Virus trojan downloader swizzor

Résolu/Fermé
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007
-
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
-
bonjour,

j'ai le virus trojan32 download32 swizzor.

une fetre grise s'ouvre avec un message en anglais.

j'ai scanner avec nod32.

j'ai deleter le fichier

mais la fnetre grise apparais toujour.

le fenetre met message de microsoft à alert le 15/04/2007 19:55:2007

stop windows require immediate attention

je me suis servis de adware et spybot.

il a trouvé des espions

je les effacés mais le virus est toujours là.

car la fenetre gris se lance tous les 10 minutes

je peux pas relancer en mode sans echer car j'ai un fichier endommagé

21 réponses

Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 341
Salut,

télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif

Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

Bon courage

A+
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

voiçi le log

Logfile of HijackThis v1.99.1
Scan saved at 20:55:41, on 15/04/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Launch Manager\QtDTAcer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\dslagent.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM95\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Eset\nod32.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\benjy\LOCALS~1\Temp\Rar$EX00.562\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avi-vcd.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtDTAcer.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [Bike Real Book Meal] C:\Documents and Settings\All Users\Application Data\LITEGREATBIKEREAL\TRANS ERROR.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D219CC0E-95EF-4D5D-898B-DB6B8DD4CF64}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: bw+0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 341
Salut,

Télécharge LopxpMH sur ton Bureau.

http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip

Dézippe-le (clic droit >> Extraire ici) et double clique sur le fichier lopxpMH.bat.

Poste le contenu du rapport qui va s'ouvrir.

A+
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

Rapport lopxpMH2 version 2.0 fait à 7:56:44,82 le 16/04/2007
C:\Documents and Settings\benjy\Bureau

******************************************
## Répertoires Application Data

Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\Documents and Settings\All Users\Application Data

11/02/2004 17:21 <REP> .
11/02/2004 17:21 <REP> ..
11/02/2004 17:43 <REP> Adobe
11/04/2007 11:41 <REP> AOL
11/04/2007 11:32 <REP> AOL Downloads
11/04/2007 11:41 <REP> AOL OCP
10/04/2006 12:56 <REP> CanonBJ
11/02/2004 17:45 <REP> CyberLink
11/02/2004 17:21 <REP> Microsoft
15/04/2007 09:11 <REP> Spybot - Search & Destroy
13/08/2004 08:56 <REP> Symantec
25/04/2005 20:16 <REP> Viewpoint
11/02/2004 17:22 62 desktop.ini
1 fichier(s) 62 octets
12 Rép(s) 15 105 560 576 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\Documents and Settings\benjy\Application Data

25/05/2004 19:49 <REP> .
25/05/2004 19:49 <REP> ..
11/04/2007 11:41 <REP> acccore
23/08/2004 13:23 <REP> Adobe
23/08/2004 13:24 <REP> AdobeUM
04/08/2004 14:09 <REP> Aim
14/08/2004 13:56 <REP> CyberLink
09/11/2006 19:39 <REP> Google
20/04/2006 08:40 <REP> Help
25/05/2004 19:49 <REP> Identities
15/04/2007 13:08 <REP> Lavasoft
25/04/2005 20:18 <REP> Macromedia
25/05/2004 19:49 <REP> Microsoft
24/04/2005 17:02 <REP> Mozilla
10/04/2006 13:29 <REP> Real
30/04/2005 16:16 <REP> SmartFTP
25/05/2004 19:49 <REP> Sun
13/08/2004 08:56 <REP> Symantec
24/04/2005 17:18 <REP> Talkback
10/04/2007 09:40 <REP> vlc
25/05/2004 19:49 62 desktop.ini
1 fichier(s) 62 octets
20 Rép(s) 15 105 560 576 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\Documents and Settings\benjy\Local Settings\Application Data

25/05/2004 19:49 <REP> .
25/05/2004 19:49 <REP> ..
25/05/2004 19:49 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142010}
23/08/2004 13:24 <REP> Adobe
11/04/2007 11:40 <REP> AOL OCP
09/11/2006 19:39 <REP> Google
20/04/2006 08:40 <REP> Help
04/08/2004 14:11 <REP> Identities
25/05/2004 19:49 <REP> Microsoft
25/04/2005 20:20 <REP> Wildtangent
25/05/2004 20:58 193 536 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
11/04/2006 20:59 7 489 078 IconCache.db
2 fichier(s) 7 682 614 octets
10 Rép(s) 15 105 560 576 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\Documents and Settings\Default User\Application Data

11/02/2004 17:21 <REP> .
11/02/2004 17:21 <REP> ..
25/05/2004 19:48 <REP> Identities
11/02/2004 17:21 <REP> Microsoft
25/05/2004 19:48 <REP> Sun
11/02/2004 17:22 62 desktop.ini
1 fichier(s) 62 octets
5 Rép(s) 15 105 560 576 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

11/02/2004 17:22 <REP> .
11/02/2004 17:22 <REP> ..
25/05/2004 19:48 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142010}
25/05/2004 19:48 <REP> Microsoft
25/05/2004 19:48 3 185 718 IconCache.db
1 fichier(s) 3 185 718 octets
4 Rép(s) 15 105 556 480 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\Documents and Settings\LocalService\Application Data

11/02/2004 17:28 <REP> .
11/02/2004 17:28 <REP> ..
11/02/2004 17:28 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 15 105 556 480 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

11/02/2004 17:28 <REP> .
11/02/2004 17:28 <REP> ..
11/02/2004 17:28 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 15 105 556 480 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\Documents and Settings\NetworkService\Application Data

11/02/2004 17:28 <REP> .
11/02/2004 17:28 <REP> ..
11/02/2004 17:28 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 15 105 556 480 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

11/02/2004 17:28 <REP> .
11/02/2004 17:28 <REP> ..
11/02/2004 17:28 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 15 105 556 480 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\Documents and Settings\Propriétaire

Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

11/02/2004 17:28 <REP> .
11/02/2004 17:28 <REP> ..
25/05/2004 19:48 <REP> Identities
11/02/2004 17:28 <REP> Microsoft
25/05/2004 19:48 <REP> Sun
11/02/2004 17:28 62 desktop.ini
1 fichier(s) 62 octets
5 Rép(s) 15 105 556 480 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

11/02/2004 17:28 <REP> .
11/02/2004 17:28 <REP> ..
25/05/2004 19:48 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142010}
25/05/2004 19:46 <REP> Microsoft
25/05/2004 19:48 3 185 718 IconCache.db
1 fichier(s) 3 185 718 octets
4 Rép(s) 15 105 556 480 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\Program Files

15/04/2007 20:03 <REP> .
15/04/2007 20:03 <REP> ..
11/02/2004 17:39 <REP> Acer Inc
11/02/2004 17:43 <REP> Adobe
14/04/2007 15:08 <REP> adslTV
11/04/2007 11:41 <REP> AIM6
26/04/2005 08:33 <REP> AIM95
11/02/2004 17:53 <REP> Aspire screensaver
11/02/2004 17:31 <REP> AvRack
11/02/2004 17:33 <REP> Broadcom
19/08/2005 11:07 <REP> C2Media
03/08/2005 15:43 <REP> Canon
15/04/2007 16:08 <REP> CleanUp!
09/06/2005 01:00 1 152 409 cnb_2600.tb_
28/04/2005 01:00 130 379 cnb78ca0.ic_
09/06/2005 01:00 131 999 cnb78cb0.ic_
28/03/2005 01:00 132 013 cnb78cc0.ic_
28/03/2005 01:00 128 135 cnb78db0.ic_
28/03/2005 01:00 131 477 cnb78eb0.ic_
28/03/2005 01:00 128 783 cnb78ed0.ic_
30/03/2001 01:00 5 617 cnbjprn2.ic_
27/01/2005 05:30 224 cnm.in_
09/06/2005 06:00 32 527 cnm_0260.dl_
15/04/2005 06:00 18 389 cnmbr260.dl_
15/04/2005 06:00 273 149 cnmdrv.dl_
15/04/2005 06:00 63 127 cnmdump5.dl_
15/04/2005 06:00 10 577 cnmfus.dl_
19/05/2005 15:00 48 128 cnmi0404.dll
25/05/2005 02:10 57 344 cnmi0405.dll
25/05/2005 02:10 57 856 cnmi0406.dll
25/05/2005 02:10 65 024 cnmi0407.dll
25/05/2005 02:10 61 440 cnmi0408.dll
08/03/2005 19:16 56 832 cnmi0409.dll
25/05/2005 02:10 57 344 cnmi040b.dll
25/05/2005 02:10 64 512 cnmi040c.dll
25/05/2005 02:10 58 368 cnmi040e.dll
25/05/2005 02:10 59 392 cnmi0410.dll
08/03/2005 19:16 50 688 cnmi0411.dll
19/05/2005 15:00 50 688 cnmi0412.dll
25/05/2005 02:10 59 904 cnmi0413.dll
25/05/2005 02:10 57 856 cnmi0414.dll
25/05/2005 02:10 58 368 cnmi0415.dll
25/05/2005 02:10 58 368 cnmi0419.dll
25/05/2005 02:10 57 856 cnmi041d.dll
19/05/2005 15:00 56 320 cnmi041e.dll
25/05/2005 02:10 57 344 cnmi041F.dll
19/05/2005 15:00 47 616 cnmi0804.dll
25/05/2005 02:10 59 392 cnmi0816.dll
25/05/2005 02:10 59 392 cnmi0c0a.dll
15/04/2005 06:00 3 128 cnminst.dl_
09/05/2002 22:10 7 204 cnminst2.dll
08/03/2005 19:16 61 952 cnmis.dll
08/03/2005 19:16 5 632 cnmis4.dll
08/03/2005 19:16 18 944 cnmis5.dll
15/04/2005 06:00 70 431 cnmlmon2.dl_
15/04/2005 06:00 10 940 cnmlr.dl_
19/05/2005 15:00 8 854 cnmlrcn.dl_
25/05/2005 06:10 12 700 cnmlrcz.dl_
25/05/2005 06:10 13 322 cnmlrde.dl_
25/05/2005 06:10 12 554 cnmlrdk.dl_
25/05/2005 06:10 12 906 cnmlres.dl_
25/05/2005 06:10 12 050 cnmlrfi.dl_
25/05/2005 06:10 13 000 cnmlrfr.dl_
25/05/2005 06:10 14 548 cnmlrgr.dl_
25/05/2005 06:10 13 198 cnmlrhu.dl_
25/05/2005 06:10 12 280 cnmlrit.dl_
15/04/2005 06:00 9 457 cnmlrj.dl_
19/05/2005 15:00 9 770 cnmlrkr.dl_
25/05/2005 06:10 12 412 cnmlrnl.dl_
25/05/2005 06:10 12 050 cnmlrno.dl_
25/05/2005 06:10 13 792 cnmlrpl.dl_
25/05/2005 06:10 12 406 cnmlrpt.dl_
25/05/2005 06:10 12 766 cnmlrru.dl_
25/05/2005 06:10 12 426 cnmlrse.dl_
19/05/2005 15:00 10 808 cnmlrth.dl_
25/05/2005 06:10 11 882 cnmlrTr.dl_
19/05/2005 15:00 9 112 cnmlrtw.dl_
09/06/2005 06:00 12 362 cnmop78.dl_
15/04/2005 06:00 26 063 cnmp_260.dl_
15/04/2005 06:00 1 104 cnmp0.da_
15/04/2005 06:00 1 076 cnmp1.da_
15/04/2005 06:00 1 676 cnmp2.da_
01/02/2002 17:29 15 300 cnmpar21.sys
15/04/2005 06:00 16 539 cnmpcomm.dl_
15/04/2005 06:00 10 028 cnmpd.dl_
15/04/2005 06:00 31 054 cnmpp.dl_
15/04/2005 06:00 41 376 cnmpv.dl_
15/04/2005 06:00 12 631 cnmqueue.dl_
15/04/2005 06:00 13 222 cnmsmsd.dl_
15/04/2005 06:00 8 402 cnmsr.dl_
19/05/2005 15:00 6 630 cnmsrcn.dl_
25/05/2005 06:10 9 666 cnmsrcz.dl_
25/05/2005 06:10 10 110 cnmsrde.dl_
25/05/2005 06:10 9 324 cnmsrdk.dl_
25/05/2005 06:10 9 804 cnmsres.dl_
25/05/2005 06:10 8 830 cnmsrfi.dl_
25/05/2005 06:10 9 700 cnmsrfr.dl_
25/05/2005 06:10 11 030 cnmsrgr.dl_
25/05/2005 06:10 9 904 cnmsrhu.dl_
25/05/2005 06:10 9 368 cnmsrit.dl_
15/04/2005 06:00 7 089 cnmsrj.dl_
19/05/2005 15:00 7 572 cnmsrkr.dl_
25/05/2005 06:10 9 240 cnmsrnl.dl_
25/05/2005 06:10 9 036 cnmsrno.dl_
25/05/2005 06:10 10 328 cnmsrpl.dl_
25/05/2005 06:10 9 414 cnmsrpt.dl_
25/05/2005 06:10 9 736 cnmsrru.dl_
25/05/2005 06:10 9 362 cnmsrse.dl_
19/05/2005 15:00 8 100 cnmsrth.dl_
25/05/2005 06:10 8 680 cnmsrTr.dl_
19/05/2005 15:00 6 722 cnmsrtw.dl_
15/04/2005 06:00 85 620 cnmstmn.dl_
15/04/2005 06:00 16 116 cnmstsr.sm_
15/04/2005 06:00 361 166 cnmui.dl_
08/03/2005 19:17 90 112 cnmunins.exe
15/04/2005 06:00 30 236 cnmur.dl_
19/05/2005 15:00 26 496 cnmurcn.dl_
25/05/2005 06:10 32 800 cnmurcz.dl_
25/05/2005 06:20 33 490 cnmurde.dl_
25/05/2005 06:10 31 910 cnmurdk.dl_
25/05/2005 06:10 32 810 cnmures.dl_
25/05/2005 06:10 31 606 cnmurfi.dl_
25/05/2005 06:10 33 038 cnmurfr.dl_
25/05/2005 06:10 35 962 cnmurgr.dl_
25/05/2005 06:10 32 898 cnmurhu.dl_
25/05/2005 06:10 32 106 cnmurit.dl_
15/04/2005 06:00 28 671 cnmurj.dl_
19/05/2005 15:00 28 372 cnmurkr.dl_
25/05/2005 06:10 32 082 cnmurnl.dl_
25/05/2005 06:10 31 034 cnmurno.dl_
25/05/2005 06:10 33 918 cnmurpl.dl_
25/05/2005 06:10 32 242 cnmurpt.dl_
25/05/2005 06:10 34 088 cnmurru.dl_
25/05/2005 06:10 31 936 cnmurse.dl_
19/05/2005 15:00 30 386 cnmurth.dl_
25/05/2005 06:10 31 744 cnmurTr.dl_
19/05/2005 15:00 26 876 cnmurtw.dl_
15/04/2005 06:00 3 672 cnmvs.dl_
08/03/2005 19:16 23 040 cnmvsa.exe
15/04/2005 06:00 3 124 cnmw3.dl_
11/02/2004 17:25 <REP> ComPlus Applications
05/11/2006 16:32 <REP> Creative
25/05/2004 20:39 <REP> Cucusoft
11/02/2004 17:45 <REP> CyberLink
21/08/2004 18:23 <REP> DCPro
12/03/2002 22:54 45 056 devid.dll
09/04/2007 17:08 <REP> ECI Telecom
15/04/2007 10:28 <REP> ESET
12/05/2005 17:38 5 133 eula0404.txt
08/02/2005 12:04 11 504 eula0405.txt
24/06/2005 11:46 12 728 eula0406.txt
13/05/2005 14:54 18 199 eula0407.txt
08/02/2005 11:48 13 484 eula0408.txt
28/03/2005 17:00 11 665 eula0409_euro.txt
06/01/2005 18:20 8 824 eula0409_us.txt
08/02/2005 11:31 12 438 eula040b.txt
10/06/2005 16:05 11 558 eula040c_euro.txt
08/02/2005 10:16 10 796 eula040c_us.txt
08/02/2005 12:04 13 205 eula040e.txt
08/02/2005 11:32 12 202 eula0410.txt
12/01/2005 17:41 6 297 eula0411.txt
16/02/2005 16:37 7 100 eula0412.txt
08/02/2005 11:31 15 126 eula0413.txt
08/02/2005 11:32 11 761 eula0414.txt
08/02/2005 12:03 12 374 eula0415.txt
24/06/2005 11:56 15 315 eula0419.txt
08/02/2005 11:32 12 307 eula041d.txt
22/02/2005 12:24 7 596 eula041e.txt
01/03/2005 09:52 11 966 eula041F.txt
16/02/2005 16:36 4 798 eula0804.txt
08/02/2005 11:32 12 781 eula0816_euro.txt
08/02/2005 10:17 9 227 eula0816_us.txt
24/06/2005 12:15 13 086 eula0c0a_euro.txt
08/02/2005 10:17 9 739 eula0c0a_us.txt
14/04/2007 22:08 <REP> Fichiers communs
15/04/2007 16:09 <REP> FlashFXP
09/11/2006 19:37 <REP> Google
15/04/2005 06:00 22 241 helpkicker.ex_
11/02/2004 17:29 <REP> Intel
11/02/2004 17:25 <REP> Internet Explorer
10/04/2006 12:55 <REP> ip4200
01/08/2005 01:11 69 716 ip4200.cat
19/07/2005 06:12 18 740 ip4200.inf
11/02/2004 17:40 <REP> Java
15/04/2007 18:44 <REP> jv16 PowerTools 2006
10/11/2004 18:29 <REP> Kaspersky Lab
26/05/2004 04:00 <REP> K-Lite Codec Pack
11/02/2004 17:41 <REP> Launch Manager
15/04/2007 13:07 <REP> Lavasoft
11/02/2004 17:44 <REP> Ligos
18/06/2004 03:07 <REP> Logitech
11/02/2004 17:34 <REP> ltmoh
04/08/2004 01:20 <REP> Messager Wanadoo
11/02/2004 17:24 <REP> Messenger
24/04/2005 20:14 <REP> MessengerPlus! 3
20/05/2005 15:00 122 417 mh78cn.ch_
25/05/2005 01:00 120 589 mh78cz.ch_
25/05/2005 01:00 121 717 mh78de.ch_
25/05/2005 01:00 114 973 mh78dk.ch_
25/05/2005 01:00 122 491 mh78es.ch_
25/05/2005 06:00 114 493 mh78fi.ch_
25/05/2005 01:00 119 091 mh78fr.ch_
25/05/2005 01:00 132 377 mh78gr.ch_
25/05/2005 01:00 122 605 mh78hu.ch_
25/05/2005 01:00 117 397 mh78it.ch_
15/04/2005 01:00 139 053 mh78jp.ch_
20/05/2005 15:00 135 231 mh78kr.ch_
25/05/2005 01:00 115 999 mh78nl.ch_
25/05/2005 01:00 112 917 mh78no.ch_
25/05/2005 01:00 124 661 mh78pl.ch_
25/05/2005 01:00 117 451 mh78pt.ch_
25/05/2005 01:00 124 611 mh78ru.ch_
25/05/2005 01:00 113 449 mh78se.ch_
20/05/2005 15:00 137 361 mh78th.ch_
25/05/2005 06:00 115 241 mh78Tr.ch_
20/05/2005 15:00 123 259 mh78tw.ch_
15/04/2005 01:00 108 777 mh78us.ch_
11/02/2004 17:26 <REP> microsoft frontpage
16/02/2004 16:53 <REP> Microsoft Works
11/02/2004 17:25 <REP> Movie Maker
15/04/2007 16:09 <REP> Mozilla Firefox
11/02/2004 17:24 <REP> MSN
04/08/2004 18:13 <REP> MSN Apps
11/02/2004 17:24 <REP> MSN Gaming Zone
24/04/2005 20:26 <REP> MSN Messenger
18/06/2004 03:06 <REP> MUSICMATCH
11/02/2004 17:25 <REP> NetMeeting
11/02/2004 17:44 <REP> NewTech Infosystems
25/05/2004 19:50 <REP> O2Micro
11/02/2004 17:25 <REP> Outlook Express
26/05/2004 03:21 <REP> Pegasys Inc
24/09/2004 14:40 <REP> Philips ToUcam Camera
16/11/2006 19:40 <REP> RadioBlogClub Downloader
25/05/2005 06:10 29 124 Readme_Czech.txt
25/05/2005 06:10 31 844 Readme_Danish.txt
25/05/2005 06:10 33 561 Readme_Dutch.txt
19/04/2005 16:54 29 281 readme_english.txt
25/05/2005 06:10 29 619 Readme_Finnish.txt
25/05/2005 06:10 35 043 Readme_French.txt
25/05/2005 06:10 34 813 Readme_German.txt
25/05/2005 06:10 38 518 Readme_Greek.txt
25/05/2005 06:10 31 559 Readme_Hungarian.txt
25/05/2005 06:10 34 109 Readme_Italian.txt
15/04/2005 11:36 27 503 readme_japanese.txt
19/05/2005 16:00 25 991 Readme_Korean.txt
25/05/2005 06:10 30 683 Readme_Norwegian.txt
25/05/2005 06:10 35 455 Readme_Polish.txt
25/05/2005 06:10 34 281 Readme_Portuguese.txt
25/05/2005 06:10 32 243 Readme_Russian.txt
19/05/2005 16:00 20 093 Readme_Simplified_Chinese.txt
25/05/2005 06:10 34 527 Readme_Spanish.txt
25/05/2005 06:10 30 549 Readme_Swedish.txt
19/05/2005 16:00 27 904 Readme_Thai.txt
19/05/2005 16:00 20 061 Readme_Traditional_Chinese.txt
25/05/2005 06:10 30 360 readme_Turkish.txt
24/09/2004 14:38 <REP> Real
11/02/2004 17:31 <REP> Realtek Sound Manager
11/02/2004 17:24 <REP> Services en ligne
08/03/2005 19:17 167 936 setup.exe
15/04/2005 06:00 1 960 setup.ini
20/05/2005 15:00 39 507 sh78cn.ch_
25/05/2005 01:00 40 581 sh78cz.ch_
25/05/2005 01:00 40 277 sh78de.ch_
25/05/2005 01:00 39 883 sh78dk.ch_
25/05/2005 01:00 40 433 sh78es.ch_
25/05/2005 06:00 39 919 sh78fi.ch_
25/05/2005 01:00 40 873 sh78fr.ch_
25/05/2005 01:00 41 615 sh78gr.ch_
25/05/2005 01:00 40 359 sh78hu.ch_
25/05/2005 01:00 40 067 sh78it.ch_
15/04/2005 01:00 40 925 sh78jp.ch_
20/05/2005 15:00 40 567 sh78kr.ch_
25/05/2005 01:00 39 523 sh78nl.ch_
25/05/2005 01:00 39 739 sh78no.ch_
25/05/2005 01:00 40 741 sh78pl.ch_
25/05/2005 01:00 40 317 sh78pt.ch_
25/05/2005 01:00 41 295 sh78ru.ch_
25/05/2005 01:00 39 679 sh78se.ch_
20/05/2005 15:00 40 559 sh78th.ch_
25/05/2005 06:00 39 385 sh78Tr.ch_
20/05/2005 15:00 39 847 sh78tw.ch_
15/04/2005 01:00 39 231 sh78us.ch_
30/04/2005 16:16 <REP> SmartFTP
30/04/2005 16:16 <REP> SmartFTP Setup Files
15/04/2007 09:15 <REP> Spybot - Search & Destroy
11/02/2004 17:35 <REP> Synaptics
24/09/2004 14:39 <REP> Ulead Systems
10/04/2007 09:38 <REP> VideoLAN
24/09/2004 14:40 <REP> VideoLink Mail
11/04/2007 11:40 <REP> Viewpoint
16/04/2007 07:51 <REP> Wanadoo
25/04/2005 20:54 <REP> WildTangent
15/07/2005 11:36 <REP> Winamp
05/11/2006 16:33 <REP> Windows Media Player
11/02/2004 17:24 <REP> Windows NT
28/05/2004 22:31 <REP> WinRAR
25/05/2004 19:50 <REP> WLAN 802.11g mini-PCI Module
11/02/2004 17:26 <REP> xerox
225 fichier(s) 10 542 851 octets
73 Rép(s) 15 105 540 096 octets libres

******************************************
## Popups autorisées

* Internet Explorer

* Mozilla Firefox (1 autorisé 2 interdit)

******************************************
## Registre

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Bike Real Book Meal REG_SZ C:\Documents and Settings\All Users\Application Data\LITEGREATBIKEREAL\TRANS ERROR.exe

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"


*************** Fin du rapport ****************
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 341
Bonjour,

Imprime, ou enregistre la manip dans un fichier dans le bloc notes pour être sur ne rien oublier et de tout faire dans l'ordre.

1/Telecharge ceci: Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci à Balltrap34).
http://pageperso.aol.fr/balltrap34/democleanup.htm

Déconnecte toi d'Internet et ferme tout les programmes en cours.

 Redémarre en mode sans échec
Redémarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.
(Si F8 ne marche pas, essai F5)

 Rend visible les fichiers cachés et système
panneau de configuration > options des dossiers > onglet affichage
Cocher la case devant " afficher les fichiers et dossiers cachés "
Décocher la case devant " masquer les extensions des fichiers dont le type est connu"
Décocher la case devant " masquer les fichiers protégés du système"
clic sur [Appliquer] puis sur [ok] pour valider

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

 Lance hijackthis et clic sur [do a system scan only]
cocher la case au début des lignes suivantes:

O4 - HKLM\..\Run: [Bike Real Book Meal] C:\Documents and Settings\All Users\Application Data\LITEGREATBIKEREAL\TRANS ERROR.exe

valider en cliquant sur le bouton [fix checked]

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

 Recherche et supprime ces dossiers:

Supprimer les fichiers en suivant le chemin des fichiers infectés si possible, plutot que d'utiliser la fonction "Rechercher"

S'ils sont présents, supprime:

C:\Documents and Settings\All Users\Application Data\LITEGREATBIKEREAL

C:\Program Files\C2Media

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Ensuite, très important:

:: Supprimer les fichiers temporaires ::

Exécute cleanup40.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Redémarre normalement et reposte un Hijackthis sur le poste…

Précises moi ou en sont tes soucis…

A+
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

salut,

j'ai fais ce que tu m'a dis.

ka fenetre grise avec le message en anglais n'apparis plus.

par contrte nod32 m'a decouvert un virs qui se trouve dans c:\windows\system32\.exe.

l'antivirus ne l'efface pas.

j'ai refais un rapport comme tu m'a demandé

Logfile of HijackThis v1.99.1
Scan saved at 11:06:54, on 16/04/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Launch Manager\QtDTAcer.EXE
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe
C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\benjy\LOCALS~1\Temp\Rar$EX00.016\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avi-vcd.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtDTAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Bike Real Book Meal] C:\Documents and Settings\All Users\Application Data\LITEGREATBIKEREAL\TRANS ERROR.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D219CC0E-95EF-4D5D-898B-DB6B8DD4CF64}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: bw+0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {17D3733A-77DE-4A36-94D1-227778056456} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 341
Salut

Tu as supprimé:
C:\Documents and Settings\All Users\Application Data\LITEGREATBIKEREAL?

Et aussi:

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

voila, j"ai pas entendu de bip, lors du redemarrage du pc.

quand je tape sur y, rine ne se passe la fnetre sdfix se ferme.

j'ai toujours cette fenetre grise, elle est revenu avec un message en anglais.

C:\Documents and Settings\All Users\Application Data\LITEGREATBIKEREAL impossible de trouver ce fichier

byzarre tout ça
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

maintenant j'ai ça Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window. Please submit the file to ESET for analysis.
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 341
Salut

Télécharge ceci:
http://sosvirus.changelog.fr/Green_day/Lopxp.exe

Lance Lopxp.bat.
Au menu, choisis l'option 1 "Rechercher / Générer un rapport"
Patiente et lorsque l'on te demande d'appuyer sur une touche, appuie.
Ensuite, le rapport s'ouvre, copie colle le en entier sur le forum.

A+
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

je poste le rapport


_____________ Rapport Lopxp fait le 16/04/2007 à 21:24:31,53 _______________


/!\ Attention /!\

Les résultats de ce rapport sont sujets à interprétations,
Et ne démontrent pas systématiquement des dossiers infectés...


_________________________ Recherche prédéterminé __________________________


[X] C:\Program Files\MessengerPlus! 3 Présent !

Date d'installation/Création du dossier: 24/04/2005 à 20:12
Dernière modification du dossier le: 24/04/2005 à 20:14

Recherche des dossiers crées le: 24/04/2005

C:\Program Files

24/04/2005 20:12 <REP> C2Media
24/04/2005 20:12 <REP> MESSEN~2 MessengerPlus! 3
24/04/2005 17:02 <REP> MOZILL~1 Mozilla Firefox

C:\Documents and Settings\benjy\Application Data

24/04/2005 17:18 <REP> Talkback
24/04/2005 17:02 <REP> Mozilla


_________________________ Recherche heuristique __________________________


Recherche négative


___________________________ Tâches planifiées _____________________________

Listing de toutes les tâches planifiées:



__________ Détection des paramètres de désinstallation du sponsor _________

Sponsor P2P:

Sponsor MSN+:

MessengerPlus !3

/!\ Sponsor accepté lors de la dernière installation.

Impossibilité de désinstaller le sponsor dans Ajout/Suppression de programme.
Le fichier C:\Program Files\Adverts\uninst.exe est manquant.


__________________ Listing des dossiers Application Data __________________


C:\Documents and Settings\All Users\Application Data

Date/heure Création Nom court Nom long

15/04/2007 à 09:11 | SPYBOT~1 Spybot - Search & Destroy
11/04/2007 à 11:41 | AOLOCP~1 AOL OCP
11/04/2007 à 11:41 | AOL
11/04/2007 à 11:32 | AOLDOW~1 AOL Downloads
10/04/2006 à 12:56 | CanonBJ
25/04/2005 à 20:16 | VIEWPO~1 Viewpoint
13/08/2004 à 08:56 | Symantec
11/02/2004 à 17:45 | CYBERL~1 CyberLink
11/02/2004 à 17:43 | Adobe
11/02/2004 à 17:21 | MICROS~1 Microsoft


C:\Documents and Settings\benjy\Application Data

Date/heure Création Nom court Nom long

15/04/2007 à 13:08 | Lavasoft
11/04/2007 à 11:41 | acccore
10/04/2007 à 09:40 | vlc
09/11/2006 à 19:39 | Google
20/04/2006 à 08:40 | Help
10/04/2006 à 13:29 | Real
30/04/2005 à 16:16 | SmartFTP
25/04/2005 à 20:18 | MACROM~1 Macromedia
24/04/2005 à 17:18 | Talkback
24/04/2005 à 17:02 | Mozilla
23/08/2004 à 13:24 | AdobeUM
23/08/2004 à 13:23 | Adobe
14/08/2004 à 13:56 | CYBERL~1 CyberLink
13/08/2004 à 08:56 | Symantec
04/08/2004 à 14:09 | Aim
25/05/2004 à 19:49 | MICROS~1 Microsoft
25/05/2004 à 19:49 | Sun
25/05/2004 à 19:49 | IDENTI~1 Identities


C:\Documents and Settings\benjy\Local Settings\Application Data

Date/heure Création Nom court Nom long

11/04/2007 à 11:40 | AOLOCP~1 AOL OCP
09/11/2006 à 19:39 | Google
20/04/2006 à 08:40 | Help
25/04/2005 à 20:20 | WILDTA~1 Wildtangent
23/08/2004 à 13:24 | Adobe
04/08/2004 à 14:11 | IDENTI~1 Identities
25/05/2004 à 19:49 | {7148F~1 {7148F0A6-6813-11D6-A77B-00B0D0142010}
25/05/2004 à 19:49 | MICROS~1 Microsoft


____________________ Listing du dossier Program Files _____________________

C:\Program Files

Date/heure Création Nom court Nom long

15/04/2007 à 18:44 | JV16PO~1 jv16 PowerTools 2006
15/04/2007 à 16:08 | CleanUp!
15/04/2007 à 13:07 | Lavasoft
15/04/2007 à 09:11 | SPYBOT~1 Spybot - Search & Destroy
15/04/2007 à 08:34 | ESET
14/04/2007 à 15:06 | adslTV
11/04/2007 à 11:36 | AIM6
10/04/2007 à 09:38 | VideoLAN
09/04/2007 à 17:08 | ECITEL~1 ECI Telecom
16/11/2006 à 19:40 | RADIOB~1 RadioBlogClub Downloader
09/11/2006 à 19:37 | Google
05/11/2006 à 16:28 | Creative
10/04/2006 à 12:55 | ip4200
03/08/2005 à 15:32 | Canon
15/07/2005 à 11:34 | Winamp
30/04/2005 à 16:16 | SmartFTP
30/04/2005 à 16:16 | SMARTF~1 SmartFTP Setup Files
25/04/2005 à 20:20 | WILDTA~1 WildTangent
24/04/2005 à 20:12 | C2Media
24/04/2005 à 20:12 | MESSEN~2 MessengerPlus! 3
24/04/2005 à 17:02 | MOZILL~1 Mozilla Firefox
10/11/2004 à 18:29 | KASPER~1 Kaspersky Lab
24/09/2004 à 14:40 | VIDEOL~1 VideoLink Mail
24/09/2004 à 14:39 | ULEADS~1 Ulead Systems
24/09/2004 à 14:38 | Real
24/09/2004 à 14:35 | PHILIP~1 Philips ToUcam Camera
20/08/2004 à 08:45 | FlashFXP
18/08/2004 à 17:45 | DCPro
04/08/2004 à 17:15 | MSNAPP~1 MSN Apps
04/08/2004 à 16:31 | MSNMES~1 MSN Messenger
04/08/2004 à 14:08 | VIEWPO~1 Viewpoint
04/08/2004 à 14:08 | AIM95
04/08/2004 à 01:20 | MESSAG~1 Messager Wanadoo
04/08/2004 à 01:19 | Wanadoo
18/06/2004 à 03:06 | MUSICM~1 MUSICMATCH
18/06/2004 à 03:04 | Logitech
28/05/2004 à 22:31 | WinRAR
26/05/2004 à 04:00 | K-LITE~1 K-Lite Codec Pack
26/05/2004 à 03:21 | PEGASY~1 Pegasys Inc
25/05/2004 à 20:31 | Cucusoft
25/05/2004 à 19:50 | O2Micro
16/02/2004 à 16:53 | MICROS~2 Microsoft Works
11/02/2004 à 17:53 | ASPIRE~1 Aspire screensaver
11/02/2004 à 17:45 | CYBERL~1 CyberLink
11/02/2004 à 17:44 | Ligos
11/02/2004 à 17:44 | NEWTEC~1 NewTech Infosystems
11/02/2004 à 17:43 | Adobe
11/02/2004 à 17:41 | LAUNCH~1 Launch Manager
11/02/2004 à 17:40 | Java
11/02/2004 à 17:39 | ACERIN~1 Acer Inc
11/02/2004 à 17:35 | SYNAPT~1 Synaptics
11/02/2004 à 17:34 | ltmoh
11/02/2004 à 17:33 | Broadcom
11/02/2004 à 17:31 | REALTE~1 Realtek Sound Manager
11/02/2004 à 17:31 | AvRack
11/02/2004 à 17:30 | UNINST~1 Uninstall Information
11/02/2004 à 17:29 | Intel
11/02/2004 à 17:29 | INSTAL~1 InstallShield Installation Information
11/02/2004 à 17:26 | xerox
11/02/2004 à 17:26 | MICROS~1 microsoft frontpage
11/02/2004 à 17:25 | MOVIEM~1 Movie Maker
11/02/2004 à 17:25 | NETMEE~1 NetMeeting
11/02/2004 à 17:25 | OUTLOO~1 Outlook Express
11/02/2004 à 17:25 | INTERN~1 Internet Explorer
11/02/2004 à 17:25 | COMPLU~1 ComPlus Applications
11/02/2004 à 17:24 | WINDOW~3 WindowsUpdate
11/02/2004 à 17:24 | SERVIC~1 Services en ligne
11/02/2004 à 17:24 | WINDOW~2 Windows Media Player
11/02/2004 à 17:24 | MESSEN~1 Messenger
11/02/2004 à 17:24 | MSNGAM~1 MSN Gaming Zone
11/02/2004 à 17:24 | MSN
11/02/2004 à 17:24 | WINDOW~1 Windows NT
11/02/2004 à 17:22 | FICHIE~1 Fichiers communs


__________________________ Recherche dans le registre _____________________


# Clés de démarrage :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Bike Real Book Meal REG_SZ C:\Documents and Settings\All Users\Application Data\LITEGREATBIKEREAL\TRANS ERROR.exe

_____________________ Modification du fichier Hosts _______________________


127.0.0.1= Url bloquée Autre= Redirection

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD


__________________________ Popups autorisées ______________________________


# Internet Explorer



# Mozilla Firefox (1 autorisé 2 interdit)

# Suite Mozilla / SeaMonkey (1 autorisé 2 interdit)


___________________________ Zones de sécurité _____________________________


# HKCU Domains (4)

# P3P History (5)


___________________ Suggestion nettoyage registre _______________

(Pour désinfection manuelle)

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bike Real Book Meal"=-


_________________________ Fin du rapport ________________________
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 341
Salut

Ouvre le dossier lopxp.
Ensuite, ouvre le fichier fix et execute fix et accepte la fusion avec le registre.

Ensuite relance lopxp.bat et choisis option 2 [mode avancé]
Puis option 2 [Fix mode]
Rentre ce chemin de fichier a supprimer:
C:\Program Files\C2Media
Confirme le choix.

Accepte de resaisir un nouveau nom:
C:\Program Files\Adverts
Confirme le choix.

Choisis l'option de ne plus rajouter de fichiers.

Aucune tache planifiée est à rajouter.

Valide le récapitulatif de suppression.

Un rapport s'ouvrira en fin de nettoyage avec le résultat des manœuvres (lopfix.txt). Copie colle le.

A+
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

bonjour,

voila j'ai supprimé les repertoires que tu m'a dis


_____________ Rapport Lopxp fait le 17/04/2007 à 9:02:37,96 _______________


/!\ Attention /!\

Les résultats de ce rapport sont sujets à interprétations,
Et ne démontrent pas systématiquement des dossiers infectés...


_________________________ Recherche prédéterminé __________________________


[X] C:\Program Files\MessengerPlus! 3 Présent !

Date d'installation/Création du dossier: 24/04/2005 à 20:12
Dernière modification du dossier le: 24/04/2005 à 20:14

Recherche des dossiers crées le: 24/04/2005

C:\Program Files

24/04/2005 20:12 <REP> C2Media
24/04/2005 20:12 <REP> MESSEN~2 MessengerPlus! 3
24/04/2005 17:02 <REP> MOZILL~1 Mozilla Firefox

C:\Documents and Settings\benjy\Application Data

24/04/2005 17:18 <REP> Talkback
24/04/2005 17:02 <REP> Mozilla


_________________________ Recherche heuristique __________________________


Recherche négative


___________________________ Tâches planifiées _____________________________

Listing de toutes les tâches planifiées:



__________ Détection des paramètres de désinstallation du sponsor _________

Sponsor P2P:

Sponsor MSN+:

MessengerPlus !3

/!\ Sponsor accepté lors de la dernière installation.

Impossibilité de désinstaller le sponsor dans Ajout/Suppression de programme.
Le fichier C:\Program Files\Adverts\uninst.exe est manquant.


__________________ Listing des dossiers Application Data __________________


C:\Documents and Settings\All Users\Application Data

Date/heure Création Nom court Nom long

15/04/2007 à 09:11 | SPYBOT~1 Spybot - Search & Destroy
11/04/2007 à 11:41 | AOLOCP~1 AOL OCP
11/04/2007 à 11:41 | AOL
11/04/2007 à 11:32 | AOLDOW~1 AOL Downloads
10/04/2006 à 12:56 | CanonBJ
25/04/2005 à 20:16 | VIEWPO~1 Viewpoint
13/08/2004 à 08:56 | Symantec
11/02/2004 à 17:45 | CYBERL~1 CyberLink
11/02/2004 à 17:43 | Adobe
11/02/2004 à 17:21 | MICROS~1 Microsoft


C:\Documents and Settings\benjy\Application Data

Date/heure Création Nom court Nom long

15/04/2007 à 13:08 | Lavasoft
11/04/2007 à 11:41 | acccore
10/04/2007 à 09:40 | vlc
09/11/2006 à 19:39 | Google
20/04/2006 à 08:40 | Help
10/04/2006 à 13:29 | Real
30/04/2005 à 16:16 | SmartFTP
25/04/2005 à 20:18 | MACROM~1 Macromedia
24/04/2005 à 17:18 | Talkback
24/04/2005 à 17:02 | Mozilla
23/08/2004 à 13:24 | AdobeUM
23/08/2004 à 13:23 | Adobe
14/08/2004 à 13:56 | CYBERL~1 CyberLink
13/08/2004 à 08:56 | Symantec
04/08/2004 à 14:09 | Aim
25/05/2004 à 19:49 | MICROS~1 Microsoft
25/05/2004 à 19:49 | Sun
25/05/2004 à 19:49 | IDENTI~1 Identities


C:\Documents and Settings\benjy\Local Settings\Application Data

Date/heure Création Nom court Nom long

11/04/2007 à 11:40 | AOLOCP~1 AOL OCP
09/11/2006 à 19:39 | Google
20/04/2006 à 08:40 | Help
25/04/2005 à 20:20 | WILDTA~1 Wildtangent
23/08/2004 à 13:24 | Adobe
04/08/2004 à 14:11 | IDENTI~1 Identities
25/05/2004 à 19:49 | {7148F~1 {7148F0A6-6813-11D6-A77B-00B0D0142010}
25/05/2004 à 19:49 | MICROS~1 Microsoft


____________________ Listing du dossier Program Files _____________________

C:\Program Files

Date/heure Création Nom court Nom long

15/04/2007 à 18:44 | JV16PO~1 jv16 PowerTools 2006
15/04/2007 à 16:08 | CleanUp!
15/04/2007 à 13:07 | Lavasoft
15/04/2007 à 09:11 | SPYBOT~1 Spybot - Search & Destroy
15/04/2007 à 08:34 | ESET
14/04/2007 à 15:06 | adslTV
11/04/2007 à 11:36 | AIM6
10/04/2007 à 09:38 | VideoLAN
09/04/2007 à 17:08 | ECITEL~1 ECI Telecom
16/11/2006 à 19:40 | RADIOB~1 RadioBlogClub Downloader
09/11/2006 à 19:37 | Google
05/11/2006 à 16:28 | Creative
10/04/2006 à 12:55 | ip4200
03/08/2005 à 15:32 | Canon
15/07/2005 à 11:34 | Winamp
30/04/2005 à 16:16 | SmartFTP
30/04/2005 à 16:16 | SMARTF~1 SmartFTP Setup Files
25/04/2005 à 20:20 | WILDTA~1 WildTangent
24/04/2005 à 20:12 | C2Media
24/04/2005 à 20:12 | MESSEN~2 MessengerPlus! 3
24/04/2005 à 17:02 | MOZILL~1 Mozilla Firefox
10/11/2004 à 18:29 | KASPER~1 Kaspersky Lab
24/09/2004 à 14:40 | VIDEOL~1 VideoLink Mail
24/09/2004 à 14:39 | ULEADS~1 Ulead Systems
24/09/2004 à 14:38 | Real
24/09/2004 à 14:35 | PHILIP~1 Philips ToUcam Camera
20/08/2004 à 08:45 | FlashFXP
18/08/2004 à 17:45 | DCPro
04/08/2004 à 17:15 | MSNAPP~1 MSN Apps
04/08/2004 à 16:31 | MSNMES~1 MSN Messenger
04/08/2004 à 14:08 | VIEWPO~1 Viewpoint
04/08/2004 à 14:08 | AIM95
04/08/2004 à 01:20 | MESSAG~1 Messager Wanadoo
04/08/2004 à 01:19 | Wanadoo
18/06/2004 à 03:06 | MUSICM~1 MUSICMATCH
18/06/2004 à 03:04 | Logitech
28/05/2004 à 22:31 | WinRAR
26/05/2004 à 04:00 | K-LITE~1 K-Lite Codec Pack
26/05/2004 à 03:21 | PEGASY~1 Pegasys Inc
25/05/2004 à 20:31 | Cucusoft
25/05/2004 à 19:50 | O2Micro
16/02/2004 à 16:53 | MICROS~2 Microsoft Works
11/02/2004 à 17:53 | ASPIRE~1 Aspire screensaver
11/02/2004 à 17:45 | CYBERL~1 CyberLink
11/02/2004 à 17:44 | Ligos
11/02/2004 à 17:44 | NEWTEC~1 NewTech Infosystems
11/02/2004 à 17:43 | Adobe
11/02/2004 à 17:41 | LAUNCH~1 Launch Manager
11/02/2004 à 17:40 | Java
11/02/2004 à 17:39 | ACERIN~1 Acer Inc
11/02/2004 à 17:35 | SYNAPT~1 Synaptics
11/02/2004 à 17:34 | ltmoh
11/02/2004 à 17:33 | Broadcom
11/02/2004 à 17:31 | REALTE~1 Realtek Sound Manager
11/02/2004 à 17:31 | AvRack
11/02/2004 à 17:30 | UNINST~1 Uninstall Information
11/02/2004 à 17:29 | Intel
11/02/2004 à 17:29 | INSTAL~1 InstallShield Installation Information
11/02/2004 à 17:26 | xerox
11/02/2004 à 17:26 | MICROS~1 microsoft frontpage
11/02/2004 à 17:25 | MOVIEM~1 Movie Maker
11/02/2004 à 17:25 | NETMEE~1 NetMeeting
11/02/2004 à 17:25 | OUTLOO~1 Outlook Express
11/02/2004 à 17:25 | INTERN~1 Internet Explorer
11/02/2004 à 17:25 | COMPLU~1 ComPlus Applications
11/02/2004 à 17:24 | WINDOW~3 WindowsUpdate
11/02/2004 à 17:24 | SERVIC~1 Services en ligne
11/02/2004 à 17:24 | WINDOW~2 Windows Media Player
11/02/2004 à 17:24 | MESSEN~1 Messenger
11/02/2004 à 17:24 | MSNGAM~1 MSN Gaming Zone
11/02/2004 à 17:24 | MSN
11/02/2004 à 17:24 | WINDOW~1 Windows NT
11/02/2004 à 17:22 | FICHIE~1 Fichiers communs


__________________________ Recherche dans le registre _____________________


# Clés de démarrage :


_____________________ Modification du fichier Hosts _______________________


127.0.0.1= Url bloquée Autre= Redirection

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD


__________________________ Popups autorisées ______________________________


# Internet Explorer



# Mozilla Firefox (1 autorisé 2 interdit)

# Suite Mozilla / SeaMonkey (1 autorisé 2 interdit)


___________________________ Zones de sécurité _____________________________


# HKCU Domains (4)

# P3P History (5)


___________________ Suggestion nettoyage registre _______________

(Pour désinfection manuelle)

- Aucune suggestion

_________________________ Fin du rapport ________________________
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007
>
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

nod32 detecte toujours le virus c:\windows\syteme32\.exe
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

j'ai toujours cette fenetre grise avec un message en anglais
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 341
Salut

Tu peux supprimer ceci manuellement?
c:\windows\syteme32\.exe

Rend toi ici
demarer < poste de travail < c < windows < system32 < drivers < etc < HOSTS < ouvre le avec le bloc note
Copie colle tout ce qui se trouve dedans.

a+
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

impossible de supprimer le, fichier c:\windows\system32\.exe et j'ai la focntion recherche qui marche plus


# Ceci est un exemple de fichier HOSTS utilisé par Microsoft TCP/IP
# pour Windows.
#
# Ce fichier contient les correspondances des adresses IP aux noms d'hôtes.
# Chaque entrée doit être sur une ligne propre. L'adresse IP doit être placée
# dans la première colonne, suivie par le nom d'hôte correspondant. L'adresse
# IP et le nom d'hôte doivent être séparés par au moins un espace.
#
# De plus, des commentaires (tels que celui-ci) peuvent être insérés sur des
# lignes propres ou après le nom d'ordinateur. Ils sont indiqué par le
# symbole '#'.
#
# Par exemple :
#
# 102.54.94.97 rhino.acme.com # serveur source
# 38.25.63.10 x.acme.com # hôte client x

127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 341
OK

supprime le en mode sans echec:
c:\windows\system32\.exe

redemarre en normal

Réouvre le HOSTS, supprime tout ce qu il y a dedans et met ceci:

# Ceci est un exemple de fichier HOSTS utilisé par Microsoft TCP/IP
# pour Windows.
#
# Ce fichier contient les correspondances des adresses IP aux noms d'hôtes.
# Chaque entrée doit être sur une ligne propre. L'adresse IP doit être placée
# dans la première colonne, suivie par le nom d'hôte correspondant. L'adresse
# IP et le nom d'hôte doivent être séparés par au moins un espace.
#
# De plus, des commentaires (tels que celui-ci) peuvent être insérés sur des
# lignes propres ou après le nom d'ordinateur. Ils sont indiqué par le
# symbole '#'.
#
# Par exemple :
#
# 102.54.94.97 rhino.acme.com # serveur source
# 38.25.63.10 x.acme.com # hôte client x

127.0.0.1 localhost

Enregistre !

a+
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

a priori le feneetre grise ne souvre plus, mais la focntion recherche sous xp ne fonctionne plus donc impossible d'effacer ce fichier .exe.

merci de ton aide
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007
>
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

j'ai toujours la fenetre grise qui s'ouvre avec le message en anglais
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 341
Salut

Pas besoin de la fonction recherche.
Tu fais demarer < poste de travail < c: < windows < system32 < et la tu recherche .exe (c'est par odre alphabétique)

a+
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

je trouve pas le .exe

j'ai toujours cette fenetre grise avec ce message en anglais.

en general la connexion tiens 1 heures et je suis obligé de redemarrer le pc.

Time Module Event User
17/04/2007 10:12:58 Kernel The virus signature database has been successfully updated to version 2196 (20070417).
17/04/2007 09:13:43 Kernel The file '\??\C:\WINDOWS\system32\.exe' has been sent to ESET's labs for analysis.
17/04/2007 09:12:55 Update Function: gethostbyname, parameters: , return value: 11001
17/04/2007 09:12:54 Update Update attempt failed (Server connection failure.)
17/04/2007 08:12:21 Update Function: gethostbyname, parameters: , return value: 11001
17/04/2007 08:12:20 Update Update attempt failed (Server connection failure.)
16/04/2007 21:12:34 Kernel The file '\??\C:\WINDOWS\system32\.exe' has been sent to ESET's labs for analysis.
16/04/2007 21:06:59 Kernel The file '\??\C:\WINDOWS\system32\.exe' has been sent to ESET's labs for analysis.
16/04/2007 20:08:35 Kernel Statistical information has been sent to ESET, spol. s r.o.
16/04/2007 17:06:45 Kernel The virus signature database has been successfully updated to version 2194 (20070416).
16/04/2007 16:01:51 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
16/04/2007 15:48:39 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
16/04/2007 14:05:10 Update Function: gethostbyname, parameters: , return value: 11001
16/04/2007 14:05:10 Update Update attempt failed (Server connection failure.)
16/04/2007 13:18:28 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
16/04/2007 13:10:50 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
16/04/2007 13:05:06 Kernel Statistical information has been sent to ESET, spol. s r.o.
16/04/2007 11:38:36 Kernel The file '\??\C:\WINDOWS\system32\.exe' has been sent to ESET's labs for analysis.
16/04/2007 11:03:16 Update Function: gethostbyname, parameters: , return value: 11001
16/04/2007 11:03:16 Update Update attempt failed (Server connection failure.)
16/04/2007 08:51:37 Kernel The virus signature database has been successfully updated to version 2193 (20070416).
16/04/2007 07:51:17 Update Function: gethostbyname, parameters: , return value: 11001
16/04/2007 07:51:16 Update Update attempt failed (Server connection failure.)
15/04/2007 21:45:54 Kernel The virus signature database has been successfully updated to version 2191 (20070415).
15/04/2007 20:59:04 Kernel The file '\??\C:\WINDOWS\system32\.exe' has been sent to ESET's labs for analysis.
15/04/2007 20:49:15 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
15/04/2007 20:45:51 Update Function: gethostbyname, parameters: , return value: 11001
15/04/2007 20:45:51 Update Update attempt failed (Server connection failure.)
15/04/2007 17:44:35 Kernel The virus signature database has been successfully updated to version 2190 (20070415).
15/04/2007 16:57:48 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
15/04/2007 15:43:05 Update Function: gethostbyname, parameters: , return value: 11001
15/04/2007 15:43:05 Update Update attempt failed (Server connection failure.)
15/04/2007 12:49:36 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
15/04/2007 12:43:17 Update Function: gethostbyname, parameters: , return value: 11001
15/04/2007 12:43:17 Update Update attempt failed (Server connection failure.)
15/04/2007 11:36:18 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
15/04/2007 10:42:14 Kernel Statistical information has been sent to ESET, spol. s r.o.
15/04/2007 10:39:46 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
15/04/2007 09:55:09 NOD32 An alert has been generated. See the on-demand scanner Log for details. ACER-KXW6RBEU2S\benjy
15/04/2007 09:41:31 Update Function: gethostbyname, parameters: , return value: 11001
15/04/2007 09:41:31 Update Update attempt failed (Server connection failure.)
15/04/2007 08:39:08 Update Function: gethostbyname, parameters: , return value: 11001
15/04/2007 08:39:08 Update Update attempt failed (Server connection failure.)


voila ce que met nod32
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 341
ok


- Télécharge DiagHelp.zip sur ton bureau - Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
- Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.

ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

- A la fin de l'analyse, il peut-être (pas obligatoire) demandé de redemanderl'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

voici le repport :

C:\WINDOWS\System32/drivers\nod32drv.sys -->15/04/2007 08:34:24
C:\WINDOWS\System32/drivers\amon.sys -->15/04/2007 08:34:24
C:\WINDOWS\System32/drivers\MxlW2k.sys -->10/04/2007 17:50:26
C:\WINDOWS\System32/drivers\wpdusb.sys -->11/10/2004 12:20:38
C:\WINDOWS\System32/drivers\NTIDrvr.sys -->11/02/2004 17:44:06
C:\WINDOWS\System32/drivers\nv4_mini.sys -->08/01/2004 00:08:00
C:\WINDOWS\System32/drivers\alcxinit.dat -->31/12/2003 12:00:04

C:\WINDOWS\System32\ccabbea1_s.ocx -->15/04/2007 18:45:02
C:\WINDOWS\System32\bbadcbab4_s.dll -->15/04/2007 18:45:02
C:\WINDOWS\System32\imon.dll -->15/04/2007 08:34:25
C:\WINDOWS\System32\bdod.bin -->14/04/2007 22:20:21
C:\WINDOWS\System32\tmpE66A4.FOT -->09/04/2007 17:41:43
C:\WINDOWS\System32\tmpAF6A4.FOT -->09/04/2007 17:41:43
C:\WINDOWS\System32\tmp697A4.FOT -->09/04/2007 17:41:43
C:\WINDOWS\System32\tmp455A4.FOT -->09/04/2007 17:41:42
C:\WINDOWS\System32\tmp1E5A4.FOT -->09/04/2007 17:41:42
C:\WINDOWS\System32\wpa.dbl -->09/04/2007 17:06:09
C:\WINDOWS\System32\PerfStringBackup.INI -->05/04/2007 13:50:23
C:\WINDOWS\System32\perfh00C.dat -->05/04/2007 13:50:23
C:\WINDOWS\System32\perfh009.dat -->05/04/2007 13:50:23
C:\WINDOWS\System32\perfc00C.dat -->05/04/2007 13:50:23
C:\WINDOWS\System32\perfc009.dat -->05/04/2007 13:50:23
C:\WINDOWS\System32\nscompat.tlb -->05/11/2006 16:33:37
C:\WINDOWS\System32\amcompat.tlb -->05/11/2006 16:33:37
C:\WINDOWS\System32\isxdl_fr.dll -->21/07/2006 20:31:08
C:\WINDOWS\System32\rmocx.dll -->01/07/2006 14:36:56
C:\WINDOWS\System32\rmoc3260.dll -->01/07/2006 14:36:56
C:\WINDOWS\System32\pndx5032.dll -->10/04/2006 13:29:56
C:\WINDOWS\System32\pndx5016.dll -->10/04/2006 13:29:56
C:\WINDOWS\System32\pncrt.dll -->10/04/2006 13:29:51
C:\WINDOWS\System32\wucltui.dll -->26/05/2005 04:16:32
C:\WINDOWS\System32\wuaueng1.dll -->26/05/2005 04:16:32

C:\WINDOWS\0.log -->17/04/2007 12:29:28
C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt -->17/04/2007 12:29:25
C:\WINDOWS\wiaservc.log -->17/04/2007 12:29:09
C:\WINDOWS\wiadebug.log -->17/04/2007 12:29:09
C:\WINDOWS\bootstat.dat -->17/04/2007 12:28:53
C:\WINDOWS\WindowsUpdate.log -->17/04/2007 11:38:48
C:\WINDOWS\SchedLgU.Txt -->17/04/2007 11:38:18
C:\WINDOWS\WIN.INI -->17/04/2007 10:44:49
C:\WINDOWS\system.ini -->17/04/2007 10:44:49
C:\WINDOWS\setupapi.log -->15/04/2007 16:51:30
C:\WINDOWS\ntbtlog.txt -->15/04/2007 10:09:04
C:\WINDOWS\winamp.ini -->12/04/2007 12:59:25
C:\WINDOWS\nsreg.dat -->11/04/2007 11:36:02
C:\WINDOWS\Windows Update.log -->09/04/2007 18:16:35
C:\WINDOWS\wwdslcfg.log -->09/04/2007 17:10:14

C:\WINDOWS\agrsmdel.exe |01/01/1980 00:00:00
C:\WINDOWS\AGRSMMSG.exe |01/01/1980 00:00:00
C:\WINDOWS\ALAUNCH.EXE |11/02/2004 17:28:55
C:\WINDOWS\alcrmv.exe |11/02/2004 17:31:38
C:\WINDOWS\alcupd.exe |11/02/2004 17:31:38
C:\WINDOWS\AMOVE.EXE |11/02/2004 17:28:55
C:\WINDOWS\APANEL.EXE |11/02/2004 17:28:55
C:\WINDOWS\BJPSUNST.EXE |03/08/2005 15:43:22
C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe |18/06/2004 03:07:49
C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe |08/08/2004 08:37:42
C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe |26/04/2005 09:30:00
C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe |01/07/2006 15:25:54
C:\WINDOWS\IsUn040c.exe |24/09/2004 14:34:06
C:\WINDOWS\IsUninst.exe |11/02/2004 17:39:19
C:\WINDOWS\LOGI_MWX.EXE |18/06/2004 03:05:19
C:\WINDOWS\PQDISK.EXE |11/02/2004 17:28:55
C:\WINDOWS\SOUNDMAN.EXE |11/02/2004 17:31:39
C:\WINDOWS\twunk_16.exe |01/01/1980 00:00:00
C:\WINDOWS\twunk_32.exe |01/01/1980 00:00:00
C:\WINDOWS\UNINST32.EXE |01/01/1980 00:00:00
C:\WINDOWS\UninstallFirefox.exe |24/04/2005 17:18:24
C:\WINDOWS\twain.dll |01/01/1980 00:00:00
C:\WINDOWS\twain_32.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\agrsmdel.exe |11/02/2004 17:34:09
C:\WINDOWS\system32\append.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\bcmwlhom.exe |17/07/2003 16:40:08
C:\WINDOWS\system32\bcmwltry.exe |17/07/2003 16:40:08
C:\WINDOWS\system32\bcmwlu00.exe |17/07/2003 16:40:08
C:\WINDOWS\system32\CNMCP6d.exe |03/08/2005 15:35:29
C:\WINDOWS\system32\CNMCP78.exe |10/04/2006 12:56:45
C:\WINDOWS\system32\debug.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\delaySpawn.exe |09/04/2007 17:08:57
C:\WINDOWS\system32\dosx.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\DProcess.exe |06/06/2003 17:12:18
C:\WINDOWS\system32\dslagent.exe |09/04/2007 17:08:58
C:\WINDOWS\system32\dvdplay.exe |23/08/2001 17:47:34
C:\WINDOWS\system32\edlin.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\exe2bin.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\fastopen.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\gsicon.exe |09/04/2007 17:09:00
C:\WINDOWS\system32\hkcmd.exe |11/02/2004 18:50:11
C:\WINDOWS\system32\igfxcfg.exe |11/02/2004 18:50:11
C:\WINDOWS\system32\igfxdiag.exe |11/02/2004 18:50:11
C:\WINDOWS\system32\igfxext.exe |11/02/2004 18:50:11
C:\WINDOWS\system32\igfxtray.exe |11/02/2004 18:50:13
C:\WINDOWS\system32\java.exe |11/02/2004 17:40:49
C:\WINDOWS\system32\javaw.exe |11/02/2004 17:40:49
C:\WINDOWS\system32\mem.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\mscdexnt.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\nlsfunc.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\nvappbar.exe |11/02/2004 18:41:14
C:\WINDOWS\system32\nvsvc32.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\nvudisp.exe |11/02/2004 18:16:20
C:\WINDOWS\system32\nwiz.exe |11/02/2004 18:41:14
C:\WINDOWS\system32\pxhpinst.exe |26/05/2004 03:21:00
C:\WINDOWS\system32\redir.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\RM_ABG.exe |12/02/2003 16:50:06
C:\WINDOWS\system32\RTLCPL.EXE |11/02/2004 17:31:40
C:\WINDOWS\system32\setver.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\Set_ABG.exe |05/12/2002 13:18:56
C:\WINDOWS\system32\share.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\usrmlnka.exe |23/08/2001 17:47:48
C:\WINDOWS\system32\usrprbda.exe |23/08/2001 17:47:48
C:\WINDOWS\system32\usrshuta.exe |23/08/2001 17:47:48
C:\WINDOWS\system32\wltrysvc.exe |17/07/2003 16:40:12
C:\WINDOWS\system32\3ivx.dll |18/11/2003 13:49:28
C:\WINDOWS\system32\3ivxVfWCodec.dll |18/11/2003 13:49:44
C:\WINDOWS\system32\a3d.dll |11/02/2004 17:31:39
C:\WINDOWS\system32\amstream.dll |12/12/2002 00:14:32
C:\WINDOWS\system32\atmfd.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\atmlib.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\Audio3D.dll |11/02/2004 17:31:39
C:\WINDOWS\system32\bbadcbab4_s.dll |15/04/2007 18:45:02
C:\WINDOWS\system32\btw_ci.dll |11/02/2004 17:46:21
C:\WINDOWS\system32\CNMLM6d.DLL |03/08/2005 15:35:36
C:\WINDOWS\system32\CNMLM78.DLL |10/04/2006 12:56:52
C:\WINDOWS\system32\CNMVS6d.DLL |03/08/2005 15:35:00
C:\WINDOWS\system32\CNMVS78.DLL |10/04/2006 12:56:41
C:\WINDOWS\system32\CoInst.dll |09/04/2007 17:08:58
C:\WINDOWS\system32\COMNCTR.DLL |18/06/2004 03:05:27
C:\WINDOWS\system32\compatUI.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\cpuinf32.dll |17/09/2001 13:20:02
C:\WINDOWS\system32\dgrpsetu.dll |11/02/2004 17:22:08
C:\WINDOWS\system32\dgsetup.dll |11/02/2004 17:22:08
C:\WINDOWS\system32\divx.dll |22/05/2003 13:27:24
C:\WINDOWS\system32\DivXc32.dll |01/08/2002 11:03:40
C:\WINDOWS\system32\DivXc32f.dll |22/08/2002 06:00:00
C:\WINDOWS\system32\DSCam.Dll |24/09/2004 14:40:54
C:\WINDOWS\system32\EqnClass.Dll |11/02/2004 17:22:08
C:\WINDOWS\system32\FEELIT.DLL |18/06/2004 03:05:28
C:\WINDOWS\system32\fpxlib.dll |24/09/2004 14:40:55
C:\WINDOWS\system32\GCPL_FRENCH.dll |09/04/2007 17:08:44
C:\WINDOWS\system32\GsiDi32.dll |09/04/2007 17:08:30
C:\WINDOWS\system32\gspnDll.dll |09/04/2007 17:08:44
C:\WINDOWS\system32\hccutils.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\Hmpg12.dll |03/09/2001 23:46:38
C:\WINDOWS\system32\HMPV2_ENC.dll |30/07/2001 16:33:56
C:\WINDOWS\system32\HMPV2_ENC_MMX.dll |23/07/2001 22:04:36
C:\WINDOWS\system32\hticons.dll |11/02/2004 17:24:33
C:\WINDOWS\system32\huffyuv.dll |23/08/2000 17:00:40
C:\WINDOWS\system32\hypertrm.dll |11/02/2004 17:24:33
C:\WINDOWS\system32\iacenc.dll |11/02/2004 17:44:35
C:\WINDOWS\system32\iAlmCoIn_v3666.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\ialmdd5.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\ialmdev5.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\ialmdnt5.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\ialmgdev.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\ialmgicd.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\ialmrem.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\ialmrnt5.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\iccvid.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\ifc21.dll |18/06/2004 03:05:28
C:\WINDOWS\system32\igfxdev.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\igfxdgps.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\igfxdo.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\igfxeud.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\igfxexps.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\igfxhk.dll |11/02/2004 18:50:12
C:\WINDOWS\system32\igfxpph.dll |11/02/2004 18:50:12
C:\WINDOWS\system32\igfxres.dll |11/02/2004 18:52:12
C:\WINDOWS\system32\igfxress.dll |11/02/2004 18:50:12
C:\WINDOWS\system32\igfxsrvc.dll |11/02/2004 18:50:13
C:\WINDOWS\system32\imon.dll |15/04/2007 08:35:15
C:\WINDOWS\system32\instDll.dll |09/04/2007 17:08:43
C:\WINDOWS\system32\ir32_32.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\Ir41_qc.dll |22/03/1998 15:34:14
C:\WINDOWS\system32\Ir41_qcx.dll |22/03/1998 15:34:14
C:\WINDOWS\system32\Ir50_32.dll |11/02/2004 17:44:35
C:\WINDOWS\system32\ir50_lcs.dll |06/11/1997 14:53:30
C:\WINDOWS\system32\Ir50_qc.dll |22/06/2000 16:31:00
C:\WINDOWS\system32\Ir50_qcx.dll |22/06/2000 16:31:46
C:\WINDOWS\system32\isrdbg32.dll |11/02/2004 17:25:36
C:\WINDOWS\system32\isxdl_fr.dll |16/11/2006 19:40:10
C:\WINDOWS\system32\iyvu9_32.dll |11/02/2004 17:44:35
C:\WINDOWS\system32\jgaw400.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\jgdw400.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\jgmd400.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\jgpl400.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\jgsd400.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\jgsh400.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\jpeglib.dll |24/09/2004 14:40:55
C:\WINDOWS\system32\LCOINST.DLL |18/06/2004 03:05:18
C:\WINDOWS\system32\lfavi11n.dll |24/09/2004 14:38:03
C:\WINDOWS\system32\lfbmp11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\LFCMP11n.DLL |07/06/2002 04:02:00
C:\WINDOWS\system32\lfeps11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lffax11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lffpx11n.dll |24/09/2004 14:38:02
C:\WINDOWS\system32\lffpx7.dll |24/09/2004 14:38:02
C:\WINDOWS\system32\lfgif11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\LFKODAK.DLL |24/09/2004 14:38:02
C:\WINDOWS\system32\lfpcd11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lfpct11n.dll |24/09/2004 14:38:02
C:\WINDOWS\system32\lfpcx11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\Lfpng11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lfpsd11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lftga11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lftif11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lfwfx11n.dll |24/09/2004 14:38:02
C:\WINDOWS\system32\lfwmf11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\LGUICOM.DLL |18/06/2004 03:05:27
C:\WINDOWS\system32\lmoufrc.dll |18/06/2004 03:05:19
C:\WINDOWS\system32\LMOUSE16.DLL |18/06/2004 03:05:27
C:\WINDOWS\system32\LMOUSE32.DLL |18/06/2004 03:05:27
C:\WINDOWS\system32\LTDIS11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\ltefx11n.dll |24/09/2004 14:38:02
C:\WINDOWS\system32\ltfil11n.DLL |07/06/2002 04:02:00
C:\WINDOWS\system32\ltimg11n.dll |07/06/2002 04:02:02
C:\WINDOWS\system32\ltkrn11n.dll |07/06/2002 04:02:02
C:\WINDOWS\system32\lttwn11n.dll |24/09/2004 14:38:03
C:\WINDOWS\system32\Ltwvc11n.dll |07/06/2002 04:02:02
C:\WINDOWS\system32\mciqtz32.dll |12/12/2002 00:14:32
C:\WINDOWS\system32\mdwmdmsp.dll |23/08/2001 17:47:06
C:\WINDOWS\system32\mplaa6.dll |31/10/2001 11:14:40
C:\WINDOWS\system32\mplam6.dll |31/10/2001 11:14:40
C:\WINDOWS\system32\mplapx.dll |31/10/2001 11:14:40
C:\WINDOWS\system32\mplaw7.dll |31/10/2001 11:14:40
C:\WINDOWS\system32\mplva6.dll |31/10/2001 11:14:40
C:\WINDOWS\system32\mplvm6.dll |31/10/2001 11:14:40
C:\WINDOWS\system32\mplvpx.dll |31/10/2001 11:14:40
C:\WINDOWS\system32\mplvw7.dll |31/10/2001 11:14:40
C:\WINDOWS\system32\msdmo.dll |12/12/2002 00:14:32
C:\WINDOWS\system32\msencode.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\MsgPlusLoader.dll |16/04/2007 10:41:18
C:\WINDOWS\system32\multiplex_vcd.dll |26/12/2001 16:12:30
C:\WINDOWS\system32\NTICDMK32.dll |11/02/2004 17:44:07
C:\WINDOWS\system32\NTIMPEG2.dll |11/02/2004 17:44:07
C:\WINDOWS\system32\nv4_disp.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvcod.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvcodins.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvcpl.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nview.dll |11/02/2004 18:41:14
C:\WINDOWS\system32\nviewimg.dll |11/02/2004 18:41:14
C:\WINDOWS\system32\nvinstnt.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvmctray.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvoglnt.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrsda.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrsde.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrseng.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrses.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrsfr.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrsit.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrsja.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrsko.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrsnl.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrsru.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrssv.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrszhc.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrszht.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvshell.dll |11/02/2004 18:41:14
C:\WINDOWS\system32\nvwddi.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwdmcpl.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrsda.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrsde.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrseng.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrses.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrsfr.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrsit.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrsja.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrsko.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrsnl.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrsru.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrssv.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrszhc.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrszht.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\ogg.dll |16/09/2003 17:41:44
C:\WINDOWS\system32\OpenQuicktimeLib.dll |18/11/2003 13:50:24
C:\WINDOWS\system32\paqsp.dll |23/08/2001 17:47:16
C:\WINDOWS\system32\PCDLIB32.DLL |07/06/2002 04:02:02
C:\WINDOWS\system32\pncrt.dll |24/09/2004 14:38:20
C:\WINDOWS\system32\pndx5016.dll |24/09/2004 14:38:21
C:\WINDOWS\system32\pndx5032.dll |24/09/2004 14:38:21
C:\WINDOWS\system32\psisdecd.dll |11/02/2004 17:47:11
C:\WINDOWS\system32\px.dll |26/05/2004 03:21:00
C:\WINDOWS\system32\pxdrv.dll |26/05/2004 03:21:00
C:\WINDOWS\system32\pxmas.dll |26/05/2004 03:21:00
C:\WINDOWS\system32\pxwave.dll |26/05/2004 03:21:00
C:\WINDOWS\system32\pxwma.dll |26/05/2004 03:21:00
C:\WINDOWS\system32\qedwipes.dll |12/12/2002 00:14:32
C:\WINDOWS\system32\rmoc3260.dll |24/09/2004 14:38:22
C:\WINDOWS\system32\rmocx.dll |01/07/2006 14:36:55
C:\WINDOWS\system32\RTLCPAPI.dll |11/02/2004 17:31:39
C:\WINDOWS\system32\sbe.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\slbcsp.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\slbiop.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\slbrccsp.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\spnike.dll |23/08/2001 17:47:18
C:\WINDOWS\system32\sprio600.dll |23/08/2001 17:47:18
C:\WINDOWS\system32\sprio800.dll |23/08/2001 17:47:18
C:\WINDOWS\system32\spxcoins.dll |11/02/2004 17:22:08
C:\WINDOWS\system32\SynCOM.dll |11/02/2004 17:35:21
C:\WINDOWS\system32\SynCtrl.dll |11/02/2004 17:35:21
C:\WINDOWS\system32\SynTPAPI.dll |11/02/2004 17:35:21
C:\WINDOWS\system32\SynTPCoI.dll |11/02/2004 17:35:21
C:\WINDOWS\system32\SynTPFcs.dll |11/02/2004 17:35:22
C:\WINDOWS\system32\tsd32.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\usrcntra.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrcoina.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrdpa.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrdtea.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrfaxa.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrlbva.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrrtosa.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrsdpia.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrsvpia.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrv42a.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrv80a.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrvoica.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrvpa.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\vboxs430.dll |12/09/2000 20:24:29
C:\WINDOWS\system32\vobsub.dll |11/12/2002 10:19:34
C:\WINDOWS\system32\vorbis.dll |16/09/2003 17:52:30
C:\WINDOWS\system32\vortm.dll |24/09/2004 14:40:55
C:\WINDOWS\system32\vp31vfw.dll |14/02/2002 11:48:12
C:\WINDOWS\system32\vp6vfw.dll |21/10/2003 10:49:20
C:\WINDOWS\system32\vsfilter.dll |24/11/2003 01:45:14
C:\WINDOWS\system32\vxblock.dll |26/05/2004 03:21:00
C:\WINDOWS\system32\win87em.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\winvocon.dll |24/09/2004 14:40:54
C:\WINDOWS\system32\WooDial2000.dll |04/08/2004 01:20:22
C:\WINDOWS\system32\xvid.dll |14/05/2003 16:54:02
C:\WINDOWS\system32\_Source21.Dll |24/09/2004 14:40:54

Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\WINDOWS\system

25/12/1998 08:15 345 983 RCDSETUP.EXE
23/08/2001 12:00 9 728 regsvr32.exe
2 fichier(s) 355 711 octets
0 Rép(s) 10 107 502 592 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\WINDOWS\system32

24/04/2003 12:00 4 096 csrss.exe
1 fichier(s) 4 096 octets
0 Rép(s) 10 107 502 592 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\WINDOWS\Downloaded Program Files

11/04/2007 11:40 <REP> .
11/04/2007 11:40 <REP> ..
24/01/2007 03:41 841 304 ampAx3.0.84.2.dll
11/02/2004 17:26 65 desktop.ini
11/04/2007 11:40 2 849 install.log
22/06/2006 11:41 5 032 swflash.inf
11/04/2007 11:40 38 428 unagiuninst.exe
5 fichier(s) 887 678 octets

Total des fichiers listés :
5 fichier(s) 887 678 octets
2 Rép(s) 10 107 502 592 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues



catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Liste des programmes installes

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0
adsl TV
Agere Systems AC'97 Modem
AIM
AIM 6
Archiveur WinRAR
Aspire screensaver
Barre d'outils MSN
BCM Wireless Network Adapter
Broadcom Gigabit Integrated Controller
Broadcom Gigabit Integrated Controller
Canon iP4200
Canon PhotoRecord
Canon PIXMA iP5000
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CD-LabelPrint
CleanUp!
Complément MSN pour Windows Messenger
Correctif Windows XP - KB824146
Correctif Windows XP (SP2) Q811493
Creative System Information
Creative Zen MicroPhoto
DCPro (remove only)
Easy-WebPrint
GDc++ v0.668 (v1.9 RC9 Fixed) powered by Glesius.it
Gestionnaire de disques amovible Creative
Google Earth
HijackThis 1.99.1
Indeo® Software
Intel(R) Extreme Graphics 2 Driver
Java 2 Runtime Environment, SE v1.4.2_01
jv16 PowerTools 2006
K-Lite Codec Pack 2.20 Full
Launch Manager
Lecteur Windows Media 10
Logiciel iTouch de Logitech
Logitech Desktop Messenger
Logitech MouseWare 9.79
Logitech Resource Center
Messager Wanadoo
Messenger Plus! 3
Microsoft Works 7.0
Modem DSL ECI Telecom
Mozilla Firefox (1.0.1)
MSN Messenger 7.0
MUSICMATCH(R) Jukebox
NOD32 antivirus system
NOD32 FiX v2.1
NTI CD & DVD-Maker
NTI CD & DVD-Maker 6.5 Gold
NVIDIA Display Driver
Outlook Express Update Q330994
Philips ToUcam Fun Camera
PowerDVD
RadioBlogClub Downloader v1.0
Reality Fusion GameCam SE
Reality Fusion VBall
RealPlayer
Realtek AC'97 Audio
SmartFTP
SpotLife
Spybot - Search & Destroy 1.4
SuperDJ(TM) 1.10.0
Synaptics Pointing Device Driver
TMPGEnc DVD Author 1.5
Ulead Photo Explorer 6.0
VideoLAN VLC media player 0.8.6a
VideoLink Mail
Viewpoint Media Player
Wanadoo
WebFldrs XP
Winamp (remove only)
Windows Media Format Runtime
WLAN
WLAN 802.11g mini-PCI Module



Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\Program Files

16/04/2007 15:54 <REP> .
16/04/2007 15:54 <REP> ..
11/02/2004 17:39 <REP> Acer Inc
11/02/2004 17:43 <REP> Adobe
14/04/2007 15:08 <REP> adslTV
11/04/2007 11:41 <REP> AIM6
26/04/2005 08:33 <REP> AIM95
11/02/2004 17:53 <REP> Aspire screensaver
11/02/2004 17:31 <REP> AvRack
11/02/2004 17:33 <REP> Broadcom
19/08/2005 11:07 <REP> C2Media
03/08/2005 15:43 <REP> Canon
16/04/2007 10:59 <REP> CleanUp!
09/06/2005 01:00 1 152 409 cnb_2600.tb_
28/04/2005 01:00 130 379 cnb78ca0.ic_
09/06/2005 01:00 131 999 cnb78cb0.ic_
28/03/2005 01:00 132 013 cnb78cc0.ic_
28/03/2005 01:00 128 135 cnb78db0.ic_
28/03/2005 01:00 131 477 cnb78eb0.ic_
28/03/2005 01:00 128 783 cnb78ed0.ic_
30/03/2001 01:00 5 617 cnbjprn2.ic_
27/01/2005 05:30 224 cnm.in_
09/06/2005 06:00 32 527 cnm_0260.dl_
15/04/2005 06:00 18 389 cnmbr260.dl_
15/04/2005 06:00 273 149 cnmdrv.dl_
15/04/2005 06:00 63 127 cnmdump5.dl_
15/04/2005 06:00 10 577 cnmfus.dl_
19/05/2005 15:00 48 128 cnmi0404.dll
25/05/2005 02:10 57 344 cnmi0405.dll
25/05/2005 02:10 57 856 cnmi0406.dll
25/05/2005 02:10 65 024 cnmi0407.dll
25/05/2005 02:10 61 440 cnmi0408.dll
08/03/2005 19:16 56 832 cnmi0409.dll
25/05/2005 02:10 57 344 cnmi040b.dll
25/05/2005 02:10 64 512 cnmi040c.dll
25/05/2005 02:10 58 368 cnmi040e.dll
25/05/2005 02:10 59 392 cnmi0410.dll
08/03/2005 19:16 50 688 cnmi0411.dll
19/05/2005 15:00 50 688 cnmi0412.dll
25/05/2005 02:10 59 904 cnmi0413.dll
25/05/2005 02:10 57 856 cnmi0414.dll
25/05/2005 02:10 58 368 cnmi0415.dll
25/05/2005 02:10 58 368 cnmi0419.dll
25/05/2005 02:10 57 856 cnmi041d.dll
19/05/2005 15:00 56 320 cnmi041e.dll
25/05/2005 02:10 57 344 cnmi041F.dll
19/05/2005 15:00 47 616 cnmi0804.dll
25/05/2005 02:10 59 392 cnmi0816.dll
25/05/2005 02:10 59 392 cnmi0c0a.dll
15/04/2005 06:00 3 128 cnminst.dl_
09/05/2002 22:10 7 204 cnminst2.dll
08/03/2005 19:16 61 952 cnmis.dll
08/03/2005 19:16 5 632 cnmis4.dll
08/03/2005 19:16 18 944 cnmis5.dll
15/04/2005 06:00 70 431 cnmlmon2.dl_
15/04/2005 06:00 10 940 cnmlr.dl_
19/05/2005 15:00 8 854 cnmlrcn.dl_
25/05/2005 06:10 12 700 cnmlrcz.dl_
25/05/2005 06:10 13 322 cnmlrde.dl_
25/05/2005 06:10 12 554 cnmlrdk.dl_
25/05/2005 06:10 12 906 cnmlres.dl_
25/05/2005 06:10 12 050 cnmlrfi.dl_
25/05/2005 06:10 13 000 cnmlrfr.dl_
25/05/2005 06:10 14 548 cnmlrgr.dl_
25/05/2005 06:10 13 198 cnmlrhu.dl_
25/05/2005 06:10 12 280 cnmlrit.dl_
15/04/2005 06:00 9 457 cnmlrj.dl_
19/05/2005 15:00 9 770 cnmlrkr.dl_
25/05/2005 06:10 12 412 cnmlrnl.dl_
25/05/2005 06:10 12 050 cnmlrno.dl_
25/05/2005 06:10 13 792 cnmlrpl.dl_
25/05/2005 06:10 12 406 cnmlrpt.dl_
25/05/2005 06:10 12 766 cnmlrru.dl_
25/05/2005 06:10 12 426 cnmlrse.dl_
19/05/2005 15:00 10 808 cnmlrth.dl_
25/05/2005 06:10 11 882 cnmlrTr.dl_
19/05/2005 15:00 9 112 cnmlrtw.dl_
09/06/2005 06:00 12 362 cnmop78.dl_
15/04/2005 06:00 26 063 cnmp_260.dl_
15/04/2005 06:00 1 104 cnmp0.da_
15/04/2005 06:00 1 076 cnmp1.da_
15/04/2005 06:00 1 676 cnmp2.da_
01/02/2002 17:29 15 300 cnmpar21.sys
15/04/2005 06:00 16 539 cnmpcomm.dl_
15/04/2005 06:00 10 028 cnmpd.dl_
15/04/2005 06:00 31 054 cnmpp.dl_
15/04/2005 06:00 41 376 cnmpv.dl_
15/04/2005 06:00 12 631 cnmqueue.dl_
15/04/2005 06:00 13 222 cnmsmsd.dl_
15/04/2005 06:00 8 402 cnmsr.dl_
19/05/2005 15:00 6 630 cnmsrcn.dl_
25/05/2005 06:10 9 666 cnmsrcz.dl_
25/05/2005 06:10 10 110 cnmsrde.dl_
25/05/2005 06:10 9 324 cnmsrdk.dl_
25/05/2005 06:10 9 804 cnmsres.dl_
25/05/2005 06:10 8 830 cnmsrfi.dl_
25/05/2005 06:10 9 700 cnmsrfr.dl_
25/05/2005 06:10 11 030 cnmsrgr.dl_
25/05/2005 06:10 9 904 cnmsrhu.dl_
25/05/2005 06:10 9 368 cnmsrit.dl_
15/04/2005 06:00 7 089 cnmsrj.dl_
19/05/2005 15:00 7 572 cnmsrkr.dl_
25/05/2005 06:10 9 240 cnmsrnl.dl_
25/05/2005 06:10 9 036 cnmsrno.dl_
25/05/2005 06:10 10 328 cnmsrpl.dl_
25/05/2005 06:10 9 414 cnmsrpt.dl_
25/05/2005 06:10 9 736 cnmsrru.dl_
25/05/2005 06:10 9 362 cnmsrse.dl_
19/05/2005 15:00 8 100 cnmsrth.dl_
25/05/2005 06:10 8 680 cnmsrTr.dl_
19/05/2005 15:00 6 722 cnmsrtw.dl_
15/04/2005 06:00 85 620 cnmstmn.dl_
15/04/2005 06:00 16 116 cnmstsr.sm_
15/04/2005 06:00 361 166 cnmui.dl_
08/03/2005 19:17 90 112 cnmunins.exe
15/04/2005 06:00 30 236 cnmur.dl_
19/05/2005 15:00 26 496 cnmurcn.dl_
25/05/2005 06:10 32 800 cnmurcz.dl_
25/05/2005 06:20 33 490 cnmurde.dl_
25/05/2005 06:10 31 910 cnmurdk.dl_
25/05/2005 06:10 32 810 cnmures.dl_
25/05/2005 06:10 31 606 cnmurfi.dl_
25/05/2005 06:10 33 038 cnmurfr.dl_
25/05/2005 06:10 35 962 cnmurgr.dl_
25/05/2005 06:10 32 898 cnmurhu.dl_
25/05/2005 06:10 32 106 cnmurit.dl_
15/04/2005 06:00 28 671 cnmurj.dl_
19/05/2005 15:00 28 372 cnmurkr.dl_
25/05/2005 06:10 32 082 cnmurnl.dl_
25/05/2005 06:10 31 034 cnmurno.dl_
25/05/2005 06:10 33 918 cnmurpl.dl_
25/05/2005 06:10 32 242 cnmurpt.dl_
25/05/2005 06:10 34 088 cnmurru.dl_
25/05/2005 06:10 31 936 cnmurse.dl_
19/05/2005 15:00 30 386 cnmurth.dl_
25/05/2005 06:10 31 744 cnmurTr.dl_
19/05/2005 15:00 26 876 cnmurtw.dl_
15/04/2005 06:00 3 672 cnmvs.dl_
08/03/2005 19:16 23 040 cnmvsa.exe
15/04/2005 06:00 3 124 cnmw3.dl_
11/02/2004 17:25 <REP> ComPlus Applications
05/11/2006 16:32 <REP> Creative
25/05/2004 20:39 <REP> Cucusoft
11/02/2004 17:45 <REP> CyberLink
21/08/2004 18:23 <REP> DCPro
12/03/2002 22:54 45 056 devid.dll
09/04/2007 17:08 <REP> ECI Telecom
15/04/2007 10:28 <REP> ESET
12/05/2005 17:38 5 133 eula0404.txt
08/02/2005 12:04 11 504 eula0405.txt
24/06/2005 11:46 12 728 eula0406.txt
13/05/2005 14:54 18 199 eula0407.txt
08/02/2005 11:48 13 484 eula0408.txt
28/03/2005 17:00 11 665 eula0409_euro.txt
06/01/2005 18:20 8 824 eula0409_us.txt
08/02/2005 11:31 12 438 eula040b.txt
10/06/2005 16:05 11 558 eula040c_euro.txt
08/02/2005 10:16 10 796 eula040c_us.txt
08/02/2005 12:04 13 205 eula040e.txt
08/02/2005 11:32 12 202 eula0410.txt
12/01/2005 17:41 6 297 eula0411.txt
16/02/2005 16:37 7 100 eula0412.txt
08/02/2005 11:31 15 126 eula0413.txt
08/02/2005 11:32 11 761 eula0414.txt
08/02/2005 12:03 12 374 eula0415.txt
24/06/2005 11:56 15 315 eula0419.txt
08/02/2005 11:32 12 307 eula041d.txt
22/02/2005 12:24 7 596 eula041e.txt
01/03/2005 09:52 11 966 eula041F.txt
16/02/2005 16:36 4 798 eula0804.txt
08/02/2005 11:32 12 781 eula0816_euro.txt
08/02/2005 10:17 9 227 eula0816_us.txt
24/06/2005 12:15 13 086 eula0c0a_euro.txt
08/02/2005 10:17 9 739 eula0c0a_us.txt
14/04/2007 22:08 <REP> Fichiers communs
15/04/2007 16:09 <REP> FlashFXP
09/11/2006 19:37 <REP> Google
15/04/2005 06:00 22 241 helpkicker.ex_
11/02/2004 17:29 <REP> Intel
11/02/2004 17:25 <REP> Internet Explorer
10/04/2006 12:55 <REP> ip4200
01/08/2005 01:11 69 716 ip4200.cat
19/07/2005 06:12 18 740 ip4200.inf
11/02/2004 17:40 <REP> Java
15/04/2007 18:44 <REP> jv16 PowerTools 2006
10/11/2004 18:29 <REP> Kaspersky Lab
26/05/2004 04:00 <REP> K-Lite Codec Pack
11/02/2004 17:41 <REP> Launch Manager
15/04/2007 13:07 <REP> Lavasoft
11/02/2004 17:44 <REP> Ligos
18/06/2004 03:07 <REP> Logitech
11/02/2004 17:34 <REP> ltmoh
04/08/2004 01:20 <REP> Messager Wanadoo
11/02/2004 17:24 <REP> Messenger
24/04/2005 20:14 <REP> MessengerPlus! 3
20/05/2005 15:00 122 417 mh78cn.ch_
25/05/2005 01:00 120 589 mh78cz.ch_
25/05/2005 01:00 121 717 mh78de.ch_
25/05/2005 01:00 114 973 mh78dk.ch_
25/05/2005 01:00 122 491 mh78es.ch_
25/05/2005 06:00 114 493 mh78fi.ch_
25/05/2005 01:00 119 091 mh78fr.ch_
25/05/2005 01:00 132 377 mh78gr.ch_
25/05/2005 01:00 122 605 mh78hu.ch_
25/05/2005 01:00 117 397 mh78it.ch_
15/04/2005 01:00 139 053 mh78jp.ch_
20/05/2005 15:00 135 231 mh78kr.ch_
25/05/2005 01:00 115 999 mh78nl.ch_
25/05/2005 01:00 112 917 mh78no.ch_
25/05/2005 01:00 124 661 mh78pl.ch_
25/05/2005 01:00 117 451 mh78pt.ch_
25/05/2005 01:00 124 611 mh78ru.ch_
25/05/2005 01:00 113 449 mh78se.ch_
20/05/2005 15:00 137 361 mh78th.ch_
25/05/2005 06:00 115 241 mh78Tr.ch_
20/05/2005 15:00 123 259 mh78tw.ch_
15/04/2005 01:00 108 777 mh78us.ch_
11/02/2004 17:26 <REP> microsoft frontpage
16/02/2004 16:53 <REP> Microsoft Works
11/02/2004 17:25 <REP> Movie Maker
15/04/2007 16:09 <REP> Mozilla Firefox
11/02/2004 17:24 <REP> MSN
04/08/2004 18:13 <REP> MSN Apps
11/02/2004 17:24 <REP> MSN Gaming Zone
24/04/2005 20:26 <REP> MSN Messenger
18/06/2004 03:06 <REP> MUSICMATCH
11/02/2004 17:25 <REP> NetMeeting
11/02/2004 17:44 <REP> NewTech Infosystems
25/05/2004 19:50 <REP> O2Micro
11/02/2004 17:25 <REP> Outlook Express
26/05/2004 03:21 <REP> Pegasys Inc
24/09/2004 14:40 <REP> Philips ToUcam Camera
16/11/2006 19:40 <REP> RadioBlogClub Downloader
25/05/2005 06:10 29 124 Readme_Czech.txt
25/05/2005 06:10 31 844 Readme_Danish.txt
25/05/2005 06:10 33 561 Readme_Dutch.txt
19/04/2005 16:54 29 281 readme_english.txt
25/05/2005 06:10 29 619 Readme_Finnish.txt
25/05/2005 06:10 35 043 Readme_French.txt
25/05/2005 06:10 34 813 Readme_German.txt
25/05/2005 06:10 38 518 Readme_Greek.txt
25/05/2005 06:10 31 559 Readme_Hungarian.txt
25/05/2005 06:10 34 109 Readme_Italian.txt
15/04/2005 11:36 27 503 readme_japanese.txt
19/05/2005 16:00 25 991 Readme_Korean.txt
25/05/2005 06:10 30 683 Readme_Norwegian.txt
25/05/2005 06:10 35 455 Readme_Polish.txt
25/05/2005 06:10 34 281 Readme_Portuguese.txt
25/05/2005 06:10 32 243 Readme_Russian.txt
19/05/2005 16:00 20 093 Readme_Simplified_Chinese.txt
25/05/2005 06:10 34 527 Readme_Spanish.txt
25/05/2005 06:10 30 549 Readme_Swedish.txt
19/05/2005 16:00 27 904 Readme_Thai.txt
19/05/2005 16:00 20 061 Readme_Traditional_Chinese.txt
25/05/2005 06:10 30 360 readme_Turkish.txt
24/09/2004 14:38 <REP> Real
11/02/2004 17:31 <REP> Realtek Sound Manager
11/02/2004 17:24 <REP> Services en ligne
08/03/2005 19:17 167 936 setup.exe
15/04/2005 06:00 1 960 setup.ini
20/05/2005 15:00 39 507 sh78cn.ch_
25/05/2005 01:00 40 581 sh78cz.ch_
25/05/2005 01:00 40 277 sh78de.ch_
25/05/2005 01:00 39 883 sh78dk.ch_
25/05/2005 01:00 40 433 sh78es.ch_
25/05/2005 06:00 39 919 sh78fi.ch_
25/05/2005 01:00 40 873 sh78fr.ch_
25/05/2005 01:00 41 615 sh78gr.ch_
25/05/2005 01:00 40 359 sh78hu.ch_
25/05/2005 01:00 40 067 sh78it.ch_
15/04/2005 01:00 40 925 sh78jp.ch_
20/05/2005 15:00 40 567 sh78kr.ch_
25/05/2005 01:00 39 523 sh78nl.ch_
25/05/2005 01:00 39 739 sh78no.ch_
25/05/2005 01:00 40 741 sh78pl.ch_
25/05/2005 01:00 40 317 sh78pt.ch_
25/05/2005 01:00 41 295 sh78ru.ch_
25/05/2005 01:00 39 679 sh78se.ch_
20/05/2005 15:00 40 559 sh78th.ch_
25/05/2005 06:00 39 385 sh78Tr.ch_
20/05/2005 15:00 39 847 sh78tw.ch_
15/04/2005 01:00 39 231 sh78us.ch_
30/04/2005 16:16 <REP> SmartFTP
30/04/2005 16:16 <REP> SmartFTP Setup Files
15/04/2007 09:15 <REP> Spybot - Search & Destroy
11/02/2004 17:35 <REP> Synaptics
24/09/2004 14:39 <REP> Ulead Systems
10/04/2007 09:38 <REP> VideoLAN
24/09/2004 14:40 <REP> VideoLink Mail
11/04/2007 11:40 <REP> Viewpoint
17/04/2007 12:31 <REP> Wanadoo
25/04/2005 20:54 <REP> WildTangent
15/07/2005 11:36 <REP> Winamp
05/11/2006 16:33 <REP> Windows Media Player
11/02/2004 17:24 <REP> Windows NT
28/05/2004 22:31 <REP> WinRAR
25/05/2004 19:50 <REP> WLAN 802.11g mini-PCI Module
11/02/2004 17:26 <REP> xerox
225 fichier(s) 10 542 851 octets
73 Rép(s) 10 107 392 000 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\Program Files\fichiers communs

14/04/2007 22:08 <REP> .
14/04/2007 22:08 <REP> ..
23/08/2004 13:23 <REP> Adobe
11/04/2007 11:39 <REP> AOL
05/11/2006 16:25 <REP> InstallShield
11/02/2004 17:40 <REP> Java
18/06/2004 03:04 <REP> Logitech
11/02/2004 17:22 <REP> Microsoft Shared
11/02/2004 17:25 <REP> MSSoap
11/02/2004 17:22 <REP> ODBC
10/04/2006 13:30 <REP> Real
11/02/2004 17:25 <REP> Services
24/09/2004 14:40 <REP> Smith Micro Shared
14/04/2007 22:09 <REP> Softwin
11/02/2004 17:22 <REP> SpeechEngines
07/07/2005 17:28 <REP> Symantec Shared
11/02/2004 17:25 <REP> System
10/04/2006 13:30 <REP> xing shared
0 fichier(s) 0 octets
18 Rép(s) 10 107 392 000 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

11/02/2004 17:30 <REP> .
11/02/2004 17:30 <REP> ..
18/05/2001 17:57 561 209 MSONSEXT.DLL
03/06/1999 14:09 122 937 MSOWS409.DLL
07/03/2001 09:00 127 033 MSOWS40c.DLL
3 fichier(s) 811 179 octets
2 Rép(s) 10 107 392 000 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\

11/11/2001 00:00 68 096 diff.exe
27/08/2006 14:10 103 424 grep.exe
2 fichier(s) 171 520 octets
0 Rép(s) 10 107 392 000 octets libres
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\AIMinst.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\AIMLang.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\alsetup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\aoldlmgr.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\migrator.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\ocpinst.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\postproc.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\setup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\tbsetup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\unagi3.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\Vwpt.exe
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\Cnmvsa.exe
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\helpkicker.exe
c:\Documents and Settings\benjy\LDCPlusPlus.exe
c:\Documents and Settings\benjy\MpSetup.exe
c:\Documents and Settings\benjy\.housecall6.6\getMac.exe
c:\Documents and Settings\benjy\.housecall6.6\patch.exe
c:\Documents and Settings\benjy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
c:\Documents and Settings\benjy\Bureau\a2AntiMalwareSetup.exe
c:\Documents and Settings\benjy\Bureau\aawsepersonal.exe
c:\Documents and Settings\benjy\Bureau\CleanUp40.exe
c:\Documents and Settings\benjy\Bureau\CleanUp40-1.exe
c:\Documents and Settings\benjy\Bureau\CleanUp40-2.exe
c:\Documents and Settings\benjy\Bureau\dotnetfx.exe
c:\Documents and Settings\benjy\Bureau\FlashFXP_302_Setup.exe
c:\Documents and Settings\benjy\Bureau\FlashFXP_31_RC1_Setup.exe
c:\Documents and Settings\benjy\Bureau\GoogleEarthWin.exe
c:\Documents and Settings\benjy\Bureau\GoogleEarthWin_EARE.exe
c:\Documents and Settings\benjy\Bureau\GoogleEarthWin-1.exe
c:\Documents and Settings\benjy\Bureau\Installer_AIM.exe
c:\Documents and Settings\benjy\Bureau\jv16pt_setup.exe
c:\Documents and Settings\benjy\Bureau\Lopxp.exe
c:\Documents and Settings\benjy\Bureau\mwav.exe
c:\Documents and Settings\benjy\Bureau\new_uninstall.exe
c:\Documents and Settings\benjy\Bureau\RadioBlogClub_Downloader_setup.exe
c:\Documents and Settings\benjy\Bureau\SDFix.exe
c:\Documents and Settings\benjy\Bureau\SFTPMSI.exe
c:\Documents and Settings\benjy\Bureau\SFTPMSI-1.exe
c:\Documents and Settings\benjy\Bureau\spybotsd14.exe
c:\Documents and Settings\benjy\Bureau\BitDefender 10.0\BitDefender 10.0\bitdefender_antivirus_plus.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\catchme.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\diff.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\dumphive.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\Fport.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\grep.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\LFiles.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\pslist.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\streams.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\swreg.exe
c:\Documents and Settings\benjy\Bureau\Lopxp\tools\EchoX.exe
c:\Documents and Settings\benjy\Bureau\Lopxp\tools\lsTasks.exe
c:\Documents and Settings\benjy\Bureau\Lopxp\tools\Process.exe
c:\Documents and Settings\benjy\Bureau\Lopxp\tools\Str.exe
c:\Documents and Settings\benjy\Bureau\NO\NOD32.Antivirus2.70.16 FINAL\NOD32.exe
c:\Documents and Settings\benjy\Bureau\NO\NOD32.Antivirus2.70.16 FINAL\NOD32.FiX.v2.1-nsane.exe
c:\Documents and Settings\benjy\Downloads\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\PtokaX.exe
c:\Documents and Settings\benjy\Downloads\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\upx.exe
c:\Documents and Settings\benjy\Downloads\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\PtokaX.exe
c:\Documents and Settings\benjy\Downloads\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\upx.exe
c:\Documents and Settings\benjy\Mes documents\vlc-0.8.5-win32.exe
c:\Documents and Settings\benjy\Mes documents\migneau.benjamin\DCPro.Installer.v.45E\DCPro.Installer.v.45E.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\Catchme.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\cliptext.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\download.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\LS.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\MD5File.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\MoveEx.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\Process.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\RegDACL.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\RestartIt!.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\sc.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\SF.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\swreg.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\swsc.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\unzip.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\zip.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\Replace\W2K.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\Replace\XP.exe
c:\Documents and Settings\Default User\MpSetup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\AOLFirewallMgr.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\gui.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\imappver.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\instSup.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\ocpchk.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\postinst.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\ProgUpd.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\tbinst.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0404\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0404\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0404\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0405\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0405\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0405\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0406\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0406\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0406\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0407\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0407\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0407\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0408\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0408\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0408\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0409\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0409\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0409\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040b\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040b\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040b\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040c\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040c\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040c\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040e\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040e\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040e\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0410\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0410\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0410\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0411\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0411\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0411\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0412\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0412\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0412\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0413\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0413\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0413\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0414\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0414\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0414\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0415\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0415\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0415\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0419\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0419\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0419\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041D\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041D\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041D\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041E\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041E\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041E\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041F\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041F\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041F\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0804\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0804\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0804\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0816\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0816\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0816\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0c0a\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0c0a\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0c0a\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNM_0260.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMBR260.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMDRV.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMDUMP5.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMFUS.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMINST.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLMON2.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRCN.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRCZ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRDE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRDK.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRES.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRFI.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRFR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRGR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRHU.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRIT.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRJ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRKR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRNL.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRNO.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRPL.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRPT.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRRU.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRSE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTH.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTW.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMOP78.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMP_260.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPCOMM.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPD.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPP.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPV.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMQUEUE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSMSD.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRCN.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRCZ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRDE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRDK.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRES.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRFI.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRFR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRGR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRHU.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRIT.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRJ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRKR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRNL.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRNO.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOW
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 341
OK;

Telecharge ceci
https://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

A+
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

voici le rapport du fichier vbs

'Silent Runners.vbs -- find out what starts up with Windows!
'(compatible with Windows 95/98/Millennium/NT 4.0/2000 Pro/XP Home & Pro/Vista RC1)
'
'DO NOT REMOVE THIS HEADER!
'
'Copyright Andrew ARONOFF 14 January 2007, https://www.silentrunners.org/
'This script is provided without any warranty, either express or implied
'It may not be copied or distributed without permission
'
'** YOU RUN THIS SCRIPT AT YOUR OWN RISK! ** (END OF HEADER)


Option Explicit

Dim strRevNo : strRevNo = "R50"

Public flagTest : flagTest = False 'True if in testing mode
'flagTest = True 'Uncomment to put in testing mode
Public arSecTest : arSecTest = Array() 'array of section numbers to test

Public intSection : intSection = 0 'section counter

'This script is divided into 28 sections.

'malware launch points:
' registry keys (1-12, 15)
' INI/INF-files (16-18)
' folders (19)
' enabled scheduled tasks (20)
' Winsock2 service provider DLLs (21)
' IE toolbars, explorer bars, extensions (22)
' started services (26)
' keyboard driver filters (27)
' printer monitors (28)

'hijack points:
' System/Group Policies (14)
' prefixes for IE URLs (23)
' misc IE points (24)
' HOSTS file (25)

'Output is suppressed if deemed normal unless the -all parameter is used
'Section XVIII is skipped unless the -supp/-all parameters are used or
'the first message box is answered "No" and the next message box "Yes"

' 1. HKCU/HKLM... Run/RunOnce/RunOnce\Setup/RunOnceEx
' HKLM... RunServices/RunServicesOnce
' HKCU/HKLM... Policies\Explorer\Run
' 2. HKLM... Active Setup\Installed Components\
' HKCU... Active Setup\Installed Components\
' (StubPath <> "" And HKLM version # > HKCU version #)
' 3. HKLM... Explorer\Browser Helper Objects\
' 4. HKLM... Shell Extensions\Approved\
' 5. HKLM... Explorer\SharedTaskScheduler/ShellExecuteHooks
' 6. HKCU/HKLM... ShellServiceObjectDelayLoad\
' 7. HKCU/HKLM... Command Processor\AutoRun
' HKCU... Policies\System\Shell (W2K/WXP/WVa only)
' HKCU... Windows\load & run
' HKLM... Windows\AppInit_DLLs
' HKCU/HKLM... Winlogon\Shell
' HKLM... Winlogon\Userinit, System, Ginadll, Taskman
' HKLM... Control\SafeBoot\Option\UseAlternateShell
' HKLM... Control\SecurityProviders\SecurityProviders
' HKLM... Control\Session Manager\BootExecute
' HKLM... Control\Session Manager\WOW\cmdline, wowcmdline
' 8. HKLM... Winlogon\Notify\ (subkey names/DLLName values <> O/S-specific dictionary data)
' 9. HKLM... Image File Execution Options ("Debugger" subkeys)
'10. HKCU/HKLM... Policies... Startup/Shutdown, Logon/Logoff scripts (W2K/WXP/WVa)
'11. HKCU/HKLM Protocols\Filter
'12. Context menu shell extensions
'13. HKCU/HKLM executable file type (bat/cmd/com/exe/hta/pif/scr)
'14. System/Group Policies
'15. Enabled Wallpaper & Screen Saver
'16. WIN.INI (load/run <> ""), SYSTEM.INI (shell <> explorer.exe, scrnsave.exe), WINSTART.BAT
'17. AUTORUN.INF in root directory of local fixed disks
'18. DESKTOP.INI in any local fixed disk directory (section skipped by default)
'19. %WINDIR%... Startup & All Users... Startup (W98/WMe) or
' %USERNAME%... Startup & All Users... Startup folder contents
'20. Enabled Scheduled Tasks
'21. Winsock2 Service Provider DLLs
'22. Internet Explorer Toolbars, Explorer Bars, Extensions
'23. Internet Explorer URL Prefixes
'24. Misc. IE Hijack Points
'25. HOSTS file
'26. Started Services
'27. Keyboard Driver Filters
'28. Print Monitors

Dim Wshso : Set Wshso = WScript.CreateObject("WScript.Shell")
Dim WshoArgs : Set WshoArgs = WScript.Arguments
Dim intErrNum, intMB, intMB1 'Err.Number, MsgBox return value x 2

Dim strflagTest : strflagTest = ""
If flagTest Then
strflagTest = "TEST "
Wshso.Popup "Silent Runners is in testing mode.",1, _
"Testing, testing, 1-2-3...", vbOKOnly + vbExclamation
End If

'Configuration Detection Section

' FileSystemObject creation error (112)
' CScript/WScript (147)
' Dim (161)
' GetFileVersion(WinVer.exe) (VBScript 5.1) (182)
' OS version (223)
' WMI (279)
' Dim (364)
' command line arguments (440)
' supplementary search MsgBox (532)
' startup MsgBox (557)
' CreateTextFile error (583)
' output file header (625)
' WXP SP2 (629)

On Error Resume Next
Dim Fso : Set Fso = CreateObject("Scripting.FileSystemObject")
intErrNum = Err.Number : Err.Clear
On Error Goto 0

If intErrNum <> 0 Then

strURL = "https://docs.microsoft.com/en-us/"

intMB = MsgBox (Chr(34) & "Silent Runners" & Chr(34) &_
" cannot access file services critical to" & vbCRLF &_
"proper script operation." & vbCRLF & vbCRLF &_
"If you are running Windows XP, make sure that the" &_
vbCRLF & Chr(34) & "Cryptographic Services" & Chr(34) &_
" service is started." & vbCRLF & vbCRLF &_
"You can also try reinstalling the latest version of the MS" &_
vbCRLF & "Windows Script Host." & vbCRLF & vbCRLF &_
"Press " & Chr(34) & "OK" & Chr(34) & " to direct your browser to " &_
"the download site or" & vbCRLF & Space(10) & Chr(34) & "Cancel" &_
Chr(34) & " to quit.", vbOKCancel + vbCritical, _
"Can't access the FileSystemObject!")

'if dl wanted now, send browser to dl site
If intMB = 1 Then Wshso.Run strURL

WScript.Quit

End If

Dim oNetwk : Set oNetwk = WScript.CreateObject("WScript.Network")

Const HKLM = &H80000002, HKCU = &H80000001
Const REG_SZ=1, REG_EXPAND_SZ=2, REG_BINARY=3, REG_DWORD=4, REG_MULTI_SZ=7
Const REG_QWORD = 11
Const MS = " [MS]"
Const DQ = """", LBr = "{"
Const IWarn = "<<!>> ", HWarn = "<<H>> "

'determine whether output is via MsgBox/PopUp or Echo
Dim flagOut
If InStr(LCase(WScript.FullName),"wscript.exe") > 0 Then
flagOut = "W" 'WScript
ElseIf InStr(LCase(WScript.FullName),"cscript.exe") > 0 Then
flagOut = "C" 'CScript
Else 'echo and continue if it works
flagOut = "C" 'assume CScript-compatible
WScript.Echo "Neither " & Chr(34) & "WSCRIPT.EXE" & Chr(34) & " nor " &_
Chr(34) & "CSCRIPT.EXE" & Chr(34) & " was detected as " &_
"the script host." & vbCRLF & Chr(34) & "Silent Runners" & Chr(34) &_
" will assume that the script host is CSCRIPT-compatible and will" & vbCRLF &_
"use WScript.Echo for all messages."
End If 'script host

Const SysFolder = 1 : Const WinFolder = 0
Dim strOS : strOS = "Unknown"
Dim strOSLong : strOSLong = "Unknown"
Dim strOSXP : strOSXP = "Windows XP Home" 'XP Home or Pro
Public strFPSF : strFPSF = Fso.GetSpecialFolder(SysFolder).Path 'FullPathSystemFolder
Public strFPWF : strFPWF = Fso.GetSpecialFolder(WinFolder).Path 'FullPathWindowsFolder
Public strExeBareName 'bare file name w/o windows or system folder prefixes
Dim strSysVer 'Winver.exe version number
Dim intErrNum1, intErrNum2, intErrNum3, intErrNum4, intErrNum5, intErrNum6 'error number
Dim intLenValue 'value length
Dim strURL 'download URL
'assume Group Policies cannot be set in the O/S
Dim flagGP : flagGP = False
'HKCU/HKLM CLSID Lower Limit, default is HKLM for O/S <= NT4
Dim intCLL : intCLL = 1

'Winver.exe is in \Windows under W98, but in \System32 for other O/S's
'trap GetFileVersion error for VBScript version < 5.1
On Error Resume Next
If Fso.FileExists (strFPSF & "\Winver.exe") Then
strSysVer = Fso.GetFileVersion(strFPSF & "\Winver.exe")
Else
strSysVer = Fso.GetFileVersion(strFPWF & "\Winver.exe")
End If
intErrNum = Err.Number : Err.Clear
On Error Goto 0

'if GetFileVersion returns error due to old WSH version
If intErrNum <> 0 Then

'store dl URL
strURL = "http://tinyurl.com/7zh0"

'if using WScript
If flagOut = "W" Then

'explain the problem
intMB = MsgBox ("This script requires Windows Script Host (WSH) 5.1 " &_
"or higher to run." & vbCRLF & vbCRLF & "Press " & Chr(34) & "OK" &_
Chr(34) & " to direct your browser to the WSH download site or " &_
Chr(34) & "Cancel" & Chr(34) & " to quit." & vbCRLF & vbCRLF &_
"(WMI is also required. If it's missing, download instructions " &_
"will appear later.)", vbOKCancel + vbExclamation, _
"Unsupported Windows Script Host Version!")

'if dl wanted now, send browser to dl site
If intMB = 1 Then Wshso.Run strURL

'if using CScript
Else 'flagOut = "C"

'explain the problem
WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " requires " &_
"Windows Script Host 5.1 or higher to run." & vbCRLF & vbCRLF &_
"It can be downloaded at: " & strURL

End If 'WScript or CScript?

'quit the script
WScript.Quit

End If 'VBScript version error encountered?

'use WINVER.EXE file version to determine O/S
If Instr(Left(strSysVer,3),"4.1") > 0 Then
strOS = "W98" : strOSLong = "Windows 98"

ElseIf Instr(Left(strSysVer,5),"4.0.1") > 0 Then
strOS = "NT4" : strOSLong = "Windows NT 4.0"

ElseIf Instr(Left(strSysVer,8),"4.0.0.95") > 0 Then
strOS = "W98" : strOSLong = "Windows 95"

ElseIf Instr(Left(strSysVer,8),"4.0.0.11") > 0 Then
strOS = "W98" : strOSLong = "Windows 95 SR2 (OEM)"

ElseIf Instr(Left(strSysVer,3),"5.0") > 0 Then
strOS = "W2K" : strOSLong = "Windows 2000" : : intCLL = 0 : flagGP = True

ElseIf Instr(Left(strSysVer,3),"5.1") > 0 Then
'SP0 & SP1 = 5.1.2600.0, SP2 = 5.1.2600.2180
strOS = "WXP" : strOSLong = "Windows XP" : intCLL = 0

If Instr(strSysVer,".2180") > 0 Then strOSLong = "Windows XP SP2"

ElseIf Instr(Left(strSysVer,3),"4.9") > 0 Then
strOS = "WME" : strOSLong = "Windows Me (Millennium Edition)"

ElseIf Instr(Left(strSysVer,3),"5.2") > 0 Then
strOS = "WXP" : strOSLong = "Windows Server 2003 (interpreted as Windows XP)"
flagGP = True : intCLL = 0

ElseIf Instr(Left(strSysVer,3),"6.0") > 0 Then
strOS = "WVA" : strOSLong = "Windows Vista RC1"
flagGP = True : intCLL = 0

Else 'unknown strSysVer

If flagOut = "W" Then

intMB = MsgBox ("The " & Chr(34) & "Silent Runners" & Chr(34) &_
" script cannot determine the operating system." & vbCRLF & vbCRLF &_
"Click " & Chr(34) & "OK" & Chr(34) & " to send an e-mail to the " &_
"author, providing the following information:" & vbCRLF & vbCRLF &_
"WINVER.EXE file version = " & strSysVer & vbCRLF & vbCRLF &_
"or click " & Chr(34) & "Cancel" & Chr(34) & " to quit.", _
49,"O/S Unknown!")

If intMB = 1 Then Wshso.Run "mailto:Andrew%20Aronoff%20" &_
"<%6F%73.%76%65%72.%65%72%72%6F%72@%73%69%6C%65%6E%74%72%75%6E%6E%65%72%73.%6F%72%67>?" &_
"subject=Silent%20Runners%20OS%20Version%20Error&body=WINVER.EXE" &_
"%20file%20version%20=%20" & strSysVer

Else 'flagOut = "C"

WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " cannot " &_
"determine the operating system." & vbCRLF & vbCRLF & "This script will exit."

End If 'flagOut?

WScript.Quit

End If 'OS id'd from strSysVer?

'use WMI to connect to the registry
On Error Resume Next
Dim oReg : Set oReg = GetObject("winmgmts:\root\default:StdRegProv")
intErrNum = Err.Number : Err.Clear
On Error Goto 0

'detect WMI connection error
If intErrNum <> 0 Then

strURL = ""

'for W98/NT4, assume WMI not installed and direct to d/l URL
If strOS = "W98" Or strOS = "NT4" Then

If strOS = "W98" Then strURL = "http://tinyurl.com/jbxe"
If strOS = "NT4" Then strURL = "http://tinyurl.com/7wd7"

'invite user to download WMI & quit
If flagOut = "W" Then

intMB = MsgBox ("This script requires " & Chr(34) & "WMI" &_
Chr(34) & ", Windows Management Instrumentation, to run." &_
vbCRLF & vbCRLF & "It can be downloaded at: " & strURL &_
vbCRLF & vbCRLF & "Press " & Chr(34) & "OK" & Chr(34) &_
" to direct your browser to the download site or " &_
Chr(34) & "Cancel" & Chr(34) & " to quit.",_
vbOKCancel + vbCritical,"WMI Not Installed!")

If intMB = 1 Then Wshso.Run strURL

'at command line, explain & quit
Else 'flagOut = "C"

WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " requires " &_
Chr(34) & "WMI" & Chr(34) & ", Windows Management Instrumentation, " &_
"to run." & vbCRLF & vbCRLF & "It can be downloaded at: " & strURL

End If

'for W2K/WXP/WVa, explain how to start the WMI service
ElseIf strOS = "W2K" Or strOS = "WXP" or strOS = "WVA" Then

If strOS = "W2K" Then strLine = "Settings | Control Panel | "
If strOS = "WXP" Then strLine = "Control Panel | "
If strOS = "WVA" Then strLine = "Control Panel | Classic View | "

'explain how to turn on WMI service
If flagOut = "W" Then

MsgBox "This script requires Windows Management Instrumentation" &_
" to run." & vbCRLF & vbCRLF & "Click on Start | " & strLine &_
"Administrative Tools | Services," & vbCRLF &_
"and start the " & Chr(34) & "Windows Management Instrumentation" &_
Chr(34) & " service.",vbOKOnly + vbCritical,"WMI Service not running!"

'at command line, explain & quit
Else 'flagOut = "C"

WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " requires " &_
"Windows Management Instrumentation to run." & vbCRLF & vbCRLF &_
"Click on Start | " & strLine & "Administrative " &_
"Tools | Services" & vbCRLF & "and start the " & Chr(34) &_
"Windows Management Instrumentation" & Chr(34) & " service."

End If 'flagOut?

Else 'WMe

'say there's a WMI problem
If flagOut = "W" Then

MsgBox "This script requires WMI (Windows Management Instrumentation)" &_
" to run," & vbCRLF & "but WMI is not running correctly.", _
vbOKOnly + vbCritical,"WMI problem!"

'at command line, explain & quit
Else 'flagOut = "C"

WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " requires " &_
"WMI (Windows Management Instrumentation) to run," & vbCRLF &_
"but WMI is not running correctly."

End If 'flagOut?

End If 'which O/S?

WScript.Quit

End If 'WMI execution error

'array of Run keys, counter x 5, hive member, startup folder file,
'startup file shortcut, IERESET.INF file
Dim arRunKeys, i, ii, j, k, l, oHiveElmt, oSUFi, oSUSC
'dictionary, keys, items, hard disk collection
Dim arSK, arSKk, arSKi, colDisks

'arrays: Run key names, keys, sub-keys, value type, SecurityProviders,
' Protocol filters, values
Dim arNames(), arKeys(), arSubKeys(), arType, arSP, arFilter(), arValues
'Sub-Directory DeskTop.Ini array, Sub-Directory Error array, Error array
'Recognized GP names, allowed GP names
Public arSDDTI(), arSDErr(), arErr(), arRecNames(), arAllowedNames()

'DeskTop.Ini counter, Error counter x 2, Classes data Hive counter
Public ctrArDTI, ctrArErr, ctrErr, ctrCH
Public ctrFo : ctrFo = 0 'folder counter

'name member, key array member x 4, O/S, drive root directory, work file
Dim oName, oKey, oKey2, strMemKey, strMemSubKey, oOS, oRoot, oFileWk
'values x 7
Dim strValue, strValue1, strValue2, strValue3, strValue4, strValue5, strValue6
Dim strVal, intValue, strCmd
'name, single character, startup folder name, startup folder, array member, temp var
Dim strName, strChr, arSUFN, oSUF, strArMember, strTmp, strTmp2
'output string x 3
Public strOut, strOut1, strOut2

'output file msg x 2, warning string, title line
Dim strLine, strLine1, strLine2, strWarn, strTitleLine
'infection/hijack warning detection flags -- add footer note if True
Public flagIWarn : flagIWarn = False
Public flagHWarn : flagHWarn = False
Dim strKey, strKey1, strKey2, strKey3, strSubKey 'register key x 4, sub-key
'output file name string (incl. path), file name (wo path),
'PIF path string, single binary character
Dim strFN, strFNNP, strPIFTgt, bin1C
Public datLaunch : datLaunch = Now 'script launch time
Public intCnt 'counter
'ref time, time taken by 2 pop-up boxes
Public datRef : datRef = 0
Public datPUB1 : datPUB1 = 0 : Public datPUB2 : datPUB2 = 0

'TRUE if show all output (default values not filtered)
Public flagShowAll : flagShowAll = False
Dim strRptOutput : strRptOutput = "Output limited to non-default values, " &_
"except where indicated by " & Chr(34) & "{++}" & Chr(34) 'output file string
Public strTitle : strTitle = ""
Public strSubTitle : strSubTitle = ""
Public strSubSubTitle : strSubSubTitle = ""
Public flagNVP : flagNVP = False 'existence of name/value pairs in a key
Public flagInfect : flagInfect = False 'flag infected condition
Dim flagMatch 'flag matching keys
Dim flagAllow 'flag key on approved list
Dim flagFound 'flag key that exists in Registry
Dim flagDirArg : flagDirArg = False 'presence of output directory argument
Dim flagIsCLSID : flagIsCLSID = False 'true if argument in CLSID format
Dim flagTitle 'True if title has already been written
Dim flagAllArg : flagAllArg = False 'presence of all output argument
Dim flagArray 'flag array containing elements
Public flagSupp : flagSupp = False 'do *not* check for DESKTOP.INI in all
'directories of local fixed disks
Dim intLBSP 'Last BackSlash Position in path string
Dim intSS 'lowest sort subscript
Dim intType 'value type
Dim strDLL, strCN 'DLL name, company name
'string to signal all output by default
Public strAllOutDefault : strAllOutDefault = ""

Dim ScrPath : ScrPath = Fso.GetParentFolderName(WScript.ScriptFullName)
If Right(ScrPath,1) <> "\" Then ScrPath = ScrPath & "\"
'initialize Path of Output File Folder to script path
Dim strPathOFFo : strPathOFFo = ScrPath

'hive array
Public arHives(1,1)
arHives(0,0) = "HKCU" : arHives(1,0) = "HKLM"
arHives(0,1) = &H80000001 : arHives(1,1) = &H80000002

'set up argument usage message string

Dim strLSp, strCSp 'Leading Spaces, Centering Spaces
strLSp = Space(4) : strCSp = Space(33) 'WScript spacing
If flagOut = "C" Then 'CScript spacing
strLsp = Space(3) : strCSp = Space(28)
End If

Dim strMsg : strMsg = "Only two arguments are permitted:" &_
vbCRLF & vbCRLF &_
"1. the name of an existing directory for the output report" &_
vbCRLF & strLSp & "(embed in quotes if it contains spaces)" &_
vbCRLF & vbCRLF & strCSp & "AND:" & vbCRLF & vbCRLF &_
"2. " & Chr(34) & "-supp" & Chr(34) & " to search " &_
"all directories for DESKTOP.INI DLL" & vbCRLF &_
strLSp & "launch points" &_
vbCRLF & vbCRLF & strCSp & "-OR-" & vbCRLF & vbCRLF &_
"3. " & Chr(34) & "-all" & Chr(34) & " to output all non-empty " &_
"values and all launch" & vbCRLF & strLSp & "points checked"

'check if output directory or "-all" or "-supp" was supplied as argument
If WshoArgs.length > 0 And WshoArgs.length <= 2 Then

For i = 0 To WshoArgs.length-1

'if directory arg not already passed and arg directory exists
If Not flagDirArg And Fso.FolderExists(WshoArgs(i)) Then

'get the path & toggle the directory arg flag
Dim oOFFo : Set oOFFo = Fso.GetFolder(WshoArgs(i))
strPathOFFo = oOFFo.Path : flagDirArg = True
If Right(strPathOFFo,1) <> "\" Then strPathOFFo = strPathOFFo & "\"
Set oOFFo=Nothing

'if -all arg not already passed and is this arg
ElseIf Not flagAllArg And LCase(WshoArgs(i)) = "-all" Then

'toggle ShowAll flag, toggle the all arg flag, fill report string
flagShowAll = True : flagAllArg = True
strRptOutput = "Output of all locations checked and all values found."

'if -all arg not already passed and is this arg
ElseIf Not flagAllArg And LCase(WshoArgs(i)) = "-supp" Then
flagSupp = True : flagAllArg = True
strRptOutput = "Search enabled of all directories on local fixed " &_
"drives for DESKTOP.INI" & vbCRLF & " DLL launch points" &_
vbCRLF & strRptOutput

'argument can't be interpreted, so explain & quit
Else

If flagOut = "W" Then 'pop up a message window

Wshso.Popup "The argument:" & vbCRLF &_
Chr(34) & UCase(WshoArgs(i)) & Chr(34) & vbCRLF &_
"... can't be interpreted." & vbCRLF & vbCRLF &_
strMsg,10,"Bad Script Argument", vbOKOnly + vbExclamation

Else 'flagOut = "C" 'write the message to the console

WScript.Echo vbCRLF & "The argument: " &_
Chr(34) & UCase(WshoArgs(i)) & Chr(34) &_
" can't be interpreted." & vbCRLF & vbCRLF &_
strMsg & vbCRLF

End If 'WScript host?

WScript.Quit

End If 'argument can be interpreted?

Next 'argument

'too many args passed
ElseIf WshoArgs.length > 2 Then

'explain & quit
If flagOut = "W" Then 'pop up a message window

Wshso.Popup "Too many arguments (" & WshoArgs.length & ") were passed." &_
vbCRLF & vbCRLF & strMsg,10,"Too Many Arguments",_
vbOKOnly + vbCritical

Else 'flagOut = "C" 'write the message to the console

WScript.Echo "Too many arguments (" & WshoArgs.length & ") were passed." &_
vbCRLF & vbCRLF & strMsg & vbCRLF

End If 'WScript host?

WScript.Quit

End If 'directory arguments passed?

Set WshoArgs=Nothing

datRef = Now

'if no cmd line argument for flagSupp and not testing, show popup
If Not flagTest And Not flagShowAll And Not flagSupp And flagOut = "W" Then

intMB = Wshso.Popup ("Do you want to skip the supplementary search?" &_
vbCRLF & "(It typically takes several minutes.)" & vbCRLF & vbCRLF &_
"Press " & Chr(34) & "Yes" & Chr(34) & Space(5) &_
" to skip the supplementary search (default)" & vbCRLF & vbCRLF &_
Space(10) & Chr(34) & "No" & Chr(34) & Space(6) &_
" to perform it, or" & vbCRLF & vbCRLF &_
Space(10) & Chr(34) & "Cancel" & Chr(34) &_
" to get more information at the web site" & vbCRLF &_
Space(25) & "and exit the script.",_
15,"Skip supplementary search?",_
vbYesNoCancel + vbQuestion + vbDefaultButton1 + vbSystemModal)

If intMB = vbNo Then

flagSupp = True

intMB1 = MsgBox ("Are you SURE you want to run the supplementary " &_
"search?" & vbCRLF & vbCRLF & "It's _rarely_ necessary " &_
"and it takes a *long* time." & vbCRLF & vbCRLF & "Press " & DQ &_
"Yes" & DQ & " to confirm running the supplementary search, " &_
"or" & vbCRLF & Space(10) & DQ & "No" & DQ & " to run without it.", _
vbYesNo + vbQuestion + vbDefaultButton2 + vbSystemModal,"Are you sure?")

If intMB1 = vbNo Then flagSupp = False

ElseIf intMB = vbCancel Then
Wshso.Run "https://www.silentrunners.org/thescript.html#supp"
WScript.Quit
End If

End If

datPUB1 = DateDiff("s",datRef,Now) : datRef = Now

'inform user that script has started
If Not flagTest Then
If flagOut = "W" Then
Wshso.PopUp Chr(34) & "Silent Runners" & Chr(34) & " has started." &_
vbCRLF & vbCRLF & "A message box like this one will appear " &_
"when it's done." & vbCRLF & vbCRLF & "Please be patient...",3,_
"Silent Runners R" & strRevNo & " startup", _
vbOKOnly + vbInformation + vbSystemModal
Else
WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " has started." &_
" Please be patient..."
End If 'flagOut?
End If 'flagTest?

datPUB2 = DateDiff("s",datRef,Now)

'create output file name with computer name & today's date
'Startup Programs (pc_name_here) yyyy-mm-dd.txt

strFNNP = "Startup Programs (" & oNetwk.ComputerName & ") " &_
FmtDate(datLaunch) & " " & FmtHMS(datLaunch) & ".txt"
strFN = strPathOFFo & strflagTest & strFNNP
On Error Resume Next
If Fso.FileExists(strFN) Then Fso.DeleteFile(strFN)
Err.Clear
Public oFN : Set oFN = Fso.CreateTextFile(strFN,True)
intErrNum = Err.Number : Err.Clear
On Error Goto 0

'if can't create report file
If intErrNum > 0 Then

strURL = "https://www.silentrunners.org/Silent%20Runners%20RED.vbs"

'invite user to run RED version & quit
If flagOut = "W" Then

intMB = MsgBox ("The script cannot create its report file. " &_
"This is a known, intermittent" & vbCRLF & "problem under " &_
strOSLong & "." & vbCRLF & vbCRLF &_
"An alternative script version is available for download. " &_
"After it runs, " & vbCRLF & "the script you're using now will " &_
"run correctly." & vbCRLF & vbCRLF &_
"Press " & Chr(34) & "OK" & Chr(34) & " to direct your browser " &_
"to the alternate script location, or" & vbCRLF & Space(10) &_
Chr(34) & "Cancel" & Chr(34) & " to quit.",49,"CreateTextFile Error!")

'if alternative script wanted now, send browser to dl site
If intMB = 1 Then Wshso.Run strURL

'explain & quit
Else 'flagOut = "C"

WScript.Echo Chr(34) & "Silent Runners" & Chr(34) & " cannot " &_
"create the report file." & vbCRLF & vbCRLF &_
"An alternative script is available. Run it, then rerun this version." &_
vbCRLF & "The alternative script can be downloaded at: " & vbCRLF &_
vbCRLF & strURL

End If

WScript.Quit

End If 'report file creation error?

'add report header
Set oNetwk=Nothing

oFN.WriteLine Chr(34) & "Silent Runners.vbs" & Chr(34) &_
", revision " & strRevNo & ", https://www.silentrunners.org/" &_
vbCRLF & "Operating System: " & strOSLong & vbCRLF & strRptOutput

'test for WMI corruption and use WMI to differentiate between
'WXP Home & WXP Pro

'get the O/S collection
Dim colOS : Set colOS = GetObject("winmgmts:\root\cimv2").ExecQuery _
("Select * from Win32_OperatingSystem")

On Error Resume Next

Err.Clear

For Each oOS in colOS

If strOS = "WXP" Then

'modify strOSXP if O/S = Pro
If InStr(1,LCase(oOS.Name),"professional",1) > 0 Then
strOSXP = "Windows XP Professional"
flagGP = True
End If
'modify strOSXP if SP2
If Right(strOSLong,3) = "SP2" Then strOSXP = strOSXP & " SP2"

End If 'WXP?

Next 'oOS

If Err.Number <> 0 Then

strURL = "http://go.microsoft.com/fwlink/?LinkId=62562"

oFN.WriteLine vbCRLF & "FATAL ERROR!" & vbCRLF & String(12,"-") &_
vbCRLF & vbCRLF & DQ & "Silent Runners" & DQ &_
" cannot use WMI to identify the operating system." &_
vbCRLF & "This is caused by corruption of the WMI installation." &_
vbCRLF & vbCRLF &_
"WMI is complex and it is recommended that you use a Microsoft" &_
vbCRLF & "tool, " & DQ & "WMIDiag.vbs," & DQ & " to diagnose WMI " &_
"on your system." & vbCRLF & vbCRLF & "It can be downloaded here:" &_
vbCRLF & vbCRLF & strURL

intMB = MsgBox (DQ & "Silent Runners" & DQ & " cannot use WMI to " &_
"identify the operating system." & vbCRLF & "This is caused by " &_
"corruption of the WMI installation." &_
vbCRLF & vbCRLF &_
"WMI is complex and it is recommended that you use a Microsoft" &_
vbCRLF & "tool, " & DQ & "WMIDiag.vbs," & DQ & " to diagnose WMI " &_
"on your system." &_
vbCRLF & vbCRLF &_
"Press " & DQ & "OK" & DQ & " to direct your browser to the " &_
"WMIDiag download site or" &_
vbCRLF & Space(10) & DQ & "Cancel" & DQ & " to quit.",_
vbOKCancel + vbCritical + + vbSystemModal + vbDefaultButton2,_
"Can't iterate Win32_OperatingSystem!")

'if dl wanted now, send browser to dl site
If intMB = 1 Then Wshso.Run strURL

WScript.Quit

End If 'Err.Number<>0?

On Error Goto 0

Set colOS=Nothing




'#1. HKCU/HKLM... Run/RunOnce/RunOnce\Setup/RunOnceEx
' HKLM... RunServices/RunServicesOnce
' HKCU/HKLM... Policies\Explorer\Run

intSection = intSection + 1

'execute section if not in testing mode or (in testing mode And this section selected for testing)
If Not flagTest Or (flagTest And SecTest) Then

'write registry header lines to file
strTitle = "Startup items buried in registry:"
TitleLineWrite

'put keys in array (Key Index 0 - 6)
arRunKeys = Array ("Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run", _
"Software\Microsoft\Windows\CurrentVersion\Run", _
"Software\Microsoft\Windows\CurrentVersion\RunOnce", _
"Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup", _
"Software\Microsoft\Windows\CurrentVersion\RunOnceEx", _
"Software\Microsoft\Windows\CurrentVersion\RunServices", _
"Software\Microsoft\Windows\CurrentVersion\RunServicesOnce")

'Key Execution Flag/Subkey Recursion Flag array
'
'first number in the ordered pair in the array immediately below
' pertains to execution of the key:
'0: not executed (ignore)
'1: may be executed so display with EXECUTION UNLIKELY warning
'2: executable
'
'second number in the ordered pair pertains to subkey recursion
'0: subkeys not used
'1: subkey recursion necessary

'0 Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
'1 Software\Microsoft\Windows\CurrentVersion\Run
'2 Software\Microsoft\Windows\CurrentVersion\RunOnce
'3 Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup
'4 Software\Microsoft\Windows\CurrentVersion\RunOnceEx
'5 Software\Microsoft\Windows\CurrentVersion\RunServices
'6 Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

'Hive HKCU - 0 HKLM - 1
'
'Key 0 1 2 3 4 5 6 0 1 2 3 4 5 6
'Index

'O/S:
'W95 0,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 2,0 2,0 0,0 2,1 2,0 2,0
'W98 0,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 2,0 2,0 2,0 2,1 2,0 2,0
'WMe 2,1 2,1 2,0 2,0 2,1 0,0 0,0 2,1 2,1 2,0 2,0 2,1 2,0 2,0
'NT4 0,0 2,0 2,0 0,0 2,1 0,0 0,0 0,0 2,0 2,0 0,0 2,1 0,0 0,0
'W2K 2,1 2,1 2,1 0,0 2,1 0,0 0,0 2,1 2,1 2,1 0,0 2,1 0,0 0,0
'WXP 2,0 2,0 2,0 0,0 2,1 0,0 0,0 2,0 2,0 2,0 0,0 2,1 0,0 0,0
'WS2K3 ??? <-------------------- ??? --------------------> ???
'WVa 2,0 2,0 2,0 0,0 2,1 0,0 0,0 2,0 2,0 2,0 0,0 2,1 0,0 0,0

'arRegFlag(i,j,k): put flags in array by O/S:
'hive = i (0 or 1), key_# = j (0-6),
' flags (key execution/subkey recursion) = k (0 or 1)
' k = 0 holds key execution value = 0/1/2
' 1 holds subkey recursion value = 0/1
Dim arRegFlag()
ReDim arRegFlag(1,6,1)

'initialize entire array to zero
For i = 0 To 1 : For j = 0 To 6 : For k = 0 To 1
arRegFlag(i,j,k) = 0
Next : Next : Next

'add data to array for O/S that's running

'W98
If strOS = "W98" Then
arRegFlag(0,1,0) = 2 'HKCU,Run = no-warn
arRegFlag(0,2,0) = 2 'HKCU,RunOnce = no-warn
arRegFlag(0,4,0) = 2 'HKCU,RunOnceEx = no-warn
arRegFlag(0,4,1) = 1 'HKCU,RunOnceEx = sub-keys
arRegFlag(1,1,0) = 2 'HKLM,Run = no-warn
arRegFlag(1,2,0) = 2 'HKLM,RunOnce = no-warn
'don't set HKLM,RunOnce\Setup for W95
If strOSLong = "Windows 98" Then _
arRegFlag(1,3,0) = 2 'HKLM,RunOnce\Setup = no-warn
arRegFlag(1,4,0) = 2 'HKLM,RunOnceEx = no-warn
arRegFlag(1,4,1) = 1 'HKLM,RunOnceEx = sub-keys
arRegFlag(1,5,0) = 2 'HKLM,RunServices = no-warn
arRegFlag(1,6,0) = 2 'HKLM,RunServicesOnce = no-warn
End If

If strOS = "WME" Then
arRegFlag(0,0,0) = 2 'HKCU,Explorer\Run = no-warn
arRegFlag(0,0,1) = 1 'HKCU,Explorer\Run = sub-keys
arRegFlag(0,1,0) = 2 'HKCU,Run = no-warn
arRegFlag(0,1,1) = 1 'HKCU,Run = sub-keys
arRegFlag(0,2,0) = 2 'HKCU,RunOnce = no-warn
arRegFlag(0,3,0) = 2 'HKCU,RunOnce\Setup = no-warn
arRegFlag(0,4,0) = 2 'HKCU,RunOnceEx = no-warn
arRegFlag(0,4,1) = 1 'HKCU,RunOnceEx = sub-keys
arRegFlag(1,0,0) = 2 'HKLM,Explorer\Run = no-warn
arRegFlag(1,0,1) = 1 'HKLM,Explorer\Run = sub-keys
arRegFlag(1,1,0) = 2 'HKLM,Run = no-warn
arRegFlag(1,1,1) = 1 'HKLM,Run = sub-keys
arRegFlag(1,2,0) = 2 'HKLM,RunOnce = no-warn
arRegFlag(1,3,0) = 2 'HKLM,RunOnce\Setup = no-warn
arRegFlag(1,4,0) = 2 'HKLM,RunOnceEx = no-warn
arRegFlag(1,4,1) = 1 'HKLM,RunOnceEx = sub-keys
arRegFlag(1,5,0) = 2 'HKLM,RunServices = no-warn
arRegFlag(1,6,0) = 2 'HKLM,RunServicesOnce = no-warn
End If

'NT4
If strOS = "NT4" Then
arRegFlag(0,1,0) = 2 'HKCU,Run = no-warn
arRegFlag(0,2,0) = 2 'HKCU,RunOnce = no-warn
arRegFlag(0,4,0) = 2 'HKCU,RunOnceEx = no-warn
arRegFlag(0,4,1) = 1 'HKCU,RunOnceEx = sub-keys
arRegFlag(1,1,0) = 2 'HKLM,Run = no-warn
arRegFlag(1,2,0) = 2 'HKLM,RunOnce = no-warn
arRegFlag(1,4,0) = 2 'HKLM,RunOnceEx = no-warn
arRegFlag(1,4,1) = 1 'HKLM,RunOnceEx = sub-keys
End If

'W2K
If strOs = "W2K" Then
arRegFlag(0,0,0) = 2 'HKCU,Explorer\Run = no-warn
arRegFlag(0,0,1) = 1 'HKCU,Explorer\Run = sub-keys
arRegFlag(0,1,0) = 2 'HKCU,Run = no-warn
arRegFlag(0,1,1) = 1 'HKCU,Run = sub-keys
arRegFlag(0,2,0) = 2 'HKCU,RunOnce = no-warn
arRegFlag(0,2,1) = 1 'HKCU,RunOnce = sub-keys (incl. Setup)
arRegFlag(0,4,0) = 2 'HKCU,RunOnceEx = no-warn
arRegFlag(0,4,1) = 1 'HKCU,RunOnceEx = sub-keys
arRegFlag(1,0,0) = 2 'HKLM,Explorer\Run = no-warn
arRegFlag(1,0,1) = 1 'HKLM,Explorer\Run = sub-keys
arRegFlag(1,1,0) = 2 'HKLM,Run = no-warn
arRegFlag(1,1,1) = 1 'HKLM,Run = sub-keys
arRegFlag(1,2,0) = 2 'HKLM,RunOnce = no-warn
arRegFlag(1,2,1) = 1 'HKLM,RunOnce = sub-keys (incl. Setup)
arRegFlag(1,4,0) = 2 'HKLM,RunOnceEx = no-warn
arRegFlag(1,4,1) = 1 'HKLM,RunOnceEx = sub-keys
End If

'WXP/WVa
If strOs = "WXP" Or strOS = "WVA" Then
arRegFlag(0,0,0) = 2 'HKCU,Explorer\Run = no-warn
arRegFlag(0,1,0) = 2 'HKCU,Run = no-warn
arRegFlag(0,2,0) = 2 'HKCU,RunOnce = no-warn
arRegFlag(0,4,0) = 2 'HKLM,RunOnceEx = no-warn
arRegFlag(0,4,1) = 1 'HKLM,RunOnceEx = sub-keys
arRegFlag(1,0,0) = 2 'HKLM,Explorer\Run = no-warn
arRegFlag(1,1,0) = 2 'HKLM,Run = no-warn
arRegFlag(1,2,0) = 2 'HKLM,RunOnce = no-warn
arRegFlag(1,4,0) = 2 'HKLM,RunOnceEx = no-warn
arRegFlag(1,4,1) = 1 'HKLM,RunOnceEx = sub-keys
End If

'for each hive
For i = 0 To 1

'for each key
For j = 0 To 6

'if not ShowAll, show all output for Run keys
If j = 1 And Not flagShowAll Then strAllOutDefault = " {++}"

'if key is not ignored
If arRegFlag(i,j,0) > 0 Then

flagNVP = False

'intialize string with warning if necessary
strWarn = ""
If arRegFlag(i,j,0) = 1 Then strWarn = "EXECUTION UNLIKELY: "

'INFO
'with no name/value pairs (sub-keys are identical)
' IsArray TypeName UBound
'W98 True "Variant()" -1
'WMe True "Variant()" -1
'NT4 True "Variant()" -1
'W2K False "Null" error (--)
'WXP False "Null" error (--)
'WS2K3 True "Variant()" error (--)
'WVa False "Null" error (--)

EnumNVP arHives(i,1), arRunKeys(j), arNames, arType

If flagNVP Then 'name/value pairs exist

'write the full key name
oFN.WriteLine vbCRLF & arHives(i,0) & "\" & arRunKeys(j) & "\" & strAllOutDefault

'for each data type in the names array
For k = LBound(arNames) To UBound(arNames)

'use the type to find the value
strValue = RtnValue (arHives(i,1), arRunKeys(j), arNames(k), arType(k))
'write the name & value
WriteValueData arNames(k), strValue, arType(k), strWarn

Next 'member of names array

Else 'no name/value pairs

If flagShowAll Then _
oFN.WriteLine vbCRLF & arHives(i,0) & "\" & arRunKeys(j) & "\"

End If 'flagNVP?

'recurse subkeys if necessary
If arRegFlag(i,j,1) = 1 Then

'put all subkeys into array
oReg.EnumKey arHives(i,1),arRunKeys(j),arKeys

'excludes W2K/WXP/WVa with no sub-keys
If IsArray(arKeys) Then

'excludes W98/WMe/NT4/WS2K3 with no sub-keys
For Each strMemKey in arKeys

flagNVP = False
strSubKey = arRunKeys(j) & "\" & strMemKey

EnumNVP arHives(i,1), arRunKeys(j) & "\" & strMemKey,arNames,arType

If flagNVP Then 'if name/value pairs exist

'write the full key name
oFN.WriteLine vbCRLF & arHives(i,0) & "\" & strSubKey &_
"\" & strAllOutDefault

'for each data type in the names array
For k = LBound(arNames) To UBound(arNames)

'use the type to find the value
strValue = RtnValue (arHives(i,1), strSubKey, arNames(k), arType(k))
'write the name & value
WriteValueData arNames(k), strValue, arType(k), strWarn

Next 'member of names array

Else 'no name/value pairs

If flagShowAll Then _
oFN.WriteLine vbCRLF & arHives(i,0) & "\" & strSubKey & "\"

End If 'flagNVP?

Next 'sub-key

End If 'sub-keys exist? W2K/WXP/WS2K3/WVa

End If 'enum sub-keys?

End If 'arRegFlag(i,j,0) > 0

Next 'Run key

Next 'Hive

strAllOutDefault = "" : flagNVP = False

'recover array memory
ReDim arRunKeys(0)
ReDim arKeys(0)
ReDim arRegFlag(0)

End If 'flagTest And SecTest?




'#2. HKLM... Active Setup\Installed Components\
' HKCU... Active Setup\Installed Components\

intSection = intSection + 1

'execute section if not in testing mode or (in testing mode And this section selected for testing)
If Not flagTest Or (flagTest And SecTest) Then

'flags True if only numeric & comma chrs in Version values
Dim flagHKLMVer, flagHKCUVer
'StubPath Value string, HKLM Version value, HKCU Version value, HKLM program name
Dim strSPV, strHKLMVer, strHKCUVer, strPgmName
Dim arHKLMKeys, arHKCUKeys, strHKLMKey, strHKCUKey

strKey = "Software\Microsoft\Active Setup\Installed Components"

strSubTitle = "HKLM" & "\" & strKey & "\"

'find all the subkeys
oReg.EnumKey HKLM, strKey, arHKLMKeys 'HKLM
oReg.EnumKey HKCU, strKey, arHKCUKeys 'HKCU

'enumerate HKLM keys if present
If IsArray(arHKLMKeys) Then

'for each HKLM key
For Each strHKLMKey In arHKLMKeys

'INFO
'Default Value not set:
'W98/WMe: returns 0, strValue = ""
'NT4/W2K/WXP/WVa: returns non-zero, strValue = Null

'Non-Default name inexistent:
'W98/WMe/NT4/W2K/WXP/WVa: returns non-zero, strValue = Null

'Non-Default Value not set:
'W2K: returns 0, strValue = unwritable string
'W98/WMe/NT4/WXP/WVa: returns 0, strValue = ""

'get the StubPath value
intErrNum = oReg.GetStringValue (HKLM,strKey & "\" & strHKLMKey,"StubPath",strSPV)

'if the StubPath name exists And value set (exc for W2K!)
If intErrNum = 0 And strSPV <> "" Then

flagMatch = False

'if HKCU keys present
If IsArray(arHKCUKeys) Then

'for each HKCU key
For Each strHKCUKey in arHKCUKeys

'if identical HKLM key exists
If LCase(strHKLMKey) = LCase(strHKCUKey) Then

'assume Version fmts are OK
flagHKLMVer = True : flagHKCUVer = True

'get HKLM & HKCU Version values
intErrNum1 = oReg.GetStringValue (HKLM,strKey & "\" & strHKLMKey, _
"Version",strHKLMVer) 'HKLM Version #
intErrNum2 = oReg.GetStringValue (HKCU,strKey & "\" & strHKCUKey, _
"Version",strHKCUVer) 'HKCU Version #

'if HKLM Version name exists And value set (exc for W2K!)
If intErrNum1 = 0 And strHKLMVer <> "" Then

'the next two loops check for allowed chars (numeric & comma)
' in returned Version values

For i = 1 To Len(strHKLMVer)
strChr = Mid(strHKLMVer,i,1)
If Not IsNumeric(strChr) And strChr <> "," Then flagHKLMVer = False
Next

'if HKCU Version name exists And value set (exc for W2K!)
If intErrNum2 = 0 And strHKCUVer <> "" Then

'check that value consists only of numeric & comma chrs
For i = 1 To Len(strHKCUVer)
strChr = Mid(strHKCUVer,i,1)
If Not IsNumeric(strChr) And strChr <> "," Then flagHKCUVer = False
Next

End If 'HKCU Version null or MT?

'if HKLM Ver # has illegal fmt (i.e., is not assigned) or doesn't exist (is Null)
' or is empty, match = True
'if HKCU/HKLM Ver # fmts OK And HKCU Ver # >= HKLM Ver #, match = True
'if HKLM Ver # = "0,0" and HKCU Ver # = "", key will output
' but StubPath will not launch
If Not flagHKLMVer Then flagMatch = True
If flagHKLMVer And flagHKCUVer And strHKCUVer >= strHKLMVer Then flagMatch = True

Else 'HKLM Version name doesn't exist Or value not set (exc for W2K!)

flagMatch = True

End If 'HKLM Version name exists And value set (exc for W2K!)?

End If 'HKCU key=HKLM key?

Next 'HKCU Installed Components key

End If 'HKCU Installed Components subkeys exist?

'if the StubPath will launch
If Not flagMatch Then

flagAllow = False 'assume StubPath DLL not on approved list
strCN = CoName(IDExe(strSPV))

'test for approved StubPath DLL
If LCase(strHKLMKey) = ">{22d6f312-b0f6-11d0-94ab-0080c74c7e95}" And _
(InStr(LCase(strSPV),"wmpocm.exe") > 0 Or _
InStr(LCase(strSPV),"unregmp2.exe") > 0) And _
strCN = MS And Not flagShowAll Then flagAllow = True

'StubPath DLL not approved
If Not flagAllow Then

'get the default value (program name)
intErrNum3 = oReg.GetStringValue (HKLM,strKey & "\" & strHKLMKey,"",strPgmName)
'enclose pgm name in quotes if name exists and default value isn't empty
If intErrNum3 = 0 And strPgmName <> "" Then
strPgmName = Chr(34) & strPgmName & Chr(34)
Else
strPgmName = "(no title provided)"
End If

TitleLineWrite

'output the CLSID & pgm name
oFN.WriteLine strHKLMKey & "\(Default) = " & StringFilter(strPgmName,False)

On Error Resume Next
'output the StubPath value
oFN.WriteLine Space(Len(strHKLMKey)+1) & "\StubPath = " &_
Chr(34) & strSPV & Chr(34) & strCN
'error check for W2K if StubPath value not set
If Err.Number <> 0 Then oFN.WriteLine Space(Len(strHKLMKey)+1) & "\StubPath = " &_
"(value not set)"
Err.Clear
On Error GoTo 0

End If 'flagAllow false?

End If 'flagMatch false?

End If 'StubPath value exists?

Next 'HKLM Installed Components subkey

End If 'HKLM Installed Components subkeys exist?

If flagShowAll Then TitleLineWrite

'recover array memory
ReDim arHKLMKeys(0)
ReDim arHKCUKeys(0)

strTitle = "" : strSubTitle = "" : strSubSubTitle = ""

End If 'SecTest?




'#3. HKLM... Explorer\Browser Helper Objects

intSection = intSection + 1

'execute section if not in testing mode or (in testing mode And this section selected for testing)
If Not flagTest Or (flagTest And SecTest) Then

strKey = "Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"
strSubTitle = "HKLM" & "\" & strKey & "\"

'find all the subkeys
oReg.EnumKey HKLM, strKey, arSubKeys

'enumerate data if present
If IsArray(arSubKeys) Then

'for each key
For Each strSubKey In arSubKeys

flagTitle = False

CLSIDLocTitle HKLM, strKey & "\" & strSubKey, "", strLocTitle

For ctrCH = intCLL To 1

ResolveCLSID strSubKey, arHives(ctrCH,1), strCLSIDTitle, strIPSDLL

If strIPSDLL <> "" Then

'output the title line if not already done
TitleLineWrite

If Not flagTitle Then

'error check for W2K if value not set
On Error Resume Next
oFN.WriteLine strSubKey & "\(Default) = " & strLocTitle
intErrNum = Err.Number : Err.Clear
If intErrNum <> 0 Then oFN.WriteLine strSubKey &_
"\(Default) = (no title provided)"
flagTitle = True
On Error GoTo 0

End If

'output CLSID title, InProcServer32 DLL & CoName
oFN.WriteLine " -> {" & arHives(ctrCH,0) & "...CLSID} = " &_
strCLSIDTitle & vbCRLF & Space(19) & "\InProcServer32\(Default) = " &_
StringFilter(strIPSDLL,True) & CoName(IDExe(strIPSDLL))

End If 'strIPSDLL exists?

Next 'CLSID hive

Next 'BHO subkey

End If 'BHO subkeys exist?

'if ShowAll, output the key name if not already done
If flagShowAll Then TitleLineWrite
strTitle = "" : strSubTitle = "" : strSubSubTitle = ""

'recover array memory
ReDim arSubKeys(0)

End If 'SecTest?




'#4. HKLM... Shell Extensions\Approved\

intSection = intSection + 1

'execute section if not in testing mode or (in testing mode And this section selected for testing)
If Not flagTest Or (flagTest And SecTest) Then

'CLSID value, InProcessServer32 DLL name & output file version,
'CLSID Key Title display flag
Dim strCLSID, strIPSDLL, strIPSDLLOut, strCLSIDTitle, strLocTitle

'Shell Extension Approved array
Dim arSEA()
ReDim arSEA(388,1)
'WXP
arSEA(0,0) = "{00022613-0000-0000-C000-000000000046}" : arSEA(0,1) = "mmsys.cpl"
arSEA(1,0) = "{176d6597-26d3-11d1-b350-080036a75b03}" : arSEA(1,1) = "icmui.dll"
arSEA(2,0) = "{1F2E5C40-9550-11CE-99D2-00AA006E086C}" : arSEA(2,1) = "rshx32.dll"
arSEA(3,0) = "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" : arSEA(3,1) = "docprop.dll"
arSEA(4,0) = "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" : arSEA(4,1) = "ntshrui.dll"
arSEA(5,0) = "{41E300E0-78B6-11ce-849B-444553540000}" : arSEA(5,1) = "themeui.dll"
arSEA(6,0) = "{42071712-76d4-11d1-8b24-00a0c9068ff3}" : arSEA(6,1) = "deskadp.dll"
arSEA(7,0) = "{42071713-76d4-11d1-8b24-00a0c9068ff3}" : arSEA(7,1) = "deskmon.dll"
arSEA(8,0) = "{42071714-76d4-11d1-8b24-00a0c9068ff3}" : arSEA(8,1) = "deskpan.dll"
arSEA(9,0) = "{4E40F770-369C-11d0-8922-00A024AB2DBB}" : arSEA(9,1) = "dssec.dll"
arSEA(10,0) = "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" : arSEA(10,1) = "SlayerXP.dll"
arSEA(11,0) = "{56117100-C0CD-101B-81E2-00AA004AE837}" : arSEA(11,1) = "shscrap.dll"
arSEA(12,0) = "{59099400-57FF-11CE-BD94-0020AF85B590}" : arSEA(12,1) = "diskcopy.dll"
arSEA(13,0) = "{59be4990-f85c-11ce-aff7-00aa003ca9f6}" : arSEA(13,1) = "ntlanui2.dll"
arSEA(14,0) = "{5DB2625A-54DF-11D0-B6C4-0800091AA605}" : arSEA(14,1) = "icmui.dll"
arSEA(15,0) = "{675F097E-4C4D-11D0-B6C1-0800091AA605}" : arSEA(15,1) = "icmui.dll"
arSEA(16,0) = "{764BF0E1-F219-11ce-972D-00AA00A14F56}" : arSEA(16,1) = ""
arSEA(17,0) = "{77597368-7b15-11d0-a0c2-080036af3f03}" : arSEA(17,1) = "printui.dll"
arSEA(18,0) = "{7988B573-EC89-11cf-9C00-00AA00A14F56}" : arSEA(18,1) = "dskquoui.dll"
arSEA(19,0) = "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" : arSEA(19,1) = ""
arSEA(20,0) = "{85BBD920-42A0-1069-A2E4-08002B30309D}" : arSEA(20,1) = "syncui.dll"
arSEA(21,0) = "{88895560-9AA2-1069-930E-00AA0030EBC8}" : arSEA(21,1) = "hticons.dll"
arSEA(22,0) = "{BD84B380-8CA2-1069-AB1D-08000948F534}" : arSEA(22,1) = "fontext.dll"
arSEA(23,0) = "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" : arSEA(23,1) = "icmui.dll"
arSEA(24,0) = "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" : arSEA(24,1) = "rshx32.dll"
arSEA(25,0) = "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" : arSEA(25,1) = "ntshrui.dll"
arSEA(26,0) = "{f92e8c40-3d33-11d2-b1aa-080036a75b03}" : arSEA(26,1) = "deskperf.dll"
arSEA(27,0) = "{7444C717-39BF-11D1-8CD9-00C04FC29D45}" : arSEA(27,1) = "cryptext.dll"
arSEA(28,0) = "{7444C719-39BF-11D1-8CD9-00C04FC29D45}" : arSEA(28,1) = "cryptext.dll"
arSEA(29,0) = "{7007ACC7-3202-11D1-AAD2-00805FC1270E}" : arSEA(29,1) = "NETSHELL.dll"
arSEA(30,0) = "{992CFFA0-F557-101A-88EC-00DD010CCC48}" : arSEA(30,1) = "NETSHELL.dll"
arSEA(31,0) = "{E211B736-43FD-11D1-9EFB-0000F8757FCD}" : arSEA(31,1) = "wiashext.dll"
arSEA(32,0) = "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" : arSEA(32,1) = "wiashext.dll"
arSEA(33,0) = "{905667aa-acd6-11d2-8080-00805f6596d2}" : arSEA(33,1) = "wiashext.dll"
arSEA(34,0) = "{3F953603-1008-4f6e-A73A-04AAC7A992F1}" : arSEA(34,1) = "wiashext.dll"
arSEA(35,0) = "{83bbcbf3-b28a-4919-a5aa-73027445d672}" : arSEA(35,1) = "wiashext.dll"
arSEA(36,0) = "{F0152790-D56E-4445-850E-4F3117DB740C}" : arSEA(36,1) = "remotepg.dll"
arSEA(37,0) = "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" : arSEA(37,1) = "wuaucpl.cpl"
arSEA(38,0) = "{60254CA5-953B-11CF-8C96-00AA00B8708C}" : arSEA(38,1) = "wshext.dll"
arSEA(39,0) = "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" : arSEA(39,1) = "oledb32.dll"
arSEA(40,0) = "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" : arSEA(40,1) = "mstask.dll"
arSEA(41,0) = "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" : arSEA(41,1) = "mstask.dll"
arSEA(42,0) = "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" : arSEA(42,1) = "mstask.dll"
arSEA(43,0) = "{0DF44EAA-FF21-4412-828E-260A8728E7F1}" : arSEA(43,1) = ""
arSEA(44,0) = "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(44,1) = "shdocvw.dll"
arSEA(45,0) = "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(45,1) = "shdocvw.dll"
arSEA(46,0) = "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(46,1) = "shdocvw.dll"
arSEA(47,0) = "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(47,1) = "shdocvw.dll"
arSEA(48,0) = "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(48,1) = "shdocvw.dll"
arSEA(49,0) = "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" : arSEA(49,1) = "shdocvw.dll"
arSEA(50,0) = "{D20EA4E1-3957-11d2-A40B-0C5020524152}" : arSEA(50,1) = "shdocvw.dll"
arSEA(51,0) = "{D20EA4E1-3957-11d2-A40B-0C5020524153}" : arSEA(51,1) = "shdocvw.dll"
arSEA(52,0) = "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" : arSEA(52,1) = "shmedia.dll"
arSEA(53,0) = "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" : arSEA(53,1) = "shmedia.dll"
arSEA(54,0) = "{E4B29F9D-D390-480b-92FD-7DDB47101D71}" : arSEA(54,1) = "shmedia.dll"
arSEA(55,0) = "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" : arSEA(55,1) = "shmedia.dll"
arSEA(56,0) = "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" : arSEA(56,1) = "shmedia.dll"
arSEA(57,0) = "{c5a40261-cd64-4ccf-84cb-c394da41d590}" : arSEA(57,1) = "shmedia.dll"
arSEA(58,0) = "{5E6AB780-7743-11CF-A12B-00AA004AE837}" : arSEA(58,1) = "browseui.dll"
arSEA(59,0) = "{22BF0C20-6DA7-11D0-B373-00A0C9034938}" : arSEA(59,1) = "browseui.dll"
arSEA(60,0) = "{91EA3F8B-C99B-11d0-9815-00C04FD91972}" : arSEA(60,1) = "browseui.dll"
arSEA(61,0) = "{6413BA2C-B461-11d1-A18A-080036B11A03}" : arSEA(61,1) = "browseui.dll"
arSEA(62,0) = "{F61FFEC1-754F-11d0-80CA-00AA005B4383}" : arSEA(62,1) = "browseui.dll"
arSEA(63,0) = "{7BA4C742-9E81-11CF-99D3-00AA004AE837}" : arSEA(63,1) = "browseui.dll"
arSEA(64,0) = "{30D02401-6A81-11d0-8274-00C04FD5AE38}" : arSEA(64,1) = "browseui.dll"
arSEA(65,0) = "{32683183-48a0-441b-a342-7c2a440a9478}" : arSEA(65,1) = "browseui.dll"
arSEA(66,0) = "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" : arSEA(66,1) = "browseui.dll"
arSEA(67,0) = "{07798131-AF23-11d1-9111-00A0C98BA67D}" : arSEA(67,1) = "browseui.dll"
arSEA(68,0) = "{AF4F6510-F982-11d0-8595-00AA004CD6D8}" : arSEA(68,1) = "browseui.dll"
arSEA(69,0) = "{01E04581-4EEE-11d0-BFE9-00AA005B4383}" : arSEA(69,1) = "browseui.dll"
arSEA(70,0) = "{A08C11D2-A228-11d0-825B-00AA005B4383}" : arSEA(70,1) = "browseui.dll"
arSEA(71,0) = "{00BB2763-6A77-11D0-A535-00C04FD7D062}" : arSEA(71,1) = "browseui.dll"
arSEA(72,0) = "{7376D660-C583-11d0-A3A5-00C04FD706EC}" : arSEA(72,1) = "browseui.dll"
arSEA(73,0) = "{6756A641-DE71-11d0-831B-00AA005B4383}" : arSEA(73,1) = "browseui.dll"
arSEA(74,0) = "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" : arSEA(74,1) = "browseui.dll"
arSEA(75,0) = "{7e653215-fa25-46bd-a339-34a2790f3cb7}" : arSEA(75,1) = "browseui.dll"
arSEA(76,0) = "{acf35015-526e-4230-9596-becbe19f0ac9}" : arSEA(76,1) = "browseui.dll"
arSEA(77,0) = "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}" : arSEA(77,1) = "browseui.dll"
arSEA(78,0) = "{00BB2764-6A77-11D0-A535-00C04FD7D062}" : arSEA(78,1) = "browseui.dll"
arSEA(79,0) = "{03C036F1-A186-11D0-824A-00AA005B4383}" : arSEA(79,1) = "browseui.dll"
arSEA(80,0) = "{00BB2765-6A77-11D0-A535-00C04FD7D062}" : arSEA(80,1) = "browseui.dll"
arSEA(81,0) = "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" : arSEA(81,1) = "browseui.dll"
arSEA(82,0) = "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" : arSEA(82,1) = "browseui.dll"
arSEA(83,0) = "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" : arSEA(83,1) = "browseui.dll"
arSEA(84,0) = "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" : arSEA(84,1) = "browseui.dll"
arSEA(85,0) = "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" : arSEA(85,1) = "browseui.dll"
arSEA(86,0) = "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" : arSEA(86,1) = "browseui.dll"
arSEA(87,0) = "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" : arSEA(87,1) = "shdocvw.dll"
arSEA(88,0) = "{0A89A860-D7B1-11CE-8350-444553540000}" : arSEA(88,1) = "shdocvw.dll"
arSEA(89,0) = "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" : arSEA(89,1) = "shdocvw.dll"
arSEA(90,0) = "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" : arSEA(90,1) = "shdocvw.dll"
arSEA(91,0) = "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" : arSEA(91,1) = "shdocvw.dll"
arSEA(92,0) = "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" : arSEA(92,1) = "shdocvw.dll"
arSEA(93,0) = "{FF393560-C2A7-11CF-BFF4-444553540000}" : arSEA(93,1) = "shdocvw.dll"
arSEA(94,0) = "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" : arSEA(94,1) = "shdocvw.dll"
arSEA(95,0) = "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" : arSEA(95,1) = "shdocvw.dll"
arSEA(96,0) = "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" : arSEA(96,1) = "shdocvw.dll"
arSEA(97,0) = "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" : arSEA(97,1) = "shdocvw.dll"
arSEA(98,0) = "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" : arSEA(98,1) = "shdocvw.dll"
arSEA(99,0) = "{131A6951-7F78-11D0-A979-00C04FD705A2}" : arSEA(99,1) = "shdocvw.dll"
arSEA(100,0) = "{9461b922-3c5a-11d2-bf8b-00c04fb93661}" : arSEA(100,1) = "shdocvw.dll"
arSEA(101,0) = "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" : arSEA(101
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

qaund je lance le script j'ai le message d'erreur suivant impossible de trouver le script vbscript.
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

Event occurred on a new file created by the application: C:\WINDOWS\system32\lsass.exe. The file was moved to quarantine. You may close this window.

j'ai encore un autre virus
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 341
Salut,

- Télécharge
http://www.malekal.com/download/DiagHelp.zip sur ton bureau
- Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
- Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.

ATTENTION :pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

- A la fin de l'analyse, il va peut-être (pas obligatoire) demandé de redemanderl'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

C:\WINDOWS\System32/drivers\nod32drv.sys -->15/04/2007 08:34:24
C:\WINDOWS\System32/drivers\amon.sys -->15/04/2007 08:34:24
C:\WINDOWS\System32/drivers\MxlW2k.sys -->10/04/2007 17:50:26
C:\WINDOWS\System32/drivers\wpdusb.sys -->11/10/2004 12:20:38
C:\WINDOWS\System32/drivers\NTIDrvr.sys -->11/02/2004 17:44:06
C:\WINDOWS\System32/drivers\nv4_mini.sys -->08/01/2004 00:08:00
C:\WINDOWS\System32/drivers\alcxinit.dat -->31/12/2003 12:00:04

C:\WINDOWS\System32\.exe -->17/04/2007 17:46:09
C:\WINDOWS\System32\ccabbea1_s.ocx -->15/04/2007 18:45:02
C:\WINDOWS\System32\bbadcbab4_s.dll -->15/04/2007 18:45:02
C:\WINDOWS\System32\imon.dll -->15/04/2007 08:34:25
C:\WINDOWS\System32\bdod.bin -->14/04/2007 22:20:21
C:\WINDOWS\System32\tmpE66A4.FOT -->09/04/2007 17:41:43
C:\WINDOWS\System32\tmpAF6A4.FOT -->09/04/2007 17:41:43
C:\WINDOWS\System32\tmp697A4.FOT -->09/04/2007 17:41:43
C:\WINDOWS\System32\tmp455A4.FOT -->09/04/2007 17:41:42
C:\WINDOWS\System32\tmp1E5A4.FOT -->09/04/2007 17:41:42
C:\WINDOWS\System32\wpa.dbl -->09/04/2007 17:06:09
C:\WINDOWS\System32\PerfStringBackup.INI -->05/04/2007 13:50:23
C:\WINDOWS\System32\perfh00C.dat -->05/04/2007 13:50:23
C:\WINDOWS\System32\perfh009.dat -->05/04/2007 13:50:23
C:\WINDOWS\System32\perfc00C.dat -->05/04/2007 13:50:23
C:\WINDOWS\System32\perfc009.dat -->05/04/2007 13:50:23
C:\WINDOWS\System32\nscompat.tlb -->05/11/2006 16:33:37
C:\WINDOWS\System32\amcompat.tlb -->05/11/2006 16:33:37
C:\WINDOWS\System32\isxdl_fr.dll -->21/07/2006 20:31:08
C:\WINDOWS\System32\rmocx.dll -->01/07/2006 14:36:56
C:\WINDOWS\System32\rmoc3260.dll -->01/07/2006 14:36:56
C:\WINDOWS\System32\pndx5032.dll -->10/04/2006 13:29:56
C:\WINDOWS\System32\pndx5016.dll -->10/04/2006 13:29:56
C:\WINDOWS\System32\pncrt.dll -->10/04/2006 13:29:51
C:\WINDOWS\System32\wucltui.dll -->26/05/2005 04:16:32

C:\WINDOWS\0.log -->18/04/2007 08:53:53
C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt -->18/04/2007 08:53:51
C:\WINDOWS\wiadebug.log -->18/04/2007 08:53:36
C:\WINDOWS\wiaservc.log -->18/04/2007 08:53:35
C:\WINDOWS\bootstat.dat -->18/04/2007 08:53:18
C:\WINDOWS\WindowsUpdate.log -->18/04/2007 07:49:43
C:\WINDOWS\wmsetup.log -->17/04/2007 20:41:30
C:\WINDOWS\SchedLgU.Txt -->17/04/2007 19:06:23
C:\WINDOWS\WIN.INI -->17/04/2007 17:39:28
C:\WINDOWS\setupapi.log -->17/04/2007 17:39:17
C:\WINDOWS\system.ini -->17/04/2007 10:44:49
C:\WINDOWS\winamp.ini -->12/04/2007 12:59:25
C:\WINDOWS\nsreg.dat -->11/04/2007 11:36:02
C:\WINDOWS\Windows Update.log -->09/04/2007 18:16:35
C:\WINDOWS\wwdslcfg.log -->09/04/2007 17:10:14

C:\WINDOWS\agrsmdel.exe |01/01/1980 00:00:00
C:\WINDOWS\AGRSMMSG.exe |01/01/1980 00:00:00
C:\WINDOWS\ALAUNCH.EXE |11/02/2004 17:28:55
C:\WINDOWS\alcrmv.exe |11/02/2004 17:31:38
C:\WINDOWS\alcupd.exe |11/02/2004 17:31:38
C:\WINDOWS\AMOVE.EXE |11/02/2004 17:28:55
C:\WINDOWS\APANEL.EXE |11/02/2004 17:28:55
C:\WINDOWS\BJPSUNST.EXE |03/08/2005 15:43:22
C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe |18/06/2004 03:07:49
C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe |08/08/2004 08:37:42
C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe |26/04/2005 09:30:00
C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe |01/07/2006 15:25:54
C:\WINDOWS\IsUn040c.exe |24/09/2004 14:34:06
C:\WINDOWS\IsUninst.exe |11/02/2004 17:39:19
C:\WINDOWS\LOGI_MWX.EXE |18/06/2004 03:05:19
C:\WINDOWS\PQDISK.EXE |11/02/2004 17:28:55
C:\WINDOWS\SOUNDMAN.EXE |11/02/2004 17:31:39
C:\WINDOWS\twunk_16.exe |01/01/1980 00:00:00
C:\WINDOWS\twunk_32.exe |01/01/1980 00:00:00
C:\WINDOWS\UNINST32.EXE |01/01/1980 00:00:00
C:\WINDOWS\UninstallFirefox.exe |24/04/2005 17:18:24
C:\WINDOWS\twain.dll |01/01/1980 00:00:00
C:\WINDOWS\twain_32.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\.exe |17/04/2007 17:46:09
C:\WINDOWS\system32\agrsmdel.exe |11/02/2004 17:34:09
C:\WINDOWS\system32\append.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\bcmwlhom.exe |17/07/2003 16:40:08
C:\WINDOWS\system32\bcmwltry.exe |17/07/2003 16:40:08
C:\WINDOWS\system32\bcmwlu00.exe |17/07/2003 16:40:08
C:\WINDOWS\system32\CNMCP6d.exe |03/08/2005 15:35:29
C:\WINDOWS\system32\CNMCP78.exe |10/04/2006 12:56:45
C:\WINDOWS\system32\debug.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\delaySpawn.exe |09/04/2007 17:08:57
C:\WINDOWS\system32\dosx.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\DProcess.exe |06/06/2003 17:12:18
C:\WINDOWS\system32\dslagent.exe |09/04/2007 17:08:58
C:\WINDOWS\system32\dvdplay.exe |23/08/2001 17:47:34
C:\WINDOWS\system32\edlin.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\exe2bin.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\fastopen.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\gsicon.exe |09/04/2007 17:09:00
C:\WINDOWS\system32\hkcmd.exe |11/02/2004 18:50:11
C:\WINDOWS\system32\igfxcfg.exe |11/02/2004 18:50:11
C:\WINDOWS\system32\igfxdiag.exe |11/02/2004 18:50:11
C:\WINDOWS\system32\igfxext.exe |11/02/2004 18:50:11
C:\WINDOWS\system32\igfxtray.exe |11/02/2004 18:50:13
C:\WINDOWS\system32\java.exe |11/02/2004 17:40:49
C:\WINDOWS\system32\javaw.exe |11/02/2004 17:40:49
C:\WINDOWS\system32\mem.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\mscdexnt.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\nlsfunc.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\nvappbar.exe |11/02/2004 18:41:14
C:\WINDOWS\system32\nvsvc32.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\nvudisp.exe |11/02/2004 18:16:20
C:\WINDOWS\system32\nwiz.exe |11/02/2004 18:41:14
C:\WINDOWS\system32\pxhpinst.exe |26/05/2004 03:21:00
C:\WINDOWS\system32\redir.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\RM_ABG.exe |12/02/2003 16:50:06
C:\WINDOWS\system32\RTLCPL.EXE |11/02/2004 17:31:40
C:\WINDOWS\system32\setver.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\Set_ABG.exe |05/12/2002 13:18:56
C:\WINDOWS\system32\share.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\usrmlnka.exe |23/08/2001 17:47:48
C:\WINDOWS\system32\usrprbda.exe |23/08/2001 17:47:48
C:\WINDOWS\system32\usrshuta.exe |23/08/2001 17:47:48
C:\WINDOWS\system32\wltrysvc.exe |17/07/2003 16:40:12
C:\WINDOWS\system32\3ivx.dll |18/11/2003 13:49:28
C:\WINDOWS\system32\3ivxVfWCodec.dll |18/11/2003 13:49:44
C:\WINDOWS\system32\a3d.dll |11/02/2004 17:31:39
C:\WINDOWS\system32\amstream.dll |12/12/2002 00:14:32
C:\WINDOWS\system32\atmfd.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\atmlib.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\Audio3D.dll |11/02/2004 17:31:39
C:\WINDOWS\system32\bbadcbab4_s.dll |15/04/2007 18:45:02
C:\WINDOWS\system32\btw_ci.dll |11/02/2004 17:46:21
C:\WINDOWS\system32\CNMLM6d.DLL |03/08/2005 15:35:36
C:\WINDOWS\system32\CNMLM78.DLL |10/04/2006 12:56:52
C:\WINDOWS\system32\CNMVS6d.DLL |03/08/2005 15:35:00
C:\WINDOWS\system32\CNMVS78.DLL |10/04/2006 12:56:41
C:\WINDOWS\system32\CoInst.dll |09/04/2007 17:08:58
C:\WINDOWS\system32\COMNCTR.DLL |18/06/2004 03:05:27
C:\WINDOWS\system32\compatUI.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\cpuinf32.dll |17/09/2001 13:20:02
C:\WINDOWS\system32\dgrpsetu.dll |11/02/2004 17:22:08
C:\WINDOWS\system32\dgsetup.dll |11/02/2004 17:22:08
C:\WINDOWS\system32\divx.dll |22/05/2003 13:27:24
C:\WINDOWS\system32\DivXc32.dll |01/08/2002 11:03:40
C:\WINDOWS\system32\DivXc32f.dll |22/08/2002 06:00:00
C:\WINDOWS\system32\DSCam.Dll |24/09/2004 14:40:54
C:\WINDOWS\system32\EqnClass.Dll |11/02/2004 17:22:08
C:\WINDOWS\system32\FEELIT.DLL |18/06/2004 03:05:28
C:\WINDOWS\system32\fpxlib.dll |24/09/2004 14:40:55
C:\WINDOWS\system32\GCPL_FRENCH.dll |09/04/2007 17:08:44
C:\WINDOWS\system32\GsiDi32.dll |09/04/2007 17:08:30
C:\WINDOWS\system32\gspnDll.dll |09/04/2007 17:08:44
C:\WINDOWS\system32\hccutils.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\Hmpg12.dll |03/09/2001 23:46:38
C:\WINDOWS\system32\HMPV2_ENC.dll |30/07/2001 16:33:56
C:\WINDOWS\system32\HMPV2_ENC_MMX.dll |23/07/2001 22:04:36
C:\WINDOWS\system32\hticons.dll |11/02/2004 17:24:33
C:\WINDOWS\system32\huffyuv.dll |23/08/2000 17:00:40
C:\WINDOWS\system32\hypertrm.dll |11/02/2004 17:24:33
C:\WINDOWS\system32\iacenc.dll |11/02/2004 17:44:35
C:\WINDOWS\system32\iAlmCoIn_v3666.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\ialmdd5.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\ialmdev5.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\ialmdnt5.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\ialmgdev.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\ialmgicd.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\ialmrem.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\ialmrnt5.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\iccvid.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\ifc21.dll |18/06/2004 03:05:28
C:\WINDOWS\system32\igfxdev.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\igfxdgps.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\igfxdo.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\igfxeud.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\igfxexps.dll |11/02/2004 18:50:11
C:\WINDOWS\system32\igfxhk.dll |11/02/2004 18:50:12
C:\WINDOWS\system32\igfxpph.dll |11/02/2004 18:50:12
C:\WINDOWS\system32\igfxres.dll |11/02/2004 18:52:12
C:\WINDOWS\system32\igfxress.dll |11/02/2004 18:50:12
C:\WINDOWS\system32\igfxsrvc.dll |11/02/2004 18:50:13
C:\WINDOWS\system32\imon.dll |15/04/2007 08:35:15
C:\WINDOWS\system32\instDll.dll |09/04/2007 17:08:43
C:\WINDOWS\system32\ir32_32.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\Ir41_qc.dll |22/03/1998 15:34:14
C:\WINDOWS\system32\Ir41_qcx.dll |22/03/1998 15:34:14
C:\WINDOWS\system32\Ir50_32.dll |11/02/2004 17:44:35
C:\WINDOWS\system32\ir50_lcs.dll |06/11/1997 14:53:30
C:\WINDOWS\system32\Ir50_qc.dll |22/06/2000 16:31:00
C:\WINDOWS\system32\Ir50_qcx.dll |22/06/2000 16:31:46
C:\WINDOWS\system32\isrdbg32.dll |11/02/2004 17:25:36
C:\WINDOWS\system32\isxdl_fr.dll |16/11/2006 19:40:10
C:\WINDOWS\system32\iyvu9_32.dll |11/02/2004 17:44:35
C:\WINDOWS\system32\jgaw400.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\jgdw400.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\jgmd400.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\jgpl400.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\jgsd400.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\jgsh400.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\jpeglib.dll |24/09/2004 14:40:55
C:\WINDOWS\system32\LCOINST.DLL |18/06/2004 03:05:18
C:\WINDOWS\system32\lfavi11n.dll |24/09/2004 14:38:03
C:\WINDOWS\system32\lfbmp11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\LFCMP11n.DLL |07/06/2002 04:02:00
C:\WINDOWS\system32\lfeps11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lffax11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lffpx11n.dll |24/09/2004 14:38:02
C:\WINDOWS\system32\lffpx7.dll |24/09/2004 14:38:02
C:\WINDOWS\system32\lfgif11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\LFKODAK.DLL |24/09/2004 14:38:02
C:\WINDOWS\system32\lfpcd11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lfpct11n.dll |24/09/2004 14:38:02
C:\WINDOWS\system32\lfpcx11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\Lfpng11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lfpsd11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lftga11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lftif11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lfwfx11n.dll |24/09/2004 14:38:02
C:\WINDOWS\system32\lfwmf11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\LGUICOM.DLL |18/06/2004 03:05:27
C:\WINDOWS\system32\lmoufrc.dll |18/06/2004 03:05:19
C:\WINDOWS\system32\LMOUSE16.DLL |18/06/2004 03:05:27
C:\WINDOWS\system32\LMOUSE32.DLL |18/06/2004 03:05:27
C:\WINDOWS\system32\LTDIS11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\ltefx11n.dll |24/09/2004 14:38:02
C:\WINDOWS\system32\ltfil11n.DLL |07/06/2002 04:02:00
C:\WINDOWS\system32\ltimg11n.dll |07/06/2002 04:02:02
C:\WINDOWS\system32\ltkrn11n.dll |07/06/2002 04:02:02
C:\WINDOWS\system32\lttwn11n.dll |24/09/2004 14:38:03
C:\WINDOWS\system32\Ltwvc11n.dll |07/06/2002 04:02:02
C:\WINDOWS\system32\mciqtz32.dll |12/12/2002 00:14:32
C:\WINDOWS\system32\mdwmdmsp.dll |23/08/2001 17:47:06
C:\WINDOWS\system32\mplaa6.dll |31/10/2001 11:14:40
C:\WINDOWS\system32\mplam6.dll |31/10/2001 11:14:40
C:\WINDOWS\system32\mplapx.dll |31/10/2001 11:14:40
C:\WINDOWS\system32\mplaw7.dll |31/10/2001 11:14:40
C:\WINDOWS\system32\mplva6.dll |31/10/2001 11:14:40
C:\WINDOWS\system32\mplvm6.dll |31/10/2001 11:14:40
C:\WINDOWS\system32\mplvpx.dll |31/10/2001 11:14:40
C:\WINDOWS\system32\mplvw7.dll |31/10/2001 11:14:40
C:\WINDOWS\system32\msdmo.dll |12/12/2002 00:14:32
C:\WINDOWS\system32\msencode.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\MsgPlusLoader.dll |16/04/2007 10:41:18
C:\WINDOWS\system32\multiplex_vcd.dll |26/12/2001 16:12:30
C:\WINDOWS\system32\NTICDMK32.dll |11/02/2004 17:44:07
C:\WINDOWS\system32\NTIMPEG2.dll |11/02/2004 17:44:07
C:\WINDOWS\system32\nv4_disp.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvcod.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvcodins.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvcpl.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nview.dll |11/02/2004 18:41:14
C:\WINDOWS\system32\nviewimg.dll |11/02/2004 18:41:14
C:\WINDOWS\system32\nvinstnt.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvmctray.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvoglnt.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrsda.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrsde.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrseng.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrses.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrsfr.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrsit.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrsja.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrsko.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrsnl.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrsru.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrssv.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrszhc.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvrszht.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvshell.dll |11/02/2004 18:41:14
C:\WINDOWS\system32\nvwddi.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwdmcpl.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrsda.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrsde.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrseng.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrses.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrsfr.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrsit.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrsja.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrsko.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrsnl.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrsru.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrssv.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrszhc.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\nvwrszht.dll |11/02/2004 18:16:21
C:\WINDOWS\system32\ogg.dll |16/09/2003 17:41:44
C:\WINDOWS\system32\OpenQuicktimeLib.dll |18/11/2003 13:50:24
C:\WINDOWS\system32\paqsp.dll |23/08/2001 17:47:16
C:\WINDOWS\system32\PCDLIB32.DLL |07/06/2002 04:02:02
C:\WINDOWS\system32\pncrt.dll |24/09/2004 14:38:20
C:\WINDOWS\system32\pndx5016.dll |24/09/2004 14:38:21
C:\WINDOWS\system32\pndx5032.dll |24/09/2004 14:38:21
C:\WINDOWS\system32\psisdecd.dll |11/02/2004 17:47:11
C:\WINDOWS\system32\px.dll |26/05/2004 03:21:00
C:\WINDOWS\system32\pxdrv.dll |26/05/2004 03:21:00
C:\WINDOWS\system32\pxmas.dll |26/05/2004 03:21:00
C:\WINDOWS\system32\pxwave.dll |26/05/2004 03:21:00
C:\WINDOWS\system32\pxwma.dll |26/05/2004 03:21:00
C:\WINDOWS\system32\qedwipes.dll |12/12/2002 00:14:32
C:\WINDOWS\system32\rmoc3260.dll |24/09/2004 14:38:22
C:\WINDOWS\system32\rmocx.dll |01/07/2006 14:36:55
C:\WINDOWS\system32\RTLCPAPI.dll |11/02/2004 17:31:39
C:\WINDOWS\system32\sbe.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\slbcsp.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\slbiop.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\slbrccsp.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\spnike.dll |23/08/2001 17:47:18
C:\WINDOWS\system32\sprio600.dll |23/08/2001 17:47:18
C:\WINDOWS\system32\sprio800.dll |23/08/2001 17:47:18
C:\WINDOWS\system32\spxcoins.dll |11/02/2004 17:22:08
C:\WINDOWS\system32\SynCOM.dll |11/02/2004 17:35:21
C:\WINDOWS\system32\SynCtrl.dll |11/02/2004 17:35:21
C:\WINDOWS\system32\SynTPAPI.dll |11/02/2004 17:35:21
C:\WINDOWS\system32\SynTPCoI.dll |11/02/2004 17:35:21
C:\WINDOWS\system32\SynTPFcs.dll |11/02/2004 17:35:22
C:\WINDOWS\system32\tsd32.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\usrcntra.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrcoina.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrdpa.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrdtea.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrfaxa.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrlbva.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrrtosa.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrsdpia.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrsvpia.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrv42a.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrv80a.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrvoica.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrvpa.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\vboxs430.dll |12/09/2000 20:24:29
C:\WINDOWS\system32\vobsub.dll |11/12/2002 10:19:34
C:\WINDOWS\system32\vorbis.dll |16/09/2003 17:52:30
C:\WINDOWS\system32\vortm.dll |24/09/2004 14:40:55
C:\WINDOWS\system32\vp31vfw.dll |14/02/2002 11:48:12
C:\WINDOWS\system32\vp6vfw.dll |21/10/2003 10:49:20
C:\WINDOWS\system32\vsfilter.dll |24/11/2003 01:45:14
C:\WINDOWS\system32\vxblock.dll |26/05/2004 03:21:00
C:\WINDOWS\system32\win87em.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\winvocon.dll |24/09/2004 14:40:54
C:\WINDOWS\system32\WooDial2000.dll |04/08/2004 01:20:22
C:\WINDOWS\system32\xvid.dll |14/05/2003 16:54:02
C:\WINDOWS\system32\_Source21.Dll |24/09/2004 14:40:54

Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\WINDOWS\system

25/12/1998 08:15 345 983 RCDSETUP.EXE
23/08/2001 12:00 9 728 regsvr32.exe
2 fichier(s) 355 711 octets
0 Rép(s) 9 436 823 552 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\WINDOWS\system32

24/04/2003 12:00 4 096 csrss.exe
1 fichier(s) 4 096 octets
0 Rép(s) 9 436 823 552 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\WINDOWS\Downloaded Program Files

11/04/2007 11:40 <REP> .
11/04/2007 11:40 <REP> ..
24/01/2007 03:41 841 304 ampAx3.0.84.2.dll
11/02/2004 17:26 65 desktop.ini
11/04/2007 11:40 2 849 install.log
22/06/2006 11:41 5 032 swflash.inf
11/04/2007 11:40 38 428 unagiuninst.exe
5 fichier(s) 887 678 octets

Total des fichiers listés :
5 fichier(s) 887 678 octets
2 Rép(s) 9 436 823 552 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues



catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Liste des programmes installes

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0
adsl TV
Agere Systems AC'97 Modem
AIM
AIM 6
Archiveur WinRAR
Aspire screensaver
Barre d'outils MSN
BCM Wireless Network Adapter
Broadcom Gigabit Integrated Controller
Broadcom Gigabit Integrated Controller
Canon iP4200
Canon PhotoRecord
Canon PIXMA iP5000
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CD-LabelPrint
CleanUp!
Complément MSN pour Windows Messenger
Correctif Windows XP - KB824146
Correctif Windows XP (SP2) Q811493
Creative System Information
Creative Zen MicroPhoto
DCPro (remove only)
Easy-WebPrint
GDc++ v0.668 (v1.9 RC9 Fixed) powered by Glesius.it
Gestionnaire de disques amovible Creative
Google Earth
HijackThis 1.99.1
Indeo® Software
Intel(R) Extreme Graphics 2 Driver
Java 2 Runtime Environment, SE v1.4.2_01
jv16 PowerTools 2006
K-Lite Codec Pack 2.20 Full
Launch Manager
Lecteur Windows Media 10
Logiciel iTouch de Logitech
Logitech Desktop Messenger
Logitech MouseWare 9.79
Logitech Resource Center
Messager Wanadoo
Messenger Plus! 3
Microsoft Works 7.0
Modem DSL ECI Telecom
Mozilla Firefox (1.0.1)
MSN Messenger 7.0
MUSICMATCH(R) Jukebox
NOD32 antivirus system
NOD32 FiX v2.1
NTI CD & DVD-Maker
NTI CD & DVD-Maker 6.5 Gold
NVIDIA Display Driver
Outlook Express Update Q330994
Philips ToUcam Fun Camera
PowerDVD
RadioBlogClub Downloader v1.0
Reality Fusion GameCam SE
Reality Fusion VBall
RealPlayer
Realtek AC'97 Audio
SmartFTP
SpotLife
Spybot - Search & Destroy 1.4
SuperDJ(TM) 1.10.0
Synaptics Pointing Device Driver
TMPGEnc DVD Author 1.5
Ulead Photo Explorer 6.0
VideoLAN VLC media player 0.8.6a
VideoLink Mail
Viewpoint Media Player
Wanadoo
WebFldrs XP
Winamp (remove only)
Windows Media Format Runtime
WLAN
WLAN 802.11g mini-PCI Module



Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\Program Files

18/04/2007 08:00 <REP> .
18/04/2007 08:00 <REP> ..
11/02/2004 17:39 <REP> Acer Inc
11/02/2004 17:43 <REP> Adobe
14/04/2007 15:08 <REP> adslTV
11/04/2007 11:41 <REP> AIM6
26/04/2005 08:33 <REP> AIM95
11/02/2004 17:53 <REP> Aspire screensaver
11/02/2004 17:31 <REP> AvRack
11/02/2004 17:33 <REP> Broadcom
19/08/2005 11:07 <REP> C2Media
03/08/2005 15:43 <REP> Canon
16/04/2007 10:59 <REP> CleanUp!
09/06/2005 01:00 1 152 409 cnb_2600.tb_
28/04/2005 01:00 130 379 cnb78ca0.ic_
09/06/2005 01:00 131 999 cnb78cb0.ic_
28/03/2005 01:00 132 013 cnb78cc0.ic_
28/03/2005 01:00 128 135 cnb78db0.ic_
28/03/2005 01:00 131 477 cnb78eb0.ic_
28/03/2005 01:00 128 783 cnb78ed0.ic_
30/03/2001 01:00 5 617 cnbjprn2.ic_
27/01/2005 05:30 224 cnm.in_
09/06/2005 06:00 32 527 cnm_0260.dl_
15/04/2005 06:00 18 389 cnmbr260.dl_
15/04/2005 06:00 273 149 cnmdrv.dl_
15/04/2005 06:00 63 127 cnmdump5.dl_
15/04/2005 06:00 10 577 cnmfus.dl_
19/05/2005 15:00 48 128 cnmi0404.dll
25/05/2005 02:10 57 344 cnmi0405.dll
25/05/2005 02:10 57 856 cnmi0406.dll
25/05/2005 02:10 65 024 cnmi0407.dll
25/05/2005 02:10 61 440 cnmi0408.dll
08/03/2005 19:16 56 832 cnmi0409.dll
25/05/2005 02:10 57 344 cnmi040b.dll
25/05/2005 02:10 64 512 cnmi040c.dll
25/05/2005 02:10 58 368 cnmi040e.dll
25/05/2005 02:10 59 392 cnmi0410.dll
08/03/2005 19:16 50 688 cnmi0411.dll
19/05/2005 15:00 50 688 cnmi0412.dll
25/05/2005 02:10 59 904 cnmi0413.dll
25/05/2005 02:10 57 856 cnmi0414.dll
25/05/2005 02:10 58 368 cnmi0415.dll
25/05/2005 02:10 58 368 cnmi0419.dll
25/05/2005 02:10 57 856 cnmi041d.dll
19/05/2005 15:00 56 320 cnmi041e.dll
25/05/2005 02:10 57 344 cnmi041F.dll
19/05/2005 15:00 47 616 cnmi0804.dll
25/05/2005 02:10 59 392 cnmi0816.dll
25/05/2005 02:10 59 392 cnmi0c0a.dll
15/04/2005 06:00 3 128 cnminst.dl_
09/05/2002 22:10 7 204 cnminst2.dll
08/03/2005 19:16 61 952 cnmis.dll
08/03/2005 19:16 5 632 cnmis4.dll
08/03/2005 19:16 18 944 cnmis5.dll
15/04/2005 06:00 70 431 cnmlmon2.dl_
15/04/2005 06:00 10 940 cnmlr.dl_
19/05/2005 15:00 8 854 cnmlrcn.dl_
25/05/2005 06:10 12 700 cnmlrcz.dl_
25/05/2005 06:10 13 322 cnmlrde.dl_
25/05/2005 06:10 12 554 cnmlrdk.dl_
25/05/2005 06:10 12 906 cnmlres.dl_
25/05/2005 06:10 12 050 cnmlrfi.dl_
25/05/2005 06:10 13 000 cnmlrfr.dl_
25/05/2005 06:10 14 548 cnmlrgr.dl_
25/05/2005 06:10 13 198 cnmlrhu.dl_
25/05/2005 06:10 12 280 cnmlrit.dl_
15/04/2005 06:00 9 457 cnmlrj.dl_
19/05/2005 15:00 9 770 cnmlrkr.dl_
25/05/2005 06:10 12 412 cnmlrnl.dl_
25/05/2005 06:10 12 050 cnmlrno.dl_
25/05/2005 06:10 13 792 cnmlrpl.dl_
25/05/2005 06:10 12 406 cnmlrpt.dl_
25/05/2005 06:10 12 766 cnmlrru.dl_
25/05/2005 06:10 12 426 cnmlrse.dl_
19/05/2005 15:00 10 808 cnmlrth.dl_
25/05/2005 06:10 11 882 cnmlrTr.dl_
19/05/2005 15:00 9 112 cnmlrtw.dl_
09/06/2005 06:00 12 362 cnmop78.dl_
15/04/2005 06:00 26 063 cnmp_260.dl_
15/04/2005 06:00 1 104 cnmp0.da_
15/04/2005 06:00 1 076 cnmp1.da_
15/04/2005 06:00 1 676 cnmp2.da_
01/02/2002 17:29 15 300 cnmpar21.sys
15/04/2005 06:00 16 539 cnmpcomm.dl_
15/04/2005 06:00 10 028 cnmpd.dl_
15/04/2005 06:00 31 054 cnmpp.dl_
15/04/2005 06:00 41 376 cnmpv.dl_
15/04/2005 06:00 12 631 cnmqueue.dl_
15/04/2005 06:00 13 222 cnmsmsd.dl_
15/04/2005 06:00 8 402 cnmsr.dl_
19/05/2005 15:00 6 630 cnmsrcn.dl_
25/05/2005 06:10 9 666 cnmsrcz.dl_
25/05/2005 06:10 10 110 cnmsrde.dl_
25/05/2005 06:10 9 324 cnmsrdk.dl_
25/05/2005 06:10 9 804 cnmsres.dl_
25/05/2005 06:10 8 830 cnmsrfi.dl_
25/05/2005 06:10 9 700 cnmsrfr.dl_
25/05/2005 06:10 11 030 cnmsrgr.dl_
25/05/2005 06:10 9 904 cnmsrhu.dl_
25/05/2005 06:10 9 368 cnmsrit.dl_
15/04/2005 06:00 7 089 cnmsrj.dl_
19/05/2005 15:00 7 572 cnmsrkr.dl_
25/05/2005 06:10 9 240 cnmsrnl.dl_
25/05/2005 06:10 9 036 cnmsrno.dl_
25/05/2005 06:10 10 328 cnmsrpl.dl_
25/05/2005 06:10 9 414 cnmsrpt.dl_
25/05/2005 06:10 9 736 cnmsrru.dl_
25/05/2005 06:10 9 362 cnmsrse.dl_
19/05/2005 15:00 8 100 cnmsrth.dl_
25/05/2005 06:10 8 680 cnmsrTr.dl_
19/05/2005 15:00 6 722 cnmsrtw.dl_
15/04/2005 06:00 85 620 cnmstmn.dl_
15/04/2005 06:00 16 116 cnmstsr.sm_
15/04/2005 06:00 361 166 cnmui.dl_
08/03/2005 19:17 90 112 cnmunins.exe
15/04/2005 06:00 30 236 cnmur.dl_
19/05/2005 15:00 26 496 cnmurcn.dl_
25/05/2005 06:10 32 800 cnmurcz.dl_
25/05/2005 06:20 33 490 cnmurde.dl_
25/05/2005 06:10 31 910 cnmurdk.dl_
25/05/2005 06:10 32 810 cnmures.dl_
25/05/2005 06:10 31 606 cnmurfi.dl_
25/05/2005 06:10 33 038 cnmurfr.dl_
25/05/2005 06:10 35 962 cnmurgr.dl_
25/05/2005 06:10 32 898 cnmurhu.dl_
25/05/2005 06:10 32 106 cnmurit.dl_
15/04/2005 06:00 28 671 cnmurj.dl_
19/05/2005 15:00 28 372 cnmurkr.dl_
25/05/2005 06:10 32 082 cnmurnl.dl_
25/05/2005 06:10 31 034 cnmurno.dl_
25/05/2005 06:10 33 918 cnmurpl.dl_
25/05/2005 06:10 32 242 cnmurpt.dl_
25/05/2005 06:10 34 088 cnmurru.dl_
25/05/2005 06:10 31 936 cnmurse.dl_
19/05/2005 15:00 30 386 cnmurth.dl_
25/05/2005 06:10 31 744 cnmurTr.dl_
19/05/2005 15:00 26 876 cnmurtw.dl_
15/04/2005 06:00 3 672 cnmvs.dl_
08/03/2005 19:16 23 040 cnmvsa.exe
15/04/2005 06:00 3 124 cnmw3.dl_
11/02/2004 17:25 <REP> ComPlus Applications
05/11/2006 16:32 <REP> Creative
25/05/2004 20:39 <REP> Cucusoft
11/02/2004 17:45 <REP> CyberLink
21/08/2004 18:23 <REP> DCPro
12/03/2002 22:54 45 056 devid.dll
09/04/2007 17:08 <REP> ECI Telecom
15/04/2007 10:28 <REP> ESET
12/05/2005 17:38 5 133 eula0404.txt
08/02/2005 12:04 11 504 eula0405.txt
24/06/2005 11:46 12 728 eula0406.txt
13/05/2005 14:54 18 199 eula0407.txt
08/02/2005 11:48 13 484 eula0408.txt
28/03/2005 17:00 11 665 eula0409_euro.txt
06/01/2005 18:20 8 824 eula0409_us.txt
08/02/2005 11:31 12 438 eula040b.txt
10/06/2005 16:05 11 558 eula040c_euro.txt
08/02/2005 10:16 10 796 eula040c_us.txt
08/02/2005 12:04 13 205 eula040e.txt
08/02/2005 11:32 12 202 eula0410.txt
12/01/2005 17:41 6 297 eula0411.txt
16/02/2005 16:37 7 100 eula0412.txt
08/02/2005 11:31 15 126 eula0413.txt
08/02/2005 11:32 11 761 eula0414.txt
08/02/2005 12:03 12 374 eula0415.txt
24/06/2005 11:56 15 315 eula0419.txt
08/02/2005 11:32 12 307 eula041d.txt
22/02/2005 12:24 7 596 eula041e.txt
01/03/2005 09:52 11 966 eula041F.txt
16/02/2005 16:36 4 798 eula0804.txt
08/02/2005 11:32 12 781 eula0816_euro.txt
08/02/2005 10:17 9 227 eula0816_us.txt
24/06/2005 12:15 13 086 eula0c0a_euro.txt
08/02/2005 10:17 9 739 eula0c0a_us.txt
14/04/2007 22:08 <REP> Fichiers communs
15/04/2007 16:09 <REP> FlashFXP
09/11/2006 19:37 <REP> Google
15/04/2005 06:00 22 241 helpkicker.ex_
11/02/2004 17:29 <REP> Intel
11/02/2004 17:25 <REP> Internet Explorer
10/04/2006 12:55 <REP> ip4200
01/08/2005 01:11 69 716 ip4200.cat
19/07/2005 06:12 18 740 ip4200.inf
11/02/2004 17:40 <REP> Java
15/04/2007 18:44 <REP> jv16 PowerTools 2006
10/11/2004 18:29 <REP> Kaspersky Lab
26/05/2004 04:00 <REP> K-Lite Codec Pack
11/02/2004 17:41 <REP> Launch Manager
15/04/2007 13:07 <REP> Lavasoft
11/02/2004 17:44 <REP> Ligos
18/06/2004 03:07 <REP> Logitech
11/02/2004 17:34 <REP> ltmoh
04/08/2004 01:20 <REP> Messager Wanadoo
11/02/2004 17:24 <REP> Messenger
24/04/2005 20:14 <REP> MessengerPlus! 3
20/05/2005 15:00 122 417 mh78cn.ch_
25/05/2005 01:00 120 589 mh78cz.ch_
25/05/2005 01:00 121 717 mh78de.ch_
25/05/2005 01:00 114 973 mh78dk.ch_
25/05/2005 01:00 122 491 mh78es.ch_
25/05/2005 06:00 114 493 mh78fi.ch_
25/05/2005 01:00 119 091 mh78fr.ch_
25/05/2005 01:00 132 377 mh78gr.ch_
25/05/2005 01:00 122 605 mh78hu.ch_
25/05/2005 01:00 117 397 mh78it.ch_
15/04/2005 01:00 139 053 mh78jp.ch_
20/05/2005 15:00 135 231 mh78kr.ch_
25/05/2005 01:00 115 999 mh78nl.ch_
25/05/2005 01:00 112 917 mh78no.ch_
25/05/2005 01:00 124 661 mh78pl.ch_
25/05/2005 01:00 117 451 mh78pt.ch_
25/05/2005 01:00 124 611 mh78ru.ch_
25/05/2005 01:00 113 449 mh78se.ch_
20/05/2005 15:00 137 361 mh78th.ch_
25/05/2005 06:00 115 241 mh78Tr.ch_
20/05/2005 15:00 123 259 mh78tw.ch_
15/04/2005 01:00 108 777 mh78us.ch_
11/02/2004 17:26 <REP> microsoft frontpage
16/02/2004 16:53 <REP> Microsoft Works
11/02/2004 17:25 <REP> Movie Maker
15/04/2007 16:09 <REP> Mozilla Firefox
11/02/2004 17:24 <REP> MSN
04/08/2004 18:13 <REP> MSN Apps
11/02/2004 17:24 <REP> MSN Gaming Zone
24/04/2005 20:26 <REP> MSN Messenger
18/06/2004 03:06 <REP> MUSICMATCH
11/02/2004 17:25 <REP> NetMeeting
11/02/2004 17:44 <REP> NewTech Infosystems
25/05/2004 19:50 <REP> O2Micro
11/02/2004 17:25 <REP> Outlook Express
26/05/2004 03:21 <REP> Pegasys Inc
24/09/2004 14:40 <REP> Philips ToUcam Camera
16/11/2006 19:40 <REP> RadioBlogClub Downloader
25/05/2005 06:10 29 124 Readme_Czech.txt
25/05/2005 06:10 31 844 Readme_Danish.txt
25/05/2005 06:10 33 561 Readme_Dutch.txt
19/04/2005 16:54 29 281 readme_english.txt
25/05/2005 06:10 29 619 Readme_Finnish.txt
25/05/2005 06:10 35 043 Readme_French.txt
25/05/2005 06:10 34 813 Readme_German.txt
25/05/2005 06:10 38 518 Readme_Greek.txt
25/05/2005 06:10 31 559 Readme_Hungarian.txt
25/05/2005 06:10 34 109 Readme_Italian.txt
15/04/2005 11:36 27 503 readme_japanese.txt
19/05/2005 16:00 25 991 Readme_Korean.txt
25/05/2005 06:10 30 683 Readme_Norwegian.txt
25/05/2005 06:10 35 455 Readme_Polish.txt
25/05/2005 06:10 34 281 Readme_Portuguese.txt
25/05/2005 06:10 32 243 Readme_Russian.txt
19/05/2005 16:00 20 093 Readme_Simplified_Chinese.txt
25/05/2005 06:10 34 527 Readme_Spanish.txt
25/05/2005 06:10 30 549 Readme_Swedish.txt
19/05/2005 16:00 27 904 Readme_Thai.txt
19/05/2005 16:00 20 061 Readme_Traditional_Chinese.txt
25/05/2005 06:10 30 360 readme_Turkish.txt
24/09/2004 14:38 <REP> Real
11/02/2004 17:31 <REP> Realtek Sound Manager
11/02/2004 17:24 <REP> Services en ligne
08/03/2005 19:17 167 936 setup.exe
15/04/2005 06:00 1 960 setup.ini
20/05/2005 15:00 39 507 sh78cn.ch_
25/05/2005 01:00 40 581 sh78cz.ch_
25/05/2005 01:00 40 277 sh78de.ch_
25/05/2005 01:00 39 883 sh78dk.ch_
25/05/2005 01:00 40 433 sh78es.ch_
25/05/2005 06:00 39 919 sh78fi.ch_
25/05/2005 01:00 40 873 sh78fr.ch_
25/05/2005 01:00 41 615 sh78gr.ch_
25/05/2005 01:00 40 359 sh78hu.ch_
25/05/2005 01:00 40 067 sh78it.ch_
15/04/2005 01:00 40 925 sh78jp.ch_
20/05/2005 15:00 40 567 sh78kr.ch_
25/05/2005 01:00 39 523 sh78nl.ch_
25/05/2005 01:00 39 739 sh78no.ch_
25/05/2005 01:00 40 741 sh78pl.ch_
25/05/2005 01:00 40 317 sh78pt.ch_
25/05/2005 01:00 41 295 sh78ru.ch_
25/05/2005 01:00 39 679 sh78se.ch_
20/05/2005 15:00 40 559 sh78th.ch_
25/05/2005 06:00 39 385 sh78Tr.ch_
20/05/2005 15:00 39 847 sh78tw.ch_
15/04/2005 01:00 39 231 sh78us.ch_
30/04/2005 16:16 <REP> SmartFTP
30/04/2005 16:16 <REP> SmartFTP Setup Files
15/04/2007 09:15 <REP> Spybot - Search & Destroy
11/02/2004 17:35 <REP> Synaptics
24/09/2004 14:39 <REP> Ulead Systems
10/04/2007 09:38 <REP> VideoLAN
24/09/2004 14:40 <REP> VideoLink Mail
11/04/2007 11:40 <REP> Viewpoint
18/04/2007 08:54 <REP> Wanadoo
25/04/2005 20:54 <REP> WildTangent
15/07/2005 11:36 <REP> Winamp
05/11/2006 16:33 <REP> Windows Media Player
11/02/2004 17:24 <REP> Windows NT
28/05/2004 22:31 <REP> WinRAR
25/05/2004 19:50 <REP> WLAN 802.11g mini-PCI Module
11/02/2004 17:26 <REP> xerox
225 fichier(s) 10 542 851 octets
73 Rép(s) 9 424 007 168 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\Program Files\fichiers communs

14/04/2007 22:08 <REP> .
14/04/2007 22:08 <REP> ..
23/08/2004 13:23 <REP> Adobe
11/04/2007 11:39 <REP> AOL
05/11/2006 16:25 <REP> InstallShield
11/02/2004 17:40 <REP> Java
18/06/2004 03:04 <REP> Logitech
11/02/2004 17:22 <REP> Microsoft Shared
11/02/2004 17:25 <REP> MSSoap
11/02/2004 17:22 <REP> ODBC
10/04/2006 13:30 <REP> Real
11/02/2004 17:25 <REP> Services
24/09/2004 14:40 <REP> Smith Micro Shared
17/04/2007 17:40 <REP> Softwin
11/02/2004 17:22 <REP> SpeechEngines
07/07/2005 17:28 <REP> Symantec Shared
11/02/2004 17:25 <REP> System
10/04/2006 13:30 <REP> xing shared
0 fichier(s) 0 octets
18 Rép(s) 9 424 007 168 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

11/02/2004 17:30 <REP> .
11/02/2004 17:30 <REP> ..
18/05/2001 17:57 561 209 MSONSEXT.DLL
03/06/1999 14:09 122 937 MSOWS409.DLL
07/03/2001 09:00 127 033 MSOWS40c.DLL
3 fichier(s) 811 179 octets
2 Rép(s) 9 424 007 168 octets libres
Le volume dans le lecteur C s'appelle ACER
Le numéro de série du volume est E414-D070

Répertoire de C:\

11/11/2001 00:00 68 096 diff.exe
27/08/2006 14:10 103 424 grep.exe
2 fichier(s) 171 520 octets
0 Rép(s) 9 424 007 168 octets libres
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\AIMinst.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\AIMLang.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\alsetup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\aoldlmgr.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\migrator.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\ocpinst.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\postproc.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\setup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\tbsetup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\unagi3.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\Vwpt.exe
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\Cnmvsa.exe
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\helpkicker.exe
c:\Documents and Settings\benjy\LDCPlusPlus.exe
c:\Documents and Settings\benjy\MpSetup.exe
c:\Documents and Settings\benjy\.housecall6.6\getMac.exe
c:\Documents and Settings\benjy\.housecall6.6\patch.exe
c:\Documents and Settings\benjy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
c:\Documents and Settings\benjy\Bureau\a2AntiMalwareSetup.exe
c:\Documents and Settings\benjy\Bureau\aawsepersonal.exe
c:\Documents and Settings\benjy\Bureau\CleanUp40.exe
c:\Documents and Settings\benjy\Bureau\CleanUp40-1.exe
c:\Documents and Settings\benjy\Bureau\CleanUp40-2.exe
c:\Documents and Settings\benjy\Bureau\dotnetfx.exe
c:\Documents and Settings\benjy\Bureau\FixBlast.exe
c:\Documents and Settings\benjy\Bureau\FlashFXP_302_Setup.exe
c:\Documents and Settings\benjy\Bureau\FlashFXP_31_RC1_Setup.exe
c:\Documents and Settings\benjy\Bureau\GoogleEarthWin.exe
c:\Documents and Settings\benjy\Bureau\GoogleEarthWin_EARE.exe
c:\Documents and Settings\benjy\Bureau\GoogleEarthWin-1.exe
c:\Documents and Settings\benjy\Bureau\Installer_AIM.exe
c:\Documents and Settings\benjy\Bureau\jv16pt_setup.exe
c:\Documents and Settings\benjy\Bureau\Lopxp.exe
c:\Documents and Settings\benjy\Bureau\mwav.exe
c:\Documents and Settings\benjy\Bureau\new_uninstall.exe
c:\Documents and Settings\benjy\Bureau\RadioBlogClub_Downloader_setup.exe
c:\Documents and Settings\benjy\Bureau\SDFix.exe
c:\Documents and Settings\benjy\Bureau\SFTPMSI.exe
c:\Documents and Settings\benjy\Bureau\SFTPMSI-1.exe
c:\Documents and Settings\benjy\Bureau\spybotsd14.exe
c:\Documents and Settings\benjy\Bureau\BitDefender 10.0\BitDefender 10.0\bitdefender_antivirus_plus.exe
c:\Documents and Settings\benjy\Bureau\BitDefender_Internet_Security_v10.5_-_Final_working\BitDefender Internet Security v10.0 - ORION\bitdefender_isecurity_v10.exe
c:\Documents and Settings\benjy\Bureau\BitDefender_Internet_Security_v10.5_-_Final_working\BitDefender Internet Security v10.0 - ORION\keygen.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\catchme.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\diff.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\dumphive.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\Fport.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\grep.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\LFiles.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\pslist.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\streams.exe
c:\Documents and Settings\benjy\Bureau\DiagHelp-1\DiagHelp\swreg.exe
c:\Documents and Settings\benjy\Bureau\Lopxp\tools\EchoX.exe
c:\Documents and Settings\benjy\Bureau\Lopxp\tools\lsTasks.exe
c:\Documents and Settings\benjy\Bureau\Lopxp\tools\Process.exe
c:\Documents and Settings\benjy\Bureau\Lopxp\tools\Str.exe
c:\Documents and Settings\benjy\Bureau\NO\NOD32.Antivirus2.70.16 FINAL\NOD32.exe
c:\Documents and Settings\benjy\Bureau\NO\NOD32.Antivirus2.70.16 FINAL\NOD32.FiX.v2.1-nsane.exe
c:\Documents and Settings\benjy\Downloads\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\PtokaX.exe
c:\Documents and Settings\benjy\Downloads\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\upx.exe
c:\Documents and Settings\benjy\Downloads\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\PtokaX.exe
c:\Documents and Settings\benjy\Downloads\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\PtokaX-0.326.TestDrive4.99\upx.exe
c:\Documents and Settings\benjy\Mes documents\vlc-0.8.5-win32.exe
c:\Documents and Settings\benjy\Mes documents\migneau.benjamin\DCPro.Installer.v.45E\DCPro.Installer.v.45E.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\Catchme.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\cliptext.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\download.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\LS.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\MD5File.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\MoveEx.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\Process.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\RegDACL.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\RestartIt!.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\sc.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\SF.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\swreg.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\swsc.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\unzip.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\zip.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\Replace\W2K.exe
c:\Documents and Settings\benjy\Mes documents\SDFix\apps\Replace\XP.exe
c:\Documents and Settings\Default User\MpSetup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\AOLFirewallMgr.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\gui.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\imappver.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\instSup.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\ocpchk.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\postinst.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\ProgUpd.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\tbinst.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0404\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0404\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0404\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0405\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0405\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0405\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0406\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0406\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0406\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0407\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0407\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0407\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0408\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0408\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0408\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0409\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0409\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0409\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040b\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040b\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040b\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040c\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040c\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040c\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040e\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040e\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040e\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0410\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0410\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0410\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0411\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0411\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0411\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0412\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0412\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0412\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0413\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0413\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0413\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0414\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0414\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0414\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0415\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0415\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0415\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0419\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0419\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0419\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041D\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041D\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041D\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041E\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041E\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041E\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041F\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041F\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041F\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0804\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0804\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0804\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0816\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0816\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0816\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0c0a\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0c0a\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0c0a\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNM_0260.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMBR260.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMDRV.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMDUMP5.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMFUS.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMINST.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLMON2.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRCN.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRCZ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRDE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRDK.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRES.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRFI.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRFR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRGR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRHU.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRIT.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRJ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRKR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRNL.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRNO.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRPL.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRPT.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRRU.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRSE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTH.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTW.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMOP78.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMP_260.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPCOMM.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPD.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPP.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPV.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMQUEUE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSMSD.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRCN.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRCZ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRDE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRDK.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRES.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRFI.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRFR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRGR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRHU.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRIT.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRJ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOW
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 341
Salut

Attention a tes telechargements de keygens !
Ou en sont tes soucis?

A+
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

j'ai mis awast comme antivirus cela va mieux, j'ai encore cette fenetre grise avec ce message, la bonne nouvelle c'est que j'ai plus le virus .exe du system32
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007
>
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

awast m'a retiré un virus dans dans wanadoo
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 341
Re,

Dans Wanadoo? Bizarre.

- Télécharge http://www.malekal.com/download/clean.zip, décompresse-le sur ton bureau (clic droit /
extraire tout), tu dois obtenir un dossier clean.

Démarre en mode sans echec.

Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
Double-clic sur clean. Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 2 en appuyant sur la touche 2 de ton clavier.
Clean va travailler.
Un rapport va etre généré, sauvegarde le, redemarre en mode normal et colle le contenu entier ici.
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

salut

j'ai un petit probleme

The requested URL /download/clean.zip, was not found on this server.
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 341
Re,

J'ai mis une virgule en trop dans le lien, désolé.

http://www.malekal.com/download/clean.zip

Ca devrait être mieux :)

A+
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

salut

Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 18/04/2007 a 19:55:21,73

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

jai toujours cette fenetre grise avec un message en anglais
Messages postés
21123
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 341
Salut

Tu peux me faire une prise d ecran de cette fenetre et l heberger ici?

https://www.cjoint.com/

Et tu me fournit le lien.

a+
Messages postés
24
Date d'inscription
dimanche 15 avril 2007
Statut
Membre
Dernière intervention
19 avril 2007

salut,

je te remercie pour ton aide, j'ai installé outpost firewall.

je me suis appercu que c'etais une attaque de l'exteieur.

la fenetre grise n'apparais plus

merci encore d'avoir passé de ton temps a m'aider