Fenêtre
lola13
-
jfkpresident -
jfkpresident -
Bonjour,
Depuis ce matin, dès que j'ouvre internet explorer, une fenêtre s'ouvre : il es ecrit avertissement de sécurité.Fichier ouvert. IL y a un nom de fichier, éditeur inconnu .Il semeblerait que ce soit un virus, car depuis, j'ai pleins de fenêtres de pub qui s'ouvrent, des trucs de jeu, que je n'avais pas avant. Je ne comprends pas grand chose à l'informatique, mais j'ai fait un nettoyage (contre les chevaux de Troie et sur les conseils de mon frère assez calé). Il m'à supprimé pleins de "merdes", mais il m'en reste et mon problème reste entier. Qui peut m'aider en m'expliquant assez simplement SVP. Merci beaucoup.
Depuis ce matin, dès que j'ouvre internet explorer, une fenêtre s'ouvre : il es ecrit avertissement de sécurité.Fichier ouvert. IL y a un nom de fichier, éditeur inconnu .Il semeblerait que ce soit un virus, car depuis, j'ai pleins de fenêtres de pub qui s'ouvrent, des trucs de jeu, que je n'avais pas avant. Je ne comprends pas grand chose à l'informatique, mais j'ai fait un nettoyage (contre les chevaux de Troie et sur les conseils de mon frère assez calé). Il m'à supprimé pleins de "merdes", mais il m'en reste et mon problème reste entier. Qui peut m'aider en m'expliquant assez simplement SVP. Merci beaucoup.
A voir également:
- Fenêtre
- Fenetre windows - Guide
- Fenêtre hors écran windows 11 - Guide
- Fenetre privée - Guide
- Mcafee fenetre intempestive - Accueil - Piratage
- Fenetre cmd - Guide
126 réponses
Re
Sélectionne la ligne suivante :
DEL C:/Users/MARYLENE/AppData/local/temp/low/*.tmp.exe
Clic droit --> Copier
Ensuite : Démarrer --> Exécuter
Dans la petite fenêtre : Clic droit --> coller
et Valide
A+
Sélectionne la ligne suivante :
DEL C:/Users/MARYLENE/AppData/local/temp/low/*.tmp.exe
Clic droit --> Copier
Ensuite : Démarrer --> Exécuter
Dans la petite fenêtre : Clic droit --> coller
et Valide
A+
je suppose que c'est pour rechercher les fichier dans mon PC. Désolée, mais il n'a rien trouvé, ou alors j'ai pas bien fait. J'ai coller en bas de la liste de tous les programmes, dans démarrer. Je suppose qu'il n'y a pas 50 solutions ! RIEN, aucun élément trouvé ! texto !
Re
Quoiqu'il arrive :
Télécharge Silent Runners
Lance le et attends la fenêtre t'indiquant que le rapport est complet
(Startup Programs ...TXT) dans le répertoire de lancement.
Poste le rapport
A demain
Quoiqu'il arrive :
Télécharge Silent Runners
Lance le et attends la fenêtre t'indiquant que le rapport est complet
(Startup Programs ...TXT) dans le répertoire de lancement.
Poste le rapport
A demain
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
"Silent Runners.vbs", revision 55, https://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"IncrediMail" = "C:\Program Files\IncrediMail\bin\IncMail.exe /c" ["IncrediMail, Ltd."]
"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]
"SpybotSD TeaTimer" = "C:\Menu Démarrer\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Aide pour le lien d'Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\Menu Démarrer\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll" ["Google Inc."]
{F8EACE56-0AF4-3AE3-6EF8-F8CC39675729}\(Default) = (no title provided)
-> {HKLM...CLSID} = "BrowsingProgram"
\InProcServer32\(Default) = "C:\Program Files\BrowsingProgram\BrowsingProgram-1.dll" [empty string]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}" = "Composant d'extension Shell de CorelDRAW"
-> {HKLM...CLSID} = "CorelDRAW Shell Extension Component"
\InProcServer32\(Default) = "C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll" [null data]
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}
"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}
"EnableLUA" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}
"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}
"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Conrol: Switch to the secure desktop when prompting for elevation}
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\Web\Wallpaper\img34.jpg"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Windows\Web\Wallpaper\img34.jpg"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\Windows\system32\ssText3d.scr" [MS]
Startup items in "MARYLENE" & "All Users" startup folders:
----------------------------------------------------------
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Outil de mise à jour Google" -> shortcut to: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe -systray -startup" ["Google"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 14
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search && Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\Menu Démarrer\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
HOSTS file
----------
C:\Windows\System32\drivers\etc\HOSTS
maps: 2 domain names to IP addresses,
1 of the IP addresses is *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Acquisition d'image Windows (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]
AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Resident Shield Service, AvgCoreSvc, "C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]
Salut
Est-ce cela que tu attendais ? ça a été super rapide, je n'ai rien compris !
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"IncrediMail" = "C:\Program Files\IncrediMail\bin\IncMail.exe /c" ["IncrediMail, Ltd."]
"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]
"SpybotSD TeaTimer" = "C:\Menu Démarrer\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Aide pour le lien d'Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\Menu Démarrer\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll" ["Google Inc."]
{F8EACE56-0AF4-3AE3-6EF8-F8CC39675729}\(Default) = (no title provided)
-> {HKLM...CLSID} = "BrowsingProgram"
\InProcServer32\(Default) = "C:\Program Files\BrowsingProgram\BrowsingProgram-1.dll" [empty string]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}" = "Composant d'extension Shell de CorelDRAW"
-> {HKLM...CLSID} = "CorelDRAW Shell Extension Component"
\InProcServer32\(Default) = "C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll" [null data]
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}
"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}
"EnableLUA" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}
"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}
"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Conrol: Switch to the secure desktop when prompting for elevation}
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\Web\Wallpaper\img34.jpg"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Windows\Web\Wallpaper\img34.jpg"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\Windows\system32\ssText3d.scr" [MS]
Startup items in "MARYLENE" & "All Users" startup folders:
----------------------------------------------------------
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Outil de mise à jour Google" -> shortcut to: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe -systray -startup" ["Google"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 14
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search && Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\Menu Démarrer\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
HOSTS file
----------
C:\Windows\System32\drivers\etc\HOSTS
maps: 2 domain names to IP addresses,
1 of the IP addresses is *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Acquisition d'image Windows (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]
AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Resident Shield Service, AvgCoreSvc, "C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]
Salut
Est-ce cela que tu attendais ? ça a été super rapide, je n'ai rien compris !
"Silent Runners.vbs", revision 55, https://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"IncrediMail" = "C:\Program Files\IncrediMail\bin\IncMail.exe /c" ["IncrediMail, Ltd."]
"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]
"SpybotSD TeaTimer" = "C:\Menu Démarrer\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Aide pour le lien d'Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\Menu Démarrer\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll" ["Google Inc."]
{F8EACE56-0AF4-3AE3-6EF8-F8CC39675729}\(Default) = (no title provided)
-> {HKLM...CLSID} = "BrowsingProgram"
\InProcServer32\(Default) = "C:\Program Files\BrowsingProgram\BrowsingProgram-1.dll" [empty string]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}" = "Composant d'extension Shell de CorelDRAW"
-> {HKLM...CLSID} = "CorelDRAW Shell Extension Component"
\InProcServer32\(Default) = "C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll" [null data]
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}
"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}
"EnableLUA" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}
"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}
"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Conrol: Switch to the secure desktop when prompting for elevation}
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\Web\Wallpaper\img34.jpg"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Windows\Web\Wallpaper\img34.jpg"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\Windows\system32\ssText3d.scr" [MS]
Startup items in "MARYLENE" & "All Users" startup folders:
----------------------------------------------------------
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Outil de mise à jour Google" -> shortcut to: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe -systray -startup" ["Google"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 14
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search && Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\Menu Démarrer\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
HOSTS file
----------
C:\Windows\System32\drivers\etc\HOSTS
maps: 2 domain names to IP addresses,
1 of the IP addresses is *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Acquisition d'image Windows (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]
AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Resident Shield Service, AvgCoreSvc, "C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]
Salut
Est-ce cela que tu attendais ? ça a été super rapide, je n'ai rien compris !
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"IncrediMail" = "C:\Program Files\IncrediMail\bin\IncMail.exe /c" ["IncrediMail, Ltd."]
"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]
"SpybotSD TeaTimer" = "C:\Menu Démarrer\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Aide pour le lien d'Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\Menu Démarrer\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll" ["Google Inc."]
{F8EACE56-0AF4-3AE3-6EF8-F8CC39675729}\(Default) = (no title provided)
-> {HKLM...CLSID} = "BrowsingProgram"
\InProcServer32\(Default) = "C:\Program Files\BrowsingProgram\BrowsingProgram-1.dll" [empty string]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}" = "Composant d'extension Shell de CorelDRAW"
-> {HKLM...CLSID} = "CorelDRAW Shell Extension Component"
\InProcServer32\(Default) = "C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll" [null data]
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}
"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}
"EnableLUA" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}
"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}
"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Conrol: Switch to the secure desktop when prompting for elevation}
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\Web\Wallpaper\img34.jpg"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Windows\Web\Wallpaper\img34.jpg"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\Windows\system32\ssText3d.scr" [MS]
Startup items in "MARYLENE" & "All Users" startup folders:
----------------------------------------------------------
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Outil de mise à jour Google" -> shortcut to: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe -systray -startup" ["Google"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 14
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search && Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\Menu Démarrer\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
HOSTS file
----------
C:\Windows\System32\drivers\etc\HOSTS
maps: 2 domain names to IP addresses,
1 of the IP addresses is *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Acquisition d'image Windows (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]
AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Resident Shield Service, AvgCoreSvc, "C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]
Salut
Est-ce cela que tu attendais ? ça a été super rapide, je n'ai rien compris !
Re
Bon finalement, ça ressemble au virus NIMDA ... récupére par mail !
(J'examinerai le rapport silent runners quand même au cas où !)
Dans l'explorateur :
Outils
Option des dossiers
Affichage
Décocher : Masquer les extensions des fichiers dont le type est connu
Ensuite dans l'explorateur recherche le fichier system.ini
Normalement dans C:\windows
clic droit --> Ouvrir avec bloc-notes
Poste tout le contenu dans ton prochain post.
(Copier-coller)
A ce soir
Bon finalement, ça ressemble au virus NIMDA ... récupére par mail !
(J'examinerai le rapport silent runners quand même au cas où !)
Dans l'explorateur :
Outils
Option des dossiers
Affichage
Décocher : Masquer les extensions des fichiers dont le type est connu
Ensuite dans l'explorateur recherche le fichier system.ini
Normalement dans C:\windows
clic droit --> Ouvrir avec bloc-notes
Poste tout le contenu dans ton prochain post.
(Copier-coller)
A ce soir
; for 16-bit app support
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
J'ai galéré pendant au moins une demi heure, mais je crois que j'ai fini par y arriver, enfin j'espère !!! dis moi que c'est bien ça ! Merci a plus.
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
J'ai galéré pendant au moins une demi heure, mais je crois que j'ai fini par y arriver, enfin j'espère !!! dis moi que c'est bien ça ! Merci a plus.
Re
Ce n'est pas le même post que le 41
Sélectionne la ligne suivante :
DEL C:\Users\MARYLENE\AppData\local\temp\low\*.tmp.exe
Clic droit --> Copier
Ensuite : Démarrer --> Exécuter
Dans la petite fenêtre : Clic droit --> coller
et Valide
A+
Ce n'est pas le même post que le 41
Sélectionne la ligne suivante :
DEL C:\Users\MARYLENE\AppData\local\temp\low\*.tmp.exe
Clic droit --> Copier
Ensuite : Démarrer --> Exécuter
Dans la petite fenêtre : Clic droit --> coller
et Valide
A+
La recherche n'a rien donné. Si j'ai bien compris tu voulais que je retrouve ce fichier à l'aide de l'explorateur ? Néant. "aucun élément ne correspond à votre recherche", c'est ce qu'il me dit !
Non
Pas avec l'explorateur !
Démarrer : En bas à gauche de ton écran (clic gauche)
Ensuite sélectionner : Exécuter (un case blanche doit apparaitre )
Supprime ce qu'il y a à l'intérieur et copie la ligne que je t'ai demandé de sélectionner !
Ensuite valide (entrée, Enter ...)
Je te prépare un autre post pour continuer ...
A+
Pas avec l'explorateur !
Démarrer : En bas à gauche de ton écran (clic gauche)
Ensuite sélectionner : Exécuter (un case blanche doit apparaitre )
Supprime ce qu'il y a à l'intérieur et copie la ligne que je t'ai demandé de sélectionner !
Ensuite valide (entrée, Enter ...)
Je te prépare un autre post pour continuer ...
A+
Désolée mais une fenêtre s'ouvre et me dit : "Windows ne trouve pas "le ficher en question". Vérifiez que vous avez entré le nom correst, puis rééssayez. C'est ce que j'ai fait 3 fois, mais sans résultat.
Re
Sélectionne les 4 lignes suivantes (seulement ça !)
DEL Liste_Low.txt
DIR C:\Users\MARYLENE\AppData\local\temp\low\*.tmp.exe > Liste_Low.txt
DIR C:\Users\MARYLENE\AppData\local\temp\low\*.tmp.exe /ah >> Liste_Low.txt
DIR C:\Users\MARYLENE\AppData\local\temp\low\*.tmp.exe /as >> Liste_Low.txt
Clic droit --> copier
Ensuite cliic droit (sur le bureau)
Nouveau --> fichier texte seulement (Résultat : Nouvelle icone sur le bureau)
Clic droit --> Ouvrir avec --> Bloc notes
Coller les lignes (clic droit --> coller)
Sauvegarder le fichier sous : Dir_Low.bat
Ensuite :
Double clic sur ce raccourci créé (Dir_Low.bat)
une seconde après une nouvelle icone doit apparaitre : Liste_Low.txt
Clic droit dessus --> Ouvrir Avec --> Bloc notes
Sélectionne TOUT le texte
Clic droit --> copier
Colle le texte dans ton nouveau post
Merci
A+
Sélectionne les 4 lignes suivantes (seulement ça !)
DEL Liste_Low.txt
DIR C:\Users\MARYLENE\AppData\local\temp\low\*.tmp.exe > Liste_Low.txt
DIR C:\Users\MARYLENE\AppData\local\temp\low\*.tmp.exe /ah >> Liste_Low.txt
DIR C:\Users\MARYLENE\AppData\local\temp\low\*.tmp.exe /as >> Liste_Low.txt
Clic droit --> copier
Ensuite cliic droit (sur le bureau)
Nouveau --> fichier texte seulement (Résultat : Nouvelle icone sur le bureau)
Clic droit --> Ouvrir avec --> Bloc notes
Coller les lignes (clic droit --> coller)
Sauvegarder le fichier sous : Dir_Low.bat
Ensuite :
Double clic sur ce raccourci créé (Dir_Low.bat)
une seconde après une nouvelle icone doit apparaitre : Liste_Low.txt
Clic droit dessus --> Ouvrir Avec --> Bloc notes
Sélectionne TOUT le texte
Clic droit --> copier
Colle le texte dans ton nouveau post
Merci
A+
Le volume dans le lecteur C s'appelle OS
Le num‚ro de s‚rie du volume est 84CA-82A1
R‚pertoire de C:\Users\MARYLENE\AppData\local\temp\low
20/02/2008 13:47 646ÿ792 upd101B.tmp.exe
20/02/2008 13:47 646ÿ792 upd123E.tmp.exe
18/02/2008 19:19 646ÿ792 upd12A7.tmp.exe
18/02/2008 23:21 646ÿ792 upd1412.tmp.exe
18/02/2008 10:08 646ÿ792 upd148.tmp.exe
20/02/2008 15:23 646ÿ792 upd17AC.tmp.exe
18/02/2008 18:50 646ÿ792 upd1A6D.tmp.exe
18/02/2008 23:26 646ÿ792 upd1B44.tmp.exe
18/02/2008 18:10 646ÿ792 upd1F10.tmp.exe
18/02/2008 18:59 646ÿ792 upd201D.tmp.exe
19/02/2008 23:36 646ÿ792 upd2442.tmp.exe
18/02/2008 18:59 646ÿ792 upd24B0.tmp.exe
18/02/2008 18:11 646ÿ792 upd2595.tmp.exe
19/02/2008 23:36 646ÿ792 upd2617.tmp.exe
18/02/2008 18:50 646ÿ792 upd27F5.tmp.exe
19/02/2008 21:28 646ÿ792 upd2817.tmp.exe
19/02/2008 21:28 646ÿ792 upd2C0E.tmp.exe
18/02/2008 19:07 646ÿ792 upd2D66.tmp.exe
19/02/2008 21:29 646ÿ792 upd2FA6.tmp.exe
18/02/2008 19:07 646ÿ792 upd3034.tmp.exe
19/02/2008 21:29 646ÿ792 upd3081.tmp.exe
19/02/2008 23:17 646ÿ792 upd361.tmp.exe
18/02/2008 18:52 646ÿ792 upd383.tmp.exe
20/02/2008 10:43 646ÿ792 upd3DB6.tmp.exe
20/02/2008 13:36 646ÿ792 upd3EB9.tmp.exe
18/02/2008 22:05 646ÿ792 upd4099.tmp.exe
20/02/2008 10:40 646ÿ792 upd40A0.tmp.exe
20/02/2008 13:36 646ÿ792 upd40FB.tmp.exe
18/02/2008 19:13 646ÿ792 upd445F.tmp.exe
20/02/2008 15:28 646ÿ792 upd448D.tmp.exe
18/02/2008 18:47 646ÿ792 upd44E.tmp.exe
18/02/2008 19:13 646ÿ792 upd45E6.tmp.exe
18/02/2008 18:52 646ÿ792 upd45F.tmp.exe
19/02/2008 10:00 646ÿ792 upd48A5.tmp.exe
19/02/2008 10:00 646ÿ792 upd4C9C.tmp.exe
19/02/2008 23:19 646ÿ792 upd526C.tmp.exe
19/02/2008 21:33 646ÿ792 upd52A0.tmp.exe
19/02/2008 21:33 646ÿ792 upd537C.tmp.exe
18/02/2008 15:36 646ÿ792 upd568F.tmp.exe
18/02/2008 15:36 646ÿ792 upd57F7.tmp.exe
18/02/2008 22:39 646ÿ792 upd5B49.tmp.exe
18/02/2008 22:39 646ÿ792 upd5BB7.tmp.exe
18/02/2008 15:37 646ÿ792 upd5EC9.tmp.exe
19/02/2008 20:42 646ÿ792 upd5FC9.tmp.exe
18/02/2008 15:37 646ÿ792 upd6040.tmp.exe
19/02/2008 20:42 646ÿ792 upd6047.tmp.exe
19/02/2008 23:10 646ÿ792 upd6286.tmp.exe
19/02/2008 21:31 646ÿ792 upd63B0.tmp.exe
18/02/2008 22:45 646ÿ792 upd63E1.tmp.exe
19/02/2008 00:02 646ÿ792 upd64DC.tmp.exe
18/02/2008 22:45 646ÿ792 upd6529.tmp.exe
18/02/2008 18:43 646ÿ792 upd659F.tmp.exe
19/02/2008 09:59 646ÿ792 upd6652.tmp.exe
19/02/2008 21:31 646ÿ792 upd666F.tmp.exe
18/02/2008 23:49 646ÿ792 upd6671.tmp.exe
18/02/2008 23:49 646ÿ792 upd671E.tmp.exe
19/02/2008 10:01 646ÿ792 upd678A.tmp.exe
19/02/2008 09:59 646ÿ792 upd6827.tmp.exe
18/02/2008 18:43 646ÿ792 upd6968.tmp.exe
19/02/2008 10:01 646ÿ792 upd699D.tmp.exe
20/02/2008 15:26 646ÿ792 upd6A14.tmp.exe
19/02/2008 18:47 646ÿ792 upd6E28.tmp.exe
19/02/2008 18:47 646ÿ792 upd6F71.tmp.exe
18/02/2008 18:12 646ÿ792 upd702C.tmp.exe
18/02/2008 20:48 646ÿ792 upd70FA.tmp.exe
18/02/2008 20:48 646ÿ792 upd7436.tmp.exe
18/02/2008 10:23 646ÿ792 upd7501.tmp.exe
18/02/2008 10:23 646ÿ792 upd7715.tmp.exe
18/02/2008 19:23 646ÿ792 upd7A8C.tmp.exe
20/02/2008 09:31 646ÿ792 upd7C11.tmp.exe
19/02/2008 19:30 646ÿ792 upd7C55.tmp.exe
18/02/2008 19:23 646ÿ792 upd7D7A.tmp.exe
19/02/2008 19:26 646ÿ792 upd7FCB.tmp.exe
18/02/2008 18:47 646ÿ792 upd807.tmp.exe
20/02/2008 09:31 646ÿ792 upd816F.tmp.exe
19/02/2008 19:34 646ÿ792 upd8231.tmp.exe
18/02/2008 19:19 646ÿ792 upd82A.tmp.exe
18/02/2008 18:46 646ÿ792 upd857E.tmp.exe
18/02/2008 18:46 646ÿ792 upd86A8.tmp.exe
19/02/2008 21:25 646ÿ792 upd89F5.tmp.exe
20/02/2008 10:41 646ÿ792 upd8C1.tmp.exe
19/02/2008 21:25 646ÿ792 upd8E59.tmp.exe
19/02/2008 19:27 646ÿ792 upd8E9B.tmp.exe
18/02/2008 19:13 646ÿ792 upd9443.tmp.exe
18/02/2008 19:14 646ÿ792 upd96C3.tmp.exe
18/02/2008 23:23 646ÿ792 upd9878.tmp.exe
19/02/2008 23:42 646ÿ792 upd98B8.tmp.exe
19/02/2008 21:55 646ÿ792 upd98F3.tmp.exe
19/02/2008 21:55 646ÿ792 upd9932.tmp.exe
18/02/2008 23:23 646ÿ792 upd9B09.tmp.exe
18/02/2008 19:15 646ÿ792 upd9C0.tmp.exe
19/02/2008 21:24 646ÿ792 upd9DE.tmp.exe
19/02/2008 23:49 646ÿ792 upd9F1C.tmp.exe
19/02/2008 23:49 646ÿ792 updA016.tmp.exe
19/02/2008 19:43 646ÿ792 updA2B1.tmp.exe
19/02/2008 09:42 646ÿ792 updA544.tmp.exe
19/02/2008 09:42 646ÿ792 updA584.tmp.exe
19/02/2008 19:43 646ÿ792 updA8AA.tmp.exe
20/02/2008 15:28 646ÿ792 updA9A6.tmp.exe
18/02/2008 10:25 646ÿ792 updAA63.tmp.exe
18/02/2008 19:26 646ÿ792 updAA71.tmp.exe
18/02/2008 15:38 646ÿ792 updAA88.tmp.exe
19/02/2008 18:41 646ÿ792 updAAE4.tmp.exe
18/02/2008 22:05 646ÿ792 updAB9.tmp.exe
18/02/2008 10:25 646ÿ792 updACA5.tmp.exe
18/02/2008 19:08 646ÿ792 updAD10.tmp.exe
19/02/2008 09:27 646ÿ792 updAD11.tmp.exe
18/02/2008 19:08 646ÿ792 updAD21.tmp.exe
18/02/2008 15:38 646ÿ792 updAE8E.tmp.exe
18/02/2008 19:26 646ÿ792 updAF24.tmp.exe
18/02/2008 23:52 646ÿ792 updAFA1.tmp.exe
18/02/2008 22:01 646ÿ792 updB08A.tmp.exe
18/02/2008 23:52 646ÿ792 updB147.tmp.exe
19/02/2008 21:35 646ÿ792 updB375.tmp.exe
19/02/2008 21:35 646ÿ792 updB395.tmp.exe
19/02/2008 23:54 646ÿ792 updB451.tmp.exe
18/02/2008 10:08 646ÿ792 updB48.tmp.exe
19/02/2008 23:54 646ÿ792 updB53C.tmp.exe
20/02/2008 10:41 646ÿ792 updB65C.tmp.exe
19/02/2008 09:27 646ÿ792 updB73F.tmp.exe
18/02/2008 19:17 646ÿ792 updB8F2.tmp.exe
18/02/2008 22:05 646ÿ792 updB930.tmp.exe
18/02/2008 19:17 646ÿ792 updBAE7.tmp.exe
18/02/2008 19:15 646ÿ792 updBC4.tmp.exe
20/02/2008 10:40 646ÿ792 updBC63.tmp.exe
18/02/2008 22:05 646ÿ792 updBC7C.tmp.exe
20/02/2008 15:25 646ÿ792 updBDBE.tmp.exe
19/02/2008 23:15 646ÿ792 updC052.tmp.exe
19/02/2008 19:34 646ÿ792 updC0A6.tmp.exe
19/02/2008 23:15 646ÿ792 updC1E9.tmp.exe
19/02/2008 19:38 646ÿ792 updC1F0.tmp.exe
20/02/2008 15:26 646ÿ792 updC4F1.tmp.exe
19/02/2008 21:26 646ÿ792 updC82D.tmp.exe
19/02/2008 21:26 646ÿ792 updC985.tmp.exe
18/02/2008 19:01 646ÿ792 updC9C3.tmp.exe
18/02/2008 19:01 646ÿ792 updCA9F.tmp.exe
18/02/2008 19:12 646ÿ792 updCBE6.tmp.exe
18/02/2008 19:12 646ÿ792 updCC63.tmp.exe
19/02/2008 21:47 646ÿ792 updCCE2.tmp.exe
19/02/2008 21:51 646ÿ792 updCD3C.tmp.exe
20/02/2008 15:23 646ÿ792 updD01.tmp.exe
19/02/2008 21:51 646ÿ792 updD190.tmp.exe
18/02/2008 18:21 646ÿ792 updD2C3.tmp.exe
18/02/2008 18:21 646ÿ792 updD3BD.tmp.exe
18/02/2008 19:10 646ÿ792 updD5C5.tmp.exe
19/02/2008 19:29 646ÿ792 updD684.tmp.exe
19/02/2008 23:17 646ÿ792 updDC9F.tmp.exe
19/02/2008 21:48 646ÿ792 updDCA7.tmp.exe
18/02/2008 19:11 646ÿ792 updDD64.tmp.exe
18/02/2008 23:07 646ÿ792 updDE13.tmp.exe
19/02/2008 21:48 646ÿ792 updDFE2.tmp.exe
18/02/2008 10:25 646ÿ792 updE2E0.tmp.exe
18/02/2008 10:25 646ÿ792 updE689.tmp.exe
19/02/2008 21:49 646ÿ792 updE9F4.tmp.exe
19/02/2008 23:36 646ÿ792 updEBC4.tmp.exe
19/02/2008 23:36 646ÿ792 updEC42.tmp.exe
18/02/2008 23:25 646ÿ792 updEC67.tmp.exe
20/02/2008 09:32 646ÿ792 updED2B.tmp.exe
20/02/2008 13:38 646ÿ792 updED8D.tmp.exe
20/02/2008 13:38 646ÿ792 updF09A.tmp.exe
18/02/2008 10:24 646ÿ792 updF0C5.tmp.exe
20/02/2008 09:32 646ÿ792 updF151.tmp.exe
18/02/2008 10:24 646ÿ792 updF25C.tmp.exe
18/02/2008 18:07 646ÿ792 updF39D.tmp.exe
18/02/2008 19:26 646ÿ792 updF4CA.tmp.exe
18/02/2008 19:26 646ÿ792 updF603.tmp.exe
19/02/2008 21:47 646ÿ792 updFC4E.tmp.exe
19/02/2008 21:24 646ÿ792 updFC66.tmp.exe
18/02/2008 23:52 646ÿ792 updFE01.tmp.exe
169 fichier(s) 109ÿ307ÿ848 octets
0 R‚p(s) 226ÿ170ÿ589ÿ184 octets libres
Le volume dans le lecteur C s'appelle OS
Le num‚ro de s‚rie du volume est 84CA-82A1
R‚pertoire de C:\Users\MARYLENE\AppData\local\temp\low
Le volume dans le lecteur C s'appelle OS
Le num‚ro de s‚rie du volume est 84CA-82A1
R‚pertoire de C:\Users\MARYLENE\AppData\local\temp\low
Voici ta nouvelle lecture !
Le num‚ro de s‚rie du volume est 84CA-82A1
R‚pertoire de C:\Users\MARYLENE\AppData\local\temp\low
20/02/2008 13:47 646ÿ792 upd101B.tmp.exe
20/02/2008 13:47 646ÿ792 upd123E.tmp.exe
18/02/2008 19:19 646ÿ792 upd12A7.tmp.exe
18/02/2008 23:21 646ÿ792 upd1412.tmp.exe
18/02/2008 10:08 646ÿ792 upd148.tmp.exe
20/02/2008 15:23 646ÿ792 upd17AC.tmp.exe
18/02/2008 18:50 646ÿ792 upd1A6D.tmp.exe
18/02/2008 23:26 646ÿ792 upd1B44.tmp.exe
18/02/2008 18:10 646ÿ792 upd1F10.tmp.exe
18/02/2008 18:59 646ÿ792 upd201D.tmp.exe
19/02/2008 23:36 646ÿ792 upd2442.tmp.exe
18/02/2008 18:59 646ÿ792 upd24B0.tmp.exe
18/02/2008 18:11 646ÿ792 upd2595.tmp.exe
19/02/2008 23:36 646ÿ792 upd2617.tmp.exe
18/02/2008 18:50 646ÿ792 upd27F5.tmp.exe
19/02/2008 21:28 646ÿ792 upd2817.tmp.exe
19/02/2008 21:28 646ÿ792 upd2C0E.tmp.exe
18/02/2008 19:07 646ÿ792 upd2D66.tmp.exe
19/02/2008 21:29 646ÿ792 upd2FA6.tmp.exe
18/02/2008 19:07 646ÿ792 upd3034.tmp.exe
19/02/2008 21:29 646ÿ792 upd3081.tmp.exe
19/02/2008 23:17 646ÿ792 upd361.tmp.exe
18/02/2008 18:52 646ÿ792 upd383.tmp.exe
20/02/2008 10:43 646ÿ792 upd3DB6.tmp.exe
20/02/2008 13:36 646ÿ792 upd3EB9.tmp.exe
18/02/2008 22:05 646ÿ792 upd4099.tmp.exe
20/02/2008 10:40 646ÿ792 upd40A0.tmp.exe
20/02/2008 13:36 646ÿ792 upd40FB.tmp.exe
18/02/2008 19:13 646ÿ792 upd445F.tmp.exe
20/02/2008 15:28 646ÿ792 upd448D.tmp.exe
18/02/2008 18:47 646ÿ792 upd44E.tmp.exe
18/02/2008 19:13 646ÿ792 upd45E6.tmp.exe
18/02/2008 18:52 646ÿ792 upd45F.tmp.exe
19/02/2008 10:00 646ÿ792 upd48A5.tmp.exe
19/02/2008 10:00 646ÿ792 upd4C9C.tmp.exe
19/02/2008 23:19 646ÿ792 upd526C.tmp.exe
19/02/2008 21:33 646ÿ792 upd52A0.tmp.exe
19/02/2008 21:33 646ÿ792 upd537C.tmp.exe
18/02/2008 15:36 646ÿ792 upd568F.tmp.exe
18/02/2008 15:36 646ÿ792 upd57F7.tmp.exe
18/02/2008 22:39 646ÿ792 upd5B49.tmp.exe
18/02/2008 22:39 646ÿ792 upd5BB7.tmp.exe
18/02/2008 15:37 646ÿ792 upd5EC9.tmp.exe
19/02/2008 20:42 646ÿ792 upd5FC9.tmp.exe
18/02/2008 15:37 646ÿ792 upd6040.tmp.exe
19/02/2008 20:42 646ÿ792 upd6047.tmp.exe
19/02/2008 23:10 646ÿ792 upd6286.tmp.exe
19/02/2008 21:31 646ÿ792 upd63B0.tmp.exe
18/02/2008 22:45 646ÿ792 upd63E1.tmp.exe
19/02/2008 00:02 646ÿ792 upd64DC.tmp.exe
18/02/2008 22:45 646ÿ792 upd6529.tmp.exe
18/02/2008 18:43 646ÿ792 upd659F.tmp.exe
19/02/2008 09:59 646ÿ792 upd6652.tmp.exe
19/02/2008 21:31 646ÿ792 upd666F.tmp.exe
18/02/2008 23:49 646ÿ792 upd6671.tmp.exe
18/02/2008 23:49 646ÿ792 upd671E.tmp.exe
19/02/2008 10:01 646ÿ792 upd678A.tmp.exe
19/02/2008 09:59 646ÿ792 upd6827.tmp.exe
18/02/2008 18:43 646ÿ792 upd6968.tmp.exe
19/02/2008 10:01 646ÿ792 upd699D.tmp.exe
20/02/2008 15:26 646ÿ792 upd6A14.tmp.exe
19/02/2008 18:47 646ÿ792 upd6E28.tmp.exe
19/02/2008 18:47 646ÿ792 upd6F71.tmp.exe
18/02/2008 18:12 646ÿ792 upd702C.tmp.exe
18/02/2008 20:48 646ÿ792 upd70FA.tmp.exe
18/02/2008 20:48 646ÿ792 upd7436.tmp.exe
18/02/2008 10:23 646ÿ792 upd7501.tmp.exe
18/02/2008 10:23 646ÿ792 upd7715.tmp.exe
18/02/2008 19:23 646ÿ792 upd7A8C.tmp.exe
20/02/2008 09:31 646ÿ792 upd7C11.tmp.exe
19/02/2008 19:30 646ÿ792 upd7C55.tmp.exe
18/02/2008 19:23 646ÿ792 upd7D7A.tmp.exe
19/02/2008 19:26 646ÿ792 upd7FCB.tmp.exe
18/02/2008 18:47 646ÿ792 upd807.tmp.exe
20/02/2008 09:31 646ÿ792 upd816F.tmp.exe
19/02/2008 19:34 646ÿ792 upd8231.tmp.exe
18/02/2008 19:19 646ÿ792 upd82A.tmp.exe
18/02/2008 18:46 646ÿ792 upd857E.tmp.exe
18/02/2008 18:46 646ÿ792 upd86A8.tmp.exe
19/02/2008 21:25 646ÿ792 upd89F5.tmp.exe
20/02/2008 10:41 646ÿ792 upd8C1.tmp.exe
19/02/2008 21:25 646ÿ792 upd8E59.tmp.exe
19/02/2008 19:27 646ÿ792 upd8E9B.tmp.exe
18/02/2008 19:13 646ÿ792 upd9443.tmp.exe
18/02/2008 19:14 646ÿ792 upd96C3.tmp.exe
18/02/2008 23:23 646ÿ792 upd9878.tmp.exe
19/02/2008 23:42 646ÿ792 upd98B8.tmp.exe
19/02/2008 21:55 646ÿ792 upd98F3.tmp.exe
19/02/2008 21:55 646ÿ792 upd9932.tmp.exe
18/02/2008 23:23 646ÿ792 upd9B09.tmp.exe
18/02/2008 19:15 646ÿ792 upd9C0.tmp.exe
19/02/2008 21:24 646ÿ792 upd9DE.tmp.exe
19/02/2008 23:49 646ÿ792 upd9F1C.tmp.exe
19/02/2008 23:49 646ÿ792 updA016.tmp.exe
19/02/2008 19:43 646ÿ792 updA2B1.tmp.exe
19/02/2008 09:42 646ÿ792 updA544.tmp.exe
19/02/2008 09:42 646ÿ792 updA584.tmp.exe
19/02/2008 19:43 646ÿ792 updA8AA.tmp.exe
20/02/2008 15:28 646ÿ792 updA9A6.tmp.exe
18/02/2008 10:25 646ÿ792 updAA63.tmp.exe
18/02/2008 19:26 646ÿ792 updAA71.tmp.exe
18/02/2008 15:38 646ÿ792 updAA88.tmp.exe
19/02/2008 18:41 646ÿ792 updAAE4.tmp.exe
18/02/2008 22:05 646ÿ792 updAB9.tmp.exe
18/02/2008 10:25 646ÿ792 updACA5.tmp.exe
18/02/2008 19:08 646ÿ792 updAD10.tmp.exe
19/02/2008 09:27 646ÿ792 updAD11.tmp.exe
18/02/2008 19:08 646ÿ792 updAD21.tmp.exe
18/02/2008 15:38 646ÿ792 updAE8E.tmp.exe
18/02/2008 19:26 646ÿ792 updAF24.tmp.exe
18/02/2008 23:52 646ÿ792 updAFA1.tmp.exe
18/02/2008 22:01 646ÿ792 updB08A.tmp.exe
18/02/2008 23:52 646ÿ792 updB147.tmp.exe
19/02/2008 21:35 646ÿ792 updB375.tmp.exe
19/02/2008 21:35 646ÿ792 updB395.tmp.exe
19/02/2008 23:54 646ÿ792 updB451.tmp.exe
18/02/2008 10:08 646ÿ792 updB48.tmp.exe
19/02/2008 23:54 646ÿ792 updB53C.tmp.exe
20/02/2008 10:41 646ÿ792 updB65C.tmp.exe
19/02/2008 09:27 646ÿ792 updB73F.tmp.exe
18/02/2008 19:17 646ÿ792 updB8F2.tmp.exe
18/02/2008 22:05 646ÿ792 updB930.tmp.exe
18/02/2008 19:17 646ÿ792 updBAE7.tmp.exe
18/02/2008 19:15 646ÿ792 updBC4.tmp.exe
20/02/2008 10:40 646ÿ792 updBC63.tmp.exe
18/02/2008 22:05 646ÿ792 updBC7C.tmp.exe
20/02/2008 15:25 646ÿ792 updBDBE.tmp.exe
19/02/2008 23:15 646ÿ792 updC052.tmp.exe
19/02/2008 19:34 646ÿ792 updC0A6.tmp.exe
19/02/2008 23:15 646ÿ792 updC1E9.tmp.exe
19/02/2008 19:38 646ÿ792 updC1F0.tmp.exe
20/02/2008 15:26 646ÿ792 updC4F1.tmp.exe
19/02/2008 21:26 646ÿ792 updC82D.tmp.exe
19/02/2008 21:26 646ÿ792 updC985.tmp.exe
18/02/2008 19:01 646ÿ792 updC9C3.tmp.exe
18/02/2008 19:01 646ÿ792 updCA9F.tmp.exe
18/02/2008 19:12 646ÿ792 updCBE6.tmp.exe
18/02/2008 19:12 646ÿ792 updCC63.tmp.exe
19/02/2008 21:47 646ÿ792 updCCE2.tmp.exe
19/02/2008 21:51 646ÿ792 updCD3C.tmp.exe
20/02/2008 15:23 646ÿ792 updD01.tmp.exe
19/02/2008 21:51 646ÿ792 updD190.tmp.exe
18/02/2008 18:21 646ÿ792 updD2C3.tmp.exe
18/02/2008 18:21 646ÿ792 updD3BD.tmp.exe
18/02/2008 19:10 646ÿ792 updD5C5.tmp.exe
19/02/2008 19:29 646ÿ792 updD684.tmp.exe
19/02/2008 23:17 646ÿ792 updDC9F.tmp.exe
19/02/2008 21:48 646ÿ792 updDCA7.tmp.exe
18/02/2008 19:11 646ÿ792 updDD64.tmp.exe
18/02/2008 23:07 646ÿ792 updDE13.tmp.exe
19/02/2008 21:48 646ÿ792 updDFE2.tmp.exe
18/02/2008 10:25 646ÿ792 updE2E0.tmp.exe
18/02/2008 10:25 646ÿ792 updE689.tmp.exe
19/02/2008 21:49 646ÿ792 updE9F4.tmp.exe
19/02/2008 23:36 646ÿ792 updEBC4.tmp.exe
19/02/2008 23:36 646ÿ792 updEC42.tmp.exe
18/02/2008 23:25 646ÿ792 updEC67.tmp.exe
20/02/2008 09:32 646ÿ792 updED2B.tmp.exe
20/02/2008 13:38 646ÿ792 updED8D.tmp.exe
20/02/2008 13:38 646ÿ792 updF09A.tmp.exe
18/02/2008 10:24 646ÿ792 updF0C5.tmp.exe
20/02/2008 09:32 646ÿ792 updF151.tmp.exe
18/02/2008 10:24 646ÿ792 updF25C.tmp.exe
18/02/2008 18:07 646ÿ792 updF39D.tmp.exe
18/02/2008 19:26 646ÿ792 updF4CA.tmp.exe
18/02/2008 19:26 646ÿ792 updF603.tmp.exe
19/02/2008 21:47 646ÿ792 updFC4E.tmp.exe
19/02/2008 21:24 646ÿ792 updFC66.tmp.exe
18/02/2008 23:52 646ÿ792 updFE01.tmp.exe
169 fichier(s) 109ÿ307ÿ848 octets
0 R‚p(s) 226ÿ170ÿ589ÿ184 octets libres
Le volume dans le lecteur C s'appelle OS
Le num‚ro de s‚rie du volume est 84CA-82A1
R‚pertoire de C:\Users\MARYLENE\AppData\local\temp\low
Le volume dans le lecteur C s'appelle OS
Le num‚ro de s‚rie du volume est 84CA-82A1
R‚pertoire de C:\Users\MARYLENE\AppData\local\temp\low
Voici ta nouvelle lecture !
OK
Lance l'explorateur
Dans la partie de gauche, sélectionne (clic droit une fois) :
C:
Users
MARYLENE
AppData
Local
temp
Dans la partie de droite tu devrais voir apparaitre plusieurs répertoires et/ou fichiers
Sélectionne le répertoire Low (clic droit une seule fois )
Ensuite : touche Supprime et valide
Redémarre ton PC (ou une session) et dis moi ce qui se passe
A+
Lance l'explorateur
Dans la partie de gauche, sélectionne (clic droit une fois) :
C:
Users
MARYLENE
AppData
Local
temp
Dans la partie de droite tu devrais voir apparaitre plusieurs répertoires et/ou fichiers
Sélectionne le répertoire Low (clic droit une seule fois )
Ensuite : touche Supprime et valide
Redémarre ton PC (ou une session) et dis moi ce qui se passe
A+
Après avoir redémarré, j'ai voulu contrôler la disparition du fichier, il était toujours là. Pourtant lorsque je le supprime, il disparait.: il se restaure tout seul chaque fois. J'ai essayé de l'ouvrir et supprimer les éléments un par un,(ils se suppriment) redémarrer, mais rebelote, il s'était restauré. Je desespère !
Re
Bon clic droit c'est par terrible ...
Dans la partie de gauche, clic gauche sur le + devant disque local C
clic gauche sur le + devant Users
clic gauche sur le + devant MARYLENE
clic gauche sur le + devant AppData
clic gauche sur le + devant Local
clic gauche sur le + devant temp
Dans la partie de droite tu devrais voir apparaitre plusieurs répertoires et/ou fichiers
Sélectionne le répertoire Low (clic gauche une seule fois )
Ensuite : touche Supprime et valide
A+
Bon clic droit c'est par terrible ...
Dans la partie de gauche, clic gauche sur le + devant disque local C
clic gauche sur le + devant Users
clic gauche sur le + devant MARYLENE
clic gauche sur le + devant AppData
clic gauche sur le + devant Local
clic gauche sur le + devant temp
Dans la partie de droite tu devrais voir apparaitre plusieurs répertoires et/ou fichiers
Sélectionne le répertoire Low (clic gauche une seule fois )
Ensuite : touche Supprime et valide
A+
