:
    ' registry keys (1-12, 15)
    ' INI/INF-files (16-18)
    ' folders (19)
    ' enabled scheduled tasks (20)
    ' Winsock2 service provider DLLs (21)
    ' IE toolbars, explorer bars, extensions (22)
    ' started services (26)
    ' keyboard driver filters (27)
    ' printer monitors (28)

    'hijack points:
    ' System/Group Policies (14)
    ' prefixes for IE URLs (23)
    ' misc IE points (24)
    ' HOSTS file (25)

    'Output is suppressed if deemed normal unless the -all parameter is used
    'Section XVIII is skipped unless the -supp/-all parameters are used or
    'the first message box is answered "No" and the next message box "Yes"

    ' 1. HKCU/HKLM... Run/RunOnce/RunOnce\Setup/RunOnceEx
    ' HKLM... RunServices/RunServicesOnce
    ' HKCU/HKLM... Policies\Explorer\Run
    ' 2. HKLM... Active Setup\Installed Components\
    ' HKCU... Active Setup\Installed Components\
    ' (StubPath <> "" And HKLM version # > HKCU version #)
    ' 3. HKLM... Explorer\Browser Helper Objects\
    ' 4. HKLM... Shell Extensions\Approved\
    ' 5. HKLM... Explorer\SharedTaskScheduler/ShellExecuteHooks
    ' 6. HKCU/HKLM... ShellServiceObjectDelayLoad\
    ' 7. HKCU/HKLM... Command Processor\AutoRun
    ' HKCU... Policies\System\Shell (W2K/WXP/WVa only)
    ' HKCU... Windows\load & run
    ' HKLM... Windows\AppInit_DLLs
    ' HKCU/HKLM... Winlogon\Shell
    ' HKLM... Winlogon\Userinit, System, Ginadll, Taskman
    ' HKLM... Control\SafeBoot\Option\UseAlternateShell
    ' HKLM... Control\SecurityProviders\SecurityProviders
    ' HKLM... Control\Session Manager\BootExecute
    ' HKLM... Control\Session Manager\WOW\cmdline, wowcmdline
    ' 8. HKLM... Winlogon\Notify\ (subkey names/DLLName values <> O/S-specific dictionary data)
    ' 9. HKLM... Image File Execution Options ("Debugger" subkeys)
    '10. HKCU/HKLM... Policies... Startup/Shutdown, Logon/Logoff scripts (W2K/WXP/WVa)
    '11. HKCU/HKLM Protocols\Filter
    '12. Context menu shell extensions
    '13. HKCU/HKLM executable file type (bat/cmd/com/exe/hta/pif/scr)
    '14. System/Group Policies
    '15. Enabled Wallpaper & Screen Saver
    '16. WIN.INI (load/run <> ""), SYSTEM.INI (shell <> explorer.exe, scrnsave.exe), WINSTART.BAT
    '17. AUTORUN.INF in root directory of local fixed disks
    '18. DESKTOP.INI in any local fixed disk directory (section skipped by default)
    '19. %WINDIR%... Startup & All Users... Startup (W98/WMe) or
    ' %USERNAME%... Startup & All Users... Startup folder contents
    '20. Enabled Scheduled Tasks
    '21. Winsock2 Service Provider DLLs
    '22. Internet Explorer Toolbars, Explorer Bars, Extensions
    '23. Internet Explorer URL Prefixes
    '24. Misc. IE Hijack Points
    '25. HOSTS file
    '26. Started Services
    '27. Keyboard Driver Filters
    '28. Print Monitors

    Dim Wshso : Set Wshso = WScript.CreateObject("WScript.Shell")
    Dim WshoArgs : Set WshoArgs = WScript.Arguments
    Dim intErrNum, intMB, intMB1 'Err.Number, MsgBox return value x 2

    Dim strflagTest : strflagTest = ""
    If flagTest Then
    strflagTest = "TEST "
    Wshso.Popup "Silent Runners is in testing mode.",1, _
    "Testing, testing, 1-2-3...", vbOKOnly + vbExclamation
    End If

    'Configuration Detection Section

    ' FileSystemObject creation error (112)
    ' CScript/WScript (147)
    ' Dim (161)
    ' GetFileVersion(WinVer.exe) (VBScript 5.1) (182)
    ' OS version (223)
    ' WMI (279)
    ' Dim (364)
    ' command line arguments (440)
    ' supplementary search MsgBox (532)
    ' startup MsgBox (557)
    ' CreateTextFile error (583)
    ' output file header (625)
    ' WXP SP2 (629)

    On Error Resume Next
    Dim Fso : Set Fso = CreateObject("Scripting.FileSystemObject")
    intErrNum = Err.Number : Err.Clear
    On Error Goto 0

    If intErrNum <> 0 Then

    strURL = "https://docs.microsoft.com/en-us/"

    intMB = MsgBox (Chr(34) & "Silent Runners" & Chr(34) &_
    " cannot access file services critical to" & vbCRLF &_
    "proper script operation." & vbCRLF & vbCRLF &_
    "If you are running Windows XP, make sure that the" &_
    vbCRLF & Chr(34) & "Cryptographic Services" & Chr(34) &_
    " service is started." & vbCRLF & vbCRLF &_
    "You can also try reinstalling the latest version of the MS" &_
    vbCRLF & "Windows Script Host." & vbCRLF & vbCRLF &_
    "Press " & Chr(34) & "OK" & Chr(34) & " to direct your browser to " &_
    "the download site or" & vbCRLF & Space(10) & Chr(34) & "Cancel" &_
    Chr(34) & " to quit.", vbOKCancel + vbCritical, _
    "Can't access the FileSystemObject!")

    'if dl wanted now, send browser to dl site
    If intMB = 1 Then Wshso.Run strURL

    WScript.Quit

    End If

    Dim oNetwk : Set oNetwk = WScript.CreateObject("WScript.Network")

    Const HKLM = &H80000002, HKCU = &H80000001
    Const REG_SZ=1, REG_EXPAND_SZ=2, REG_BINARY=3, REG_DWORD=4, REG_MULTI_SZ=7
    Const REG_QWORD = 11
    Const MS = " [MS]"
    Const DQ = """", LBr = "{"
    Const IWarn = "<<!>> ", HWarn = "<<H>> "

    'determine whether output is via MsgBox/PopUp or Echo
    Dim flagOut
    If InStr(LCase(WScript.FullName),"wscript.exe") > 0 Then
    flagOut = "W" 'WScript
    ElseIf InStr(LCase(WScript.FullName),"cscript.exe") > 0 Then
    flagOut = "C" 'CScript
    Else 'echo and continue if it works
    flagOut = "C" 'assume CScript-compatible
    WScript.Echo "Neither " & Chr(34) & "WSCRIPT.EXE" & Chr(34) & " nor " &_
    Chr(34) & "CSCRIPT.EXE" & Chr(34) & " was detected as " &_
    "the script host." & vbCRLF & Chr(34) & "Silent Runners" & Chr(34) &_
    " will assume that the script host is CSCRIPT-compatible and will" & vbCRLF &_
    "use WScript.Echo for all messages."
    End If 'script host

    Const SysFolder = 1 : Const WinFolder = 0
    Dim strOS : strOS = "Unknown"
    Dim strOSLong : strOSLong = "Unknown"
    Dim strOSXP : strOSXP = "Windows XP Home" 'XP Home or Pro
    Public strFPSF : strFPSF = Fso.GetSpecialFolder(SysFolder).Path 'FullPathSystemFolder
    Public strFPWF : strFPWF = Fso.GetSpecialFolder(WinFolder).Path 'FullPathWindowsFolder
    Public strExeBareName 'bare file name w/o windows or system folder prefixes
    Dim strSysVer 'Winver.exe version number
    Dim intErrNum1, intErrNum2, intErrNum3, intErrNum4, intErrNum5, intErrNum6 'error number
    Dim intLenValue 'value length
    Dim strURL 'download URL
    'assume Group Policies cannot be set in the O/S
    Dim flagGP : flagGP = False
    'HKCU/HKLM CLSID Lower Limit, default is HKLM for O/S <= NT4
    Dim intCLL : intCLL = 1

    'Winver.exe is in \Windows under W98, but in \System32 for other O/S's
    'trap GetFileVersion error for VBScript version < 5.1
    On Error Resume Next
    If Fso.FileExists (strFPSF & "\Winver.exe") Then
    strSysVer = Fso.GetFileVersion(strFPSF & "\Winver.exe")
    Else
    strSysVer = Fso.GetFileVersion(strFPWF & "\Winver.exe")
    End If
    intErrNum = Err.Number : Err.Clear
    On Error Goto 0

    'if GetFileVersion returns error due to old WSH version
    If intErrNum <> 0 Then

    'store dl URL
    strURL = "http://tinyurl.com/7zh0"

    'if using WScript
    If flagOut = "W" Then

    'explain the problem
    intMB = MsgBox ("This script requires Windows Script Host (WSH) 5.1 " &_
    "or higher to run." & vbCRLF & vbCRLF & "Press " & Chr(34) & "OK" &_
    Chr(34) & " to direct your browser to the WSH download site or " &_
    Chr(34) & "Cancel" & Chr(34) & " to quit." & vbCRLF & vbCRLF &_
    "(WMI is also required. If it's missing, download instructions " &_
    "will appear later.)", vbOKCancel + vbExclamation, _
    "Unsupported Windows Script Host Version!")

    'if dl wanted now, send browser to dl site
    If intMB = 1 Then Wshso.Run strURL

    'if using CScript
    Else 'flagOut = "C"

    'explain the problem
    WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " requires " &_
    "Windows Script Host 5.1 or higher to run." & vbCRLF & vbCRLF &_
    "It can be downloaded at: " & strURL

    End If 'WScript or CScript?

    'quit the script
    WScript.Quit

    End If 'VBScript version error encountered?

    'use WINVER.EXE file version to determine O/S
    If Instr(Left(strSysVer,3),"4.1") > 0 Then
    strOS = "W98" : strOSLong = "Windows 98"

    ElseIf Instr(Left(strSysVer,5),"4.0.1") > 0 Then
    strOS = "NT4" : strOSLong = "Windows NT 4.0"

    ElseIf Instr(Left(strSysVer,8),"4.0.0.95") > 0 Then
    strOS = "W98" : strOSLong = "Windows 95"

    ElseIf Instr(Left(strSysVer,8),"4.0.0.11") > 0 Then
    strOS = "W98" : strOSLong = "Windows 95 SR2 (OEM)"

    ElseIf Instr(Left(strSysVer,3),"5.0") > 0 Then
    strOS = "W2K" : strOSLong = "Windows 2000" : : intCLL = 0 : flagGP = True

    ElseIf Instr(Left(strSysVer,3),"5.1") > 0 Then
    'SP0 & SP1 = 5.1.2600.0, SP2 = 5.1.2600.2180
    strOS = "WXP" : strOSLong = "Windows XP" : intCLL = 0

    If Instr(strSysVer,".2180") > 0 Then strOSLong = "Windows XP SP2"

    ElseIf Instr(Left(strSysVer,3),"4.9") > 0 Then
    strOS = "WME" : strOSLong = "Windows Me (Millennium Edition)"

    ElseIf Instr(Left(strSysVer,3),"5.2") > 0 Then
    strOS = "WXP" : strOSLong = "Windows Server 2003 (interpreted as Windows XP)"
    flagGP = True : intCLL = 0

    ElseIf Instr(Left(strSysVer,3),"6.0") > 0 Then
    strOS = "WVA" : strOSLong = "Windows Vista RC1"
    flagGP = True : intCLL = 0

    Else 'unknown strSysVer

    If flagOut = "W" Then

    intMB = MsgBox ("The " & Chr(34) & "Silent Runners" & Chr(34) &_
    " script cannot determine the operating system." & vbCRLF & vbCRLF &_
    "Click " & Chr(34) & "OK" & Chr(34) & " to send an e-mail to the " &_
    "author, providing the following information:" & vbCRLF & vbCRLF &_
    "WINVER.EXE file version = " & strSysVer & vbCRLF & vbCRLF &_
    "or click " & Chr(34) & "Cancel" & Chr(34) & " to quit.", _
    49,"O/S Unknown!")

    If intMB = 1 Then Wshso.Run "mailto:Andrew%20Aronoff%20" &_
    "<%6F%73.%76%65%72.%65%72%72%6F%72@%73%69%6C%65%6E%74%72%75%6E%6E%65%72%73.%6F%72%67>?" &_
    "subject=Silent%20Runners%20OS%20Version%20Error&body=WINVER.EXE" &_
    "%20file%20version%20=%20" & strSysVer

    Else 'flagOut = "C"

    WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " cannot " &_
    "determine the operating system." & vbCRLF & vbCRLF & "This script will exit."

    End If 'flagOut?

    WScript.Quit

    End If 'OS id'd from strSysVer?

    'use WMI to connect to the registry
    On Error Resume Next
    Dim oReg : Set oReg = GetObject("winmgmts:\root\default:StdRegProv")
    intErrNum = Err.Number : Err.Clear
    On Error Goto 0

    'detect WMI connection error
    If intErrNum <> 0 Then

    strURL = ""

    'for W98/NT4, assume WMI not installed and direct to d/l URL
    If strOS = "W98" Or strOS = "NT4" Then

    If strOS = "W98" Then strURL = "http://tinyurl.com/jbxe"
    If strOS = "NT4" Then strURL = "http://tinyurl.com/7wd7"

    'invite user to download WMI & quit
    If flagOut = "W" Then

    intMB = MsgBox ("This script requires " & Chr(34) & "WMI" &_
    Chr(34) & ", Windows Management Instrumentation, to run." &_
    vbCRLF & vbCRLF & "It can be downloaded at: " & strURL &_
    vbCRLF & vbCRLF & "Press " & Chr(34) & "OK" & Chr(34) &_
    " to direct your browser to the download site or " &_
    Chr(34) & "Cancel" & Chr(34) & " to quit.",_
    vbOKCancel + vbCritical,"WMI Not Installed!")

    If intMB = 1 Then Wshso.Run strURL

    'at command line, explain & quit
    Else 'flagOut = "C"

    WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " requires " &_
    Chr(34) & "WMI" & Chr(34) & ", Windows Management Instrumentation, " &_
    "to run." & vbCRLF & vbCRLF & "It can be downloaded at: " & strURL

    End If

    'for W2K/WXP/WVa, explain how to start the WMI service
    ElseIf strOS = "W2K" Or strOS = "WXP" or strOS = "WVA" Then

    If strOS = "W2K" Then strLine = "Settings | Control Panel | "
    If strOS = "WXP" Then strLine = "Control Panel | "
    If strOS = "WVA" Then strLine = "Control Panel | Classic View | "

    'explain how to turn on WMI service
    If flagOut = "W" Then

    MsgBox "This script requires Windows Management Instrumentation" &_
    " to run." & vbCRLF & vbCRLF & "Click on Start | " & strLine &_
    "Administrative Tools | Services," & vbCRLF &_
    "and start the " & Chr(34) & "Windows Management Instrumentation" &_
    Chr(34) & " service.",vbOKOnly + vbCritical,"WMI Service not running!"

    'at command line, explain & quit
    Else 'flagOut = "C"

    WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " requires " &_
    "Windows Management Instrumentation to run." & vbCRLF & vbCRLF &_
    "Click on Start | " & strLine & "Administrative " &_
    "Tools | Services" & vbCRLF & "and start the " & Chr(34) &_
    "Windows Management Instrumentation" & Chr(34) & " service."

    End If 'flagOut?

    Else 'WMe

    'say there's a WMI problem
    If flagOut = "W" Then

    MsgBox "This script requires WMI (Windows Management Instrumentation)" &_
    " to run," & vbCRLF & "but WMI is not running correctly.", _
    vbOKOnly + vbCritical,"WMI problem!"

    'at command line, explain & quit
    Else 'flagOut = "C"

    WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " requires " &_
    "WMI (Windows Management Instrumentation) to run," & vbCRLF &_
    "but WMI is not running correctly."

    End If 'flagOut?

    End If 'which O/S?

    WScript.Quit

    End If 'WMI execution error

    'array of Run keys, counter x 5, hive member, startup folder file,
    'startup file shortcut, IERESET.INF file
    Dim arRunKeys, i, ii, j, k, l, oHiveElmt, oSUFi, oSUSC
    'dictionary, keys, items, hard disk collection
    Dim arSK, arSKk, arSKi, colDisks

    'arrays: Run key names, keys, sub-keys, value type, SecurityProviders,
    ' Protocol filters, values
    Dim arNames(), arKeys(), arSubKeys(), arType, arSP, arFilter(), arValues
    'Sub-Directory DeskTop.Ini array, Sub-Directory Error array, Error array
    'Recognized GP names, allowed GP names
    Public arSDDTI(), arSDErr(), arErr(), arRecNames(), arAllowedNames()

    'DeskTop.Ini counter, Error counter x 2, Classes data Hive counter
    Public ctrArDTI, ctrArErr, ctrErr, ctrCH
    Public ctrFo : ctrFo = 0 'folder counter

    'name member, key array member x 4, O/S, drive root directory, work file
    Dim oName, oKey, oKey2, strMemKey, strMemSubKey, oOS, oRoot, oFileWk
    'values x 7
    Dim strValue, strValue1, strValue2, strValue3, strValue4, strValue5, strValue6
    Dim strVal, intValue, strCmd
    'name, single character, startup folder name, startup folder, array member, temp var
    Dim strName, strChr, arSUFN, oSUF, strArMember, strTmp, strTmp2
    'output string x 3
    Public strOut, strOut1, strOut2

    'output file msg x 2, warning string, title line
    Dim strLine, strLine1, strLine2, strWarn, strTitleLine
    'infection/hijack warning detection flags -- add footer note if True
    Public flagIWarn : flagIWarn = False
    Public flagHWarn : flagHWarn = False
    Dim strKey, strKey1, strKey2, strKey3, strSubKey 'register key x 4, sub-key
    'output file name string (incl. path), file name (wo path),
    'PIF path string, single binary character
    Dim strFN, strFNNP, strPIFTgt, bin1C
    Public datLaunch : datLaunch = Now 'script launch time
    Public intCnt 'counter
    'ref time, time taken by 2 pop-up boxes
    Public datRef : datRef = 0
    Public datPUB1 : datPUB1 = 0 : Public datPUB2 : datPUB2 = 0

    'TRUE if show all output (default values not filtered)
    Public flagShowAll : flagShowAll = False
    Dim strRptOutput : strRptOutput = "Output limited to non-default values, " &_
    "except where indicated by " & Chr(34) & "{++}" & Chr(34) 'output file string
    Public strTitle : strTitle = ""
    Public strSubTitle : strSubTitle = ""
    Public strSubSubTitle : strSubSubTitle = ""
    Public flagNVP : flagNVP = False 'existence of name/value pairs in a key
    Public flagInfect : flagInfect = False 'flag infected condition
    Dim flagMatch 'flag matching keys
    Dim flagAllow 'flag key on approved list
    Dim flagFound 'flag key that exists in Registry
    Dim flagDirArg : flagDirArg = False 'presence of output directory argument
    Dim flagIsCLSID : flagIsCLSID = False 'true if argument in CLSID format
    Dim flagTitle 'True if title has already been written
    Dim flagAllArg : flagAllArg = False 'presence of all output argument
    Dim flagArray 'flag array containing elements
    Public flagSupp : flagSupp = False 'do *not* check for DESKTOP.INI in all
    'directories of local fixed disks
    Dim intLBSP 'Last BackSlash Position in path string
    Dim intSS 'lowest sort subscript
    Dim intType 'value type
    Dim strDLL, strCN 'DLL name, company name
    'string to signal all output by default
    Public strAllOutDefault : strAllOutDefault = ""

    Dim ScrPath : ScrPath = Fso.GetParentFolderName(WScript.ScriptFullName)
    If Right(ScrPath,1) <> "\" Then ScrPath = ScrPath & "\"
    'initialize Path of Output File Folder to script path
    Dim strPathOFFo : strPathOFFo = ScrPath

    'hive array
    Public arHives(1,1)
    arHives(0,0) = "HKCU" : arHives(1,0) = "HKLM"
    arHives(0,1) = &H80000001 : arHives(1,1) = &H80000002

    'set up argument usage message string

    Dim strLSp, strCSp 'Leading Spaces, Centering Spaces
    strLSp = Space(4) : strCSp = Space(33) 'WScript spacing
    If flagOut = "C" Then 'CScript spacing
    strLsp = Space(3) : strCSp = Space(28)
    End If

    Dim strMsg : strMsg = "Only two arguments are permitted:" &_
    vbCRLF & vbCRLF &_
    "1. the name of an existing directory for the output report" &_
    vbCRLF & strLSp & "(embed in quotes if it contains spaces)" &_
    vbCRLF & vbCRLF & strCSp & "AND:" & vbCRLF & vbCRLF &_
    "2. " & Chr(34) & "-supp" & Chr(34) & " to search " &_
    "all directories for DESKTOP.INI DLL" & vbCRLF &_
    strLSp & "launch points" &_
    vbCRLF & vbCRLF & strCSp & "-OR-" & vbCRLF & vbCRLF &_
    "3. " & Chr(34) & "-all" & Chr(34) & " to output all non-empty " &_
    "values and all launch" & vbCRLF & strLSp & "points checked"

    'check if output directory or "-all" or "-supp" was supplied as argument
    If WshoArgs.length > 0 And WshoArgs.length <= 2 Then

    For i = 0 To WshoArgs.length-1

    'if directory arg not already passed and arg directory exists
    If Not flagDirArg And Fso.FolderExists(WshoArgs(i)) Then

    'get the path & toggle the directory arg flag
    Dim oOFFo : Set oOFFo = Fso.GetFolder(WshoArgs(i))
    strPathOFFo = oOFFo.Path : flagDirArg = True
    If Right(strPathOFFo,1) <> "\" Then strPathOFFo = strPathOFFo & "\"
    Set oOFFo=Nothing

    'if -all arg not already passed and is this arg
    ElseIf Not flagAllArg And LCase(WshoArgs(i)) = "-all" Then

    'toggle ShowAll flag, toggle the all arg flag, fill report string
    flagShowAll = True : flagAllArg = True
    strRptOutput = "Output of all locations checked and all values found."

    'if -all arg not already passed and is this arg
    ElseIf Not flagAllArg And LCase(WshoArgs(i)) = "-supp" Then
    flagSupp = True : flagAllArg = True
    strRptOutput = "Search enabled of all directories on local fixed " &_
    "drives for DESKTOP.INI" & vbCRLF & " DLL launch points" &_
    vbCRLF & strRptOutput

    'argument can't be interpreted, so explain & quit
    Else

    If flagOut = "W" Then 'pop up a message window

    Wshso.Popup "The argument:" & vbCRLF &_
    Chr(34) & UCase(WshoArgs(i)) & Chr(34) & vbCRLF &_
    "... can't be interpreted." & vbCRLF & vbCRLF &_
    strMsg,10,"Bad Script Argument", vbOKOnly + vbExclamation

    Else 'flagOut = "C" 'write the message to the console

    WScript.Echo vbCRLF & "The argument: " &_
    Chr(34) & UCase(WshoArgs(i)) & Chr(34) &_
    " can't be interpreted." & vbCRLF & vbCRLF &_
    strMsg & vbCRLF

    End If 'WScript host?

    WScript.Quit

    End If 'argument can be interpreted?

    Next 'argument

    'too many args passed
    ElseIf WshoArgs.length > 2 Then

    'explain & quit
    If flagOut = "W" Then 'pop up a message window

    Wshso.Popup "Too many arguments (" & WshoArgs.length & ") were passed." &_
    vbCRLF & vbCRLF & strMsg,10,"Too Many Arguments",_
    vbOKOnly + vbCritical

    Else 'flagOut = "C" 'write the message to the console

    WScript.Echo "Too many arguments (" & WshoArgs.length & ") were passed." &_
    vbCRLF & vbCRLF & strMsg & vbCRLF

    End If 'WScript host?

    WScript.Quit

    End If 'directory arguments passed?

    Set WshoArgs=Nothing

    datRef = Now

    'if no cmd line argument for flagSupp and not testing, show popup
    If Not flagTest And Not flagShowAll And Not flagSupp And flagOut = "W" Then

    intMB = Wshso.Popup ("Do you want to skip the supplementary search?" &_
    vbCRLF & "(It typically takes several minutes.)" & vbCRLF & vbCRLF &_
    "Press " & Chr(34) & "Yes" & Chr(34) & Space(5) &_
    " to skip the supplementary search (default)" & vbCRLF & vbCRLF &_
    Space(10) & Chr(34) & "No" & Chr(34) & Space(6) &_
    " to perform it, or" & vbCRLF & vbCRLF &_
    Space(10) & Chr(34) & "Cancel" & Chr(34) &_
    " to get more information at the web site" & vbCRLF &_
    Space(25) & "and exit the script.",_
    15,"Skip supplementary search?",_
    vbYesNoCancel + vbQuestion + vbDefaultButton1 + vbSystemModal)

    If intMB = vbNo Then

    flagSupp = True

    intMB1 = MsgBox ("Are you SURE you want to run the supplementary " &_
    "search?" & vbCRLF & vbCRLF & "It's _rarely_ necessary " &_
    "and it takes a *long* time." & vbCRLF & vbCRLF & "Press " & DQ &_
    "Yes" & DQ & " to confirm running the supplementary search, " &_
    "or" & vbCRLF & Space(10) & DQ & "No" & DQ & " to run without it.", _
    vbYesNo + vbQuestion + vbDefaultButton2 + vbSystemModal,"Are you sure?")

    If intMB1 = vbNo Then flagSupp = False

    ElseIf intMB = vbCancel Then
    Wshso.Run "https://www.silentrunners.org/thescript.html#supp"
    WScript.Quit
    End If

    End If

    datPUB1 = DateDiff("s",datRef,Now) : datRef = Now

    'inform user that script has started
    If Not flagTest Then
    If flagOut = "W" Then
    Wshso.PopUp Chr(34) & "Silent Runners" & Chr(34) & " has started." &_
    vbCRLF & vbCRLF & "A message box like this one will appear " &_
    "when it's done." & vbCRLF & vbCRLF & "Please be patient...",3,_
    "Silent Runners R" & strRevNo & " startup", _
    vbOKOnly + vbInformation + vbSystemModal
    Else
    WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " has started." &_
    " Please be patient..."
    End If 'flagOut?
    End If 'flagTest?

    datPUB2 = DateDiff("s",datRef,Now)

    'create output file name with computer name & today's date
    'Startup Programs (pc_name_here) yyyy-mm-dd.txt

    strFNNP = "Startup Programs (" & oNetwk.ComputerName & ") " &_
    FmtDate(datLaunch) & " " & FmtHMS(datLaunch) & ".txt"
    strFN = strPathOFFo & strflagTest & strFNNP
    On Error Resume Next
    If Fso.FileExists(strFN) Then Fso.DeleteFile(strFN)
    Err.Clear
    Public oFN : Set oFN = Fso.CreateTextFile(strFN,True)
    intErrNum = Err.Number : Err.Clear
    On Error Goto 0

    'if can't create report file
    If intErrNum > 0 Then

    strURL = "https://www.silentrunners.org/Silent%20Runners%20RED.vbs"

    'invite user to run RED version & quit
    If flagOut = "W" Then

    intMB = MsgBox ("The script cannot create its report file. " &_
    "This is a known, intermittent" & vbCRLF & "problem under " &_
    strOSLong & "." & vbCRLF & vbCRLF &_
    "An alternative script version is available for download. " &_
    "After it runs, " & vbCRLF & "the script you're using now will " &_
    "run correctly." & vbCRLF & vbCRLF &_
    "Press " & Chr(34) & "OK" & Chr(34) & " to direct your browser " &_
    "to the alternate script location, or" & vbCRLF & Space(10) &_
    Chr(34) & "Cancel" & Chr(34) & " to quit.",49,"CreateTextFile Error!")

    'if alternative script wanted now, send browser to dl site
    If intMB = 1 Then Wshso.Run strURL

    'explain & quit
    Else 'flagOut = "C"

    WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " cannot " &_
    "create the report file." & vbCRLF & vbCRLF &_
    "An alternative script is available. Run it, then rerun this version." &_
    vbCRLF & "The alternative script can be downloaded at: " & vbCRLF &_
    vbCRLF & strURL

    End If

    WScript.Quit

    End If 'report file creation error?

    'add report header
    Set oNetwk=Nothing

    oFN.WriteLine Chr(34) & "Silent Runners.vbs" & Chr(34) &_
    ", revision " & strRevNo & ", https://www.silentrunners.org/" &_
    vbCRLF & "Operating System: " & strOSLong & vbCRLF & strRptOutput

    'test for WMI corruption and use WMI to differentiate between
    'WXP Home & WXP Pro

    'get the O/S collection
    Dim colOS : Set colOS = GetObject("winmgmts:\root\cimv2").ExecQuery _
    ("Select * from Win32_OperatingSystem")

    On Error Resume Next

    Err.Clear

    For Each oOS in colOS

    If strOS = "WXP" Then

    'modify strOSXP if O/S = Pro
    If InStr(1,LCase(oOS.Name),"professional",1) > 0 Then
    strOSXP = "Windows XP Professional"
    flagGP = True
    End If
    'modify strOSXP if SP2
    If Right(strOSLong,3) = "SP2" Then strOSXP = strOSXP & " SP2"

    End If 'WXP?

    Next 'oOS

    If Err.Number <> 0 Then

    strURL = "http://go.microsoft.com/fwlink/?LinkId=62562"

    oFN.WriteLine vbCRLF & "FATAL ERROR!" & vbCRLF & String(12,"-") &_
    vbCRLF & vbCRLF & DQ & "Silent Runners" & DQ &_
    " cannot use WMI to identify the operating system." &_
    vbCRLF & "This is caused by corruption of the WMI installation." &_
    vbCRLF & vbCRLF &_
    "WMI is complex and it is recommended that you use a Microsoft" &_
    vbCRLF & "tool, " & DQ & "WMIDiag.vbs," & DQ & " to diagnose WMI " &_
    "on your system." & vbCRLF & vbCRLF & "It can be downloaded here:" &_
    vbCRLF & vbCRLF & strURL

    intMB = MsgBox (DQ & "Silent Runners" & DQ & " cannot use WMI to " &_
    "identify the operating system." & vbCRLF & "This is caused by " &_
    "corruption of the WMI installation." &_
    vbCRLF & vbCRLF &_
    "WMI is complex and it is recommended that you use a Microsoft" &_
    vbCRLF & "tool, " & DQ & "WMIDiag.vbs," & DQ & " to diagnose WMI " &_
    "on your system." &_
    vbCRLF & vbCRLF &_
    "Press " & DQ & "OK" & DQ & " to direct your browser to the " &_
    "WMIDiag download site or" &_
    vbCRLF & Space(10) & DQ & "Cancel" & DQ & " to quit.",_
    vbOKCancel + vbCritical + + vbSystemModal + vbDefaultButton2,_
    "Can't iterate Win32_OperatingSystem!")

    'if dl wanted now, send browser to dl site
    If intMB = 1 Then Wshso.Run strURL

    WScript.Quit

    End If 'Err.Number<>0?

    On Error Goto 0

    Set colOS=Nothing

    '#1. HKCU/HKLM... Run/RunOnce/RunOnce\Setup/RunOnceEx
    ' HKLM... RunServices/RunServicesOnce
    ' HKCU/HKLM... Policies\Explorer\Run

    intSection = intSection + 1

    'execute section if not in testing mode or (in testing mode And this section selected for testing)
    If Not flagTest Or (flagTest And SecTest) Then

    'write registry header lines to file
    strTitle = "Startup items buried in registry:"
    TitleLineWrite

    'put keys in array (Key Index 0 - 6)
    arRunKeys = Array ("Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run", _
    "Software\Microsoft\Windows\CurrentVersion\Run", _
    "Software\Microsoft\Windows\CurrentVersion\RunOnce", _
    "Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup", _
    "Software\Microsoft\Windows\CurrentVersion\RunOnceEx", _
    "Software\Microsoft\Windows\CurrentVersion\RunServices", _
    "Software\Microsoft\Windows\CurrentVersion\RunServicesOnce")

    'Key Execution Flag/Subkey Recursion Flag array
    '
    'first number in the ordered pair in the array immediately below
    ' pertains to execution of the key:
    '0: not executed (ignore)
    '1: may be executed so display with EXECUTION UNLIKELY warning
    '2: executable
    '
    'second number in the ordered pair pertains to subkey recursion
    '0: subkeys not used
    '1: subkey recursion necessary

    '0 Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    '1 Software\Microsoft\Windows\CurrentVersion\Run
    '2 Software\Microsoft\Windows\CurrentVersion\RunOnce
    '3 Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup
    '4 Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    '5 Software\Microsoft\Windows\CurrentVersion\RunServices
    '6 Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    'Hive HKCU - 0 HKLM - 1
    '
    'Key 0 1 2 3 4 5 6 0 1 2 3 4 5 6
    'Index

    'O/S:
    'W95 0,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 2,0 2,0 0,0 2,1 2,0 2,0
    'W98 0,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 2,0 2,0 2,0 2,1 2,0 2,0
    'WMe 2,1 2,1 2,0 2,0 2,1 0,0 0,0 2,1 2,1 2,0 2,0 2,1 2,0 2,0
    'NT4 0,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 2,0 2,0 0,0 2,1 0,0 0,0
    'W2K 2,1 2,1 2,1 0,0 2,1 0,0 0,0 2,1 2,1 2,1 0,0 2,1 0,0 0,0
    'WXP 2,0 2,0 2,0 0,0 2,1 0,0 0,0 2,0 2,0 2,0 0,0 2,1 0,0 0,0
    'WS2K3 ??? <-------------------- ??? --------------------> ???
    'WVa 2,0 2,0 2,0 0,0 2,1 0,0 0,0 2,0 2,0 2,0 0,0 2,1 0,0 0,0

    'arRegFlag(i,j,k): put flags in array by O/S:
    'hive = i (0 or 1), key_# = j (0-6),
    ' flags (key execution/subkey recursion) = k (0 or 1)
    ' k = 0 holds key execution value = 0/1/2
    ' 1 holds subkey recursion value = 0/1
    Dim arRegFlag()
    ReDim arRegFlag(1,6,1)

    'initialize entire array to zero
    For i = 0 To 1 : For j = 0 To 6 : For k = 0 To 1
    arRegFlag(i,j,k) = 0
    Next : Next : Next

    'add data to array for O/S that's running

    'W98
    If strOS = "W98" Then
    arRegFlag(0,1,0) = 2 'HKCU,Run = no-warn
    arRegFlag(0,2,0) = 2 'HKCU,RunOnce = no-warn
    arRegFlag(0,4,0) = 2 'HKCU,RunOnceEx = no-warn
    arRegFlag(0,4,1) = 1 'HKCU,RunOnceEx = sub-keys
    arRegFlag(1,1,0) = 2 'HKLM,Run = no-warn
    arRegFlag(1,2,0) = 2 'HKLM,RunOnce = no-warn
    'don't set HKLM,RunOnce\Setup for W95
    If strOSLong = "Windows 98" Then _
    arRegFlag(1,3,0) = 2 'HKLM,RunOnce\Setup = no-warn
    arRegFlag(1,4,0) = 2 'HKLM,RunOnceEx = no-warn
    arRegFlag(1,4,1) = 1 'HKLM,RunOnceEx = sub-keys
    arRegFlag(1,5,0) = 2 'HKLM,RunServices = no-warn
    arRegFlag(1,6,0) = 2 'HKLM,RunServicesOnce = no-warn
    End If

    If strOS = "WME" Then
    arRegFlag(0,0,0) = 2 'HKCU,Explorer\Run = no-warn
    arRegFlag(0,0,1) = 1 'HKCU,Explorer\Run = sub-keys
    arRegFlag(0,1,0) = 2 'HKCU,Run = no-warn
    arRegFlag(0,1,1) = 1 'HKCU,Run = sub-keys
    arRegFlag(0,2,0) = 2 'HKCU,RunOnce = no-warn
    arRegFlag(0,3,0) = 2 'HKCU,RunOnce\Setup = no-warn
    arRegFlag(0,4,0) = 2 'HKCU,RunOnceEx = no-warn
    arRegFlag(0,4,1) = 1 'HKCU,RunOnceEx = sub-keys
    arRegFlag(1,0,0) = 2 'HKLM,Explorer\Run = no-warn
    arRegFlag(1,0,1) = 1 'HKLM,Explorer\Run = sub-keys
    arRegFlag(1,1,0) = 2 'HKLM,Run = no-warn
    arRegFlag(1,1,1) = 1 'HKLM,Run = sub-keys
    arRegFlag(1,2,0) = 2 'HKLM,RunOnce = no-warn
    arRegFlag(1,3,0) = 2 'HKLM,RunOnce\Setup = no-warn
    arRegFlag(1,4,0) = 2 'HKLM,RunOnceEx = no-warn
    arRegFlag(1,4,1) = 1 'HKLM,RunOnceEx = sub-keys
    arRegFlag(1,5,0) = 2 'HKLM,RunServices = no-warn
    arRegFlag(1,6,0) = 2 'HKLM,RunServicesOnce = no-warn
    End If

    'NT4
    If strOS = "NT4" Then
    arRegFlag(0,1,0) = 2 'HKCU,Run = no-warn
    arRegFlag(0,2,0) = 2 'HKCU,RunOnce = no-warn
    arRegFlag(0,4,0) = 2 'HKCU,RunOnceEx = no-warn
    arRegFlag(0,4,1) = 1 'HKCU,RunOnceEx = sub-keys
    arRegFlag(1,1,0) = 2 'HKLM,Run = no-warn
    arRegFlag(1,2,0) = 2 'HKLM,RunOnce = no-warn
    arRegFlag(1,4,0) = 2 'HKLM,RunOnceEx = no-warn
    arRegFlag(1,4,1) = 1 'HKLM,RunOnceEx = sub-keys
    End If

    'W2K
    If strOs = "W2K" Then
    arRegFlag(0,0,0) = 2 'HKCU,Explorer\Run = no-warn
    arRegFlag(0,0,1) = 1 'HKCU,Explorer\Run = sub-keys
    arRegFlag(0,1,0) = 2 'HKCU,Run = no-warn
    arRegFlag(0,1,1) = 1 'HKCU,Run = sub-keys
    arRegFlag(0,2,0) = 2 'HKCU,RunOnce = no-warn
    arRegFlag(0,2,1) = 1 'HKCU,RunOnce = sub-keys (incl. Setup)
    arRegFlag(0,4,0) = 2 'HKCU,RunOnceEx = no-warn
    arRegFlag(0,4,1) = 1 'HKCU,RunOnceEx = sub-keys
    arRegFlag(1,0,0) = 2 'HKLM,Explorer\Run = no-warn
    arRegFlag(1,0,1) = 1 'HKLM,Explorer\Run = sub-keys
    arRegFlag(1,1,0) = 2 'HKLM,Run = no-warn
    arRegFlag(1,1,1) = 1 'HKLM,Run = sub-keys
    arRegFlag(1,2,0) = 2 'HKLM,RunOnce = no-warn
    arRegFlag(1,2,1) = 1 'HKLM,RunOnce = sub-keys (incl. Setup)
    arRegFlag(1,4,0) = 2 'HKLM,RunOnceEx = no-warn
    arRegFlag(1,4,1) = 1 'HKLM,RunOnceEx = sub-keys
    End If

    'WXP/WVa
    If strOs = "WXP" Or strOS = "WVA" Then
    arRegFlag(0,0,0) = 2 'HKCU,Explorer\Run = no-warn
    arRegFlag(0,1,0) = 2 'HKCU,Run = no-warn
    arRegFlag(0,2,0) = 2 'HKCU,RunOnce = no-warn
    arRegFlag(0,4,0) = 2 'HKLM,RunOnceEx = no-warn
    arRegFlag(0,4,1) = 1 'HKLM,RunOnceEx = sub-keys
    arRegFlag(1,0,0) = 2 'HKLM,Explorer\Run = no-warn
    arRegFlag(1,1,0) = 2 'HKLM,Run = no-warn
    arRegFlag(1,2,0) = 2 'HKLM,RunOnce = no-warn
    arRegFlag(1,4,0) = 2 'HKLM,RunOnceEx = no-warn
    arRegFlag(1,4,1) = 1 'HKLM,RunOnceEx = sub-keys
    End If

    'for each hive
    For i = 0 To 1

    'for each key
    For j = 0 To 6

    'if not ShowAll, show all output for Run keys
    If j = 1 And Not flagShowAll Then strAllOutDefault = " {++}"

    'if key is not ignored
    If arRegFlag(i,j,0) > 0 Then

    flagNVP = False

    'intialize string with warning if necessary
    strWarn = ""
    If arRegFlag(i,j,0) = 1 Then strWarn = "EXECUTION UNLIKELY: "

    'INFO
    'with no name/value pairs (sub-keys are identical)
    ' IsArray TypeName UBound
    'W98 True "Variant()" -1
    'WMe True "Variant()" -1
    'NT4 True "Variant()" -1
    'W2K False "Null" error (--)
    'WXP False "Null" error (--)
    'WS2K3 True "Variant()" error (--)
    'WVa False "Null" error (--)

    EnumNVP arHives(i,1), arRunKeys(j), arNames, arType

    If flagNVP Then 'name/value pairs exist

    'write the full key name
    oFN.WriteLine vbCRLF & arHives(i,0) & "\" & arRunKeys(j) & "\" & strAllOutDefault

    'for each data type in the names array
    For k = LBound(arNames) To UBound(arNames)

    'use the type to find the value
    strValue = RtnValue (arHives(i,1), arRunKeys(j), arNames(k), arType(k))
    'write the name & value
    WriteValueData arNames(k), strValue, arType(k), strWarn

    Next 'member of names array

    Else 'no name/value pairs

    If flagShowAll Then _
    oFN.WriteLine vbCRLF & arHives(i,0) & "\" & arRunKeys(j) & "\"

    End If 'flagNVP?

    'recurse subkeys if necessary
    If arRegFlag(i,j,1) = 1 Then

    'put all subkeys into array
    oReg.EnumKey arHives(i,1),arRunKeys(j),arKeys

    'excludes W2K/WXP/WVa with no sub-keys
    If IsArray(arKeys) Then

    'excludes W98/WMe/NT4/WS2K3 with no sub-keys
    For Each strMemKey in arKeys

    flagNVP = False
    strSubKey = arRunKeys(j) & "\" & strMemKey

    EnumNVP arHives(i,1), arRunKeys(j) & "\" & strMemKey,arNames,arType

    If flagNVP Then 'if name/value pairs exist

    'write the full key name
    oFN.WriteLine vbCRLF & arHives(i,0) & "\" & strSubKey &_
    "\" & strAllOutDefault

    'for each data type in the names array
    For k = LBound(arNames) To UBound(arNames)

    'use the type to find the value
    strValue = RtnValue (arHives(i,1), strSubKey, arNames(k), arType(k))
    'write the name & value
    WriteValueData arNames(k), strValue, arType(k), strWarn

    Next 'member of names array

    Else 'no name/value pairs

    If flagShowAll Then _
    oFN.WriteLine vbCRLF & arHives(i,0) & "\" & strSubKey & "\"

    End If 'flagNVP?

    Next 'sub-key

    End If 'sub-keys exist? W2K/WXP/WS2K3/WVa

    End If 'enum sub-keys?

    End If 'arRegFlag(i,j,0) > 0

    Next 'Run key

    Next 'Hive

    strAllOutDefault = "" : flagNVP = False

    'recover array memory
    ReDim arRunKeys(0)
    ReDim arKeys(0)
    ReDim arRegFlag(0)

    End If 'flagTest And SecTest?

    '#2. HKLM... Active Setup\Installed Components\
    ' HKCU... Active Setup\Installed Components\

    intSection = intSection + 1

    'execute section if not in testing mode or (in testing mode And this section selected for testing)
    If Not flagTest Or (flagTest And SecTest) Then

    'flags True if only numeric & comma chrs in Version values
    Dim flagHKLMVer, flagHKCUVer
    'StubPath Value string, HKLM Version value, HKCU Version value, HKLM program name
    Dim strSPV, strHKLMVer, strHKCUVer, strPgmName
    Dim arHKLMKeys, arHKCUKeys, strHKLMKey, strHKCUKey

    strKey = "Software\Microsoft\Active Setup\Installed Components"

    strSubTitle = "HKLM" & "\" & strKey & "\"

    'find all the subkeys
    oReg.EnumKey HKLM, strKey, arHKLMKeys 'HKLM
    oReg.EnumKey HKCU, strKey, arHKCUKeys 'HKCU

    'enumerate HKLM keys if present
    If IsArray(arHKLMKeys) Then

    'for each HKLM key
    For Each strHKLMKey In arHKLMKeys

    'INFO
    'Default Value not set:
    'W98/WMe: returns 0, strValue = ""
    'NT4/W2K/WXP/WVa: returns non-zero, strValue = Null

    'Non-Default name inexistent:
    'W98/WMe/NT4/W2K/WXP/WVa: returns non-zero, strValue = Null

    'Non-Default Value not set:
    'W2K: returns 0, strValue = unwritable string
    'W98/WMe/NT4/WXP/WVa: returns 0, strValue = ""

    'get the StubPath value
    intErrNum = oReg.GetStringValue (HKLM,strKey & "\" & strHKLMKey,"StubPath",strSPV)

    'if the StubPath name exists And value set (exc for W2K!)
    If intErrNum = 0 And strSPV <> "" Then

    flagMatch = False

    'if HKCU keys present
    If IsArray(arHKCUKeys) Then

    'for each HKCU key
    For Each strHKCUKey in arHKCUKeys

    'if identical HKLM key exists
    If LCase(strHKLMKey) = LCase(strHKCUKey) Then

    'assume Version fmts are OK
    flagHKLMVer = True : flagHKCUVer = True

    'get HKLM & HKCU Version values
    intErrNum1 = oReg.GetStringValue (HKLM,strKey & "\" & strHKLMKey, _
    "Version",strHKLMVer) 'HKLM Version #
    intErrNum2 = oReg.GetStringValue (HKCU,strKey & "\" & strHKCUKey, _
    "Version",strHKCUVer) 'HKCU Version #

    'if HKLM Version name exists And value set (exc for W2K!)
    If intErrNum1 = 0 And strHKLMVer <> "" Then

    'the next two loops check for allowed chars (numeric & comma)
    ' in returned Version values

    For i = 1 To Len(strHKLMVer)
    strChr = Mid(strHKLMVer,i,1)
    If Not IsNumeric(strChr) And strChr <> "," Then flagHKLMVer = False
    Next

    'if HKCU Version name exists And value set (exc for W2K!)
    If intErrNum2 = 0 And strHKCUVer <> "" Then

    'check that value consists only of numeric & comma chrs
    For i = 1 To Len(strHKCUVer)
    strChr = Mid(strHKCUVer,i,1)
    If Not IsNumeric(strChr) And strChr <> "," Then flagHKCUVer = False
    Next

    End If 'HKCU Version null or MT?

    'if HKLM Ver # has illegal fmt (i.e., is not assigned) or doesn't exist (is Null)
    ' or is empty, match = True
    'if HKCU/HKLM Ver # fmts OK And HKCU Ver # >= HKLM Ver #, match = True
    'if HKLM Ver # = "0,0" and HKCU Ver # = "", key will output
    ' but StubPath will not launch
    If Not flagHKLMVer Then flagMatch = True
    If flagHKLMVer And flagHKCUVer And strHKCUVer >= strHKLMVer Then flagMatch = True

    Else 'HKLM Version name doesn't exist Or value not set (exc for W2K!)

    flagMatch = True

    End If 'HKLM Version name exists And value set (exc for W2K!)?

    End If 'HKCU key=HKLM key?

    Next 'HKCU Installed Components key

    End If 'HKCU Installed Components subkeys exist?

    'if the StubPath will launch
    If Not flagMatch Then

    flagAllow = False 'assume StubPath DLL not on approved list
    strCN = CoName(IDExe(strSPV))

    'test for approved StubPath DLL
    If LCase(strHKLMKey) = ">{22d6f312-b0f6-11d0-94ab-0080c74c7e95}" And _
    (InStr(LCase(strSPV),"wmpocm.exe") > 0 Or _
    InStr(LCase(strSPV),"unregmp2.exe") > 0) And _
    strCN = MS And Not flagShowAll Then flagAllow = True

    'StubPath DLL not approved
    If Not flagAllow Then

    'get the default value (program name)
    intErrNum3 = oReg.GetStringValue (HKLM,strKey & "\" & strHKLMKey,"",strPgmName)
    'enclose pgm name in quotes if name exists and default value isn't empty
    If intErrNum3 = 0 And strPgmName <> "" Then
    strPgmName = Chr(34) & strPgmName & Chr(34)
    Else
    strPgmName = "(no title provided)"
    End If

    TitleLineWrite

    'output the CLSID & pgm name
    oFN.WriteLine strHKLMKey & "\(Default) = " & StringFilter(strPgmName,False)

    On Error Resume Next
    'output the StubPath value
    oFN.WriteLine Space(Len(strHKLMKey)+1) & "\StubPath = " &_
    Chr(34) & strSPV & Chr(34) & strCN
    'error check for W2K if StubPath value not set
    If Err.Number <> 0 Then oFN.WriteLine Space(Len(strHKLMKey)+1) & "\StubPath = " &_
    "(value not set)"
    Err.Clear
    On Error GoTo 0

    End If 'flagAllow false?

    End If 'flagMatch false?

    End If 'StubPath value exists?

    Next 'HKLM Installed Components subkey

    End If 'HKLM Installed Components subkeys exist?

    If flagShowAll Then TitleLineWrite

    'recover array memory
    ReDim arHKLMKeys(0)
    ReDim arHKCUKeys(0)

    strTitle = "" : strSubTitle = "" : strSubSubTitle = ""

    End If 'SecTest?

    '#3. HKLM... Explorer\Browser Helper Objects

    intSection = intSection + 1

    'execute section if not in testing mode or (in testing mode And this section selected for testing)
    If Not flagTest Or (flagTest And SecTest) Then

    strKey = "Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"
    strSubTitle = "HKLM" & "\" & strKey & "\"

    'find all the subkeys
    oReg.EnumKey HKLM, strKey, arSubKeys

    'enumerate data if present
    If IsArray(arSubKeys) Then

    'for each key
    For Each strSubKey In arSubKeys

    flagTitle = False

    CLSIDLocTitle HKLM, strKey & "\" & strSubKey, "", strLocTitle

    For ctrCH = intCLL To 1

    ResolveCLSID strSubKey, arHives(ctrCH,1), strCLSIDTitle, strIPSDLL

    If strIPSDLL <> "" Then

    'output the title line if not already done
    TitleLineWrite

    If Not flagTitle Then

    'error check for W2K if value not set
    On Error Resume Next
    oFN.WriteLine strSubKey & "\(Default) = " & strLocTitle
    intErrNum = Err.Number : Err.Clear
    If intErrNum <> 0 Then oFN.WriteLine strSubKey &_
    "\(Default) = (no title provided)"
    flagTitle = True
    On Error GoTo 0

    End If

    'output CLSID title, InProcServer32 DLL & CoName
    oFN.WriteLine " -> {" & arHives(ctrCH,0) & "...CLSID} = " &_
    strCLSIDTitle & vbCRLF & Space(19) & "\InProcServer32\(Default) = " &_
    StringFilter(strIPSDLL,True) & CoName(IDExe(strIPSDLL))

    End If 'strIPSDLL exists?

    Next 'CLSID hive

    Next 'BHO subkey

    End If 'BHO subkeys exist?

    'if ShowAll, output the key name if not already done
    If flagShowAll Then TitleLineWrite
    strTitle = "" : strSubTitle = "" : strSubSubTitle = ""

    'recover array memory
    ReDim arSubKeys(0)

    End If 'SecTest?

    '#4. HKLM... Shell Extensions\Approved\

    intSection = intSection + 1

    'execute section if not in testing mode or (in testing mode And this section selected for testing)
    If Not flagTest Or (flagTest And SecTest) Then

    'CLSID value, InProcessServer32 DLL name & output file version,
    'CLSID Key Title display flag
    Dim strCLSID, strIPSDLL, strIPSDLLOut, strCLSIDTitle, strLocTitle

    'Shell Extension Approved array
    Dim arSEA()
    ReDim arSEA(388,1)
    'WXP
    arSEA(0,0) = "{00022613-0000-0000-C000-000000000046}" : arSEA(0,1) = "mmsys.cpl"
    arSEA(1,0) = "{176d6597-26d3-11d1-b350-080036a75b03}" : arSEA(1,1) = "icmui.dll"
    arSEA(2,0) = "{1F2E5C40-9550-11CE-99D2-00AA006E086C}" : arSEA(2,1) = "rshx32.dll"
    arSEA(3,0) = "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" : arSEA(3,1) = "docprop.dll"
    arSEA(4,0) = "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" : arSEA(4,1) = "ntshrui.dll"
    arSEA(5,0) = "{41E300E0-78B6-11ce-849B-444553540000}" : arSEA(5,1) = "themeui.dll"
    arSEA(6,0) = "{42071712-76d4-11d1-8b24-00a0c9068ff3}" : arSEA(6,1) = "deskadp.dll"
    arSEA(7,0) = "{42071713-76d4-11d1-8b24-00a0c9068ff3}" : arSEA(7,1) = "deskmon.dll"
    arSEA(8,0) = "{42071714-76d4-11d1-8b24-00a0c9068ff3}" : arSEA(8,1) = "deskpan.dll"
    arSEA(9,0) = "{4E40F770-369C-11d0-8922-00A024AB2DBB}" : arSEA(9,1) = "dssec.dll"
    arSEA(10,0) = "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" : arSEA(10,1) = "SlayerXP.dll"
    arSEA(11,0) = "{56117100-C0CD-101B-81E2-00AA004AE837}" : arSEA(11,1) = "shscrap.dll"
    arSEA(12,0) = "{59099400-57FF-11CE-BD94-0020AF85B590}" : arSEA(12,1) = "diskcopy.dll"
    arSEA(13,0) = "{59be4990-f85c-11ce-aff7-00aa003ca9f6}" : arSEA(13,1) = "ntlanui2.dll"
    arSEA(14,0) = "{5DB2625A-54DF-11D0-B6C4-0800091AA605}" : arSEA(14,1) = "icmui.dll"
    arSEA(15,0) = "{675F097E-4C4D-11D0-B6C1-0800091AA605}" : arSEA(15,1) = "icmui.dll"
    arSEA(16,0) = "{764BF0E1-F219-11ce-972D-00AA00A14F56}" : arSEA(16,1) = ""
    arSEA(17,0) = "{77597368-7b15-11d0-a0c2-080036af3f03}" : arSEA(17,1) = "printui.dll"
    arSEA(18,0) = "{7988B573-EC89-11cf-9C00-00AA00A14F56}" : arSEA(18,1) = "dskquoui.dll"
    arSEA(19,0) = "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" : arSEA(19,1) = ""
    arSEA(20,0) = "{85BBD920-42A0-1069-A2E4-08002B30309D}" : arSEA(20,1) = "syncui.dll"
    arSEA(21,0) = "{88895560-9AA2-1069-930E-00AA0030EBC8}" : arSEA(21,1) = "hticons.dll"
    arSEA(22,0) = "{BD84B380-8CA2-1069-AB1D-08000948F534}" : arSEA(22,1) = "fontext.dll"
    arSEA(23,0) = "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" : arSEA(23,1) = "icmui.dll"
    arSEA(24,0) = "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" : arSEA(24,1) = "rshx32.dll"
    arSEA(25,0) = "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" : arSEA(25,1) = "ntshrui.dll"
    arSEA(26,0) = "{f92e8c40-3d33-11d2-b1aa-080036a75b03}" : arSEA(26,1) = "deskperf.dll"
    arSEA(27,0) = "{7444C717-39BF-11D1-8CD9-00C04FC29D45}" : arSEA(27,1) = "cryptext.dll"
    arSEA(28,0) = "{7444C719-39BF-11D1-8CD9-00C04FC29D45}" : arSEA(28,1) = "cryptext.dll"
    arSEA(29,0) = "{7007ACC7-3202-11D1-AAD2-00805FC1270E}" : arSEA(29,1) = "NETSHELL.dll"
    arSEA(30,0) = "{992CFFA0-F557-101A-88EC-00DD010CCC48}" : arSEA(30,1) = "NETSHELL.dll"
    arSEA(31,0) = "{E211B736-43FD-11D1-9EFB-0000F8757FCD}" : arSEA(31,1) = "wiashext.dll"
    arSEA(32,0) = "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" : arSEA(32,1) = "wiashext.dll"
    arSEA(33,0) = "{905667aa-acd6-11d2-8080-00805f6596d2}" : arSEA(33,1) = "wiashext.dll"
    arSEA(34,0) = "{3F953603-1008-4f6e-A73A-04AAC7A992F1}" : arSEA(34,1) = "wiashext.dll"
    arSEA(35,0) = "{83bbcbf3-b28a-4919-a5aa-73027445d672}" : arSEA(35,1) = "wiashext.dll"
    arSEA(36,0) = "{F0152790-D56E-4445-850E-4F3117DB740C}" : arSEA(36,1) = "remotepg.dll"
    arSEA(37,0) = "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" : arSEA(37,1) = "wuaucpl.cpl"
    arSEA(38,0) = "{60254CA5-953B-11CF-8C96-00AA00B8708C}" : arSEA(38,1) = "wshext.dll"
    arSEA(39,0) = "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" : arSEA(39,1) = "oledb32.dll"
    arSEA(40,0) = "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" : arSEA(40,1) = "mstask.dll"
    arSEA(41,0) = "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" : arSEA(41,1) = "mstask.dll"
    arSEA(42,0) = "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" : arSEA(42,1) = "mstask.dll"
    arSEA(43,0) = "{0DF44EAA-FF21-4412-828E-260A8728E7F1}" : arSEA(43,1) = ""
    arSEA(44,0) = "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(44,1) = "shdocvw.dll"
    arSEA(45,0) = "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(45,1) = "shdocvw.dll"
    arSEA(46,0) = "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(46,1) = "shdocvw.dll"
    arSEA(47,0) = "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(47,1) = "shdocvw.dll"
    arSEA(48,0) = "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(48,1) = "shdocvw.dll"
    arSEA(49,0) = "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(49,1) = "shdocvw.dll"
    arSEA(50,0) = "{D20EA4E1-3957-11d2-A40B-0C5020524152}" : arSEA(50,1) = "shdocvw.dll"
    arSEA(51,0) = "{D20EA4E1-3957-11d2-A40B-0C5020524153}" : arSEA(51,1) = "shdocvw.dll"
    arSEA(52,0) = "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" : arSEA(52,1) = "shmedia.dll"
    arSEA(53,0) = "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" : arSEA(53,1) = "shmedia.dll"
    arSEA(54,0) = "{E4B29F9D-D390-480b-92FD-7DDB47101D71}" : arSEA(54,1) = "shmedia.dll"
    arSEA(55,0) = "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" : arSEA(55,1) = "shmedia.dll"
    arSEA(56,0) = "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" : arSEA(56,1) = "shmedia.dll"
    arSEA(57,0) = "{c5a40261-cd64-4ccf-84cb-c394da41d590}" : arSEA(57,1) = "shmedia.dll"
    arSEA(58,0) = "{5E6AB780-7743-11CF-A12B-00AA004AE837}" : arSEA(58,1) = "browseui.dll"
    arSEA(59,0) = "{22BF0C20-6DA7-11D0-B373-00A0C9034938}" : arSEA(59,1) = "browseui.dll"
    arSEA(60,0) = "{91EA3F8B-C99B-11d0-9815-00C04FD91972}" : arSEA(60,1) = "browseui.dll"
    arSEA(61,0) = "{6413BA2C-B461-11d1-A18A-080036B11A03}" : arSEA(61,1) = "browseui.dll"
    arSEA(62,0) = "{F61FFEC1-754F-11d0-80CA-00AA005B4383}" : arSEA(62,1) = "browseui.dll"
    arSEA(63,0) = "{7BA4C742-9E81-11CF-99D3-00AA004AE837}" : arSEA(63,1) = "browseui.dll"
    arSEA(64,0) = "{30D02401-6A81-11d0-8274-00C04FD5AE38}" : arSEA(64,1) = "browseui.dll"
    arSEA(65,0) = "{32683183-48a0-441b-a342-7c2a440a9478}" : arSEA(65,1) = "browseui.dll"
    arSEA(66,0) = "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" : arSEA(66,1) = "browseui.dll"
    arSEA(67,0) = "{07798131-AF23-11d1-9111-00A0C98BA67D}" : arSEA(67,1) = "browseui.dll"
    arSEA(68,0) = "{AF4F6510-F982-11d0-8595-00AA004CD6D8}" : arSEA(68,1) = "browseui.dll"
    arSEA(69,0) = "{01E04581-4EEE-11d0-BFE9-00AA005B4383}" : arSEA(69,1) = "browseui.dll"
    arSEA(70,0) = "{A08C11D2-A228-11d0-825B-00AA005B4383}" : arSEA(70,1) = "browseui.dll"
    arSEA(71,0) = "{00BB2763-6A77-11D0-A535-00C04FD7D062}" : arSEA(71,1) = "browseui.dll"
    arSEA(72,0) = "{7376D660-C583-11d0-A3A5-00C04FD706EC}" : arSEA(72,1) = "browseui.dll"
    arSEA(73,0) = "{6756A641-DE71-11d0-831B-00AA005B4383}" : arSEA(73,1) = "browseui.dll"
    arSEA(74,0) = "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" : arSEA(74,1) = "browseui.dll"
    arSEA(75,0) = "{7e653215-fa25-46bd-a339-34a2790f3cb7}" : arSEA(75,1) = "browseui.dll"
    arSEA(76,0) = "{acf35015-526e-4230-9596-becbe19f0ac9}" : arSEA(76,1) = "browseui.dll"
    arSEA(77,0) = "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}" : arSEA(77,1) = "browseui.dll"
    arSEA(78,0) = "{00BB2764-6A77-11D0-A535-00C04FD7D062}" : arSEA(78,1) = "browseui.dll"
    arSEA(79,0) = "{03C036F1-A186-11D0-824A-00AA005B4383}" : arSEA(79,1) = "browseui.dll"
    arSEA(80,0) = "{00BB2765-6A77-11D0-A535-00C04FD7D062}" : arSEA(80,1) = "browseui.dll"
    arSEA(81,0) = "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" : arSEA(81,1) = "browseui.dll"
    arSEA(82,0) = "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" : arSEA(82,1) = "browseui.dll"
    arSEA(83,0) = "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" : arSEA(83,1) = "browseui.dll"
    arSEA(84,0) = "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" : arSEA(84,1) = "browseui.dll"
    arSEA(85,0) = "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" : arSEA(85,1) = "browseui.dll"
    arSEA(86,0) = "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" : arSEA(86,1) = "browseui.dll"
    arSEA(87,0) = "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" : arSEA(87,1) = "shdocvw.dll"
    arSEA(88,0) = "{0A89A860-D7B1-11CE-8350-444553540000}" : arSEA(88,1) = "shdocvw.dll"
    arSEA(89,0) = "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" : arSEA(89,1) = "shdocvw.dll"
    arSEA(90,0) = "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" : arSEA(90,1) = "shdocvw.dll"
    arSEA(91,0) = "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" : arSEA(91,1) = "shdocvw.dll"
    arSEA(92,0) = "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" : arSEA(92,1) = "shdocvw.dll"
    arSEA(93,0) = "{FF393560-C2A7-11CF-BFF4-444553540000}" : arSEA(93,1) = "shdocvw.dll"
    arSEA(94,0) = "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" : arSEA(94,1) = "shdocvw.dll"
    arSEA(95,0) = "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" : arSEA(95,1) = "shdocvw.dll"
    arSEA(96,0) = "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" : arSEA(96,1) = "shdocvw.dll"
    arSEA(97,0) = "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" : arSEA(97,1) = "shdocvw.dll"
    arSEA(98,0) = "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" : arSEA(98,1) = "shdocvw.dll"
    arSEA(99,0) = "{131A6951-7F78-11D0-A979-00C04FD705A2}" : arSEA(99,1) = "shdocvw.dll"
    arSEA(100,0) = "{9461b922-3c5a-11d2-bf8b-00c04fb93661}" : arSEA(100,1) = "shdocvw.dll"
    arSEA(101,0) = "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" : arSEA(101
    0
    1. benjy92260 Messages postés 24 Statut Membre
       
      qaund je lance le script j'ai le message d'erreur suivant impossible de trouver le script vbscript.
      0
  16. benjy92260 Messages postés 24 Statut Membre
     
    Event occurred on a new file created by the application: C:\WINDOWS\system32\lsass.exe. The file was moved to quarantine. You may close this window.

    j'ai encore un autre virus
    0
  17. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    - Télécharge
    http://www.malekal.com/download/DiagHelp.zip sur ton bureau
    - Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
    - Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
    - Un nouveau dossier chercher va être créé DiagHelp
    - Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
    - Une fenêtre va s'ouvrir, choisis l'option 1
    - L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.

    ATTENTION :pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

    - A la fin de l'analyse, il va peut-être (pas obligatoire) demandé de redemanderl'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
    - Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
    -- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
    -- A nouveau menu Edition / copier
    -- Dans un nouveau message ici, faire un clic droit / coller
    0
    1. benjy92260 Messages postés 24 Statut Membre
       
      C:\WINDOWS\System32/drivers\nod32drv.sys -->15/04/2007 08:34:24
      C:\WINDOWS\System32/drivers\amon.sys -->15/04/2007 08:34:24
      C:\WINDOWS\System32/drivers\MxlW2k.sys -->10/04/2007 17:50:26
      C:\WINDOWS\System32/drivers\wpdusb.sys -->11/10/2004 12:20:38
      C:\WINDOWS\System32/drivers\NTIDrvr.sys -->11/02/2004 17:44:06
      C:\WINDOWS\System32/drivers\nv4_mini.sys -->08/01/2004 00:08:00
      C:\WINDOWS\System32/drivers\alcxinit.dat -->31/12/2003 12:00:04

      C:\WINDOWS\System32\.exe -->17/04/2007 17:46:09
      C:\WINDOWS\System32\ccabbea1_s.ocx -->15/04/2007 18:45:02
      C:\WINDOWS\System32\bbadcbab4_s.dll -->15/04/2007 18:45:02
      C:\WINDOWS\System32\imon.dll -->15/04/2007 08:34:25
      C:\WINDOWS\System32\bdod.bin -->14/04/2007 22:20:21
      C:\WINDOWS\System32\tmpE66A4.FOT -->09/04/2007 17:41:43
      C:\WINDOWS\System32\tmpAF6A4.FOT -->09/04/2007 17:41:43
      C:\WINDOWS\System32\tmp697A4.FOT -->09/04/2007 17:41:43
      C:\WINDOWS\System32\tmp455A4.FOT -->09/04/2007 17:41:42
      C:\WINDOWS\System32\tmp1E5A4.FOT -->09/04/2007 17:41:42
      C:\WINDOWS\System32\wpa.dbl -->09/04/2007 17:06:09
      C:\WINDOWS\System32\PerfStringBackup.INI -->05/04/2007 13:50:23
      C:\WINDOWS\System32\perfh00C.dat -->05/04/2007 13:50:23
      C:\WINDOWS\System32\perfh009.dat -->05/04/2007 13:50:23
      C:\WINDOWS\System32\perfc00C.dat -->05/04/2007 13:50:23
      C:\WINDOWS\System32\perfc009.dat -->05/04/2007 13:50:23
      C:\WINDOWS\System32\nscompat.tlb -->05/11/2006 16:33:37
      C:\WINDOWS\System32\amcompat.tlb -->05/11/2006 16:33:37
      C:\WINDOWS\System32\isxdl_fr.dll -->21/07/2006 20:31:08
      C:\WINDOWS\System32\rmocx.dll -->01/07/2006 14:36:56
      C:\WINDOWS\System32\rmoc3260.dll -->01/07/2006 14:36:56
      C:\WINDOWS\System32\pndx5032.dll -->10/04/2006 13:29:56
      C:\WINDOWS\System32\pndx5016.dll -->10/04/2006 13:29:56
      C:\WINDOWS\System32\pncrt.dll -->10/04/2006 13:29:51
      C:\WINDOWS\System32\wucltui.dll -->26/05/2005 04:16:32

      C:\WINDOWS\0.log -->18/04/2007 08:53:53
      C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt -->18/04/2007 08:53:51
      C:\WINDOWS\wiadebug.log -->18/04/2007 08:53:36
      C:\WINDOWS\wiaservc.log -->18/04/2007 08:53:35
      C:\WINDOWS\bootstat.dat -->18/04/2007 08:53:18
      C:\WINDOWS\WindowsUpdate.log -->18/04/2007 07:49:43
      C:\WINDOWS\wmsetup.log -->17/04/2007 20:41:30
      C:\WINDOWS\SchedLgU.Txt -->17/04/2007 19:06:23
      C:\WINDOWS\WIN.INI -->17/04/2007 17:39:28
      C:\WINDOWS\setupapi.log -->17/04/2007 17:39:17
      C:\WINDOWS\system.ini -->17/04/2007 10:44:49
      C:\WINDOWS\winamp.ini -->12/04/2007 12:59:25
      C:\WINDOWS\nsreg.dat -->11/04/2007 11:36:02
      C:\WINDOWS\Windows Update.log -->09/04/2007 18:16:35
      C:\WINDOWS\wwdslcfg.log -->09/04/2007 17:10:14

      C:\WINDOWS\agrsmdel.exe |01/01/1980 00:00:00
      C:\WINDOWS\AGRSMMSG.exe |01/01/1980 00:00:00
      C:\WINDOWS\ALAUNCH.EXE |11/02/2004 17:28:55
      C:\WINDOWS\alcrmv.exe |11/02/2004 17:31:38
      C:\WINDOWS\alcupd.exe |11/02/2004 17:31:38
      C:\WINDOWS\AMOVE.EXE |11/02/2004 17:28:55
      C:\WINDOWS\APANEL.EXE |11/02/2004 17:28:55
      C:\WINDOWS\BJPSUNST.EXE |03/08/2005 15:43:22
      C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe |18/06/2004 03:07:49
      C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe |08/08/2004 08:37:42
      C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe |26/04/2005 09:30:00
      C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe |01/07/2006 15:25:54
      C:\WINDOWS\IsUn040c.exe |24/09/2004 14:34:06
      C:\WINDOWS\IsUninst.exe |11/02/2004 17:39:19
      C:\WINDOWS\LOGI_MWX.EXE |18/06/2004 03:05:19
      C:\WINDOWS\PQDISK.EXE |11/02/2004 17:28:55
      C:\WINDOWS\SOUNDMAN.EXE |11/02/2004 17:31:39
      C:\WINDOWS\twunk_16.exe |01/01/1980 00:00:00
      C:\WINDOWS\twunk_32.exe |01/01/1980 00:00:00
      C:\WINDOWS\UNINST32.EXE |01/01/1980 00:00:00
      C:\WINDOWS\UninstallFirefox.exe |24/04/2005 17:18:24
      C:\WINDOWS\twain.dll |01/01/1980 00:00:00
      C:\WINDOWS\twain_32.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\.exe |17/04/2007 17:46:09
      C:\WINDOWS\system32\agrsmdel.exe |11/02/2004 17:34:09
      C:\WINDOWS\system32\append.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\bcmwlhom.exe |17/07/2003 16:40:08
      C:\WINDOWS\system32\bcmwltry.exe |17/07/2003 16:40:08
      C:\WINDOWS\system32\bcmwlu00.exe |17/07/2003 16:40:08
      C:\WINDOWS\system32\CNMCP6d.exe |03/08/2005 15:35:29
      C:\WINDOWS\system32\CNMCP78.exe |10/04/2006 12:56:45
      C:\WINDOWS\system32\debug.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\delaySpawn.exe |09/04/2007 17:08:57
      C:\WINDOWS\system32\dosx.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\DProcess.exe |06/06/2003 17:12:18
      C:\WINDOWS\system32\dslagent.exe |09/04/2007 17:08:58
      C:\WINDOWS\system32\dvdplay.exe |23/08/2001 17:47:34
      C:\WINDOWS\system32\edlin.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\exe2bin.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\fastopen.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\gsicon.exe |09/04/2007 17:09:00
      C:\WINDOWS\system32\hkcmd.exe |11/02/2004 18:50:11
      C:\WINDOWS\system32\igfxcfg.exe |11/02/2004 18:50:11
      C:\WINDOWS\system32\igfxdiag.exe |11/02/2004 18:50:11
      C:\WINDOWS\system32\igfxext.exe |11/02/2004 18:50:11
      C:\WINDOWS\system32\igfxtray.exe |11/02/2004 18:50:13
      C:\WINDOWS\system32\java.exe |11/02/2004 17:40:49
      C:\WINDOWS\system32\javaw.exe |11/02/2004 17:40:49
      C:\WINDOWS\system32\mem.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\mscdexnt.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\nlsfunc.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvappbar.exe |11/02/2004 18:41:14
      C:\WINDOWS\system32\nvsvc32.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvudisp.exe |11/02/2004 18:16:20
      C:\WINDOWS\system32\nwiz.exe |11/02/2004 18:41:14
      C:\WINDOWS\system32\pxhpinst.exe |26/05/2004 03:21:00
      C:\WINDOWS\system32\redir.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\RM_ABG.exe |12/02/2003 16:50:06
      C:\WINDOWS\system32\RTLCPL.EXE |11/02/2004 17:31:40
      C:\WINDOWS\system32\setver.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\Set_ABG.exe |05/12/2002 13:18:56
      C:\WINDOWS\system32\share.exe |01/01/1980 00:00:00
      C:\WINDOWS\system32\usrmlnka.exe |23/08/2001 17:47:48
      C:\WINDOWS\system32\usrprbda.exe |23/08/2001 17:47:48
      C:\WINDOWS\system32\usrshuta.exe |23/08/2001 17:47:48
      C:\WINDOWS\system32\wltrysvc.exe |17/07/2003 16:40:12
      C:\WINDOWS\system32\3ivx.dll |18/11/2003 13:49:28
      C:\WINDOWS\system32\3ivxVfWCodec.dll |18/11/2003 13:49:44
      C:\WINDOWS\system32\a3d.dll |11/02/2004 17:31:39
      C:\WINDOWS\system32\amstream.dll |12/12/2002 00:14:32
      C:\WINDOWS\system32\atmfd.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\atmlib.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\Audio3D.dll |11/02/2004 17:31:39
      C:\WINDOWS\system32\bbadcbab4_s.dll |15/04/2007 18:45:02
      C:\WINDOWS\system32\btw_ci.dll |11/02/2004 17:46:21
      C:\WINDOWS\system32\CNMLM6d.DLL |03/08/2005 15:35:36
      C:\WINDOWS\system32\CNMLM78.DLL |10/04/2006 12:56:52
      C:\WINDOWS\system32\CNMVS6d.DLL |03/08/2005 15:35:00
      C:\WINDOWS\system32\CNMVS78.DLL |10/04/2006 12:56:41
      C:\WINDOWS\system32\CoInst.dll |09/04/2007 17:08:58
      C:\WINDOWS\system32\COMNCTR.DLL |18/06/2004 03:05:27
      C:\WINDOWS\system32\compatUI.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\cpuinf32.dll |17/09/2001 13:20:02
      C:\WINDOWS\system32\dgrpsetu.dll |11/02/2004 17:22:08
      C:\WINDOWS\system32\dgsetup.dll |11/02/2004 17:22:08
      C:\WINDOWS\system32\divx.dll |22/05/2003 13:27:24
      C:\WINDOWS\system32\DivXc32.dll |01/08/2002 11:03:40
      C:\WINDOWS\system32\DivXc32f.dll |22/08/2002 06:00:00
      C:\WINDOWS\system32\DSCam.Dll |24/09/2004 14:40:54
      C:\WINDOWS\system32\EqnClass.Dll |11/02/2004 17:22:08
      C:\WINDOWS\system32\FEELIT.DLL |18/06/2004 03:05:28
      C:\WINDOWS\system32\fpxlib.dll |24/09/2004 14:40:55
      C:\WINDOWS\system32\GCPL_FRENCH.dll |09/04/2007 17:08:44
      C:\WINDOWS\system32\GsiDi32.dll |09/04/2007 17:08:30
      C:\WINDOWS\system32\gspnDll.dll |09/04/2007 17:08:44
      C:\WINDOWS\system32\hccutils.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\Hmpg12.dll |03/09/2001 23:46:38
      C:\WINDOWS\system32\HMPV2_ENC.dll |30/07/2001 16:33:56
      C:\WINDOWS\system32\HMPV2_ENC_MMX.dll |23/07/2001 22:04:36
      C:\WINDOWS\system32\hticons.dll |11/02/2004 17:24:33
      C:\WINDOWS\system32\huffyuv.dll |23/08/2000 17:00:40
      C:\WINDOWS\system32\hypertrm.dll |11/02/2004 17:24:33
      C:\WINDOWS\system32\iacenc.dll |11/02/2004 17:44:35
      C:\WINDOWS\system32\iAlmCoIn_v3666.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\ialmdd5.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\ialmdev5.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\ialmdnt5.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\ialmgdev.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\ialmgicd.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\ialmrem.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\ialmrnt5.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\iccvid.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\ifc21.dll |18/06/2004 03:05:28
      C:\WINDOWS\system32\igfxdev.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\igfxdgps.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\igfxdo.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\igfxeud.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\igfxexps.dll |11/02/2004 18:50:11
      C:\WINDOWS\system32\igfxhk.dll |11/02/2004 18:50:12
      C:\WINDOWS\system32\igfxpph.dll |11/02/2004 18:50:12
      C:\WINDOWS\system32\igfxres.dll |11/02/2004 18:52:12
      C:\WINDOWS\system32\igfxress.dll |11/02/2004 18:50:12
      C:\WINDOWS\system32\igfxsrvc.dll |11/02/2004 18:50:13
      C:\WINDOWS\system32\imon.dll |15/04/2007 08:35:15
      C:\WINDOWS\system32\instDll.dll |09/04/2007 17:08:43
      C:\WINDOWS\system32\ir32_32.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\Ir41_qc.dll |22/03/1998 15:34:14
      C:\WINDOWS\system32\Ir41_qcx.dll |22/03/1998 15:34:14
      C:\WINDOWS\system32\Ir50_32.dll |11/02/2004 17:44:35
      C:\WINDOWS\system32\ir50_lcs.dll |06/11/1997 14:53:30
      C:\WINDOWS\system32\Ir50_qc.dll |22/06/2000 16:31:00
      C:\WINDOWS\system32\Ir50_qcx.dll |22/06/2000 16:31:46
      C:\WINDOWS\system32\isrdbg32.dll |11/02/2004 17:25:36
      C:\WINDOWS\system32\isxdl_fr.dll |16/11/2006 19:40:10
      C:\WINDOWS\system32\iyvu9_32.dll |11/02/2004 17:44:35
      C:\WINDOWS\system32\jgaw400.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\jgdw400.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\jgmd400.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\jgpl400.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\jgsd400.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\jgsh400.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\jpeglib.dll |24/09/2004 14:40:55
      C:\WINDOWS\system32\LCOINST.DLL |18/06/2004 03:05:18
      C:\WINDOWS\system32\lfavi11n.dll |24/09/2004 14:38:03
      C:\WINDOWS\system32\lfbmp11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\LFCMP11n.DLL |07/06/2002 04:02:00
      C:\WINDOWS\system32\lfeps11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\lffax11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\lffpx11n.dll |24/09/2004 14:38:02
      C:\WINDOWS\system32\lffpx7.dll |24/09/2004 14:38:02
      C:\WINDOWS\system32\lfgif11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\LFKODAK.DLL |24/09/2004 14:38:02
      C:\WINDOWS\system32\lfpcd11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\lfpct11n.dll |24/09/2004 14:38:02
      C:\WINDOWS\system32\lfpcx11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\Lfpng11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\lfpsd11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\lftga11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\lftif11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\lfwfx11n.dll |24/09/2004 14:38:02
      C:\WINDOWS\system32\lfwmf11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\LGUICOM.DLL |18/06/2004 03:05:27
      C:\WINDOWS\system32\lmoufrc.dll |18/06/2004 03:05:19
      C:\WINDOWS\system32\LMOUSE16.DLL |18/06/2004 03:05:27
      C:\WINDOWS\system32\LMOUSE32.DLL |18/06/2004 03:05:27
      C:\WINDOWS\system32\LTDIS11n.dll |07/06/2002 04:02:00
      C:\WINDOWS\system32\ltefx11n.dll |24/09/2004 14:38:02
      C:\WINDOWS\system32\ltfil11n.DLL |07/06/2002 04:02:00
      C:\WINDOWS\system32\ltimg11n.dll |07/06/2002 04:02:02
      C:\WINDOWS\system32\ltkrn11n.dll |07/06/2002 04:02:02
      C:\WINDOWS\system32\lttwn11n.dll |24/09/2004 14:38:03
      C:\WINDOWS\system32\Ltwvc11n.dll |07/06/2002 04:02:02
      C:\WINDOWS\system32\mciqtz32.dll |12/12/2002 00:14:32
      C:\WINDOWS\system32\mdwmdmsp.dll |23/08/2001 17:47:06
      C:\WINDOWS\system32\mplaa6.dll |31/10/2001 11:14:40
      C:\WINDOWS\system32\mplam6.dll |31/10/2001 11:14:40
      C:\WINDOWS\system32\mplapx.dll |31/10/2001 11:14:40
      C:\WINDOWS\system32\mplaw7.dll |31/10/2001 11:14:40
      C:\WINDOWS\system32\mplva6.dll |31/10/2001 11:14:40
      C:\WINDOWS\system32\mplvm6.dll |31/10/2001 11:14:40
      C:\WINDOWS\system32\mplvpx.dll |31/10/2001 11:14:40
      C:\WINDOWS\system32\mplvw7.dll |31/10/2001 11:14:40
      C:\WINDOWS\system32\msdmo.dll |12/12/2002 00:14:32
      C:\WINDOWS\system32\msencode.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\MsgPlusLoader.dll |16/04/2007 10:41:18
      C:\WINDOWS\system32\multiplex_vcd.dll |26/12/2001 16:12:30
      C:\WINDOWS\system32\NTICDMK32.dll |11/02/2004 17:44:07
      C:\WINDOWS\system32\NTIMPEG2.dll |11/02/2004 17:44:07
      C:\WINDOWS\system32\nv4_disp.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvcod.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvcodins.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvcpl.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\nview.dll |11/02/2004 18:41:14
      C:\WINDOWS\system32\nviewimg.dll |11/02/2004 18:41:14
      C:\WINDOWS\system32\nvinstnt.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvmctray.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvoglnt.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvrsda.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrsde.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrseng.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrses.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrsfr.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrsit.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrsja.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrsko.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrsnl.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrsru.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrssv.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrszhc.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvrszht.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvshell.dll |11/02/2004 18:41:14
      C:\WINDOWS\system32\nvwddi.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvwdmcpl.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\nvwrsda.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrsde.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrseng.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrses.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrsfr.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrsit.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrsja.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrsko.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrsnl.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrsru.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrssv.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrszhc.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\nvwrszht.dll |11/02/2004 18:16:21
      C:\WINDOWS\system32\ogg.dll |16/09/2003 17:41:44
      C:\WINDOWS\system32\OpenQuicktimeLib.dll |18/11/2003 13:50:24
      C:\WINDOWS\system32\paqsp.dll |23/08/2001 17:47:16
      C:\WINDOWS\system32\PCDLIB32.DLL |07/06/2002 04:02:02
      C:\WINDOWS\system32\pncrt.dll |24/09/2004 14:38:20
      C:\WINDOWS\system32\pndx5016.dll |24/09/2004 14:38:21
      C:\WINDOWS\system32\pndx5032.dll |24/09/2004 14:38:21
      C:\WINDOWS\system32\psisdecd.dll |11/02/2004 17:47:11
      C:\WINDOWS\system32\px.dll |26/05/2004 03:21:00
      C:\WINDOWS\system32\pxdrv.dll |26/05/2004 03:21:00
      C:\WINDOWS\system32\pxmas.dll |26/05/2004 03:21:00
      C:\WINDOWS\system32\pxwave.dll |26/05/2004 03:21:00
      C:\WINDOWS\system32\pxwma.dll |26/05/2004 03:21:00
      C:\WINDOWS\system32\qedwipes.dll |12/12/2002 00:14:32
      C:\WINDOWS\system32\rmoc3260.dll |24/09/2004 14:38:22
      C:\WINDOWS\system32\rmocx.dll |01/07/2006 14:36:55
      C:\WINDOWS\system32\RTLCPAPI.dll |11/02/2004 17:31:39
      C:\WINDOWS\system32\sbe.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\slbcsp.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\slbiop.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\slbrccsp.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\spnike.dll |23/08/2001 17:47:18
      C:\WINDOWS\system32\sprio600.dll |23/08/2001 17:47:18
      C:\WINDOWS\system32\sprio800.dll |23/08/2001 17:47:18
      C:\WINDOWS\system32\spxcoins.dll |11/02/2004 17:22:08
      C:\WINDOWS\system32\SynCOM.dll |11/02/2004 17:35:21
      C:\WINDOWS\system32\SynCtrl.dll |11/02/2004 17:35:21
      C:\WINDOWS\system32\SynTPAPI.dll |11/02/2004 17:35:21
      C:\WINDOWS\system32\SynTPCoI.dll |11/02/2004 17:35:21
      C:\WINDOWS\system32\SynTPFcs.dll |11/02/2004 17:35:22
      C:\WINDOWS\system32\tsd32.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\usrcntra.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrcoina.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrdpa.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrdtea.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrfaxa.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrlbva.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrrtosa.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrsdpia.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrsvpia.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrv42a.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrv80a.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrvoica.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\usrvpa.dll |23/08/2001 17:47:20
      C:\WINDOWS\system32\vboxs430.dll |12/09/2000 20:24:29
      C:\WINDOWS\system32\vobsub.dll |11/12/2002 10:19:34
      C:\WINDOWS\system32\vorbis.dll |16/09/2003 17:52:30
      C:\WINDOWS\system32\vortm.dll |24/09/2004 14:40:55
      C:\WINDOWS\system32\vp31vfw.dll |14/02/2002 11:48:12
      C:\WINDOWS\system32\vp6vfw.dll |21/10/2003 10:49:20
      C:\WINDOWS\system32\vsfilter.dll |24/11/2003 01:45:14
      C:\WINDOWS\system32\vxblock.dll |26/05/2004 03:21:00
      C:\WINDOWS\system32\win87em.dll |01/01/1980 00:00:00
      C:\WINDOWS\system32\winvocon.dll |24/09/2004 14:40:54
      C:\WINDOWS\system32\WooDial2000.dll |04/08/2004 01:20:22
      C:\WINDOWS\system32\xvid.dll |14/05/2003 16:54:02
      C:\WINDOWS\system32\_Source21.Dll |24/09/2004 14:40:54

      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\WINDOWS\system

      25/12/1998 08:15 345 983 RCDSETUP.EXE
      23/08/2001 12:00 9 728 regsvr32.exe
      2 fichier(s) 355 711 octets
      0 Rép(s) 9 436 823 552 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\WINDOWS\system32

      24/04/2003 12:00 4 096 csrss.exe
      1 fichier(s) 4 096 octets
      0 Rép(s) 9 436 823 552 octets libres

      Contenu de Downloaded Program Files
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\WINDOWS\Downloaded Program Files

      11/04/2007 11:40 <REP> .
      11/04/2007 11:40 <REP> ..
      24/01/2007 03:41 841 304 ampAx3.0.84.2.dll
      11/02/2004 17:26 65 desktop.ini
      11/04/2007 11:40 2 849 install.log
      22/06/2006 11:41 5 032 swflash.inf
      11/04/2007 11:40 38 428 unagiuninst.exe
      5 fichier(s) 887 678 octets

      Total des fichiers listés :
      5 fichier(s) 887 678 octets
      2 Rép(s) 9 436 823 552 octets libres

      Recherche de rootkit! (Merci S!Ri)

      Recherche d'infections connues



      catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
      http://www.gmer.net

      scanning hidden processes ...

      scanning hidden services ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 0

      Liste des programmes installes

      Ad-Aware SE Personal
      Adobe Flash Player 9 ActiveX
      Adobe Reader 6.0
      adsl TV
      Agere Systems AC'97 Modem
      AIM
      AIM 6
      Archiveur WinRAR
      Aspire screensaver
      Barre d'outils MSN
      BCM Wireless Network Adapter
      Broadcom Gigabit Integrated Controller
      Broadcom Gigabit Integrated Controller
      Canon iP4200
      Canon PhotoRecord
      Canon PIXMA iP5000
      Canon Utilities Easy-PhotoPrint
      Canon Utilities Easy-PrintToolBox
      CD-LabelPrint
      CleanUp!
      Complément MSN pour Windows Messenger
      Correctif Windows XP - KB824146
      Correctif Windows XP (SP2) Q811493
      Creative System Information
      Creative Zen MicroPhoto
      DCPro (remove only)
      Easy-WebPrint
      GDc++ v0.668 (v1.9 RC9 Fixed) powered by Glesius.it
      Gestionnaire de disques amovible Creative
      Google Earth
      HijackThis 1.99.1
      Indeo® Software
      Intel(R) Extreme Graphics 2 Driver
      Java 2 Runtime Environment, SE v1.4.2_01
      jv16 PowerTools 2006
      K-Lite Codec Pack 2.20 Full
      Launch Manager
      Lecteur Windows Media 10
      Logiciel iTouch de Logitech
      Logitech Desktop Messenger
      Logitech MouseWare 9.79
      Logitech Resource Center
      Messager Wanadoo
      Messenger Plus! 3
      Microsoft Works 7.0
      Modem DSL ECI Telecom
      Mozilla Firefox (1.0.1)
      MSN Messenger 7.0
      MUSICMATCH(R) Jukebox
      NOD32 antivirus system
      NOD32 FiX v2.1
      NTI CD & DVD-Maker
      NTI CD & DVD-Maker 6.5 Gold
      NVIDIA Display Driver
      Outlook Express Update Q330994
      Philips ToUcam Fun Camera
      PowerDVD
      RadioBlogClub Downloader v1.0
      Reality Fusion GameCam SE
      Reality Fusion VBall
      RealPlayer
      Realtek AC'97 Audio
      SmartFTP
      SpotLife
      Spybot - Search & Destroy 1.4
      SuperDJ(TM) 1.10.0
      Synaptics Pointing Device Driver
      TMPGEnc DVD Author 1.5
      Ulead Photo Explorer 6.0
      VideoLAN VLC media player 0.8.6a
      VideoLink Mail
      Viewpoint Media Player
      Wanadoo
      WebFldrs XP
      Winamp (remove only)
      Windows Media Format Runtime
      WLAN
      WLAN 802.11g mini-PCI Module



      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\Program Files

      18/04/2007 08:00 <REP> .
      18/04/2007 08:00 <REP> ..
      11/02/2004 17:39 <REP> Acer Inc
      11/02/2004 17:43 <REP> Adobe
      14/04/2007 15:08 <REP> adslTV
      11/04/2007 11:41 <REP> AIM6
      26/04/2005 08:33 <REP> AIM95
      11/02/2004 17:53 <REP> Aspire screensaver
      11/02/2004 17:31 <REP> AvRack
      11/02/2004 17:33 <REP> Broadcom
      19/08/2005 11:07 <REP> C2Media
      03/08/2005 15:43 <REP> Canon
      16/04/2007 10:59 <REP> CleanUp!
      09/06/2005 01:00 1 152 409 cnb_2600.tb_
      28/04/2005 01:00 130 379 cnb78ca0.ic_
      09/06/2005 01:00 131 999 cnb78cb0.ic_
      28/03/2005 01:00 132 013 cnb78cc0.ic_
      28/03/2005 01:00 128 135 cnb78db0.ic_
      28/03/2005 01:00 131 477 cnb78eb0.ic_
      28/03/2005 01:00 128 783 cnb78ed0.ic_
      30/03/2001 01:00 5 617 cnbjprn2.ic_
      27/01/2005 05:30 224 cnm.in_
      09/06/2005 06:00 32 527 cnm_0260.dl_
      15/04/2005 06:00 18 389 cnmbr260.dl_
      15/04/2005 06:00 273 149 cnmdrv.dl_
      15/04/2005 06:00 63 127 cnmdump5.dl_
      15/04/2005 06:00 10 577 cnmfus.dl_
      19/05/2005 15:00 48 128 cnmi0404.dll
      25/05/2005 02:10 57 344 cnmi0405.dll
      25/05/2005 02:10 57 856 cnmi0406.dll
      25/05/2005 02:10 65 024 cnmi0407.dll
      25/05/2005 02:10 61 440 cnmi0408.dll
      08/03/2005 19:16 56 832 cnmi0409.dll
      25/05/2005 02:10 57 344 cnmi040b.dll
      25/05/2005 02:10 64 512 cnmi040c.dll
      25/05/2005 02:10 58 368 cnmi040e.dll
      25/05/2005 02:10 59 392 cnmi0410.dll
      08/03/2005 19:16 50 688 cnmi0411.dll
      19/05/2005 15:00 50 688 cnmi0412.dll
      25/05/2005 02:10 59 904 cnmi0413.dll
      25/05/2005 02:10 57 856 cnmi0414.dll
      25/05/2005 02:10 58 368 cnmi0415.dll
      25/05/2005 02:10 58 368 cnmi0419.dll
      25/05/2005 02:10 57 856 cnmi041d.dll
      19/05/2005 15:00 56 320 cnmi041e.dll
      25/05/2005 02:10 57 344 cnmi041F.dll
      19/05/2005 15:00 47 616 cnmi0804.dll
      25/05/2005 02:10 59 392 cnmi0816.dll
      25/05/2005 02:10 59 392 cnmi0c0a.dll
      15/04/2005 06:00 3 128 cnminst.dl_
      09/05/2002 22:10 7 204 cnminst2.dll
      08/03/2005 19:16 61 952 cnmis.dll
      08/03/2005 19:16 5 632 cnmis4.dll
      08/03/2005 19:16 18 944 cnmis5.dll
      15/04/2005 06:00 70 431 cnmlmon2.dl_
      15/04/2005 06:00 10 940 cnmlr.dl_
      19/05/2005 15:00 8 854 cnmlrcn.dl_
      25/05/2005 06:10 12 700 cnmlrcz.dl_
      25/05/2005 06:10 13 322 cnmlrde.dl_
      25/05/2005 06:10 12 554 cnmlrdk.dl_
      25/05/2005 06:10 12 906 cnmlres.dl_
      25/05/2005 06:10 12 050 cnmlrfi.dl_
      25/05/2005 06:10 13 000 cnmlrfr.dl_
      25/05/2005 06:10 14 548 cnmlrgr.dl_
      25/05/2005 06:10 13 198 cnmlrhu.dl_
      25/05/2005 06:10 12 280 cnmlrit.dl_
      15/04/2005 06:00 9 457 cnmlrj.dl_
      19/05/2005 15:00 9 770 cnmlrkr.dl_
      25/05/2005 06:10 12 412 cnmlrnl.dl_
      25/05/2005 06:10 12 050 cnmlrno.dl_
      25/05/2005 06:10 13 792 cnmlrpl.dl_
      25/05/2005 06:10 12 406 cnmlrpt.dl_
      25/05/2005 06:10 12 766 cnmlrru.dl_
      25/05/2005 06:10 12 426 cnmlrse.dl_
      19/05/2005 15:00 10 808 cnmlrth.dl_
      25/05/2005 06:10 11 882 cnmlrTr.dl_
      19/05/2005 15:00 9 112 cnmlrtw.dl_
      09/06/2005 06:00 12 362 cnmop78.dl_
      15/04/2005 06:00 26 063 cnmp_260.dl_
      15/04/2005 06:00 1 104 cnmp0.da_
      15/04/2005 06:00 1 076 cnmp1.da_
      15/04/2005 06:00 1 676 cnmp2.da_
      01/02/2002 17:29 15 300 cnmpar21.sys
      15/04/2005 06:00 16 539 cnmpcomm.dl_
      15/04/2005 06:00 10 028 cnmpd.dl_
      15/04/2005 06:00 31 054 cnmpp.dl_
      15/04/2005 06:00 41 376 cnmpv.dl_
      15/04/2005 06:00 12 631 cnmqueue.dl_
      15/04/2005 06:00 13 222 cnmsmsd.dl_
      15/04/2005 06:00 8 402 cnmsr.dl_
      19/05/2005 15:00 6 630 cnmsrcn.dl_
      25/05/2005 06:10 9 666 cnmsrcz.dl_
      25/05/2005 06:10 10 110 cnmsrde.dl_
      25/05/2005 06:10 9 324 cnmsrdk.dl_
      25/05/2005 06:10 9 804 cnmsres.dl_
      25/05/2005 06:10 8 830 cnmsrfi.dl_
      25/05/2005 06:10 9 700 cnmsrfr.dl_
      25/05/2005 06:10 11 030 cnmsrgr.dl_
      25/05/2005 06:10 9 904 cnmsrhu.dl_
      25/05/2005 06:10 9 368 cnmsrit.dl_
      15/04/2005 06:00 7 089 cnmsrj.dl_
      19/05/2005 15:00 7 572 cnmsrkr.dl_
      25/05/2005 06:10 9 240 cnmsrnl.dl_
      25/05/2005 06:10 9 036 cnmsrno.dl_
      25/05/2005 06:10 10 328 cnmsrpl.dl_
      25/05/2005 06:10 9 414 cnmsrpt.dl_
      25/05/2005 06:10 9 736 cnmsrru.dl_
      25/05/2005 06:10 9 362 cnmsrse.dl_
      19/05/2005 15:00 8 100 cnmsrth.dl_
      25/05/2005 06:10 8 680 cnmsrTr.dl_
      19/05/2005 15:00 6 722 cnmsrtw.dl_
      15/04/2005 06:00 85 620 cnmstmn.dl_
      15/04/2005 06:00 16 116 cnmstsr.sm_
      15/04/2005 06:00 361 166 cnmui.dl_
      08/03/2005 19:17 90 112 cnmunins.exe
      15/04/2005 06:00 30 236 cnmur.dl_
      19/05/2005 15:00 26 496 cnmurcn.dl_
      25/05/2005 06:10 32 800 cnmurcz.dl_
      25/05/2005 06:20 33 490 cnmurde.dl_
      25/05/2005 06:10 31 910 cnmurdk.dl_
      25/05/2005 06:10 32 810 cnmures.dl_
      25/05/2005 06:10 31 606 cnmurfi.dl_
      25/05/2005 06:10 33 038 cnmurfr.dl_
      25/05/2005 06:10 35 962 cnmurgr.dl_
      25/05/2005 06:10 32 898 cnmurhu.dl_
      25/05/2005 06:10 32 106 cnmurit.dl_
      15/04/2005 06:00 28 671 cnmurj.dl_
      19/05/2005 15:00 28 372 cnmurkr.dl_
      25/05/2005 06:10 32 082 cnmurnl.dl_
      25/05/2005 06:10 31 034 cnmurno.dl_
      25/05/2005 06:10 33 918 cnmurpl.dl_
      25/05/2005 06:10 32 242 cnmurpt.dl_
      25/05/2005 06:10 34 088 cnmurru.dl_
      25/05/2005 06:10 31 936 cnmurse.dl_
      19/05/2005 15:00 30 386 cnmurth.dl_
      25/05/2005 06:10 31 744 cnmurTr.dl_
      19/05/2005 15:00 26 876 cnmurtw.dl_
      15/04/2005 06:00 3 672 cnmvs.dl_
      08/03/2005 19:16 23 040 cnmvsa.exe
      15/04/2005 06:00 3 124 cnmw3.dl_
      11/02/2004 17:25 <REP> ComPlus Applications
      05/11/2006 16:32 <REP> Creative
      25/05/2004 20:39 <REP> Cucusoft
      11/02/2004 17:45 <REP> CyberLink
      21/08/2004 18:23 <REP> DCPro
      12/03/2002 22:54 45 056 devid.dll
      09/04/2007 17:08 <REP> ECI Telecom
      15/04/2007 10:28 <REP> ESET
      12/05/2005 17:38 5 133 eula0404.txt
      08/02/2005 12:04 11 504 eula0405.txt
      24/06/2005 11:46 12 728 eula0406.txt
      13/05/2005 14:54 18 199 eula0407.txt
      08/02/2005 11:48 13 484 eula0408.txt
      28/03/2005 17:00 11 665 eula0409_euro.txt
      06/01/2005 18:20 8 824 eula0409_us.txt
      08/02/2005 11:31 12 438 eula040b.txt
      10/06/2005 16:05 11 558 eula040c_euro.txt
      08/02/2005 10:16 10 796 eula040c_us.txt
      08/02/2005 12:04 13 205 eula040e.txt
      08/02/2005 11:32 12 202 eula0410.txt
      12/01/2005 17:41 6 297 eula0411.txt
      16/02/2005 16:37 7 100 eula0412.txt
      08/02/2005 11:31 15 126 eula0413.txt
      08/02/2005 11:32 11 761 eula0414.txt
      08/02/2005 12:03 12 374 eula0415.txt
      24/06/2005 11:56 15 315 eula0419.txt
      08/02/2005 11:32 12 307 eula041d.txt
      22/02/2005 12:24 7 596 eula041e.txt
      01/03/2005 09:52 11 966 eula041F.txt
      16/02/2005 16:36 4 798 eula0804.txt
      08/02/2005 11:32 12 781 eula0816_euro.txt
      08/02/2005 10:17 9 227 eula0816_us.txt
      24/06/2005 12:15 13 086 eula0c0a_euro.txt
      08/02/2005 10:17 9 739 eula0c0a_us.txt
      14/04/2007 22:08 <REP> Fichiers communs
      15/04/2007 16:09 <REP> FlashFXP
      09/11/2006 19:37 <REP> Google
      15/04/2005 06:00 22 241 helpkicker.ex_
      11/02/2004 17:29 <REP> Intel
      11/02/2004 17:25 <REP> Internet Explorer
      10/04/2006 12:55 <REP> ip4200
      01/08/2005 01:11 69 716 ip4200.cat
      19/07/2005 06:12 18 740 ip4200.inf
      11/02/2004 17:40 <REP> Java
      15/04/2007 18:44 <REP> jv16 PowerTools 2006
      10/11/2004 18:29 <REP> Kaspersky Lab
      26/05/2004 04:00 <REP> K-Lite Codec Pack
      11/02/2004 17:41 <REP> Launch Manager
      15/04/2007 13:07 <REP> Lavasoft
      11/02/2004 17:44 <REP> Ligos
      18/06/2004 03:07 <REP> Logitech
      11/02/2004 17:34 <REP> ltmoh
      04/08/2004 01:20 <REP> Messager Wanadoo
      11/02/2004 17:24 <REP> Messenger
      24/04/2005 20:14 <REP> MessengerPlus! 3
      20/05/2005 15:00 122 417 mh78cn.ch_
      25/05/2005 01:00 120 589 mh78cz.ch_
      25/05/2005 01:00 121 717 mh78de.ch_
      25/05/2005 01:00 114 973 mh78dk.ch_
      25/05/2005 01:00 122 491 mh78es.ch_
      25/05/2005 06:00 114 493 mh78fi.ch_
      25/05/2005 01:00 119 091 mh78fr.ch_
      25/05/2005 01:00 132 377 mh78gr.ch_
      25/05/2005 01:00 122 605 mh78hu.ch_
      25/05/2005 01:00 117 397 mh78it.ch_
      15/04/2005 01:00 139 053 mh78jp.ch_
      20/05/2005 15:00 135 231 mh78kr.ch_
      25/05/2005 01:00 115 999 mh78nl.ch_
      25/05/2005 01:00 112 917 mh78no.ch_
      25/05/2005 01:00 124 661 mh78pl.ch_
      25/05/2005 01:00 117 451 mh78pt.ch_
      25/05/2005 01:00 124 611 mh78ru.ch_
      25/05/2005 01:00 113 449 mh78se.ch_
      20/05/2005 15:00 137 361 mh78th.ch_
      25/05/2005 06:00 115 241 mh78Tr.ch_
      20/05/2005 15:00 123 259 mh78tw.ch_
      15/04/2005 01:00 108 777 mh78us.ch_
      11/02/2004 17:26 <REP> microsoft frontpage
      16/02/2004 16:53 <REP> Microsoft Works
      11/02/2004 17:25 <REP> Movie Maker
      15/04/2007 16:09 <REP> Mozilla Firefox
      11/02/2004 17:24 <REP> MSN
      04/08/2004 18:13 <REP> MSN Apps
      11/02/2004 17:24 <REP> MSN Gaming Zone
      24/04/2005 20:26 <REP> MSN Messenger
      18/06/2004 03:06 <REP> MUSICMATCH
      11/02/2004 17:25 <REP> NetMeeting
      11/02/2004 17:44 <REP> NewTech Infosystems
      25/05/2004 19:50 <REP> O2Micro
      11/02/2004 17:25 <REP> Outlook Express
      26/05/2004 03:21 <REP> Pegasys Inc
      24/09/2004 14:40 <REP> Philips ToUcam Camera
      16/11/2006 19:40 <REP> RadioBlogClub Downloader
      25/05/2005 06:10 29 124 Readme_Czech.txt
      25/05/2005 06:10 31 844 Readme_Danish.txt
      25/05/2005 06:10 33 561 Readme_Dutch.txt
      19/04/2005 16:54 29 281 readme_english.txt
      25/05/2005 06:10 29 619 Readme_Finnish.txt
      25/05/2005 06:10 35 043 Readme_French.txt
      25/05/2005 06:10 34 813 Readme_German.txt
      25/05/2005 06:10 38 518 Readme_Greek.txt
      25/05/2005 06:10 31 559 Readme_Hungarian.txt
      25/05/2005 06:10 34 109 Readme_Italian.txt
      15/04/2005 11:36 27 503 readme_japanese.txt
      19/05/2005 16:00 25 991 Readme_Korean.txt
      25/05/2005 06:10 30 683 Readme_Norwegian.txt
      25/05/2005 06:10 35 455 Readme_Polish.txt
      25/05/2005 06:10 34 281 Readme_Portuguese.txt
      25/05/2005 06:10 32 243 Readme_Russian.txt
      19/05/2005 16:00 20 093 Readme_Simplified_Chinese.txt
      25/05/2005 06:10 34 527 Readme_Spanish.txt
      25/05/2005 06:10 30 549 Readme_Swedish.txt
      19/05/2005 16:00 27 904 Readme_Thai.txt
      19/05/2005 16:00 20 061 Readme_Traditional_Chinese.txt
      25/05/2005 06:10 30 360 readme_Turkish.txt
      24/09/2004 14:38 <REP> Real
      11/02/2004 17:31 <REP> Realtek Sound Manager
      11/02/2004 17:24 <REP> Services en ligne
      08/03/2005 19:17 167 936 setup.exe
      15/04/2005 06:00 1 960 setup.ini
      20/05/2005 15:00 39 507 sh78cn.ch_
      25/05/2005 01:00 40 581 sh78cz.ch_
      25/05/2005 01:00 40 277 sh78de.ch_
      25/05/2005 01:00 39 883 sh78dk.ch_
      25/05/2005 01:00 40 433 sh78es.ch_
      25/05/2005 06:00 39 919 sh78fi.ch_
      25/05/2005 01:00 40 873 sh78fr.ch_
      25/05/2005 01:00 41 615 sh78gr.ch_
      25/05/2005 01:00 40 359 sh78hu.ch_
      25/05/2005 01:00 40 067 sh78it.ch_
      15/04/2005 01:00 40 925 sh78jp.ch_
      20/05/2005 15:00 40 567 sh78kr.ch_
      25/05/2005 01:00 39 523 sh78nl.ch_
      25/05/2005 01:00 39 739 sh78no.ch_
      25/05/2005 01:00 40 741 sh78pl.ch_
      25/05/2005 01:00 40 317 sh78pt.ch_
      25/05/2005 01:00 41 295 sh78ru.ch_
      25/05/2005 01:00 39 679 sh78se.ch_
      20/05/2005 15:00 40 559 sh78th.ch_
      25/05/2005 06:00 39 385 sh78Tr.ch_
      20/05/2005 15:00 39 847 sh78tw.ch_
      15/04/2005 01:00 39 231 sh78us.ch_
      30/04/2005 16:16 <REP> SmartFTP
      30/04/2005 16:16 <REP> SmartFTP Setup Files
      15/04/2007 09:15 <REP> Spybot - Search & Destroy
      11/02/2004 17:35 <REP> Synaptics
      24/09/2004 14:39 <REP> Ulead Systems
      10/04/2007 09:38 <REP> VideoLAN
      24/09/2004 14:40 <REP> VideoLink Mail
      11/04/2007 11:40 <REP> Viewpoint
      18/04/2007 08:54 <REP> Wanadoo
      25/04/2005 20:54 <REP> WildTangent
      15/07/2005 11:36 <REP> Winamp
      05/11/2006 16:33 <REP> Windows Media Player
      11/02/2004 17:24 <REP> Windows NT
      28/05/2004 22:31 <REP> WinRAR
      25/05/2004 19:50 <REP> WLAN 802.11g mini-PCI Module
      11/02/2004 17:26 <REP> xerox
      225 fichier(s) 10 542 851 octets
      73 Rép(s) 9 424 007 168 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\Program Files\fichiers communs

      14/04/2007 22:08 <REP> .
      14/04/2007 22:08 <REP> ..
      23/08/2004 13:23 <REP> Adobe
      11/04/2007 11:39 <REP> AOL
      05/11/2006 16:25 <REP> InstallShield
      11/02/2004 17:40 <REP> Java
      18/06/2004 03:04 <REP> Logitech
      11/02/2004 17:22 <REP> Microsoft Shared
      11/02/2004 17:25 <REP> MSSoap
      11/02/2004 17:22 <REP> ODBC
      10/04/2006 13:30 <REP> Real
      11/02/2004 17:25 <REP> Services
      24/09/2004 14:40 <REP> Smith Micro Shared
      17/04/2007 17:40 <REP> Softwin
      11/02/2004 17:22 <REP> SpeechEngines
      07/07/2005 17:28 <REP> Symantec Shared
      11/02/2004 17:25 <REP> System
      10/04/2006 13:30 <REP> xing shared
      0 fichier(s) 0 octets
      18 Rép(s) 9 424 007 168 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

      11/02/2004 17:30 <REP> .
      11/02/2004 17:30 <REP> ..
      18/05/2001 17:57 561 209 MSONSEXT.DLL
      03/06/1999 14:09 122 937 MSOWS409.DLL
      07/03/2001 09:00 127 033 MSOWS40c.DLL
      3 fichier(s) 811 179 octets
      2 Rép(s) 9 424 007 168 octets libres
      Le volume dans le lecteur C s'appelle ACER
      Le numéro de série du volume est E414-D070

      Répertoire de C:\

      11/11/2001 00:00 68 096 diff.exe
      27/08/2006 14:10 103 424 grep.exe
      2 fichier(s) 171 520 octets
      0 Rép(s) 9 424 007 168 octets libres
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\AIMinst.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\AIMLang.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\alsetup.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\aoldlmgr.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\migrator.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\ocpinst.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\postproc.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\setup.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\tbsetup.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\unagi3.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\Vwpt.exe
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\Cnmvsa.exe
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\helpkicker.exe
      c:\Documents and Settings\benjy\LDCPlusPlus.exe
      c:\Documents and Settings\benjy\MpSetup.exe
      c:\Documents and Settings\benjy\.housecall6.6\getMac.exe
      c:\Documents and Settings\benjy\.housecall6.6\patch.exe
      c:\Documents and Settings\benjy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
      c:\Documents and Settings\benjy\Bureau\a2AntiMalwareSetup.exe
      c:\Documents and Settings\benjy\Bureau\aawsepersonal.exe
      c:\Documents and Settings\benjy\Bureau\CleanUp40.exe
      c:\Documents and Settings\benjy\Bureau\CleanUp40-1.exe
      c:\Documents and Settings\benjy\Bureau\CleanUp40-2.exe
      c:\Documents and Settings\benjy\Bureau\dotnetfx.exe
      c:\Documents and Settings\benjy\Bureau\FixBlast.exe
      c:\Documents and Settings\benjy\Bureau\FlashFXP_302_Setup.exe
      c:\Documents and Settings\benjy\Bureau\FlashFXP_31_RC1_Setup.exe
      c:\Documents and Settings\benjy\Bureau\GoogleEarthWin.exe
      c:\Documents and Settings\benjy\Bureau\GoogleEarthWin_EARE.exe
      c:\Documents and Settings\benjy\Bureau\GoogleEarthWin-1.exe
      c:\Documents and Settings\benjy\Bureau\Installer_AIM.exe
      c:\Documents and Settings\benjy\Bureau\jv16pt_setup.exe
      c:\Documents and Settings\benjy\Bureau\Lopxp.exe
      c:\Documents and Settings\benjy\Bureau\mwav.exe
      c:\Documents and Settings\benjy\Bureau\new_uninstall.exe
      c:\Documents and Settings\benjy\Bureau\RadioBlogClub_Downloader_setup.exe
      c:\Documents and Settings\benjy\Bureau\SDFix.exe
      c:\Documents and Settings\benjy\Bureau\SFTPMSI.exe
      c:\Documents and Settings\benjy\Bureau\SFTPMSI-1.exe
      c:\Documents and Settings\benjy\Bureau\spybotsd14.exe
      c:\Documents and Settings\benjy\Bureau\BitDefender 10.0\BitDefender 10.0\bitdefender_antivirus_plus.exe
      c:\Documents and Settings\benjy\Bureau\BitDefender_Internet_Security_v10.5_-_Final_working\BitDefender Internet Security v10.0 - ORION\bitdefender_isecurity_v10.exe
      c:\Documents and Settings\benjy\Bureau\BitDefender_Internet_Security_v10.5_-_Final_working\BitDefender Internet Security v10.0 - ORION\keygen.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\catchme.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\diff.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\dumphive.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\FilesInfoCmd.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\Fport.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\grep.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\LFiles.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\LISTDLLS.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\pslist.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\streams.exe
      c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\swreg.exe
      c:\Documents and Settings\benjy\Bureau\Lopxp\tools\EchoX.exe
      c:\Documents and Settings\benjy\Bureau\Lopxp\tools\lsTasks.exe
      c:\Documents and Settings\benjy\Bureau\Lopxp\tools\Process.exe
      c:\Documents and Settings\benjy\Bureau\Lopxp\tools\Str.exe
      c:\Documents and Settings\benjy\Bureau\NO\NOD32.Antivirus2.70.16 FINAL\NOD32.exe
      c:\Documents and Settings\benjy\Bureau\NO\NOD32.Antivirus2.70.16 FINAL\NOD32.FiX.v2.1-nsane.exe
      c:\Documents and Settings\benjy\Downloads\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\PtokaX.exe
      c:\Documents and Settings\benjy\Downloads\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\upx.exe
      c:\Documents and Settings\benjy\Downloads\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\PtokaX.exe
      c:\Documents and Settings\benjy\Downloads\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\upx.exe
      c:\Documents and Settings\benjy\Mes documents\vlc-0.8.5-win32.exe
      c:\Documents and Settings\benjy\Mes documents\migneau.benjamin\DCPro.Installer.v.45E\DCPro.Installer.v.45E.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\Catchme.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\cliptext.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\download.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\LS.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\MD5File.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\MoveEx.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\Process.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\RegDACL.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\RestartIt!.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\sc.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\SF.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\swreg.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\swsc.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\unzip.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\zip.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\Replace\W2K.exe
      c:\Documents and Settings\benjy\Mes documents\SDFix\apps\Replace\XP.exe
      c:\Documents and Settings\Default User\MpSetup.exe
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\AOLFirewallMgr.dll
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\gui.dll
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\imappver.dll
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\instSup.dll
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\ocpchk.dll
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\postinst.dll
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\ProgUpd.dll
      c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\tbinst.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0404\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0404\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0404\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0405\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0405\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0405\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0406\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0406\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0406\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0407\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0407\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0407\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0408\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0408\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0408\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0409\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0409\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0409\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040b\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040b\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040b\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040c\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040c\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040c\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040e\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040e\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040e\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0410\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0410\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0410\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0411\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0411\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0411\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0412\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0412\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0412\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0413\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0413\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0413\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0414\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0414\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0414\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0415\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0415\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0415\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0419\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0419\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0419\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041D\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041D\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041D\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041E\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041E\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041E\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041F\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041F\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041F\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0804\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0804\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0804\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0816\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0816\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0816\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0c0a\CNMlr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0c0a\CNMsr78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0c0a\CNMur78.dll
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNM_0260.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMBR260.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMDRV.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMDUMP5.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMFUS.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMINST.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLMON2.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLR.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRCN.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRCZ.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRDE.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRDK.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRES.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRFI.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRFR.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRGR.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRHU.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRIT.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRJ.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRKR.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRNL.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRNO.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRPL.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRPT.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRRU.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRSE.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTH.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTR.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTW.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMOP78.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMP_260.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPCOMM.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPD.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPP.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPV.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMQUEUE.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSMSD.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSR.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRCN.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRCZ.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRDE.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRDK.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRES.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRFI.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRFR.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRGR.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRHU.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRIT.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRJ.DLL
      c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOW
      0
  18. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Attention a tes telechargements de keygens !
    Ou en sont tes soucis?

    A+
    0
    1. benjy92260 Messages postés 24 Statut Membre
       
      j'ai mis awast comme antivirus cela va mieux, j'ai encore cette fenetre grise avec ce message, la bonne nouvelle c'est que j'ai plus le virus .exe du system32
      0
      1. benjy92260 Messages postés 24 Statut Membre > benjy92260 Messages postés 24 Statut Membre
         
        awast m'a retiré un virus dans dans wanadoo
        0
  19. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re,

    Dans Wanadoo? Bizarre.

    - Télécharge http://www.malekal.com/download/clean.zip, décompresse-le sur ton bureau (clic droit /
    extraire tout), tu dois obtenir un dossier clean.

    Démarre en mode sans echec.

    Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
    Double-clic sur clean. Cela va ouvrir une fenêtre noire.
    Un menu va apparaître, choisis l'option 2 en appuyant sur la touche 2 de ton clavier.
    Clean va travailler.
    Un rapport va etre généré, sauvegarde le, redemarre en mode normal et colle le contenu entier ici.
    0
    1. benjy92260 Messages postés 24 Statut Membre
       
      salut

      j'ai un petit probleme

      The requested URL /download/clean.zip, was not found on this server.
      0
  20. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re,

    J'ai mis une virgule en trop dans le lien, désolé.

    http://www.malekal.com/download/clean.zip

    Ca devrait être mieux :)

    A+
    0
    1. benjy92260 Messages postés 24 Statut Membre
       
      salut

      Rapport clean par Malekal_morte - http://www.malekal.com
      Script execute en mode sans echec 18/04/2007 a 19:55:21,73

      Microsoft Windows XP [version 5.1.2600]

      *** Suppression des fichiers dans C:

      *** Suppression des fichiers dans C:\WINDOWS\

      *** Suppression des fichiers dans C:\WINDOWS\system32

      *** Suppression des fichiers dans C:\Program Files

      *** Suppression des clefs du registre effectuee..
      *** Fin du rapport !

      jai toujours cette fenetre grise avec un message en anglais
      0
  21. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Tu peux me faire une prise d ecran de cette fenetre et l heberger ici?

    https://www.cjoint.com/

    Et tu me fournit le lien.

    a+
    0
    1. benjy92260 Messages postés 24 Statut Membre
       
      salut,

      je te remercie pour ton aide, j'ai installé outpost firewall.

      je me suis appercu que c'etais une attaque de l'exteieur.

      la fenetre grise n'apparais plus

      merci encore d'avoir passé de ton temps a m'aider
      0
  • 1
  • 2