3 rapports d'analyses - ecran rouge HELP

Résolu
Tamarin -  
 Utilisateur anonyme -
Bonjour,

J'ai deuis quelques mois un problème lorsque je double clic sur mon C: un message d'erreur s'affiche me disant qu'il ne trouve pas de... pr win32 ou qqc comme ça. En essayant de résoudre ce problème hier, je me suis rendu compte que c'étai un Virus en survolant plusieurs forums. AUjourd'hui, mon fond d'écran est tout rouge (et c'est écrit : your privacy is in danger download privacy protection softwaree now) et m'envoie comme un lien sur un site qui me proposent d'effectuer des analyses; des fenetres de sécurités s'affichent régulièrement et me dirigent sur des sites equivalents. De plus avast me répète toutes les dix minutes que mon pc est infecté mais ne me permet pas de détruire ce/ces virus ou trojan.

J'ai essayé de résoudre ce problème tout cet après midi en suivant plusieurs instructions sur différents forums mais je n'ai pas trouvé mon bohneur. Mon ordinateur est tjs très lent et ce "lien-fond d'écran" est toujours la!!

J'ai donc commencé par analyser avec Ccleaner comme d'habitude puis fait trois analyses différentes dont je vous soummais les rapports suivants :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 18:08:13 20/11/2007

+ Résultat de l'analyse:

HKU\S-1-5-21-39989766-2330583763-384686628-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyé.
C:\Config.Msi\359a32.rbf -> Adware.BHO : Nettoyé.
C:\WINDOWS\Downloaded Program Files\installer2.dll -> Adware.ClickMedia : Nettoyé.
C:\WINDOWS\privacy_danger -> Adware.RogueSuspect : Nettoyé.
C:\WINDOWS\privacy_danger\images -> Adware.RogueSuspect : Nettoyé.
C:\WINDOWS\privacy_danger\images\capt.gif -> Adware.RogueSuspect : Nettoyé.
C:\WINDOWS\privacy_danger\images\danger.jpg -> Adware.RogueSuspect : Nettoyé.
C:\WINDOWS\privacy_danger\images\down.gif -> Adware.RogueSuspect : Nettoyé.
C:\WINDOWS\privacy_danger\images\spacer.gif -> Adware.RogueSuspect : Nettoyé.
C:\WINDOWS\privacy_danger\index.htm -> Adware.RogueSuspect : Nettoyé.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Nettoyé.
:mozilla.10:C:\Documents and Settings\PIN\Application Data\Mozilla\Firefox\Profiles\iuuhhagu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.11:C:\Documents and Settings\PIN\Application Data\Mozilla\Firefox\Profiles\iuuhhagu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\PIN\Cookies\pin@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.9:C:\Documents and Settings\PIN\Application Data\Mozilla\Firefox\Profiles\iuuhhagu.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\PIN\Cookies\pin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.22:C:\Documents and Settings\PIN\Application Data\Mozilla\Firefox\Profiles\iuuhhagu.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\PIN\Cookies\pin@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\PIN\Cookies\pin@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\PIN\Cookies\pin@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.12:C:\Documents and Settings\PIN\Application Data\Mozilla\Firefox\Profiles\iuuhhagu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.13:C:\Documents and Settings\PIN\Application Data\Mozilla\Firefox\Profiles\iuuhhagu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.14:C:\Documents and Settings\PIN\Application Data\Mozilla\Firefox\Profiles\iuuhhagu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.26:C:\Documents and Settings\PIN\Application Data\Mozilla\Firefox\Profiles\iuuhhagu.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\PIN\Cookies\pin@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.27:C:\Documents and Settings\PIN\Application Data\Mozilla\Firefox\Profiles\iuuhhagu.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\PIN\Cookies\pin@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.

Fin du rapport

-------------------------------------------------------------------------------------------------------------------------------------------------------------

BitDefender Online Scanner

Scan report generated at: Tue, Nov 20, 2007 - 19:31:35

Scan path: C:\;D:\;

Statistics

Time
01:10:01

Files
157022

Folders
6396

Boot Sectors
3

Archives
6967

Packed Files
8340

Results

Identified Viruses
5

Infected Files
10

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
10

Engines Info

Virus Definitions
878621

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2\edi.exe
Infected with: Trojan.Agent.BHO.N

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2\edi.exe
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2\edi.exe
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2\install.bat
Infected with: Trojan.Agent.BHO.N

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2\install.bat
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2\install.bat
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2\msmdev.dll
Infected with: Trojan.Downloader.Agent.YNU

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2\msmdev.dll
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2\msmdev.dll
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/edi.exe
Infected with: Trojan.Agent.BHO.N

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/edi.exe
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/edi.exe
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat
Update failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/install.bat
Infected with: Trojan.Agent.BHO.N

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/install.bat
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/install.bat
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat
Update failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/main_uninstaller.exe
Infected with: Trojan.Agent.ABSG

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/main_uninstaller.exe
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/main_uninstaller.exe
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat
Update failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/msmdev.dll
Infected with: Trojan.Downloader.Agent.YNU

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/msmdev.dll
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/msmdev.dll
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat
Update failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/msmhost.dll
Infected with: Trojan.Agent.BHO.O

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/msmhost.dll
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/msmhost.dll
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat
Update failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/nsduo.dll
Infected with: Trojan.Downloader.Agent.YNQ

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/nsduo.dll
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/nsduo.dll
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat
Update failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/rmv.exe
Infected with: Trojan.Agent.ABSG

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/rmv.exe
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/rmv.exe
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat
Update failed

C:\WINDOWS\I386\COMDLG32.DL_
Clean

C:\WINDOWS\I386\COMDLG32.DL_=>comdlg32.dll
Clean

C:\WINDOWS\I386\COMEMPTY.DA_
Clean

C:\WINDOWS\I386\COMEMPTY.DA_=>comempty.dat
Clean

C:\WINDOWS\I386\COMEXP.CH_
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/#SYSTEM
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adapppooling_371v.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adapppooling_3s6f.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adapppooling_5ohf.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adapppooling_7unb.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_059o.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_14ab.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_1fg3.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_1lt8.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_24ry.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_2eb7.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_2hm4.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_2p6b.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_2wvt.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_33jh.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_38vn.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_3z77.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_59gu.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_5wdo.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_6dgu.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_6gh3.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_7qhz.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_95df.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_9s4z.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_9uk3.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adconfiguring_1jeb.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adconfiguring_23l9.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adconfiguring_35tf.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adconfiguring_5zsp.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adconfiguring_9dbn.htm
Clean

C:\WINDOWS\I386\COMEXP.HL_
Clean

C:\WINDOWS\I386\COMEXP.HL_=>comexp.hlp
Clean

C:\WINDOWS\I386\COMEXP.MS_
Clean

C:\WINDOWS\I386\COMEXP.MS_=>comexp.msc
Clean

C:\WINDOWS\I386\COMIC.TT_
Clean

C:\WINDOWS\I386\COMIC.TT_=>comic.ttf
Clean

C:\WINDOWS\I386\COMICBD.TT_
Clean

C:\WINDOWS\I386\COMICBD.TT_=>comicbd.ttf
Clean

C:\WINDOWS\I386\COMM.DR_
Clean

C:\WINDOWS\I386\COMM.DR_=>comm.drv
Clean

C:\WINDOWS\I386\COMMAND.CO_
Clean

C:\WINDOWS\I386\COMMAND.CO_=>command.com
Clean

C:\WINDOWS\I386\COMMDLG.DL_
Clean

C:\WINDOWS\I386\COMMDLG.DL_=>commdlg.dll
Clean

C:\WINDOWS\I386\COMMON.CH_
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/#SYSTEM
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_file_save_as.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_link_info.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_move_info.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_open_file.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_quit_program.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_save_file.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_status_bar_on_off.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_toolbar_on_off.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_trans_wind_screen.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_use_info.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_embed_info.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/compile_date.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_edit_undo.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/#WINDOWS
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/$WWKeywordLinks/Property
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/$WWAssociativeLinks/BTree
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/$WWAssociativeLinks/Data
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/$WWAssociativeLinks/Map
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/$WWAssociativeLinks/Property
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/$OBJINST
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/$FIftiMain
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/#IDXHDR
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/#TOPICS
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/#URLTBL
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/#URLSTR
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/#STRINGS
Clean

C:\WINDOWS\I386\COMMUNIC.IN_
Clean

C:\WINDOWS\I386\COMMUNIC.IN_=>communic.inf
Clean

C:\WINDOWS\I386\COMMUNIC.IN_=>communic.inf=>(unicode)
Clean

C:\WINDOWS\I386\COMNTWKS.IN_
Clean

C:\WINDOWS\I386\COMNTWKS.IN_=>comntwks.inf
Clean

C:\WINDOWS\I386\COMNTWKS.IN_=>comntwks.inf=>(unicode)
Clean

C:\WINDOWS\I386\COMP.EX_
Clean

C:\WINDOWS\I386\COMP.EX_=>comp.exe
Clean

C:\WINDOWS\I386\COMPACT.EX_
Clean

C:\WINDOWS\I386\COMPACT.EX_=>compact.exe
Clean

C:\WINDOWS\I386\COMPACT.WM_
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>bg_bottomleft.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>bg_bottomright.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>bg_topleft.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>bg_topright.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>bottom_tile.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>brand_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>brand_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>brand_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>brightness.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>btngroup_colormap.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>btngroup_disabled.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>btngroup_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>btngroup_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>btngroup_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>compact.js
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>compact.wms
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>compact.wms=>(unicode)
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>compact.wms=>(unicode)=>(JAVASCRIPT 9)
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>compact.wms=>(unicode)=>(JAVASCRIPT 15)
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>compact.wms=>(unicode)=>(JAVASCRIPT 19)
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>compact_drawer_bottom_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>compact_drawer_right_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>contrast.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>drawer_bottom.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>drawer_bottom_closed.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>drawer_bottom_open.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>drawer_right_bottom.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>drawer_right_closed.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>drawer_right_open.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>drawer_right_tile.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>drawer_right_top.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>hue.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>left_tile.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>logo_default.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>logo_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>logo_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>min_close_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>min_close_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>min_close_map.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>min_close_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>mute_btn_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>next_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>next_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>next_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>onoff_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>onoff_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>onoff_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>play_btn_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>play_btn_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>play_btn_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>play_pause_btn_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>play_pause_btn_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>play_pause_btn_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>prev_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>prev_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>prev_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>right_tile.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>saturation.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>seek_sldr_bkg_comp.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>seek_sldr_fore_comp.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>seek_thumb_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>seek_thumb_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>seek_thumb_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>shufflebtn_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>shufflebtn_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>shufflebtn_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>size.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>slider_h_video.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>slider_thumb.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>slider_thumb_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>slider_v_eq.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>sound_btn_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>sound_btn_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>srswow_logo.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>stop_btn_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>stop_btn_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>stop_btn_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>toggle_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>toggle_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>toggle_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>top_tile.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>transport.js
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>vol_sldr_bkg.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>vol_thumb_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>vol_thumb_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>vol_thumb_up.bmp
Clean

C:\WINDOWS\I386\COMPATUI.DL_
Clean

C:\WINDOWS\I386\COMPATUI.DL_=>compatui.dll
Clean

C:\WINDOWS\I386\COMPDATA\
Clean

C:\WINDOWS\I386\COMPDATA\3COM.HTM
Clean

C:\WINDOWS\I386\COMPDATA\3COM.TXT
Clean

C:\WINDOWS\I386\COMPDATA\AACRAID.HTM
Clean

C:\WINDOWS\I386\COMPDATA\AACRAID.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ACER640P.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ACER640P.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ACLIENT.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ACLIENT.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ACS.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ACS.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ADAPTEC.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ADAPTEC.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ADMPKW2K.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ADMPKW2K.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ADMPKXP.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ADMPKXP.TXT
Clean

C:\WINDOWS\I386\COMPDATA\AHA8940.HTM
Clean

C:\WINDOWS\I386\COMPDATA\AHA8940.TXT
Clean

C:\WINDOWS\I386\COMPDATA\AICDRV.HTM
Clean

C:\WINDOWS\I386\COMPDATA\AICDRV.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ALKB2K.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ALKB2K.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ALPSPRT.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ALPSPRT.TXT
Clean

C:\WINDOWS\I386\COMPDATA\APFILTR.HTM
Clean

C:\WINDOWS\I386\COMPDATA\APFILTR.TXT
Clean

C:\WINDOWS\I386\COMPDATA\APMERROR.HTM
Clean

C:\WINDOWS\I386\COMPDATA\APMERROR.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ARTCAS6E.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ARTCAS6E.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ASSETCI.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ASSETCI.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ATGUARD.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ATGUARD.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ATKPROTO.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ATKPROTO.TXT
Clean

C:\WINDOWS\I386\COMPDATA\AVPGATEK.HTM
Clean

C:\WINDOWS\I386\COMPDATA\AVPGATEK.TXT
Clean

C:\WINDOWS\I386\COMPDATA\AWARD.HTM
Clean

C:\WINDOWS\I386\COMPDATA\AWARD.TXT
Clean

C:\WINDOWS\I386\COMPDATA\BAYMAN.HTM
Clean

C:\WINDOWS\I386\COMPDATA\BAYMAN.TXT
Clean

C:\WINDOWS\I386\COMPDATA\BLACKICE.HTM
Clean

C:\WINDOWS\I386\COMPDATA\BLACKICE.TXT
Clean

C:\WINDOWS\I386\COMPDATA\BOSERROR.HTM
Clean

C:\WINDOWS\I386\COMPDATA\BOSERROR.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CALCOMP.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CALCOMP.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CANO620P.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CANO620P.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CANOS100.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CANOS100.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CARDEXEC.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CARDEXEC.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CDR4VSD.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CDR4VSD.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CERTSRV.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CERTSRV.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CIC.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CIC.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CIMGR.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CIMGR.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CISCOACU.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CISCOACU.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CLDVD.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CLDVD.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CLTMGR.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CLTMGR.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CNBJ51.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CNBJ51.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CNMULTI1.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CNMULTI1.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CPQDIAGC.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CPQDIAGC.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CPQIJ.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CPQIJ.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CPQKBD.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CPQKBD.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CPQMULTI.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CPQMULTI.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CPQPNPMG.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CPQPNPMG.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CPQPWREX.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CPQPWREX.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CPUFEAT.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CPUFEAT.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CRASHMON.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CRASHMON.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CRUISE.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CRUISE.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CRYSTAL.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CRYSTAL.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CS4281.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CS4281.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CSA64XX.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CSA64XX.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CSMIGRAT.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CSMIGRAT.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CSREM32.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CSREM32.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CTZ_CRDL.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CTZ_CRDL.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DAYT.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DAYT.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DECATAPI.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DECATAPI.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DECML.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DECML.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DELLPS.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DELLPS.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DELLTH.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DELLTH.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DELPERC2.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DELPERC2.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DIRECTCD.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DIRECTCD.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DLCPROTO.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DLCPROTO.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DMIBIOS.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DMIBIOS.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DOCK.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DOCK.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DOCKSVC.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DOCKSVC.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/#SYSTEM
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_20669.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21216.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21217.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21248.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21187.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21149.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21320.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21203.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21214.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21299.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21178.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21108.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_30019.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21185.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_30007.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21220.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_20886.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21205.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21226.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_30009.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21151.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_20004.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21169.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21186.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21154.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21152.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21118.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21103.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21212.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.INF
Clean

C:\WINDOWS\I386\COMPDATA\DRVNCDB.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DRVNCDB.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DSMU.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DSMU.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DV_COMP.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DV_COMP.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DV_GEN.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DV_GEN.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DWRITE.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DWRITE.TXT
Clean

C:\WINDOWS\I386\COMPDATA\EICONTA.HTM
Clean

C:\WINDOWS\I386\COMPDATA\EICONTA.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ELSAMX.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ELSAMX.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ENSONIQV.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ENSONIQV.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ENSQAUDM.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ENSQAUDM.TXT
Clean

C:\WINDOWS\I386\COMPDATA\EPSCOLOR.HTM
Clean

C:\WINDOWS\I386\COMPDATA\EPSCOLOR.TXT
Clean

C:\WINDOWS\I386\COMPDATA\EPSON1.HTM
Clean

C:\WINDOWS\I386\COMPDATA\EPSON1.TXT
Clean

C:\WINDOWS\I386\COMPDATA\EPSON3.HTM
Clean

C:\WINDOWS\I386\COMPDATA\EPSON3.TXT
Clean

C:\WINDOWS\I386\COMPDATA\EPSON4.HTM
Clean

C:\WINDOWS\I386\COMPDATA\EPSON4.TXT
Clean

C:\WINDOWS\I386\COMPDATA\EPSP1270.HTM
Clean

C:\WINDOWS\I386\COMPDATA\EPSP1270.TXT
Clean

C:\WINDOWS\I386\COMPDATA\EPSPHOTO.HTM
Clean

C:\WINDOWS\I386\COMPDATA\EPSPHOTO.TXT
Clean

C:\WINDOWS\I386\COMPDATA\EXCHANGE.HTM
Clean

C:\WINDOWS\I386\COMPDATA\EXCHANGE.TXT
Clean

C:\WINDOWS\I386\COMPDATA\FAZAM.HTM
Clean

C:\WINDOWS\I386\COMPDATA\FAZAM.TXT
Clean

C:\WINDOWS\I386\COMPDATA\FIDMOU.HTM
Clean

C:\WINDOWS\I386\COMPDATA\FIDMOU.TXT
Clean

C:\WINDOWS\I386\COMPDATA\FLOWCH7.HTM
Clean

C:\WINDOWS\I386\COMPDATA\FLOWCH7.TXT
Clean

C:\WINDOWS\I386\COMPDATA\FTCOMP1.HTM
Clean

C:\WINDOWS\I386\COMPDATA\FTCOMP1.TXT
Clean

C:\WINDOWS\I386\COMPDATA\FTCOMP2.HTM
Clean

C:\WINDOWS\I386\COMPDATA\FTCOMP2.TXT
Clean

C:\WINDOWS\I386\COMPDATA\FTCOMP3.HTM
Clean

C:\WINDOWS\I386\COMPDATA\FTCOMP3.TXT
Clean

C:\WINDOWS\I386\COMPDATA\GENERIC.HTM
Clean

C:\WINDOWS\I386\COMPDATA\GENERIC.TXT
Clean

C:\WINDOWS\I386\COMPDATA\GENIUS.HTM
Clean

C:\WINDOWS\I386\COMPDATA\GENIUS.TXT
Clean

C:\WINDOWS\I386\COMPDATA\GLINT.HTM
Clean

C:\WINDOWS\I386\COMPDATA\GLINT.TXT
Clean

C:\WINDOWS\I386\COMPDATA\GSNW.HTM
Clean

C:\WINDOWS\I386\COMPDATA\GSNW.TXT
Clean

-------------------------------------------------------------------------------------------------------------------------------------------------------------

3ème rapport effectué par HiJackthis :

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: t-mobile - (no CLSID) - (no file)
O21 - SSODL: sapnet - {FF6C9F35-C22D-43B6-A399-0374AF11EC2E} - (no file)
O21 - SSODL: rmvgor - {CE7AEE4E-2130-4EF8-8B04-3B437490A6FB} - C:\WINDOWS\rmvgor.dll
O21 - SSODL: msmdev - {184970FB-13E0-453F-9F97-F9FCF66FA95F} - C:\WINDOWS\msmdev.dll (file missing)
O21 - SSODL: msmhost - {EB9A1653-0152-4036-AD23-371DB6517287} - C:\WINDOWS\msmhost.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 11041 bytes

-----------------------------------------------------------------------------------------------------------------------------------------------------------------

Voila, je ne sais vraiment pas quoi faire de plus.

est ce que quelqu'un saurait analyser ces résultats et pourait me dire quoi faire pour détruire ces programmes malveillants????

en espérant que quelqu'un lise ce message et ait la clef de mon problème, vous remerçiant d'avance
Configuration: Windows XP
Firefox 2.0.0.7

26 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    salut
    refaits un rapport Hijackthis complet, il lui manques des plumes...
    ;-)
    0
  2. tamarin
     
    ok, ça y est c'est fait pr HijackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:49:25, on 20/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Metacafe\MetacafeAgent.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Metacafe\Metacafe.exe
    C:\Program Files\stickies\stickies.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MSVPS System - {9C985AC6-A138-4EAB-B10A-DC522F755146} - C:\WINDOWS\popnetdpt.dll
    O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O3 - Toolbar: The jokwmp - {D71F3444-606D-46EB-9ABE-DF80E5E9BF67} - C:\WINDOWS\jokwmp.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: t-mobile - (no CLSID) - (no file)
    O21 - SSODL: sapnet - {FF6C9F35-C22D-43B6-A399-0374AF11EC2E} - (no file)
    O21 - SSODL: rmvgor - {CE7AEE4E-2130-4EF8-8B04-3B437490A6FB} - C:\WINDOWS\rmvgor.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
    0
  3. Utilisateur anonyme
     
    download ceci lopxpMH2
    http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip
    sur ton bureau.
    Dézippe-le (clic droit -> "Extraire ici") et double clique sur le fichier lopxpMH.bat.
    postes le rapport
    0
  4. Tamarin
     
    Merci,

    Je fais ça ce soir, je dois retourner en cours
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Tamarin
     
    Bonsoir,

    j'ai bien importé iopxpMH2.bat sur mon bureau et voici le rapport :

    Rapport lopxpMH2 version 2.0 fait à 19:36:00,52 le 21/11/2007
    C:\Documents and Settings\PIN\Mes documents\My Completed Downloads

    ******************************************
    ## Répertoires Application Data

    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\All Users\Application Data

    16/08/2004 17:54 <REP> .
    16/08/2004 17:54 <REP> ..
    15/02/2006 19:11 <REP> Adobe
    15/02/2006 19:12 <REP> AOL
    14/09/2006 18:00 <REP> Apple Computer
    09/10/2006 18:18 <REP> Autodesk
    30/08/2007 19:20 <REP> BufferZone
    22/07/2006 14:25 <REP> CyberLink
    12/03/2007 17:28 <REP> Forge of Games
    24/11/2006 15:00 <REP> Google
    20/11/2007 16:34 <REP> Grisoft
    07/10/2007 16:25 <REP> Intel
    24/10/2006 13:55 <REP> Metacafe
    16/08/2004 17:54 <REP> Microsoft
    28/08/2006 19:46 <REP> Motive
    15/02/2006 19:13 <REP> OD2
    15/11/2007 00:36 <REP> pixelStorm
    15/02/2006 19:12 <REP> QuickTime
    16/08/2004 18:28 <REP> SBSI
    18/06/2007 19:03 <REP> Skype
    26/07/2006 16:56 <REP> Sony Ericsson
    15/02/2006 19:07 <REP> Symantec
    15/02/2006 19:13 <REP> Viewpoint
    28/08/2006 19:27 <REP> Windows Genuine Advantage
    16/08/2004 17:55 62 desktop.ini
    1 fichier(s) 62 octets
    24 Rép(s) 11 671 212 032 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\Default User\Application Data

    16/08/2004 17:54 <REP> .
    16/08/2004 17:54 <REP> ..
    22/07/2006 12:07 <REP> Identities
    07/10/2007 16:26 <REP> Intel
    22/07/2006 12:07 <REP> Macromedia
    16/08/2004 17:54 <REP> Microsoft
    22/07/2006 12:07 <REP> Real
    22/07/2006 12:07 <REP> Sun
    22/07/2006 12:07 <REP> Symantec
    22/07/2006 12:07 <REP> You've Got Pictures Screensaver
    16/08/2004 17:54 62 desktop.ini
    1 fichier(s) 62 octets
    10 Rép(s) 11 671 212 032 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

    16/08/2004 17:55 <REP> .
    16/08/2004 17:55 <REP> ..
    22/07/2006 12:07 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142050}
    22/07/2006 12:07 <REP> ApplicationHistory
    16/08/2004 18:10 <REP> Microsoft
    22/07/2006 12:07 <REP> PowerCinema
    22/07/2006 12:07 135 fusioncache.dat
    22/07/2006 12:07 2 687 222 IconCache.db
    2 fichier(s) 2 687 357 octets
    6 Rép(s) 11 671 212 032 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\LocalService\Application Data

    16/08/2004 18:18 <REP> .
    16/08/2004 18:18 <REP> ..
    07/10/2007 16:26 <REP> Intel
    16/08/2004 18:18 <REP> Microsoft
    0 fichier(s) 0 octets
    4 Rép(s) 11 671 212 032 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

    16/08/2004 18:18 <REP> .
    16/08/2004 18:18 <REP> ..
    16/08/2004 18:18 <REP> Microsoft
    0 fichier(s) 0 octets
    3 Rép(s) 11 671 212 032 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\NetworkService\Application Data

    16/08/2004 18:18 <REP> .
    16/08/2004 18:18 <REP> ..
    07/10/2007 16:26 <REP> Intel
    16/08/2004 18:18 <REP> Microsoft
    09/08/2006 21:08 <REP> Symantec
    0 fichier(s) 0 octets
    5 Rép(s) 11 671 207 936 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

    16/08/2004 18:18 <REP> .
    16/08/2004 18:18 <REP> ..
    16/08/2004 18:18 <REP> Microsoft
    0 fichier(s) 0 octets
    3 Rép(s) 11 671 207 936 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\PIN\Application Data

    22/07/2006 12:08 <REP> .
    22/07/2006 12:08 <REP> ..
    26/07/2006 16:15 <REP> Adobe
    11/09/2006 14:39 <REP> AdobeUM
    14/09/2006 18:03 <REP> Apple Computer
    09/10/2006 18:18 <REP> Autodesk
    31/03/2007 21:03 <REP> BSplayer
    31/03/2007 21:03 <REP> BSplayer Pro
    22/07/2006 16:23 <REP> CyberLink
    14/09/2006 17:39 <REP> FotoTime
    28/10/2006 13:30 <REP> funkitron
    25/09/2006 21:49 <REP> Google
    20/11/2007 16:34 <REP> Grisoft
    13/10/2006 15:19 <REP> Help
    22/07/2006 12:08 <REP> Identities
    07/10/2007 16:26 <REP> Intel
    01/10/2006 15:56 <REP> Lavasoft
    25/08/2006 18:09 <REP> Leadertech
    22/07/2006 12:08 <REP> Macromedia
    24/10/2006 13:55 <REP> MetaCafe
    22/07/2006 12:08 <REP> Microsoft
    14/09/2006 17:49 <REP> Mozilla
    22/07/2006 12:12 <REP> OD2
    12/12/2006 14:20 <REP> PlayFirst
    22/07/2006 12:08 <REP> Real
    13/07/2007 11:54 <REP> SecondLife
    30/08/2007 19:20 <REP> ShoppingReport
    22/07/2006 13:42 <REP> Skype
    25/08/2006 18:09 <REP> Sonic
    05/09/2006 18:47 <REP> stickies
    22/07/2006 12:08 <REP> Sun
    22/07/2006 12:08 <REP> Symantec
    14/09/2006 17:50 <REP> Talkback
    27/08/2006 23:37 <REP> U3
    04/12/2006 18:53 <REP> vlc
    22/07/2006 12:08 <REP> You've Got Pictures Screensaver
    22/07/2006 12:08 62 desktop.ini
    13/11/2006 21:38 78 792 GDIPFONTCACHEV1.DAT
    2 fichier(s) 78 854 octets
    36 Rép(s) 11 671 207 936 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\PIN\Local Settings\Application Data

    22/07/2006 12:08 <REP> .
    22/07/2006 12:08 <REP> ..
    22/07/2006 12:08 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142050}
    26/07/2006 16:15 <REP> Adobe
    19/12/2006 14:49 <REP> Ahead
    14/09/2006 18:03 <REP> Apple Computer
    22/07/2006 12:08 <REP> ApplicationHistory
    09/10/2006 18:18 <REP> Autodesk
    01/11/2006 16:05 <REP> Downloaded Installations
    23/09/2006 22:29 <REP> Gearbox Software
    25/09/2006 21:49 <REP> Google
    13/10/2006 15:19 <REP> Help
    04/09/2006 16:25 <REP> Identities
    22/07/2006 12:08 <REP> Microsoft
    14/09/2006 17:49 <REP> Mozilla
    08/12/2006 00:12 <REP> Paint.NET
    22/07/2006 12:08 <REP> PowerCinema
    15/11/2007 23:56 <REP> Share_Accelerator_MM
    30/08/2006 16:22 218 112 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    22/07/2006 12:08 135 fusioncache.dat
    22/07/2006 16:23 47 160 GDIPFONTCACHEV1.DAT
    22/07/2006 12:08 6 362 026 IconCache.db
    4 fichier(s) 6 627 433 octets
    18 Rép(s) 11 671 203 840 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\Propriétaire\Application Data

    22/07/2006 16:18 <REP> .
    22/07/2006 16:18 <REP> ..
    07/10/2007 16:26 <REP> Intel
    22/07/2006 16:18 <REP> You've Got Pictures Screensaver
    0 fichier(s) 0 octets
    4 Rép(s) 11 671 203 840 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

    16/08/2004 18:16 <REP> .
    16/08/2004 18:16 <REP> ..
    22/07/2006 12:07 <REP> Identities
    07/10/2007 16:25 <REP> Intel
    22/07/2006 12:07 <REP> Macromedia
    16/08/2004 18:16 <REP> Microsoft
    22/07/2006 12:07 <REP> Real
    22/07/2006 12:07 <REP> Sun
    22/07/2006 12:07 <REP> Symantec
    22/07/2006 12:07 <REP> You've Got Pictures Screensaver
    16/08/2004 18:16 62 desktop.ini
    1 fichier(s) 62 octets
    10 Rép(s) 11 671 203 840 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

    16/08/2004 18:16 <REP> .
    16/08/2004 18:16 <REP> ..
    22/07/2006 12:07 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142050}
    22/07/2006 12:07 <REP> ApplicationHistory
    16/08/2004 18:16 <REP> Microsoft
    22/07/2006 12:07 <REP> PowerCinema
    22/07/2006 12:07 135 fusioncache.dat
    22/07/2006 12:07 2 687 222 IconCache.db
    2 fichier(s) 2 687 357 octets
    6 Rép(s) 11 671 203 840 octets libres

    ******************************************
    Recherche des taches planifiées dans C:\WINDOWS\tasks

    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    s €!× " : C : \ P r o g r a m F i l e s \ A p p l e S o f t w a r e U p d a t e \ S o f t w a r e U p d a t e . e x e - T a s k S Y S T E M 0 Ö "

    C:\WINDOWS\Tasks\HDReg.job
    € s ! c : \ A p p s \ H D R e g \ H D R e g R e m . e x e c : \ A p p s \ H D R e g \ P I N

    C:\WINDOWS\Tasks\Rappel
    Rappel inexploitable

    C:\WINDOWS\Tasks\Rappel
    Rappel inexploitable

    ******************************************
    ## Répertoires de C:\Program Files

    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Program Files

    20/11/2007 19:37 <REP> .
    20/11/2007 19:37 <REP> ..
    15/02/2006 19:11 <REP> Adobe
    19/12/2006 14:47 <REP> Ahead
    24/08/2006 15:32 <REP> Alwil Software
    13/08/2007 17:44 <REP> AMT
    14/09/2006 18:01 <REP> Apple Software Update
    09/11/2007 21:09 <REP> Autodesk Architectural Desktop 2004
    22/10/2006 13:37 <REP> Bibliorom_CD
    20/11/2007 16:13 <REP> CCleaner
    28/08/2006 19:45 <REP> Common Files
    15/02/2006 19:04 <REP> CyberLink
    02/10/2006 10:54 <REP> DAP
    16/10/2007 20:57 <REP> DivX
    16/10/2007 20:25 <REP> Easy WiFi Radar
    19/11/2007 19:27 <REP> eMule
    01/06/2007 12:22 <REP> EPSON
    27/05/2007 13:46 <REP> ESET
    09/11/2007 21:06 <REP> Fichiers communs
    16/10/2007 21:08 <REP> Google
    20/11/2007 16:34 <REP> Grisoft
    22/10/2006 12:52 <REP> HiDownload
    19/11/2007 19:28 <REP> inKline Global
    07/10/2007 16:24 <REP> Intel
    11/10/2007 00:16 <REP> Internet Explorer
    15/02/2006 18:49 <REP> Java
    16/10/2007 21:06 <REP> Lavasoft
    15/02/2006 19:13 <REP> Learn2.com
    28/08/2006 22:01 <REP> Macrogaming
    16/10/2007 20:43 <REP> Metacafe
    16/08/2004 18:11 <REP> microsoft frontpage
    28/08/2006 19:31 <REP> Microsoft Office
    22/10/2006 13:38 <REP> Microsoft Référence
    16/08/2004 18:06 <REP> Movie Maker
    15/10/2007 18:04 <REP> Mozilla Firefox
    16/08/2004 18:03 <REP> MSN Gaming Zone
    02/10/2007 18:30 <REP> MSN Messenger
    18/11/2006 03:22 <REP> MSXML 4.0
    09/10/2007 02:00 <REP> MSXML 6.0
    16/08/2004 18:06 <REP> NetMeeting
    16/08/2004 18:03 <REP> Online Services
    16/06/2007 13:25 <REP> Outlook Express
    11/12/2006 21:51 <REP> Rainlendar2
    15/02/2006 19:06 <REP> Real
    15/02/2006 18:48 <REP> Realtek
    16/11/2007 16:41 <REP> RegCleaner
    30/08/2007 19:19 <REP> Secured eMule
    16/08/2004 18:07 <REP> Services en ligne
    15/11/2007 23:56 <REP> Share_Accelerator_MM
    30/08/2007 19:20 <REP> ShoppingReport
    18/06/2007 19:04 <REP> Skype
    26/07/2006 16:56 <REP> Sony Ericsson
    05/09/2006 18:47 <REP> stickies
    01/10/2006 17:57 3 889 824 SweetImSetup.exe
    15/02/2006 18:36 <REP> Synaptics
    20/11/2007 19:37 <REP> Trend Micro
    29/08/2006 11:25 <REP> VDCodecPack3.4
    19/11/2007 23:45 <REP> Video Add-on
    04/12/2006 17:33 <REP> VideoLAN
    15/02/2006 19:13 <REP> Viewpoint
    20/10/2007 15:11 <REP> Winamp
    16/10/2007 21:14 <REP> Windows Media Connect 2
    16/12/2006 20:52 <REP> Windows Media Player
    16/08/2004 18:03 <REP> Windows NT
    28/08/2006 21:48 <REP> WinRAR
    16/08/2004 18:11 <REP> xerox
    1 fichier(s) 3 889 824 octets
    65 Rép(s) 11 671 199 744 octets libres

    ******************************************
    ## Popups autorisées

    * Internet Explorer

    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
    www.packardbell.com REG_NONE
    www.packardbell.co.uk REG_NONE
    www.packardbell.at REG_NONE
    www.packardbell.dk REG_NONE
    www.packardbell.fi REG_NONE
    www.packardbell.fr REG_NONE
    www.packardbell.de REG_NONE
    www.packardbell.it REG_NONE
    www.packardbell.no REG_NONE
    www.packardbell.es REG_NONE
    www.packardbell.se REG_NONE
    www.packardbell.ch REG_NONE
    www.canalplus.fr REG_BINARY
    eu1.badoo.com REG_BINARY
    www8.ratp.info REG_BINARY
    zonenxt.msn-int.com REG_BINARY
    zonenxt.msn-ppe.com REG_BINARY
    zone.msn.com REG_BINARY

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.od2.com
    <SANS NOM> REG_SZ 0

    * Mozilla Firefox (1 autorisé 2 interdit)
    Rapport lopxpMH2 version 2.0 fait à 19:36:49,72 le 21/11/2007
    C:\Documents and Settings\PIN\Bureau

    ******************************************
    ## Répertoires Application Data

    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\All Users\Application Data

    16/08/2004 17:54 <REP> .
    16/08/2004 17:54 <REP> ..
    15/02/2006 19:11 <REP> Adobe
    15/02/2006 19:12 <REP> AOL
    14/09/2006 18:00 <REP> Apple Computer
    09/10/2006 18:18 <REP> Autodesk
    30/08/2007 19:20 <REP> BufferZone
    22/07/2006 14:25 <REP> CyberLink
    12/03/2007 17:28 <REP> Forge of Games
    24/11/2006 15:00 <REP> Google
    20/11/2007 16:34 <REP> Grisoft
    07/10/2007 16:25 <REP> Intel
    24/10/2006 13:55 <REP> Metacafe
    16/08/2004 17:54 <REP> Microsoft
    28/08/2006 19:46 <REP> Motive
    15/02/2006 19:13 <REP> OD2
    15/11/2007 00:36 <REP> pixelStorm
    15/02/2006 19:12 <REP> QuickTime
    16/08/2004 18:28 <REP> SBSI
    18/06/2007 19:03 <REP> Skype
    26/07/2006 16:56 <REP> Sony Ericsson
    15/02/2006 19:07 <REP> Symantec
    15/02/2006 19:13 <REP> Viewpoint
    28/08/2006 19:27 <REP> Windows Genuine Advantage
    16/08/2004 17:55 62 desktop.ini
    1 fichier(s) 62 octets
    24 Rép(s) 11 671 183 360 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\Default User\Application Data

    16/08/2004 17:54 <REP> .
    16/08/2004 17:54 <REP> ..
    22/07/2006 12:07 <REP> Identities
    07/10/2007 16:26 <REP> Intel
    22/07/2006 12:07 <REP> Macromedia
    16/08/2004 17:54 <REP> Microsoft
    22/07/2006 12:07 <REP> Real
    22/07/2006 12:07 <REP> Sun
    22/07/2006 12:07 <REP> Symantec
    22/07/2006 12:07 <REP> You've Got Pictures Screensaver
    16/08/2004 17:54 62 desktop.ini
    1 fichier(s) 62 octets
    10 Rép(s) 11 671 183 360 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

    16/08/2004 17:55 <REP> .
    16/08/2004 17:55 <REP> ..
    22/07/2006 12:07 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142050}
    22/07/2006 12:07 <REP> ApplicationHistory
    16/08/2004 18:10 <REP> Microsoft
    22/07/2006 12:07 <REP> PowerCinema
    22/07/2006 12:07 135 fusioncache.dat
    22/07/2006 12:07 2 687 222 IconCache.db
    2 fichier(s) 2 687 357 octets
    6 Rép(s) 11 671 183 360 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\LocalService\Application Data

    16/08/2004 18:18 <REP> .
    16/08/2004 18:18 <REP> ..
    07/10/2007 16:26 <REP> Intel
    16/08/2004 18:18 <REP> Microsoft
    0 fichier(s) 0 octets
    4 Rép(s) 11 671 183 360 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

    16/08/2004 18:18 <REP> .
    16/08/2004 18:18 <REP> ..
    16/08/2004 18:18 <REP> Microsoft
    0 fichier(s) 0 octets
    3 Rép(s) 11 671 183 360 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\NetworkService\Application Data

    16/08/2004 18:18 <REP> .
    16/08/2004 18:18 <REP> ..
    07/10/2007 16:26 <REP> Intel
    16/08/2004 18:18 <REP> Microsoft
    09/08/2006 21:08 <REP> Symantec
    0 fichier(s) 0 octets
    5 Rép(s) 11 671 183 360 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

    16/08/2004 18:18 <REP> .
    16/08/2004 18:18 <REP> ..
    16/08/2004 18:18 <REP> Microsoft
    0 fichier(s) 0 octets
    3 Rép(s) 11 671 183 360 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\PIN\Application Data

    22/07/2006 12:08 <REP> .
    22/07/2006 12:08 <REP> ..
    26/07/2006 16:15 <REP> Adobe
    11/09/2006 14:39 <REP> AdobeUM
    14/09/2006 18:03 <REP> Apple Computer
    09/10/2006 18:18 <REP> Autodesk
    31/03/2007 21:03 <REP> BSplayer
    31/03/2007 21:03 <REP> BSplayer Pro
    22/07/2006 16:23 <REP> CyberLink
    14/09/2006 17:39 <REP> FotoTime
    28/10/2006 13:30 <REP> funkitron
    25/09/2006 21:49 <REP> Google
    20/11/2007 16:34 <REP> Grisoft
    13/10/2006 15:19 <REP> Help
    22/07/2006 12:08 <REP> Identities
    07/10/2007 16:26 <REP> Intel
    01/10/2006 15:56 <REP> Lavasoft
    25/08/2006 18:09 <REP> Leadertech
    22/07/2006 12:08 <REP> Macromedia
    24/10/2006 13:55 <REP> MetaCafe
    22/07/2006 12:08 <REP> Microsoft
    14/09/2006 17:49 <REP> Mozilla
    22/07/2006 12:12 <REP> OD2
    12/12/2006 14:20 <REP> PlayFirst
    22/07/2006 12:08 <REP> Real
    13/07/2007 11:54 <REP> SecondLife
    30/08/2007 19:20 <REP> ShoppingReport
    22/07/2006 13:42 <REP> Skype
    25/08/2006 18:09 <REP> Sonic
    05/09/2006 18:47 <REP> stickies
    22/07/2006 12:08 <REP> Sun
    22/07/2006 12:08 <REP> Symantec
    14/09/2006 17:50 <REP> Talkback
    27/08/2006 23:37 <REP> U3
    04/12/2006 18:53 <REP> vlc
    22/07/2006 12:08 <REP> You've Got Pictures Screensaver
    22/07/2006 12:08 62 desktop.ini
    13/11/2006 21:38 78 792 GDIPFONTCACHEV1.DAT
    2 fichier(s) 78 854 octets
    36 Rép(s) 11 671 179 264 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\PIN\Local Settings\Application Data

    22/07/2006 12:08 <REP> .
    22/07/2006 12:08 <REP> ..
    22/07/2006 12:08 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142050}
    26/07/2006 16:15 <REP> Adobe
    19/12/2006 14:49 <REP> Ahead
    14/09/2006 18:03 <REP> Apple Computer
    22/07/2006 12:08 <REP> ApplicationHistory
    09/10/2006 18:18 <REP> Autodesk
    01/11/2006 16:05 <REP> Downloaded Installations
    23/09/2006 22:29 <REP> Gearbox Software
    25/09/2006 21:49 <REP> Google
    13/10/2006 15:19 <REP> Help
    04/09/2006 16:25 <REP> Identities
    22/07/2006 12:08 <REP> Microsoft
    14/09/2006 17:49 <REP> Mozilla
    08/12/2006 00:12 <REP> Paint.NET
    22/07/2006 12:08 <REP> PowerCinema
    15/11/2007 23:56 <REP> Share_Accelerator_MM
    30/08/2006 16:22 218 112 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    22/07/2006 12:08 135 fusioncache.dat
    22/07/2006 16:23 47 160 GDIPFONTCACHEV1.DAT
    22/07/2006 12:08 6 362 026 IconCache.db
    4 fichier(s) 6 627 433 octets
    18 Rép(s) 11 671 179 264 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Documents and Settings\Propriétaire\Application Data

    22/07/2006 16:18 <REP> .
    22/07/2006 16:18 <REP> ..
    07/10/2007 16:26 <REP> Intel
    22/07/2006 16:18 <REP> You've Got Pictures Screensaver
    0 fichier(s) 0 octets
    4 Rép(s) 11 671 179 264 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

    16/08/2004 18:16 <REP> .
    16/08/2004 18:16 <REP> ..
    22/07/2006 12:07 <REP> Identities
    07/10/2007 16:25 <REP> Intel
    22/07/2006 12:07 <REP> Macromedia
    16/08/2004 18:16 <REP> Microsoft
    22/07/2006 12:07 <REP> Real
    22/07/2006 12:07 <REP> Sun
    22/07/2006 12:07 <REP> Symantec
    22/07/2006 12:07 <REP> You've Got Pictures Screensaver
    16/08/2004 18:16 62 desktop.ini
    1 fichier(s) 62 octets
    10 Rép(s) 11 671 175 168 octets libres
    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

    16/08/2004 18:16 <REP> .
    16/08/2004 18:16 <REP> ..
    22/07/2006 12:07 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142050}
    22/07/2006 12:07 <REP> ApplicationHistory
    16/08/2004 18:16 <REP> Microsoft
    22/07/2006 12:07 <REP> PowerCinema
    22/07/2006 12:07 135 fusioncache.dat
    22/07/2006 12:07 2 687 222 IconCache.db
    2 fichier(s) 2 687 357 octets
    6 Rép(s) 11 671 175 168 octets libres

    ******************************************
    Recherche des taches planifiées dans C:\WINDOWS\tasks

    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    s €!× " : C : \ P r o g r a m F i l e s \ A p p l e S o f t w a r e U p d a t e \ S o f t w a r e U p d a t e . e x e - T a s k S Y S T E M 0 Ö "

    C:\WINDOWS\Tasks\HDReg.job
    € s ! c : \ A p p s \ H D R e g \ H D R e g R e m . e x e c : \ A p p s \ H D R e g \ P I N

    C:\WINDOWS\Tasks\Rappel
    Rappel inexploitable

    C:\WINDOWS\Tasks\Rappel
    Rappel inexploitable

    ******************************************
    ## Répertoires de C:\Program Files

    Le volume dans le lecteur C s'appelle disc
    Le numéro de série du volume est B0E4-0458

    Répertoire de C:\Program Files

    20/11/2007 19:37 <REP> .
    20/11/2007 19:37 <REP> ..
    15/02/2006 19:11 <REP> Adobe
    19/12/2006 14:47 <REP> Ahead
    24/08/2006 15:32 <REP> Alwil Software
    13/08/2007 17:44 <REP> AMT
    14/09/2006 18:01 <REP> Apple Software Update
    09/11/2007 21:09 <REP> Autodesk Architectural Desktop 2004
    22/10/2006 13:37 <REP> Bibliorom_CD
    20/11/2007 16:13 <REP> CCleaner
    28/08/2006 19:45 <REP> Common Files
    15/02/2006 19:04 <REP> CyberLink
    02/10/2006 10:54 <REP> DAP
    16/10/2007 20:57 <REP> DivX
    16/10/2007 20:25 <REP> Easy WiFi Radar
    19/11/2007 19:27 <REP> eMule
    01/06/2007 12:22 <REP> EPSON
    27/05/2007 13:46 <REP> ESET
    09/11/2007 21:06 <REP> Fichiers communs
    16/10/2007 21:08 <REP> Google
    20/11/2007 16:34 <REP> Grisoft
    22/10/2006 12:52 <REP> HiDownload
    19/11/2007 19:28 <REP> inKline Global
    07/10/2007 16:24 <REP> Intel
    11/10/2007 00:16 <REP> Internet Explorer
    15/02/2006 18:49 <REP> Java
    16/10/2007 21:06 <REP> Lavasoft
    15/02/2006 19:13 <REP> Learn2.com
    28/08/2006 22:01 <REP> Macrogaming
    16/10/2007 20:43 <REP> Metacafe
    16/08/2004 18:11 <REP> microsoft frontpage
    28/08/2006 19:31 <REP> Microsoft Office
    22/10/2006 13:38 <REP> Microsoft Référence
    16/08/2004 18:06 <REP> Movie Maker
    15/10/2007 18:04 <REP> Mozilla Firefox
    16/08/2004 18:03 <REP> MSN Gaming Zone
    02/10/2007 18:30 <REP> MSN Messenger
    18/11/2006 03:22 <REP> MSXML 4.0
    09/10/2007 02:00 <REP> MSXML 6.0
    16/08/2004 18:06 <REP> NetMeeting
    16/08/2004 18:03 <REP> Online Services
    16/06/2007 13:25 <REP> Outlook Express
    11/12/2006 21:51 <REP> Rainlendar2
    15/02/2006 19:06 <REP> Real
    15/02/2006 18:48 <REP> Realtek
    16/11/2007 16:41 <REP> RegCleaner
    30/08/2007 19:19 <REP> Secured eMule
    16/08/2004 18:07 <REP> Services en ligne
    15/11/2007 23:56 <REP> Share_Accelerator_MM
    30/08/2007 19:20 <REP> ShoppingReport
    18/06/2007 19:04 <REP> Skype
    26/07/2006 16:56 <REP> Sony Ericsson
    05/09/2006 18:47 <REP> stickies
    01/10/2006 17:57 3 889 824 SweetImSetup.exe
    15/02/2006 18:36 <REP> Synaptics
    20/11/2007 19:37 <REP> Trend Micro
    29/08/2006 11:25 <REP> VDCodecPack3.4
    19/11/2007 23:45 <REP> Video Add-on
    04/12/2006 17:33 <REP> VideoLAN
    15/02/2006 19:13 <REP> Viewpoint
    20/10/2007 15:11 <REP> Winamp
    16/10/2007 21:14 <REP> Windows Media Connect 2
    16/12/2006 20:52 <REP> Windows Media Player
    16/08/2004 18:03 <REP> Windows NT
    28/08/2006 21:48 <REP> WinRAR
    16/08/2004 18:11 <REP> xerox
    1 fichier(s) 3 889 824 octets
    65 Rép(s) 11 671 171 072 octets libres

    ******************************************
    ## Popups autorisées

    * Internet Explorer

    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
    www.packardbell.com REG_NONE
    www.packardbell.co.uk REG_NONE
    www.packardbell.at REG_NONE
    www.packardbell.dk REG_NONE
    www.packardbell.fi REG_NONE
    www.packardbell.fr REG_NONE
    www.packardbell.de REG_NONE
    www.packardbell.it REG_NONE
    www.packardbell.no REG_NONE
    www.packardbell.es REG_NONE
    www.packardbell.se REG_NONE
    www.packardbell.ch REG_NONE
    www.canalplus.fr REG_BINARY
    eu1.badoo.com REG_BINARY
    www8.ratp.info REG_BINARY
    zonenxt.msn-int.com REG_BINARY
    zonenxt.msn-ppe.com REG_BINARY
    zone.msn.com REG_BINARY

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.od2.com
    <SANS NOM> REG_SZ 0

    * Mozilla Firefox (1 autorisé 2 interdit)

    ---------- C:\DOCUMENTS AND SETTINGS\PIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IUUHHAGU.DEFAULT\HOSTPERM.1
    host popup 1 webmessenger.msn.com
    host popup 1 www.xtremeverbier.com

    ******************************************
    ## Registre

    * [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
    Search Bar REG_SZ https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F

    ******************************************
    ## Zones de sécurité

    * HKCU Domains (4)

    * P3P History (5)

    ******************************************
    ## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"

    *************** Fin du rapport ****************

    est-ce mauvais signe docteur?
    Sinon mon fond d'écran rouge n'était plus la ce midi ms il est revenu ce soir
    0
  7. Utilisateur anonyme
     
    cocher + fixer ces lignes.
    https://leblogdeclaude.blogspot.com/2007/05/comment-utiliser-hijackthis-fixer.html
    ------------------------------------------------------------
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: MSVPS System - {9C985AC6-A138-4EAB-B10A-DC522F755146} - C:\WINDOWS\popnetdpt.dll
    O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O3 - Toolbar: The jokwmp - {D71F3444-606D-46EB-9ABE-DF80E5E9BF67} - C:\WINDOWS\jokwmp.dll
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    Inconnu
    O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    Inconnu
    O18 - Protocol: t-mobile - (no CLSID) - (no file)
    O21 - SSODL: sapnet - {FF6C9F35-C22D-43B6-A399-0374AF11EC2E} - (no file)
    Inconnu
    O21 - SSODL: rmvgor - {CE7AEE4E-2130-4EF8-8B04-3B437490A6FB} - C:\WINDOWS\rmvgor.dll
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
    -------------------------------------------------------------------------------------------------------------------------
    fais ceci:
    https://leblogdeclaude.blogspot.com/2007/03/informatique-procdure-navifix.html
    postes le rapport
    + à la suite le rapport Hijackthis
    ----------------------------------------------------
    conseil:
    ---------------------
    il faudra changer tes habites sur le NET, tu te fais courir de sérieux problèmes....

    0
  8. Tamarin
     
    Voila,
    J'ai donc fixé les lignes que tu m'as conseillé et voici le premier rapport du programme Navilog1 :

    Search Navipromo version 3.3.6 commencé le 21/11/2007 à 21:02:21,89

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 14.11.2007 à 18h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.11

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans C:\WINDOWS ***

    *** Recherche dossiers dans C:\Program Files ***

    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Recherche dossiers dans C:\Documents and Settings\PIN\Application Data ***

    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1 ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun fichier trouvé dans :

    - C:\WINDOWS\system32
    - C:\DOCUME~1\PIN\LOCALS~1\APPLIC~1

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\WINDOWS\system32 *

    * Recherche dans C:\DOCUME~1\PIN\LOCALS~1\APPLIC~1 *

    *** Recherche fichiers ***

    *** Recherche clés spécifiques dans le Registre ***

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    2)Recherche Heuristique :

    3)Recherche Certificats :

    Certificat Egroup absent !

    *** Analyse terminée le 21/11/2007 à 21:03:20,17 ***

    et voici celui de HijackThis effectué a la suite :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:08:27, on 21/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Metacafe\MetacafeAgent.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\DAP\DAP.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: t-mobile - (no CLSID) - (no file)
    O21 - SSODL: msmhost - {0E3C805D-021A-496B-A562-F3AA760B787B} - C:\WINDOWS\msmhost.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    0
  9. Tamarin
     
    et tu veux dire quoi par changer mes habitudes ??
    0
  10. Utilisateur anonyme
     
    question ?
    --------
    tu utilise les caractères asiatiques sur ce PC ?
    ------------------------------------------------------------------------------------
    et tu veux dire quoi par changer mes habitudes ??
    réponse----->
    En gros, fais gaffe où tu mets les pieds sur le Net.
    Prend ça positivement comme un conseil.
    Je ne vais pas ici te dire ce que tu dois faire ou pas.
    Je vois qu'à travers tes rapports tu te fais prendre des risques inutiles et évitables.
    Il faut se dire, que la majorité des virus arrivent par de mauvaises habitudes de surf !
    Tu peux trés bien te prendre un virus , rien qu'en allant sur une page Internet...sans rien downloader !
    A ce propos il faudra que tu changes d'antivirus.
    Avast n'est pas assez réactif avec ces mises à jour. Il va te laisser passer des virus qui sont vieux de parfois plusieurs semaines !
    Alors que les autres les détectent.
    Je pense qui si tu continues dans le free, ANTIVIR serait un choix intelligent.

    ------------------------------------------------------------------------------------
    Venons en au fait.
    fixer et cocher
    https://leblogdeclaude.blogspot.com/2007/05/comment-utiliser-hijackthis-fixer.html

    -----------------------

    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    ----------------------------------------
    Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
    - Enregistre le sur ton bureau

    Double clique sur le OAD pour le lancer

    - nom de fichier à rechercher tape ou fais un copier coller de : ShoppingReport
    - Type de recherche : sélectionne l'option 6 puis valide [entree]

    OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
    Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

    - Fais un copier / coller de ce rapport dans ton prochain post.

    0
  11. Tamarin
     
    salut,

    Merci pour tes conseils, je vais tacher de les suivre. Sinon pour Antivir, dois-je désinstaller AVG antispyware ou est ce que je peux laisser tourner les deux?

    Sinon j'ai fixé les ligne que tu m'as dit et fait la recherche avec AOD.

    Voici le rapport :

    22/11/2007 ---- 19:35:35,21

    ----------------------------------
    §§§§§§ [ShoppingReport] §§§§§§
    ----------------------------------
    [X] Registre

    -------------- [ ] rapide
    -- Fichier --- [ ] disque systeme
    ------------- [X] complete

    ********************
    [Registre]
    ********************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ProgID]
    @="ShoppingReport.HbAx.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ToolboxBitmap32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll, 102"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\VersionIndependentProgID]
    @="ShoppingReport.HbAx"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\ProgID]
    @="ShoppingReport.IEButtonA.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\VersionIndependentProgID]
    @="ShoppingReport.IEButtonA"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID]
    @="ShoppingReport.HbInfoBand.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionIndependentProgID]
    @="ShoppingReport.HbInfoBand"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\ProgID]
    @="ShoppingReport.IEButton.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\VersionIndependentProgID]
    @="ShoppingReport.IEButton"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer]
    @="ShoppingReport.HbAx.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx.1]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx.1\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer]
    @="ShoppingReport.HbInfoBand.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer]
    @="ShoppingReport.IEButton.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton.1]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton.1\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer]
    @="ShoppingReport.IEButtonA.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA.1]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA.1\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl]
    @="ShoppingReport"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer]
    @="ShoppingReport.RprtCtrl.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1]
    @="ShoppingReport"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\3"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0\win32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HELPDIR]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}]
    "HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,204"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}]
    "Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,203"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]
    "HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,202"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]
    "Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,201"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport]
    "DisplayIcon"="C:\\Program Files\\ShoppingReport\\Uninst.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport]
    "UninstallString"="C:\\Program Files\\ShoppingReport\\Uninst.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport]

    [HKEY_USERS\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport]

    [HKEY_USERS\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport]
    "currentResDir"="C:\\Documents and Settings\\PIN\\Application Data\\ShoppingReport\\cs\\res2"

    *******************
    [Fichier]
    *******************

    c:\Documents and Settings\PIN\Application Data\ShoppingReport
    c:\Program Files\ShoppingReport
    c:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll

    *********************
    [Même date]
    *********************

    [R‚pertoire ] --- REP ---> C:\Program Files\Files

    Outil Aide Diagnostic By !aur3n7 Version 1.1
    ----------------------------------
    §§§§§ Fin Rapport §§§§§
    ----------------------------------
    0
  12. Utilisateur anonyme
     
    Argh !
    j'ai du pain sur la planche...je vais te faire un script pour The Avenger.
    On va faire le ménage...
    A demain
    --------------------
    pas de réponse à ceci:
    question ?
    --------
    tu utilise les caractères asiatiques sur ce PC ?


    -----------------
    Sinon pour Antivir, dois-je désinstaller AVG antispyware ou est ce que je peux laisser tourner les deux?

    les deux sont complémentaires.
    Par contre désinstalles Avast (absolument !) pour installer Antivir.

    0
  13. Tamarin
     
    Dsl,

    je n'avais pas vu la question : Non je ne me souviens pas avoir utilisé de caractères asiatiques et je ne pense pas en avoir besoin dans le future.

    En tou cas merci vraiment pour le temps que tu me consacres.

    J'ai fais un scan avec Antivir, je te poste ci-dessous le rapport, s'ils peuvent t'être utile :

    AntiVir PersonalEdition Classic
    Report file date: jeudi 22 novembre 2007 20:16

    Scanning for 940014 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: SAMPRAS

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
    ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 19:08:37
    ANTIVIR3.VDF : 7.0.0.249 201216 Bytes 22/11/2007 19:08:37
    AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 22/11/2007 19:08:37
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 22 novembre 2007 20:16

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'livecall.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'MetacafeAgent.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
    Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
    Scan process 'Rainlendar2.exe' - '1' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
    Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
    Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
    Scan process 'CLSched.exe' - '1' Module(s) have been scanned
    Scan process 'WLKEEPER.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'slserv.exe' - '1' Module(s) have been scanned
    Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'HidService.exe' - '1' Module(s) have been scanned
    Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
    Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '0' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'ashServ.exe' - '1' Module(s) have been scanned
    Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    46 processes with 46 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '22' files ).

    Starting the file scan:

    Begin scan in 'C:\' <disc>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\PIN\Local Settings\Temp\BIT1.tmp
    [0] Archive type: ZIP
    --> install-privacy-danger.bat
    [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
    [INFO] The file was moved to '4799dd2b.qua'!
    C:\Documents and Settings\PIN\Local Settings\Temp\BIT17.tmp
    [0] Archive type: ZIP
    --> install-privacy-danger.bat
    [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
    [INFO] The file was moved to '4799dd34.qua'!
    C:\Documents and Settings\PIN\Mes documents\My Completed Downloads\VideoAccessCodecInstall.exe
    [DETECTION] Contains detection pattern of the dropper DR/Zlob.Gen
    [INFO] The file was deleted!
    C:\Program Files\ShoppingReport\Uninst.exe
    [DETECTION] Contains detection pattern of the dropper DR/MartShop.2
    [INFO] The file was moved to '47aee2c9.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP330\A0122160.exe
    [DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.9
    [INFO] The file was moved to '4776e573.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP330\A0122171.inf
    [DETECTION] Contains detection pattern of the VBS script virus VBS/IETitle.A
    [INFO] The file was moved to '4776e578.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP332\A0122423.exe
    [DETECTION] Contains detection pattern of the dropper DR/MartShop.2
    [INFO] The file was moved to '4776e731.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!

    End of the scan: jeudi 22 novembre 2007 21:55
    Used time: 1:38:49 min

    The scan has been done completely.

    6441 Scanning directories
    177611 Files were scanned
    7 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    1 files were deleted
    0 files were repaired
    6 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    177604 Files not concerned
    6772 Archives were scanned
    2 Warnings
    0 Notes

    Voila, A demain et merci encore!
    0
  14. Utilisateur anonyme
     
    bien, tu as tes points de restauration qui sont inutilisables.
    ----------
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP330\A0122160.exe
    [DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.9
    [INFO] The file was moved to '4776e573.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP330\A0122171.inf
    [DETECTION] Contains detection pattern of the VBS script virus VBS/IETitle.A
    [INFO] The file was moved to '4776e578.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP332\A0122423.exe
    [DETECTION] Contains detection pattern of the dropper DR/MartShop.2
    [INFO] The file was moved to '4776e731.qua'!
    ------------------------------
    fais ceci:
    http://www.commentcamarche.net/faq/sujet 5097 virus system volume information
    -------------------------------------------
    -------------------------------------------------------------------------------------
    fais une sauvegarde de ta BDR.
    https://leblogdeclaude.blogspot.com/2006/10/informatique-sauvegarde-de-la-base-de.html
    --------------------------------------------------------------------------
    ouvres notepad.exe
    copie le texte en dessous (avec sélectionner le texte ctrl+c et ctrl+v pour le coller)
    enregistre le texte sous fix.txt sur le bureau
    ------------------------------------------

    registry keys to delete:
    HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocSe rver32
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"
    HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ProgID
    @="ShoppingReport.HbAx.1"
    HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ToolboxB itmap32
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll, 102"
    HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\VersionI ndependentProgID
    @="ShoppingReport.HbAx"
    HKLM\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocSe rver32
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"
    HKLM\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\ProgID
    @="ShoppingReport.IEButtonA.1"
    HKLM\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\VersionI ndependentProgID
    @="ShoppingReport.IEButtonA"
    HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocSe rver32
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"
    HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID
    @="ShoppingReport.HbInfoBand.1"
    HKLM\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionI ndependentProgID
    @="ShoppingReport.HbInfoBand"
    HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocSe rver32
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"
    HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\ProgID
    @="ShoppingReport.IEButton.1"
    HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\VersionI ndependentProgID
    @="ShoppingReport.IEButton"
    HKLM\SOFTWARE\Classes\ShoppingReport.HbAx
    HKLM\SOFTWARE\Classes\ShoppingReport.HbAx\CLSID
    HKLM\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer
    HKLM\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer
    @="ShoppingReport.HbAx.1"
    HKLM\SOFTWARE\Classes\ShoppingReport.HbAx.1
    HKLM\SOFTWARE\Classes\ShoppingReport.HbAx.1\CLSID
    HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand
    HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CLSID
    HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer
    HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer
    @="ShoppingReport.HbInfoBand.1"
    HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1
    HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1\CLSID
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButton
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButton\CLSID
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer
    @="ShoppingReport.IEButton.1"
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButton.1
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButton.1\CLSID
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA\CLSID
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer
    @="ShoppingReport.IEButtonA.1"
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA.1
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA.1\CLSID
    HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl
    HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl
    @="ShoppingReport"
    HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CLSID
    HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer
    HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer
    @="ShoppingReport.RprtCtrl.1"
    HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1
    HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1
    @="ShoppingReport"
    HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1\CLSID
    HKLM\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\ win32
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\4"
    HKLM\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HE LPDIR
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"
    HKLM\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\ win32
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\3"
    HKLM\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HE LPDIR
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"
    HKLM\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0\ win32
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"
    HKLM\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HE LPDIR
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}
    "HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,204"
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}
    "Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,203"
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
    "HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,202"
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
    "Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,201"
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
    "DisplayIcon"="C:\\Program Files\\ShoppingReport\\Uninst.exe"
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
    "UninstallString"="C:\\Program Files\\ShoppingReport\\Uninst.exe"
    HKLM\SOFTWARE\ShoppingReport
    HKU\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport
    HKU\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport
    "currentResDir"="C:\\Documents and Settings\\PIN\\Application Data\\ShoppingReport\\cs\\res2"

    Files to Delete:
    c:\Documents and Settings\PIN\Application Data\ShoppingReport
    c:\Program Files\ShoppingReport
    c:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll


    ------------------------------------------------------------------------------------------
    ensuite,
    Télécharge The Avenger (Swandog46) sur ton bureau
    http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/

    * Clic droit sur Avenger.zip
    * Extrais avenger.exe sur ton bureau (clic sur "extraire")
    ---------------------------------

    lance The Avenger.
    coche load script from file (lire un script à partir d'un fichier) recherche alors fix.txt qui est sur ton bureau.
    Ensuite lance-le avec l'icone du feu vert.
    copies le rapport

    0
  15. Tamarin
     
    Holala beaucoup de problème cette après midi :

    1/ Je n'ai pas d'onglet décurité dans les options de System Volume Information donc j'ai télécharger Security Configuration Manager de Microsoft pour rajoutter cet onglet afin de supprimer les 3 points de restauration de restaurations inutilisable que tu m'as dit. Le problème et qu'une foi le téléchargement effectué, on me dit de :

    Lancez NTFS.EXE

    -Dans le répertoire de décompression, sélectionnez SETUP.INF,click droit/Installer

    -Un écran vous demande alors si vous souhaitez remplacer le fichier ESENT.DLL, refusez en cliquant sur NON POUR TOUS

    Ne cliquez en aucun cas sur oui, pour remplacer les fichiers, vous prendrez le risque de rendre votre système instable!

    -Redémarrer votre poste de travail

    Sélectionnez à présent le fichier à sécuriser, click droit/Propriétés/Onglet sécurité, appliquez votre stratégie NTFS.

    alors que dans mon document téléchargé, je n'ai pas le fichier SETUP.INF, j'ai les fichiers suivant :

    -symbols
    -immc (win32 cabinet sef-exctractor)
    -mssce(archive winrar)
    -mssce(mssce AXA)
    -readme(txt)
    -regsvr32(microsoft(C) reister Server de microsoft Corporation)
    -scefiles(info de configuration)
    -scesetup(info de conf)
    -setup(info de conf).

    J'ai extrait le fichier winrar dans un dossier mais le SETUP.INF n'est pas présent.

    Donc je me retrouve coincé pr effacé les trois points restauration inutilisable.

    J'ai vu qu'il existe une autre manip qui consiste à redémarer en mode sans échec mais je ne sais pas si je suis capable de passer par là.

    Aurais-tu qqc à me conseiller?
    -----------------------------------------------------------------------------------------------------------------------------------------------------------------

    2/ Sinon j'ai quand meme téléchargé the Avenger mais il semble y avoir un probleme, des messages d'erreurs sont apparus.
    Voici le rapport :

    (le fichier créé s'appel error log)

    //////////////////////////////////////////
    Avenger Pre-Processor log
    //////////////////////////////////////////

    Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
    Error code: 0
    Line: @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll

    Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
    Error code: 0
    Line: @="ShoppingReport.HbAx.1

    Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
    Error code: 0
    Line: @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll, 102

    Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
    Error code: 0
    Line: @="ShoppingReport.HbAx

    Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
    Error code: 0
    Line: @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll

    ------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Donc au final j'ai pas trop géré la manip d'aujourd'hui et ça me fait chier! lol.

    Merci encore pour tout et félicitation pour ton blog qui est une caverne d'Alibaba pour les novices!
    0
  16. Utilisateur anonyme
     
    Bien,
    tout d'abord, merci de ton appréciation sympa !
    "Merci encore pour tout et félicitation pour ton blog qui est une caverne d'Alibaba pour les novices!"
    --------------------------------------------------------------------
    avec The Avenger rien de grave !
    Mais je voudrais voir si tout est ok:
    Double clique sur le OAD pour le lancer

    - nom de fichier à rechercher tape ou fais un copier coller de : ShoppingReport
    - Type de recherche : sélectionne l'option 6 puis valide [entree]

    OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
    Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

    - Fais un copier / coller de ce rapport dans ton prochain post.
    --------------------------------------
    Donc je me retrouve coincé pour effacé les trois points restauration inutilisable.
    télécharge ceci:
    https://www.zebulon.fr/telechargements/utilitaires/systeme-utilitaires/restorwin.html

    0
  17. tamarin
     
    bon,

    Voici le rapport de OAD avant la suppression du point de registre :

    24/11/2007 ---- 19:56:54,62

    ----------------------------------
    §§§§§§ [ShoppingReport] §§§§§§
    ----------------------------------
    [X] Registre

    -------------- [ ] rapide
    -- Fichier --- [ ] disque systeme
    ------------- [X] complete

    ********************
    [Registre]
    ********************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ProgID]
    @="ShoppingReport.HbAx.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ToolboxBitmap32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll, 102"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\VersionIndependentProgID]
    @="ShoppingReport.HbAx"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\ProgID]
    @="ShoppingReport.IEButtonA.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\VersionIndependentProgID]
    @="ShoppingReport.IEButtonA"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID]
    @="ShoppingReport.HbInfoBand.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionIndependentProgID]
    @="ShoppingReport.HbInfoBand"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\ProgID]
    @="ShoppingReport.IEButton.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\VersionIndependentProgID]
    @="ShoppingReport.IEButton"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer]
    @="ShoppingReport.HbAx.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx.1]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx.1\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer]
    @="ShoppingReport.HbInfoBand.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer]
    @="ShoppingReport.IEButton.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton.1]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton.1\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer]
    @="ShoppingReport.IEButtonA.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA.1]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA.1\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl]
    @="ShoppingReport"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer]
    @="ShoppingReport.RprtCtrl.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1]
    @="ShoppingReport"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\3"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0\win32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HELPDIR]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}]
    "HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,204"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}]
    "Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,203"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]
    "HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,202"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]
    "Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,201"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport]
    "DisplayIcon"="C:\\Program Files\\ShoppingReport\\Uninst.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport]
    "UninstallString"="C:\\Program Files\\ShoppingReport\\Uninst.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport]

    [HKEY_USERS\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport]

    [HKEY_USERS\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport]
    "currentResDir"="C:\\Documents and Settings\\PIN\\Application Data\\ShoppingReport\\cs\\res2"

    *******************
    [Fichier]
    *******************

    c:\Documents and Settings\PIN\Application Data\ShoppingReport
    c:\Program Files\ShoppingReport
    c:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll

    *********************
    [Même date]
    *********************

    [R‚pertoire ] --- REP ---> C:\Program Files\Files

    Outil Aide Diagnostic By !aur3n7 Version 1.1
    ----------------------------------
    §§§§§ Fin Rapport §§§§§
    ----------------------------------

    ----------------------------------------------------------------------------------------------------------------------------------------------

    J'ai ensuite supprimé le point de restoration qui se trouvais dans restorwin (j'espère avoir fait la bonne manip!) et refais un autre rapport OAD que voici :

    24/11/2007 ---- 20:18:20,03

    ----------------------------------
    §§§§§§ [ShoppingReport] §§§§§§
    ----------------------------------
    [X] Registre

    -------------- [ ] rapide
    -- Fichier --- [ ] disque systeme
    ------------- [X] complete

    ********************
    [Registre]
    ********************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ProgID]
    @="ShoppingReport.HbAx.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ToolboxBitmap32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll, 102"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\VersionIndependentProgID]
    @="ShoppingReport.HbAx"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\ProgID]
    @="ShoppingReport.IEButtonA.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\VersionIndependentProgID]
    @="ShoppingReport.IEButtonA"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID]
    @="ShoppingReport.HbInfoBand.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionIndependentProgID]
    @="ShoppingReport.HbInfoBand"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\ProgID]
    @="ShoppingReport.IEButton.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\VersionIndependentProgID]
    @="ShoppingReport.IEButton"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer]
    @="ShoppingReport.HbAx.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx.1]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx.1\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer]
    @="ShoppingReport.HbInfoBand.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer]
    @="ShoppingReport.IEButton.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton.1]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton.1\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer]
    @="ShoppingReport.IEButtonA.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA.1]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA.1\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl]
    @="ShoppingReport"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer]
    @="ShoppingReport.RprtCtrl.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1]
    @="ShoppingReport"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\3"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0\win32]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HELPDIR]
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}]
    "HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,204"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}]
    "Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,203"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]
    "HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,202"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]
    "Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,201"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport]
    "DisplayIcon"="C:\\Program Files\\ShoppingReport\\Uninst.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport]
    "UninstallString"="C:\\Program Files\\ShoppingReport\\Uninst.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport]

    [HKEY_USERS\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport]

    [HKEY_USERS\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport]
    "currentResDir"="C:\\Documents and Settings\\PIN\\Application Data\\ShoppingReport\\cs\\res2"

    *******************
    [Fichier]
    *******************

    c:\Documents and Settings\PIN\Application Data\ShoppingReport
    c:\Program Files\ShoppingReport
    c:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll

    *********************
    [Même date]
    *********************

    [R‚pertoire ] --- REP ---> C:\Program Files\Files

    Outil Aide Diagnostic By !aur3n7 Version 1.1
    ----------------------------------
    §§§§§ Fin Rapport §§§§§
    ----------------------------------
    0
  18. tamarin
     
    Aïe je viens d'exporter une Base de registre pour la sauvegarder et j'ai voulu faire un test pr voir si tout va bien en l'important tout de suite. J'obtient un message d'erreur me disant : impossible d'importer ................. : toutes les données n'ont pas été inscrites correctement dans le registre. Certeaines clefs sont ouvertes par le système ou par d'autres processus.

    J'en conclu que mes sauvegarde de Base de registre ne sont pas efficaces, que faire?
    0
  19. Utilisateur anonyme
     
    pour exporter l'entièreté il faut que tu soit tout en haut de la BDR dans le panneau de droite.

    --------------------------------------------------------------------------------------------------------------------------
    Ce qui bien indiqué dans ma page:
    https://leblogdeclaude.blogspot.com/2006/10/informatique-sauvegarde-de-la-base-de.html
    la deuxième image.
    http://photos1.blogger.com/blogger/8123/1999/1600/ici.2.jpg
    -------------------------------------------------------------
    pour le script, on dirait qu'il n'a pas été plus loin que les 5 premières lignes !
    ---------------------------------------------------------
    refais ceci:
    ouvres notepad.exe
    copie le texte en dessous (avec sélectionner le texte ctrl+c et ctrl+v pour le coller)
    enregistre le texte sous fix.txt sur le bureau (supprimes l'ancien script avant)

    ------------------------------------------------------------------------------------------------------------------------------

    Files to Delete:
    c:\Documents and Settings\PIN\Application Data\ShoppingReport
    c:\Program Files\ShoppingReport
    c:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll

    registry keys to delete:
    HKLM\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\ProgID
    @="ShoppingReport.IEButtonA.1"
    HKLM\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\VersionI ndependentProgID
    @="ShoppingReport.IEButtonA"
    HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocSe rver32
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"
    HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID
    @="ShoppingReport.HbInfoBand.1"
    HKLM\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionI ndependentProgID
    @="ShoppingReport.HbInfoBand"
    HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocSe rver32
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"
    HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\ProgID
    @="ShoppingReport.IEButton.1"
    HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\VersionI ndependentProgID
    @="ShoppingReport.IEButton"
    HKLM\SOFTWARE\Classes\ShoppingReport.HbAx
    HKLM\SOFTWARE\Classes\ShoppingReport.HbAx\CLSID
    HKLM\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer
    HKLM\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer
    @="ShoppingReport.HbAx.1"
    HKLM\SOFTWARE\Classes\ShoppingReport.HbAx.1
    HKLM\SOFTWARE\Classes\ShoppingReport.HbAx.1\CLSID
    HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand
    HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CLSID
    HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer
    HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer
    @="ShoppingReport.HbInfoBand.1"
    HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1
    HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1\CLSID
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButton
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButton\CLSID
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer
    @="ShoppingReport.IEButton.1"
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButton.1
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButton.1\CLSID
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA\CLSID
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer
    @="ShoppingReport.IEButtonA.1"
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA.1
    HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA.1\CLSID
    HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl
    HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl
    @="ShoppingReport"
    HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CLSID
    HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer
    HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer
    @="ShoppingReport.RprtCtrl.1"
    HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1
    HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1
    @="ShoppingReport"
    HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1\CLSID
    HKLM\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\ win32
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\4"
    HKLM\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HE LPDIR
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"
    HKLM\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\ win32
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\3"
    HKLM\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HE LPDIR
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"
    HKLM\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0\ win32
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"
    HKLM\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HE LPDIR
    @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}
    "HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,204"
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}
    "Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,203"
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
    "HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,202"
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
    "Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,201"
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
    "DisplayIcon"="C:\\Program Files\\ShoppingReport\\Uninst.exe"
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
    "UninstallString"="C:\\Program Files\\ShoppingReport\\Uninst.exe"
    HKLM\SOFTWARE\ShoppingReport
    HKU\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport
    HKU\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport
    "currentResDir"="C:\\Documents and Settings\\PIN\\Application Data\\ShoppingReport\\cs\\res2"

    -----------------------------------
    lance The Avenger.
    coche load script from file (lire un script à partir d'un fichier) recherche alors fix.txt qui est sur ton bureau.
    Ensuite lance-le avec l'icone du feu vert.
    copies le rapport
    0
  20. tamarin
     
    salut,

    pour ce qui est de la base de registre, les problèmes persistent lors de l'importation, meme si j'ai bien enregistrer en étant tout en haut à droite, poste de travail en surbrillance....

    -------------------------------------------------------------------------------------------------------

    Une erreur se produit encore lors de l'execution du script, rapport :

    //////////////////////////////////////////
    Avenger Pre-Processor log
    //////////////////////////////////////////

    Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
    Error code: 0
    Line: @="ShoppingReport.IEButtonA.1

    Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
    Error code: 0
    Line: @="ShoppingReport.IEButtonA

    Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
    Error code: 0
    Line: @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll

    Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
    Error code: 0
    Line: @="ShoppingReport.HbInfoBand.1

    Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
    Error code: 0
    Line: @="ShoppingReport.HbInfoBand

    Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
    Error code: 0
    Line: @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll

    Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
    Error code: 0
    Line: @="ShoppingReport.IEButton.1

    Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
    Error code: 0
    Line: @="ShoppingReport.IEButton

    Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
    Error code: 0
    Line: @="ShoppingReport.HbAx.1

    Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
    Error code: 0
    Line: @="ShoppingReport.HbInfoBand.1
    0
  • 1
  • 2