Sujet Précédent Sujet Suivant

3 rapports d'analyses - ecran rouge HELP

Résolu/Fermé
Tamarin - 20 nov. 2007 à 20:54
 Utilisateur anonyme - 12 déc. 2007 à 20:14
Bonjour,

J'ai deuis quelques mois un problème lorsque je double clic sur mon C: un message d'erreur s'affiche me disant qu'il ne trouve pas de... pr win32 ou qqc comme ça. En essayant de résoudre ce problème hier, je me suis rendu compte que c'étai un Virus en survolant plusieurs forums. AUjourd'hui, mon fond d'écran est tout rouge (et c'est écrit : your privacy is in danger download privacy protection softwaree now) et m'envoie comme un lien sur un site qui me proposent d'effectuer des analyses; des fenetres de sécurités s'affichent régulièrement et me dirigent sur des sites equivalents. De plus avast me répète toutes les dix minutes que mon pc est infecté mais ne me permet pas de détruire ce/ces virus ou trojan.

J'ai essayé de résoudre ce problème tout cet après midi en suivant plusieurs instructions sur différents forums mais je n'ai pas trouvé mon bohneur. Mon ordinateur est tjs très lent et ce "lien-fond d'écran" est toujours la!!

J'ai donc commencé par analyser avec Ccleaner comme d'habitude puis fait trois analyses différentes dont je vous soummais les rapports suivants :







---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 18:08:13 20/11/2007

+ Résultat de l'analyse:



HKU\S-1-5-21-39989766-2330583763-384686628-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Nettoyé.
C:\Config.Msi\359a32.rbf -> Adware.BHO : Nettoyé.
C:\WINDOWS\Downloaded Program Files\installer2.dll -> Adware.ClickMedia : Nettoyé.
C:\WINDOWS\privacy_danger -> Adware.RogueSuspect : Nettoyé.
C:\WINDOWS\privacy_danger\images -> Adware.RogueSuspect : Nettoyé.
C:\WINDOWS\privacy_danger\images\capt.gif -> Adware.RogueSuspect : Nettoyé.
C:\WINDOWS\privacy_danger\images\danger.jpg -> Adware.RogueSuspect : Nettoyé.
C:\WINDOWS\privacy_danger\images\down.gif -> Adware.RogueSuspect : Nettoyé.
C:\WINDOWS\privacy_danger\images\spacer.gif -> Adware.RogueSuspect : Nettoyé.
C:\WINDOWS\privacy_danger\index.htm -> Adware.RogueSuspect : Nettoyé.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Nettoyé.
:mozilla.10:C:\Documents and Settings\PIN\Application Data\Mozilla\Firefox\Profiles\iuuhhagu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.11:C:\Documents and Settings\PIN\Application Data\Mozilla\Firefox\Profiles\iuuhhagu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\PIN\Cookies\pin@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.9:C:\Documents and Settings\PIN\Application Data\Mozilla\Firefox\Profiles\iuuhhagu.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\PIN\Cookies\pin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.22:C:\Documents and Settings\PIN\Application Data\Mozilla\Firefox\Profiles\iuuhhagu.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\PIN\Cookies\pin@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\PIN\Cookies\pin@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\PIN\Cookies\pin@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.12:C:\Documents and Settings\PIN\Application Data\Mozilla\Firefox\Profiles\iuuhhagu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.13:C:\Documents and Settings\PIN\Application Data\Mozilla\Firefox\Profiles\iuuhhagu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.14:C:\Documents and Settings\PIN\Application Data\Mozilla\Firefox\Profiles\iuuhhagu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.26:C:\Documents and Settings\PIN\Application Data\Mozilla\Firefox\Profiles\iuuhhagu.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\PIN\Cookies\pin@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.27:C:\Documents and Settings\PIN\Application Data\Mozilla\Firefox\Profiles\iuuhhagu.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\PIN\Cookies\pin@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.


Fin du rapport








-------------------------------------------------------------------------------------------------------------------------------------------------------------









BitDefender Online Scanner



Scan report generated at: Tue, Nov 20, 2007 - 19:31:35





Scan path: C:\;D:\;







Statistics

Time
01:10:01

Files
157022

Folders
6396

Boot Sectors
3

Archives
6967

Packed Files
8340




Results

Identified Viruses
5

Infected Files
10

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
10




Engines Info

Virus Definitions
878621

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2\edi.exe
Infected with: Trojan.Agent.BHO.N

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2\edi.exe
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2\edi.exe
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2\install.bat
Infected with: Trojan.Agent.BHO.N

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2\install.bat
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2\install.bat
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2\msmdev.dll
Infected with: Trojan.Downloader.Agent.YNU

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2\msmdev.dll
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2\msmdev.dll
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/edi.exe
Infected with: Trojan.Agent.BHO.N

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/edi.exe
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/edi.exe
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat
Update failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/install.bat
Infected with: Trojan.Agent.BHO.N

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/install.bat
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/install.bat
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat
Update failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/main_uninstaller.exe
Infected with: Trojan.Agent.ABSG

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/main_uninstaller.exe
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/main_uninstaller.exe
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat
Update failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/msmdev.dll
Infected with: Trojan.Downloader.Agent.YNU

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/msmdev.dll
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/msmdev.dll
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat
Update failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/msmhost.dll
Infected with: Trojan.Agent.BHO.O

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/msmhost.dll
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/msmhost.dll
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat
Update failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/nsduo.dll
Infected with: Trojan.Downloader.Agent.YNQ

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/nsduo.dll
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/nsduo.dll
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat
Update failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/rmv.exe
Infected with: Trojan.Agent.ABSG

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/rmv.exe
Disinfection failed

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat=>ac8zt2/rmv.exe
Deleted

C:\Documents and Settings\PIN\Local Settings\Temp\ac8zt2.dat
Update failed

C:\WINDOWS\I386\COMDLG32.DL_
Clean

C:\WINDOWS\I386\COMDLG32.DL_=>comdlg32.dll
Clean

C:\WINDOWS\I386\COMEMPTY.DA_
Clean

C:\WINDOWS\I386\COMEMPTY.DA_=>comempty.dat
Clean

C:\WINDOWS\I386\COMEXP.CH_
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/#SYSTEM
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adapppooling_371v.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adapppooling_3s6f.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adapppooling_5ohf.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adapppooling_7unb.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_059o.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_14ab.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_1fg3.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_1lt8.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_24ry.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_2eb7.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_2hm4.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_2p6b.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_2wvt.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_33jh.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_38vn.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_3z77.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_59gu.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_5wdo.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_6dgu.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_6gh3.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_7qhz.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_95df.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_9s4z.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adcom_9uk3.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adconfiguring_1jeb.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adconfiguring_23l9.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adconfiguring_35tf.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adconfiguring_5zsp.htm
Clean

C:\WINDOWS\I386\COMEXP.CH_=>comexp.chm=>/htm/adconfiguring_9dbn.htm
Clean

C:\WINDOWS\I386\COMEXP.HL_
Clean

C:\WINDOWS\I386\COMEXP.HL_=>comexp.hlp
Clean

C:\WINDOWS\I386\COMEXP.MS_
Clean

C:\WINDOWS\I386\COMEXP.MS_=>comexp.msc
Clean

C:\WINDOWS\I386\COMIC.TT_
Clean

C:\WINDOWS\I386\COMIC.TT_=>comic.ttf
Clean

C:\WINDOWS\I386\COMICBD.TT_
Clean

C:\WINDOWS\I386\COMICBD.TT_=>comicbd.ttf
Clean

C:\WINDOWS\I386\COMM.DR_
Clean

C:\WINDOWS\I386\COMM.DR_=>comm.drv
Clean

C:\WINDOWS\I386\COMMAND.CO_
Clean

C:\WINDOWS\I386\COMMAND.CO_=>command.com
Clean

C:\WINDOWS\I386\COMMDLG.DL_
Clean

C:\WINDOWS\I386\COMMDLG.DL_=>commdlg.dll
Clean

C:\WINDOWS\I386\COMMON.CH_
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/#SYSTEM
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_file_save_as.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_link_info.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_move_info.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_open_file.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_quit_program.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_save_file.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_status_bar_on_off.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_toolbar_on_off.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_trans_wind_screen.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_use_info.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_embed_info.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/compile_date.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/common_edit_undo.htm
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/#WINDOWS
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/$WWKeywordLinks/Property
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/$WWAssociativeLinks/BTree
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/$WWAssociativeLinks/Data
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/$WWAssociativeLinks/Map
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/$WWAssociativeLinks/Property
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/$OBJINST
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/$FIftiMain
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/#IDXHDR
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/#TOPICS
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/#URLTBL
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/#URLSTR
Clean

C:\WINDOWS\I386\COMMON.CH_=>common.chm=>/#STRINGS
Clean

C:\WINDOWS\I386\COMMUNIC.IN_
Clean

C:\WINDOWS\I386\COMMUNIC.IN_=>communic.inf
Clean

C:\WINDOWS\I386\COMMUNIC.IN_=>communic.inf=>(unicode)
Clean

C:\WINDOWS\I386\COMNTWKS.IN_
Clean

C:\WINDOWS\I386\COMNTWKS.IN_=>comntwks.inf
Clean

C:\WINDOWS\I386\COMNTWKS.IN_=>comntwks.inf=>(unicode)
Clean

C:\WINDOWS\I386\COMP.EX_
Clean

C:\WINDOWS\I386\COMP.EX_=>comp.exe
Clean

C:\WINDOWS\I386\COMPACT.EX_
Clean

C:\WINDOWS\I386\COMPACT.EX_=>compact.exe
Clean

C:\WINDOWS\I386\COMPACT.WM_
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>bg_bottomleft.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>bg_bottomright.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>bg_topleft.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>bg_topright.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>bottom_tile.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>brand_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>brand_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>brand_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>brightness.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>btngroup_colormap.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>btngroup_disabled.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>btngroup_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>btngroup_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>btngroup_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>compact.js
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>compact.wms
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>compact.wms=>(unicode)
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>compact.wms=>(unicode)=>(JAVASCRIPT 9)
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>compact.wms=>(unicode)=>(JAVASCRIPT 15)
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>compact.wms=>(unicode)=>(JAVASCRIPT 19)
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>compact_drawer_bottom_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>compact_drawer_right_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>contrast.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>drawer_bottom.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>drawer_bottom_closed.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>drawer_bottom_open.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>drawer_right_bottom.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>drawer_right_closed.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>drawer_right_open.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>drawer_right_tile.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>drawer_right_top.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>hue.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>left_tile.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>logo_default.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>logo_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>logo_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>min_close_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>min_close_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>min_close_map.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>min_close_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>mute_btn_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>next_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>next_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>next_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>onoff_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>onoff_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>onoff_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>play_btn_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>play_btn_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>play_btn_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>play_pause_btn_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>play_pause_btn_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>play_pause_btn_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>prev_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>prev_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>prev_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>right_tile.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>saturation.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>seek_sldr_bkg_comp.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>seek_sldr_fore_comp.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>seek_thumb_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>seek_thumb_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>seek_thumb_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>shufflebtn_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>shufflebtn_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>shufflebtn_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>size.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>slider_h_video.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>slider_thumb.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>slider_thumb_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>slider_v_eq.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>sound_btn_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>sound_btn_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>srswow_logo.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>stop_btn_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>stop_btn_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>stop_btn_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>toggle_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>toggle_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>toggle_up.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>top_tile.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>transport.js
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>vol_sldr_bkg.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>vol_thumb_down.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>vol_thumb_hover.bmp
Clean

C:\WINDOWS\I386\COMPACT.WM_=>compact.wmz=>vol_thumb_up.bmp
Clean

C:\WINDOWS\I386\COMPATUI.DL_
Clean

C:\WINDOWS\I386\COMPATUI.DL_=>compatui.dll
Clean

C:\WINDOWS\I386\COMPDATA\
Clean

C:\WINDOWS\I386\COMPDATA\3COM.HTM
Clean

C:\WINDOWS\I386\COMPDATA\3COM.TXT
Clean

C:\WINDOWS\I386\COMPDATA\AACRAID.HTM
Clean

C:\WINDOWS\I386\COMPDATA\AACRAID.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ACER640P.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ACER640P.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ACLIENT.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ACLIENT.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ACS.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ACS.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ADAPTEC.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ADAPTEC.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ADMPKW2K.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ADMPKW2K.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ADMPKXP.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ADMPKXP.TXT
Clean

C:\WINDOWS\I386\COMPDATA\AHA8940.HTM
Clean

C:\WINDOWS\I386\COMPDATA\AHA8940.TXT
Clean

C:\WINDOWS\I386\COMPDATA\AICDRV.HTM
Clean

C:\WINDOWS\I386\COMPDATA\AICDRV.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ALKB2K.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ALKB2K.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ALPSPRT.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ALPSPRT.TXT
Clean

C:\WINDOWS\I386\COMPDATA\APFILTR.HTM
Clean

C:\WINDOWS\I386\COMPDATA\APFILTR.TXT
Clean

C:\WINDOWS\I386\COMPDATA\APMERROR.HTM
Clean

C:\WINDOWS\I386\COMPDATA\APMERROR.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ARTCAS6E.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ARTCAS6E.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ASSETCI.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ASSETCI.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ATGUARD.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ATGUARD.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ATKPROTO.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ATKPROTO.TXT
Clean

C:\WINDOWS\I386\COMPDATA\AVPGATEK.HTM
Clean

C:\WINDOWS\I386\COMPDATA\AVPGATEK.TXT
Clean

C:\WINDOWS\I386\COMPDATA\AWARD.HTM
Clean

C:\WINDOWS\I386\COMPDATA\AWARD.TXT
Clean

C:\WINDOWS\I386\COMPDATA\BAYMAN.HTM
Clean

C:\WINDOWS\I386\COMPDATA\BAYMAN.TXT
Clean

C:\WINDOWS\I386\COMPDATA\BLACKICE.HTM
Clean

C:\WINDOWS\I386\COMPDATA\BLACKICE.TXT
Clean

C:\WINDOWS\I386\COMPDATA\BOSERROR.HTM
Clean

C:\WINDOWS\I386\COMPDATA\BOSERROR.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CALCOMP.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CALCOMP.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CANO620P.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CANO620P.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CANOS100.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CANOS100.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CARDEXEC.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CARDEXEC.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CDR4VSD.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CDR4VSD.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CERTSRV.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CERTSRV.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CIC.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CIC.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CIMGR.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CIMGR.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CISCOACU.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CISCOACU.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CLDVD.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CLDVD.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CLTMGR.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CLTMGR.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CNBJ51.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CNBJ51.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CNMULTI1.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CNMULTI1.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CPQDIAGC.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CPQDIAGC.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CPQIJ.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CPQIJ.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CPQKBD.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CPQKBD.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CPQMULTI.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CPQMULTI.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CPQPNPMG.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CPQPNPMG.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CPQPWREX.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CPQPWREX.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CPUFEAT.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CPUFEAT.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CRASHMON.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CRASHMON.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CRUISE.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CRUISE.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CRYSTAL.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CRYSTAL.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CS4281.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CS4281.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CSA64XX.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CSA64XX.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CSMIGRAT.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CSMIGRAT.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CSREM32.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CSREM32.TXT
Clean

C:\WINDOWS\I386\COMPDATA\CTZ_CRDL.HTM
Clean

C:\WINDOWS\I386\COMPDATA\CTZ_CRDL.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DAYT.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DAYT.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DECATAPI.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DECATAPI.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DECML.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DECML.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DELLPS.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DELLPS.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DELLTH.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DELLTH.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DELPERC2.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DELPERC2.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DIRECTCD.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DIRECTCD.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DLCPROTO.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DLCPROTO.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DMIBIOS.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DMIBIOS.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DOCK.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DOCK.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DOCKSVC.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DOCKSVC.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/#SYSTEM
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_20669.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21216.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21217.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21248.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21187.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21149.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21320.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21203.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21214.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21299.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21178.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21108.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_30019.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21185.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_30007.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21220.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_20886.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21205.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21226.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_30009.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21151.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_20004.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21169.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21186.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21154.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21152.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21118.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21103.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.CHM=>/idh_w2_21212.htm
Clean

C:\WINDOWS\I386\COMPDATA\DRVMAIN.INF
Clean

C:\WINDOWS\I386\COMPDATA\DRVNCDB.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DRVNCDB.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DSMU.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DSMU.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DV_COMP.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DV_COMP.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DV_GEN.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DV_GEN.TXT
Clean

C:\WINDOWS\I386\COMPDATA\DWRITE.HTM
Clean

C:\WINDOWS\I386\COMPDATA\DWRITE.TXT
Clean

C:\WINDOWS\I386\COMPDATA\EICONTA.HTM
Clean

C:\WINDOWS\I386\COMPDATA\EICONTA.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ELSAMX.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ELSAMX.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ENSONIQV.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ENSONIQV.TXT
Clean

C:\WINDOWS\I386\COMPDATA\ENSQAUDM.HTM
Clean

C:\WINDOWS\I386\COMPDATA\ENSQAUDM.TXT
Clean

C:\WINDOWS\I386\COMPDATA\EPSCOLOR.HTM
Clean

C:\WINDOWS\I386\COMPDATA\EPSCOLOR.TXT
Clean

C:\WINDOWS\I386\COMPDATA\EPSON1.HTM
Clean

C:\WINDOWS\I386\COMPDATA\EPSON1.TXT
Clean

C:\WINDOWS\I386\COMPDATA\EPSON3.HTM
Clean

C:\WINDOWS\I386\COMPDATA\EPSON3.TXT
Clean

C:\WINDOWS\I386\COMPDATA\EPSON4.HTM
Clean

C:\WINDOWS\I386\COMPDATA\EPSON4.TXT
Clean

C:\WINDOWS\I386\COMPDATA\EPSP1270.HTM
Clean

C:\WINDOWS\I386\COMPDATA\EPSP1270.TXT
Clean

C:\WINDOWS\I386\COMPDATA\EPSPHOTO.HTM
Clean

C:\WINDOWS\I386\COMPDATA\EPSPHOTO.TXT
Clean

C:\WINDOWS\I386\COMPDATA\EXCHANGE.HTM
Clean

C:\WINDOWS\I386\COMPDATA\EXCHANGE.TXT
Clean

C:\WINDOWS\I386\COMPDATA\FAZAM.HTM
Clean

C:\WINDOWS\I386\COMPDATA\FAZAM.TXT
Clean

C:\WINDOWS\I386\COMPDATA\FIDMOU.HTM
Clean

C:\WINDOWS\I386\COMPDATA\FIDMOU.TXT
Clean

C:\WINDOWS\I386\COMPDATA\FLOWCH7.HTM
Clean

C:\WINDOWS\I386\COMPDATA\FLOWCH7.TXT
Clean

C:\WINDOWS\I386\COMPDATA\FTCOMP1.HTM
Clean

C:\WINDOWS\I386\COMPDATA\FTCOMP1.TXT
Clean

C:\WINDOWS\I386\COMPDATA\FTCOMP2.HTM
Clean

C:\WINDOWS\I386\COMPDATA\FTCOMP2.TXT
Clean

C:\WINDOWS\I386\COMPDATA\FTCOMP3.HTM
Clean

C:\WINDOWS\I386\COMPDATA\FTCOMP3.TXT
Clean

C:\WINDOWS\I386\COMPDATA\GENERIC.HTM
Clean

C:\WINDOWS\I386\COMPDATA\GENERIC.TXT
Clean

C:\WINDOWS\I386\COMPDATA\GENIUS.HTM
Clean

C:\WINDOWS\I386\COMPDATA\GENIUS.TXT
Clean

C:\WINDOWS\I386\COMPDATA\GLINT.HTM
Clean

C:\WINDOWS\I386\COMPDATA\GLINT.TXT
Clean

C:\WINDOWS\I386\COMPDATA\GSNW.HTM
Clean

C:\WINDOWS\I386\COMPDATA\GSNW.TXT
Clean






-------------------------------------------------------------------------------------------------------------------------------------------------------------





3ème rapport effectué par HiJackthis :





O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: t-mobile - (no CLSID) - (no file)
O21 - SSODL: sapnet - {FF6C9F35-C22D-43B6-A399-0374AF11EC2E} - (no file)
O21 - SSODL: rmvgor - {CE7AEE4E-2130-4EF8-8B04-3B437490A6FB} - C:\WINDOWS\rmvgor.dll
O21 - SSODL: msmdev - {184970FB-13E0-453F-9F97-F9FCF66FA95F} - C:\WINDOWS\msmdev.dll (file missing)
O21 - SSODL: msmhost - {EB9A1653-0152-4036-AD23-371DB6517287} - C:\WINDOWS\msmhost.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
A voir également:

26 réponses

  • 1
  • 2
Réponse 1 / 26
Utilisateur anonyme
20 nov. 2007 à 20:56
salut
refaits un rapport Hijackthis complet, il lui manques des plumes...
;-)
0
Réponse 2 / 26
tamarin
20 nov. 2007 à 21:50
ok, ça y est c'est fait pr HijackThis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:25, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Metacafe\Metacafe.exe
C:\Program Files\stickies\stickies.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {9C985AC6-A138-4EAB-B10A-DC522F755146} - C:\WINDOWS\popnetdpt.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O3 - Toolbar: The jokwmp - {D71F3444-606D-46EB-9ABE-DF80E5E9BF67} - C:\WINDOWS\jokwmp.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: t-mobile - (no CLSID) - (no file)
O21 - SSODL: sapnet - {FF6C9F35-C22D-43B6-A399-0374AF11EC2E} - (no file)
O21 - SSODL: rmvgor - {CE7AEE4E-2130-4EF8-8B04-3B437490A6FB} - C:\WINDOWS\rmvgor.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
0
Réponse 3 / 26
Utilisateur anonyme
21 nov. 2007 à 10:38
download ceci lopxpMH2
http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip
sur ton bureau.
Dézippe-le (clic droit -> "Extraire ici") et double clique sur le fichier lopxpMH.bat.
postes le rapport
0
Réponse 4 / 26
Tamarin
21 nov. 2007 à 12:24
Merci,

Je fais ça ce soir, je dois retourner en cours
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 26
Utilisateur anonyme
21 nov. 2007 à 14:53
pas de soucis, a+
0
Réponse 6 / 26
Tamarin
21 nov. 2007 à 19:42
Bonsoir,

j'ai bien importé iopxpMH2.bat sur mon bureau et voici le rapport :




Rapport lopxpMH2 version 2.0 fait à 19:36:00,52 le 21/11/2007
C:\Documents and Settings\PIN\Mes documents\My Completed Downloads

******************************************
## Répertoires Application Data

Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\All Users\Application Data

16/08/2004 17:54 <REP> .
16/08/2004 17:54 <REP> ..
15/02/2006 19:11 <REP> Adobe
15/02/2006 19:12 <REP> AOL
14/09/2006 18:00 <REP> Apple Computer
09/10/2006 18:18 <REP> Autodesk
30/08/2007 19:20 <REP> BufferZone
22/07/2006 14:25 <REP> CyberLink
12/03/2007 17:28 <REP> Forge of Games
24/11/2006 15:00 <REP> Google
20/11/2007 16:34 <REP> Grisoft
07/10/2007 16:25 <REP> Intel
24/10/2006 13:55 <REP> Metacafe
16/08/2004 17:54 <REP> Microsoft
28/08/2006 19:46 <REP> Motive
15/02/2006 19:13 <REP> OD2
15/11/2007 00:36 <REP> pixelStorm
15/02/2006 19:12 <REP> QuickTime
16/08/2004 18:28 <REP> SBSI
18/06/2007 19:03 <REP> Skype
26/07/2006 16:56 <REP> Sony Ericsson
15/02/2006 19:07 <REP> Symantec
15/02/2006 19:13 <REP> Viewpoint
28/08/2006 19:27 <REP> Windows Genuine Advantage
16/08/2004 17:55 62 desktop.ini
1 fichier(s) 62 octets
24 Rép(s) 11 671 212 032 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\Default User\Application Data

16/08/2004 17:54 <REP> .
16/08/2004 17:54 <REP> ..
22/07/2006 12:07 <REP> Identities
07/10/2007 16:26 <REP> Intel
22/07/2006 12:07 <REP> Macromedia
16/08/2004 17:54 <REP> Microsoft
22/07/2006 12:07 <REP> Real
22/07/2006 12:07 <REP> Sun
22/07/2006 12:07 <REP> Symantec
22/07/2006 12:07 <REP> You've Got Pictures Screensaver
16/08/2004 17:54 62 desktop.ini
1 fichier(s) 62 octets
10 Rép(s) 11 671 212 032 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

16/08/2004 17:55 <REP> .
16/08/2004 17:55 <REP> ..
22/07/2006 12:07 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142050}
22/07/2006 12:07 <REP> ApplicationHistory
16/08/2004 18:10 <REP> Microsoft
22/07/2006 12:07 <REP> PowerCinema
22/07/2006 12:07 135 fusioncache.dat
22/07/2006 12:07 2 687 222 IconCache.db
2 fichier(s) 2 687 357 octets
6 Rép(s) 11 671 212 032 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\LocalService\Application Data

16/08/2004 18:18 <REP> .
16/08/2004 18:18 <REP> ..
07/10/2007 16:26 <REP> Intel
16/08/2004 18:18 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 11 671 212 032 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

16/08/2004 18:18 <REP> .
16/08/2004 18:18 <REP> ..
16/08/2004 18:18 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 11 671 212 032 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\NetworkService\Application Data

16/08/2004 18:18 <REP> .
16/08/2004 18:18 <REP> ..
07/10/2007 16:26 <REP> Intel
16/08/2004 18:18 <REP> Microsoft
09/08/2006 21:08 <REP> Symantec
0 fichier(s) 0 octets
5 Rép(s) 11 671 207 936 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

16/08/2004 18:18 <REP> .
16/08/2004 18:18 <REP> ..
16/08/2004 18:18 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 11 671 207 936 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\PIN\Application Data

22/07/2006 12:08 <REP> .
22/07/2006 12:08 <REP> ..
26/07/2006 16:15 <REP> Adobe
11/09/2006 14:39 <REP> AdobeUM
14/09/2006 18:03 <REP> Apple Computer
09/10/2006 18:18 <REP> Autodesk
31/03/2007 21:03 <REP> BSplayer
31/03/2007 21:03 <REP> BSplayer Pro
22/07/2006 16:23 <REP> CyberLink
14/09/2006 17:39 <REP> FotoTime
28/10/2006 13:30 <REP> funkitron
25/09/2006 21:49 <REP> Google
20/11/2007 16:34 <REP> Grisoft
13/10/2006 15:19 <REP> Help
22/07/2006 12:08 <REP> Identities
07/10/2007 16:26 <REP> Intel
01/10/2006 15:56 <REP> Lavasoft
25/08/2006 18:09 <REP> Leadertech
22/07/2006 12:08 <REP> Macromedia
24/10/2006 13:55 <REP> MetaCafe
22/07/2006 12:08 <REP> Microsoft
14/09/2006 17:49 <REP> Mozilla
22/07/2006 12:12 <REP> OD2
12/12/2006 14:20 <REP> PlayFirst
22/07/2006 12:08 <REP> Real
13/07/2007 11:54 <REP> SecondLife
30/08/2007 19:20 <REP> ShoppingReport
22/07/2006 13:42 <REP> Skype
25/08/2006 18:09 <REP> Sonic
05/09/2006 18:47 <REP> stickies
22/07/2006 12:08 <REP> Sun
22/07/2006 12:08 <REP> Symantec
14/09/2006 17:50 <REP> Talkback
27/08/2006 23:37 <REP> U3
04/12/2006 18:53 <REP> vlc
22/07/2006 12:08 <REP> You've Got Pictures Screensaver
22/07/2006 12:08 62 desktop.ini
13/11/2006 21:38 78 792 GDIPFONTCACHEV1.DAT
2 fichier(s) 78 854 octets
36 Rép(s) 11 671 207 936 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\PIN\Local Settings\Application Data

22/07/2006 12:08 <REP> .
22/07/2006 12:08 <REP> ..
22/07/2006 12:08 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142050}
26/07/2006 16:15 <REP> Adobe
19/12/2006 14:49 <REP> Ahead
14/09/2006 18:03 <REP> Apple Computer
22/07/2006 12:08 <REP> ApplicationHistory
09/10/2006 18:18 <REP> Autodesk
01/11/2006 16:05 <REP> Downloaded Installations
23/09/2006 22:29 <REP> Gearbox Software
25/09/2006 21:49 <REP> Google
13/10/2006 15:19 <REP> Help
04/09/2006 16:25 <REP> Identities
22/07/2006 12:08 <REP> Microsoft
14/09/2006 17:49 <REP> Mozilla
08/12/2006 00:12 <REP> Paint.NET
22/07/2006 12:08 <REP> PowerCinema
15/11/2007 23:56 <REP> Share_Accelerator_MM
30/08/2006 16:22 218 112 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
22/07/2006 12:08 135 fusioncache.dat
22/07/2006 16:23 47 160 GDIPFONTCACHEV1.DAT
22/07/2006 12:08 6 362 026 IconCache.db
4 fichier(s) 6 627 433 octets
18 Rép(s) 11 671 203 840 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\Propriétaire\Application Data

22/07/2006 16:18 <REP> .
22/07/2006 16:18 <REP> ..
07/10/2007 16:26 <REP> Intel
22/07/2006 16:18 <REP> You've Got Pictures Screensaver
0 fichier(s) 0 octets
4 Rép(s) 11 671 203 840 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

16/08/2004 18:16 <REP> .
16/08/2004 18:16 <REP> ..
22/07/2006 12:07 <REP> Identities
07/10/2007 16:25 <REP> Intel
22/07/2006 12:07 <REP> Macromedia
16/08/2004 18:16 <REP> Microsoft
22/07/2006 12:07 <REP> Real
22/07/2006 12:07 <REP> Sun
22/07/2006 12:07 <REP> Symantec
22/07/2006 12:07 <REP> You've Got Pictures Screensaver
16/08/2004 18:16 62 desktop.ini
1 fichier(s) 62 octets
10 Rép(s) 11 671 203 840 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

16/08/2004 18:16 <REP> .
16/08/2004 18:16 <REP> ..
22/07/2006 12:07 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142050}
22/07/2006 12:07 <REP> ApplicationHistory
16/08/2004 18:16 <REP> Microsoft
22/07/2006 12:07 <REP> PowerCinema
22/07/2006 12:07 135 fusioncache.dat
22/07/2006 12:07 2 687 222 IconCache.db
2 fichier(s) 2 687 357 octets
6 Rép(s) 11 671 203 840 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks


C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
s  €!×    " : C : \ P r o g r a m F i l e s \ A p p l e S o f t w a r e U p d a t e \ S o f t w a r e U p d a t e . e x e  - T a s k  S Y S T E M   0 Ö   "  

C:\WINDOWS\Tasks\HDReg.job
€ s   !  c : \ A p p s \ H D R e g \ H D R e g R e m . e x e  c : \ A p p s \ H D R e g \  P I N  

C:\WINDOWS\Tasks\Rappel
Rappel inexploitable


C:\WINDOWS\Tasks\Rappel
Rappel inexploitable

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Program Files

20/11/2007 19:37 <REP> .
20/11/2007 19:37 <REP> ..
15/02/2006 19:11 <REP> Adobe
19/12/2006 14:47 <REP> Ahead
24/08/2006 15:32 <REP> Alwil Software
13/08/2007 17:44 <REP> AMT
14/09/2006 18:01 <REP> Apple Software Update
09/11/2007 21:09 <REP> Autodesk Architectural Desktop 2004
22/10/2006 13:37 <REP> Bibliorom_CD
20/11/2007 16:13 <REP> CCleaner
28/08/2006 19:45 <REP> Common Files
15/02/2006 19:04 <REP> CyberLink
02/10/2006 10:54 <REP> DAP
16/10/2007 20:57 <REP> DivX
16/10/2007 20:25 <REP> Easy WiFi Radar
19/11/2007 19:27 <REP> eMule
01/06/2007 12:22 <REP> EPSON
27/05/2007 13:46 <REP> ESET
09/11/2007 21:06 <REP> Fichiers communs
16/10/2007 21:08 <REP> Google
20/11/2007 16:34 <REP> Grisoft
22/10/2006 12:52 <REP> HiDownload
19/11/2007 19:28 <REP> inKline Global
07/10/2007 16:24 <REP> Intel
11/10/2007 00:16 <REP> Internet Explorer
15/02/2006 18:49 <REP> Java
16/10/2007 21:06 <REP> Lavasoft
15/02/2006 19:13 <REP> Learn2.com
28/08/2006 22:01 <REP> Macrogaming
16/10/2007 20:43 <REP> Metacafe
16/08/2004 18:11 <REP> microsoft frontpage
28/08/2006 19:31 <REP> Microsoft Office
22/10/2006 13:38 <REP> Microsoft Référence
16/08/2004 18:06 <REP> Movie Maker
15/10/2007 18:04 <REP> Mozilla Firefox
16/08/2004 18:03 <REP> MSN Gaming Zone
02/10/2007 18:30 <REP> MSN Messenger
18/11/2006 03:22 <REP> MSXML 4.0
09/10/2007 02:00 <REP> MSXML 6.0
16/08/2004 18:06 <REP> NetMeeting
16/08/2004 18:03 <REP> Online Services
16/06/2007 13:25 <REP> Outlook Express
11/12/2006 21:51 <REP> Rainlendar2
15/02/2006 19:06 <REP> Real
15/02/2006 18:48 <REP> Realtek
16/11/2007 16:41 <REP> RegCleaner
30/08/2007 19:19 <REP> Secured eMule
16/08/2004 18:07 <REP> Services en ligne
15/11/2007 23:56 <REP> Share_Accelerator_MM
30/08/2007 19:20 <REP> ShoppingReport
18/06/2007 19:04 <REP> Skype
26/07/2006 16:56 <REP> Sony Ericsson
05/09/2006 18:47 <REP> stickies
01/10/2006 17:57 3 889 824 SweetImSetup.exe
15/02/2006 18:36 <REP> Synaptics
20/11/2007 19:37 <REP> Trend Micro
29/08/2006 11:25 <REP> VDCodecPack3.4
19/11/2007 23:45 <REP> Video Add-on
04/12/2006 17:33 <REP> VideoLAN
15/02/2006 19:13 <REP> Viewpoint
20/10/2007 15:11 <REP> Winamp
16/10/2007 21:14 <REP> Windows Media Connect 2
16/12/2006 20:52 <REP> Windows Media Player
16/08/2004 18:03 <REP> Windows NT
28/08/2006 21:48 <REP> WinRAR
16/08/2004 18:11 <REP> xerox
1 fichier(s) 3 889 824 octets
65 Rép(s) 11 671 199 744 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
www.packardbell.com REG_NONE
www.packardbell.co.uk REG_NONE
www.packardbell.at REG_NONE
www.packardbell.dk REG_NONE
www.packardbell.fi REG_NONE
www.packardbell.fr REG_NONE
www.packardbell.de REG_NONE
www.packardbell.it REG_NONE
www.packardbell.no REG_NONE
www.packardbell.es REG_NONE
www.packardbell.se REG_NONE
www.packardbell.ch REG_NONE
www.canalplus.fr REG_BINARY
eu1.badoo.com REG_BINARY
www8.ratp.info REG_BINARY
zonenxt.msn-int.com REG_BINARY
zonenxt.msn-ppe.com REG_BINARY
zone.msn.com REG_BINARY

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.od2.com
<SANS NOM> REG_SZ 0

* Mozilla Firefox (1 autorisé 2 interdit)
Rapport lopxpMH2 version 2.0 fait à 19:36:49,72 le 21/11/2007
C:\Documents and Settings\PIN\Bureau

******************************************
## Répertoires Application Data

Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\All Users\Application Data

16/08/2004 17:54 <REP> .
16/08/2004 17:54 <REP> ..
15/02/2006 19:11 <REP> Adobe
15/02/2006 19:12 <REP> AOL
14/09/2006 18:00 <REP> Apple Computer
09/10/2006 18:18 <REP> Autodesk
30/08/2007 19:20 <REP> BufferZone
22/07/2006 14:25 <REP> CyberLink
12/03/2007 17:28 <REP> Forge of Games
24/11/2006 15:00 <REP> Google
20/11/2007 16:34 <REP> Grisoft
07/10/2007 16:25 <REP> Intel
24/10/2006 13:55 <REP> Metacafe
16/08/2004 17:54 <REP> Microsoft
28/08/2006 19:46 <REP> Motive
15/02/2006 19:13 <REP> OD2
15/11/2007 00:36 <REP> pixelStorm
15/02/2006 19:12 <REP> QuickTime
16/08/2004 18:28 <REP> SBSI
18/06/2007 19:03 <REP> Skype
26/07/2006 16:56 <REP> Sony Ericsson
15/02/2006 19:07 <REP> Symantec
15/02/2006 19:13 <REP> Viewpoint
28/08/2006 19:27 <REP> Windows Genuine Advantage
16/08/2004 17:55 62 desktop.ini
1 fichier(s) 62 octets
24 Rép(s) 11 671 183 360 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\Default User\Application Data

16/08/2004 17:54 <REP> .
16/08/2004 17:54 <REP> ..
22/07/2006 12:07 <REP> Identities
07/10/2007 16:26 <REP> Intel
22/07/2006 12:07 <REP> Macromedia
16/08/2004 17:54 <REP> Microsoft
22/07/2006 12:07 <REP> Real
22/07/2006 12:07 <REP> Sun
22/07/2006 12:07 <REP> Symantec
22/07/2006 12:07 <REP> You've Got Pictures Screensaver
16/08/2004 17:54 62 desktop.ini
1 fichier(s) 62 octets
10 Rép(s) 11 671 183 360 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

16/08/2004 17:55 <REP> .
16/08/2004 17:55 <REP> ..
22/07/2006 12:07 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142050}
22/07/2006 12:07 <REP> ApplicationHistory
16/08/2004 18:10 <REP> Microsoft
22/07/2006 12:07 <REP> PowerCinema
22/07/2006 12:07 135 fusioncache.dat
22/07/2006 12:07 2 687 222 IconCache.db
2 fichier(s) 2 687 357 octets
6 Rép(s) 11 671 183 360 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\LocalService\Application Data

16/08/2004 18:18 <REP> .
16/08/2004 18:18 <REP> ..
07/10/2007 16:26 <REP> Intel
16/08/2004 18:18 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 11 671 183 360 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

16/08/2004 18:18 <REP> .
16/08/2004 18:18 <REP> ..
16/08/2004 18:18 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 11 671 183 360 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\NetworkService\Application Data

16/08/2004 18:18 <REP> .
16/08/2004 18:18 <REP> ..
07/10/2007 16:26 <REP> Intel
16/08/2004 18:18 <REP> Microsoft
09/08/2006 21:08 <REP> Symantec
0 fichier(s) 0 octets
5 Rép(s) 11 671 183 360 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

16/08/2004 18:18 <REP> .
16/08/2004 18:18 <REP> ..
16/08/2004 18:18 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 11 671 183 360 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\PIN\Application Data

22/07/2006 12:08 <REP> .
22/07/2006 12:08 <REP> ..
26/07/2006 16:15 <REP> Adobe
11/09/2006 14:39 <REP> AdobeUM
14/09/2006 18:03 <REP> Apple Computer
09/10/2006 18:18 <REP> Autodesk
31/03/2007 21:03 <REP> BSplayer
31/03/2007 21:03 <REP> BSplayer Pro
22/07/2006 16:23 <REP> CyberLink
14/09/2006 17:39 <REP> FotoTime
28/10/2006 13:30 <REP> funkitron
25/09/2006 21:49 <REP> Google
20/11/2007 16:34 <REP> Grisoft
13/10/2006 15:19 <REP> Help
22/07/2006 12:08 <REP> Identities
07/10/2007 16:26 <REP> Intel
01/10/2006 15:56 <REP> Lavasoft
25/08/2006 18:09 <REP> Leadertech
22/07/2006 12:08 <REP> Macromedia
24/10/2006 13:55 <REP> MetaCafe
22/07/2006 12:08 <REP> Microsoft
14/09/2006 17:49 <REP> Mozilla
22/07/2006 12:12 <REP> OD2
12/12/2006 14:20 <REP> PlayFirst
22/07/2006 12:08 <REP> Real
13/07/2007 11:54 <REP> SecondLife
30/08/2007 19:20 <REP> ShoppingReport
22/07/2006 13:42 <REP> Skype
25/08/2006 18:09 <REP> Sonic
05/09/2006 18:47 <REP> stickies
22/07/2006 12:08 <REP> Sun
22/07/2006 12:08 <REP> Symantec
14/09/2006 17:50 <REP> Talkback
27/08/2006 23:37 <REP> U3
04/12/2006 18:53 <REP> vlc
22/07/2006 12:08 <REP> You've Got Pictures Screensaver
22/07/2006 12:08 62 desktop.ini
13/11/2006 21:38 78 792 GDIPFONTCACHEV1.DAT
2 fichier(s) 78 854 octets
36 Rép(s) 11 671 179 264 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\PIN\Local Settings\Application Data

22/07/2006 12:08 <REP> .
22/07/2006 12:08 <REP> ..
22/07/2006 12:08 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142050}
26/07/2006 16:15 <REP> Adobe
19/12/2006 14:49 <REP> Ahead
14/09/2006 18:03 <REP> Apple Computer
22/07/2006 12:08 <REP> ApplicationHistory
09/10/2006 18:18 <REP> Autodesk
01/11/2006 16:05 <REP> Downloaded Installations
23/09/2006 22:29 <REP> Gearbox Software
25/09/2006 21:49 <REP> Google
13/10/2006 15:19 <REP> Help
04/09/2006 16:25 <REP> Identities
22/07/2006 12:08 <REP> Microsoft
14/09/2006 17:49 <REP> Mozilla
08/12/2006 00:12 <REP> Paint.NET
22/07/2006 12:08 <REP> PowerCinema
15/11/2007 23:56 <REP> Share_Accelerator_MM
30/08/2006 16:22 218 112 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
22/07/2006 12:08 135 fusioncache.dat
22/07/2006 16:23 47 160 GDIPFONTCACHEV1.DAT
22/07/2006 12:08 6 362 026 IconCache.db
4 fichier(s) 6 627 433 octets
18 Rép(s) 11 671 179 264 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Documents and Settings\Propriétaire\Application Data

22/07/2006 16:18 <REP> .
22/07/2006 16:18 <REP> ..
07/10/2007 16:26 <REP> Intel
22/07/2006 16:18 <REP> You've Got Pictures Screensaver
0 fichier(s) 0 octets
4 Rép(s) 11 671 179 264 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

16/08/2004 18:16 <REP> .
16/08/2004 18:16 <REP> ..
22/07/2006 12:07 <REP> Identities
07/10/2007 16:25 <REP> Intel
22/07/2006 12:07 <REP> Macromedia
16/08/2004 18:16 <REP> Microsoft
22/07/2006 12:07 <REP> Real
22/07/2006 12:07 <REP> Sun
22/07/2006 12:07 <REP> Symantec
22/07/2006 12:07 <REP> You've Got Pictures Screensaver
16/08/2004 18:16 62 desktop.ini
1 fichier(s) 62 octets
10 Rép(s) 11 671 175 168 octets libres
Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

16/08/2004 18:16 <REP> .
16/08/2004 18:16 <REP> ..
22/07/2006 12:07 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142050}
22/07/2006 12:07 <REP> ApplicationHistory
16/08/2004 18:16 <REP> Microsoft
22/07/2006 12:07 <REP> PowerCinema
22/07/2006 12:07 135 fusioncache.dat
22/07/2006 12:07 2 687 222 IconCache.db
2 fichier(s) 2 687 357 octets
6 Rép(s) 11 671 175 168 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks


C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
s  €!×    " : C : \ P r o g r a m F i l e s \ A p p l e S o f t w a r e U p d a t e \ S o f t w a r e U p d a t e . e x e  - T a s k  S Y S T E M   0 Ö   "  

C:\WINDOWS\Tasks\HDReg.job
€ s   !  c : \ A p p s \ H D R e g \ H D R e g R e m . e x e  c : \ A p p s \ H D R e g \  P I N  

C:\WINDOWS\Tasks\Rappel
Rappel inexploitable


C:\WINDOWS\Tasks\Rappel
Rappel inexploitable

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C s'appelle disc
Le numéro de série du volume est B0E4-0458

Répertoire de C:\Program Files

20/11/2007 19:37 <REP> .
20/11/2007 19:37 <REP> ..
15/02/2006 19:11 <REP> Adobe
19/12/2006 14:47 <REP> Ahead
24/08/2006 15:32 <REP> Alwil Software
13/08/2007 17:44 <REP> AMT
14/09/2006 18:01 <REP> Apple Software Update
09/11/2007 21:09 <REP> Autodesk Architectural Desktop 2004
22/10/2006 13:37 <REP> Bibliorom_CD
20/11/2007 16:13 <REP> CCleaner
28/08/2006 19:45 <REP> Common Files
15/02/2006 19:04 <REP> CyberLink
02/10/2006 10:54 <REP> DAP
16/10/2007 20:57 <REP> DivX
16/10/2007 20:25 <REP> Easy WiFi Radar
19/11/2007 19:27 <REP> eMule
01/06/2007 12:22 <REP> EPSON
27/05/2007 13:46 <REP> ESET
09/11/2007 21:06 <REP> Fichiers communs
16/10/2007 21:08 <REP> Google
20/11/2007 16:34 <REP> Grisoft
22/10/2006 12:52 <REP> HiDownload
19/11/2007 19:28 <REP> inKline Global
07/10/2007 16:24 <REP> Intel
11/10/2007 00:16 <REP> Internet Explorer
15/02/2006 18:49 <REP> Java
16/10/2007 21:06 <REP> Lavasoft
15/02/2006 19:13 <REP> Learn2.com
28/08/2006 22:01 <REP> Macrogaming
16/10/2007 20:43 <REP> Metacafe
16/08/2004 18:11 <REP> microsoft frontpage
28/08/2006 19:31 <REP> Microsoft Office
22/10/2006 13:38 <REP> Microsoft Référence
16/08/2004 18:06 <REP> Movie Maker
15/10/2007 18:04 <REP> Mozilla Firefox
16/08/2004 18:03 <REP> MSN Gaming Zone
02/10/2007 18:30 <REP> MSN Messenger
18/11/2006 03:22 <REP> MSXML 4.0
09/10/2007 02:00 <REP> MSXML 6.0
16/08/2004 18:06 <REP> NetMeeting
16/08/2004 18:03 <REP> Online Services
16/06/2007 13:25 <REP> Outlook Express
11/12/2006 21:51 <REP> Rainlendar2
15/02/2006 19:06 <REP> Real
15/02/2006 18:48 <REP> Realtek
16/11/2007 16:41 <REP> RegCleaner
30/08/2007 19:19 <REP> Secured eMule
16/08/2004 18:07 <REP> Services en ligne
15/11/2007 23:56 <REP> Share_Accelerator_MM
30/08/2007 19:20 <REP> ShoppingReport
18/06/2007 19:04 <REP> Skype
26/07/2006 16:56 <REP> Sony Ericsson
05/09/2006 18:47 <REP> stickies
01/10/2006 17:57 3 889 824 SweetImSetup.exe
15/02/2006 18:36 <REP> Synaptics
20/11/2007 19:37 <REP> Trend Micro
29/08/2006 11:25 <REP> VDCodecPack3.4
19/11/2007 23:45 <REP> Video Add-on
04/12/2006 17:33 <REP> VideoLAN
15/02/2006 19:13 <REP> Viewpoint
20/10/2007 15:11 <REP> Winamp
16/10/2007 21:14 <REP> Windows Media Connect 2
16/12/2006 20:52 <REP> Windows Media Player
16/08/2004 18:03 <REP> Windows NT
28/08/2006 21:48 <REP> WinRAR
16/08/2004 18:11 <REP> xerox
1 fichier(s) 3 889 824 octets
65 Rép(s) 11 671 171 072 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
www.packardbell.com REG_NONE
www.packardbell.co.uk REG_NONE
www.packardbell.at REG_NONE
www.packardbell.dk REG_NONE
www.packardbell.fi REG_NONE
www.packardbell.fr REG_NONE
www.packardbell.de REG_NONE
www.packardbell.it REG_NONE
www.packardbell.no REG_NONE
www.packardbell.es REG_NONE
www.packardbell.se REG_NONE
www.packardbell.ch REG_NONE
www.canalplus.fr REG_BINARY
eu1.badoo.com REG_BINARY
www8.ratp.info REG_BINARY
zonenxt.msn-int.com REG_BINARY
zonenxt.msn-ppe.com REG_BINARY
zone.msn.com REG_BINARY

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.od2.com
<SANS NOM> REG_SZ 0

* Mozilla Firefox (1 autorisé 2 interdit)

---------- C:\DOCUMENTS AND SETTINGS\PIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IUUHHAGU.DEFAULT\HOSTPERM.1
host popup 1 webmessenger.msn.com
host popup 1 www.xtremeverbier.com

******************************************
## Registre

* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
Search Bar REG_SZ https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"


*************** Fin du rapport ****************






est-ce mauvais signe docteur?
Sinon mon fond d'écran rouge n'était plus la ce midi ms il est revenu ce soir
0
Réponse 7 / 26
Utilisateur anonyme
21 nov. 2007 à 20:08
cocher + fixer ces lignes.
https://leblogdeclaude.blogspot.com/2007/05/comment-utiliser-hijackthis-fixer.html
------------------------------------------------------------
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: MSVPS System - {9C985AC6-A138-4EAB-B10A-DC522F755146} - C:\WINDOWS\popnetdpt.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: The jokwmp - {D71F3444-606D-46EB-9ABE-DF80E5E9BF67} - C:\WINDOWS\jokwmp.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
Inconnu
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
Inconnu
O18 - Protocol: t-mobile - (no CLSID) - (no file)
O21 - SSODL: sapnet - {FF6C9F35-C22D-43B6-A399-0374AF11EC2E} - (no file)
Inconnu
O21 - SSODL: rmvgor - {CE7AEE4E-2130-4EF8-8B04-3B437490A6FB} - C:\WINDOWS\rmvgor.dll
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
-------------------------------------------------------------------------------------------------------------------------
fais ceci:
https://leblogdeclaude.blogspot.com/2007/03/informatique-procdure-navifix.html
postes le rapport
+ à la suite le rapport Hijackthis
----------------------------------------------------
conseil:
---------------------
il faudra changer tes habites sur le NET, tu te fais courir de sérieux problèmes....




0
Réponse 8 / 26
Tamarin
21 nov. 2007 à 21:09
Voila,
J'ai donc fixé les lignes que tu m'as conseillé et voici le premier rapport du programme Navilog1 :




Search Navipromo version 3.3.6 commencé le 21/11/2007 à 21:02:21,89

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 14.11.2007 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11


*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\PIN\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun fichier trouvé dans :

- C:\WINDOWS\system32
- C:\DOCUME~1\PIN\LOCALS~1\APPLIC~1



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans C:\DOCUME~1\PIN\LOCALS~1\APPLIC~1 *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :



3)Recherche Certificats :

Certificat Egroup absent !


*** Analyse terminée le 21/11/2007 à 21:03:20,17 ***





et voici celui de HijackThis effectué a la suite :




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:27, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: t-mobile - (no CLSID) - (no file)
O21 - SSODL: msmhost - {0E3C805D-021A-496B-A562-F3AA760B787B} - C:\WINDOWS\msmhost.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
0
Réponse 9 / 26
Tamarin
21 nov. 2007 à 21:14
et tu veux dire quoi par changer mes habitudes ??
0
Réponse 10 / 26
Utilisateur anonyme
22 nov. 2007 à 12:04
question ?
--------
tu utilise les caractères asiatiques sur ce PC ?
------------------------------------------------------------------------------------
et tu veux dire quoi par changer mes habitudes ??
réponse----->
En gros, fais gaffe où tu mets les pieds sur le Net.
Prend ça positivement comme un conseil.
Je ne vais pas ici te dire ce que tu dois faire ou pas.
Je vois qu'à travers tes rapports tu te fais prendre des risques inutiles et évitables.
Il faut se dire, que la majorité des virus arrivent par de mauvaises habitudes de surf !
Tu peux trés bien te prendre un virus , rien qu'en allant sur une page Internet...sans rien downloader !
A ce propos il faudra que tu changes d'antivirus.
Avast n'est pas assez réactif avec ces mises à jour. Il va te laisser passer des virus qui sont vieux de parfois plusieurs semaines !
Alors que les autres les détectent.
Je pense qui si tu continues dans le free, ANTIVIR serait un choix intelligent.

------------------------------------------------------------------------------------
Venons en au fait.
fixer et cocher
https://leblogdeclaude.blogspot.com/2007/05/comment-utiliser-hijackthis-fixer.html

-----------------------

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
----------------------------------------
Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau

Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de : ShoppingReport
- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.








0
Réponse 11 / 26
Tamarin
22 nov. 2007 à 19:49
salut,

Merci pour tes conseils, je vais tacher de les suivre. Sinon pour Antivir, dois-je désinstaller AVG antispyware ou est ce que je peux laisser tourner les deux?

Sinon j'ai fixé les ligne que tu m'as dit et fait la recherche avec AOD.

Voici le rapport :

22/11/2007 ---- 19:35:35,21

----------------------------------
§§§§§§ [ShoppingReport] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ProgID]
@="ShoppingReport.HbAx.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ToolboxBitmap32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll, 102"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\VersionIndependentProgID]
@="ShoppingReport.HbAx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\ProgID]
@="ShoppingReport.IEButtonA.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\VersionIndependentProgID]
@="ShoppingReport.IEButtonA"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID]
@="ShoppingReport.HbInfoBand.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionIndependentProgID]
@="ShoppingReport.HbInfoBand"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\ProgID]
@="ShoppingReport.IEButton.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\VersionIndependentProgID]
@="ShoppingReport.IEButton"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer]
@="ShoppingReport.HbAx.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer]
@="ShoppingReport.HbInfoBand.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer]
@="ShoppingReport.IEButton.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer]
@="ShoppingReport.IEButtonA.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl]
@="ShoppingReport"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer]
@="ShoppingReport.RprtCtrl.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1]
@="ShoppingReport"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0\win32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HELPDIR]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}]
"HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,204"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}]
"Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,203"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]
"HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,202"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]
"Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,201"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport]
"DisplayIcon"="C:\\Program Files\\ShoppingReport\\Uninst.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport]
"UninstallString"="C:\\Program Files\\ShoppingReport\\Uninst.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport]

[HKEY_USERS\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport]

[HKEY_USERS\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport]
"currentResDir"="C:\\Documents and Settings\\PIN\\Application Data\\ShoppingReport\\cs\\res2"

*******************
[Fichier]
*******************

c:\Documents and Settings\PIN\Application Data\ShoppingReport
c:\Program Files\ShoppingReport
c:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll


*********************
[Même date]
*********************

[R‚pertoire ] --- REP ---> C:\Program Files\Files



Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0
Réponse 12 / 26
Utilisateur anonyme
22 nov. 2007 à 22:00
Argh !
j'ai du pain sur la planche...je vais te faire un script pour The Avenger.
On va faire le ménage...
A demain
--------------------
pas de réponse à ceci:
question ?
--------
tu utilise les caractères asiatiques sur ce PC ?

-----------------
Sinon pour Antivir, dois-je désinstaller AVG antispyware ou est ce que je peux laisser tourner les deux?
les deux sont complémentaires.
Par contre désinstalles Avast (absolument !) pour installer Antivir.

0
Réponse 13 / 26
Tamarin
23 nov. 2007 à 17:34
Dsl,

je n'avais pas vu la question : Non je ne me souviens pas avoir utilisé de caractères asiatiques et je ne pense pas en avoir besoin dans le future.

En tou cas merci vraiment pour le temps que tu me consacres.


J'ai fais un scan avec Antivir, je te poste ci-dessous le rapport, s'ils peuvent t'être utile :




AntiVir PersonalEdition Classic
Report file date: jeudi 22 novembre 2007 20:16

Scanning for 940014 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: SAMPRAS

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 19:08:37
ANTIVIR3.VDF : 7.0.0.249 201216 Bytes 22/11/2007 19:08:37
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 22/11/2007 19:08:37
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 22 novembre 2007 20:16

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'livecall.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'MetacafeAgent.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'Rainlendar2.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'WLKEEPER.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HidService.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
46 processes with 46 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '22' files ).


Starting the file scan:

Begin scan in 'C:\' <disc>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\PIN\Local Settings\Temp\BIT1.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4799dd2b.qua'!
C:\Documents and Settings\PIN\Local Settings\Temp\BIT17.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4799dd34.qua'!
C:\Documents and Settings\PIN\Mes documents\My Completed Downloads\VideoAccessCodecInstall.exe
[DETECTION] Contains detection pattern of the dropper DR/Zlob.Gen
[INFO] The file was deleted!
C:\Program Files\ShoppingReport\Uninst.exe
[DETECTION] Contains detection pattern of the dropper DR/MartShop.2
[INFO] The file was moved to '47aee2c9.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP330\A0122160.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.9
[INFO] The file was moved to '4776e573.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP330\A0122171.inf
[DETECTION] Contains detection pattern of the VBS script virus VBS/IETitle.A
[INFO] The file was moved to '4776e578.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP332\A0122423.exe
[DETECTION] Contains detection pattern of the dropper DR/MartShop.2
[INFO] The file was moved to '4776e731.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: jeudi 22 novembre 2007 21:55
Used time: 1:38:49 min

The scan has been done completely.

6441 Scanning directories
177611 Files were scanned
7 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
6 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
177604 Files not concerned
6772 Archives were scanned
2 Warnings
0 Notes





Voila, A demain et merci encore!
0
Réponse 14 / 26
Utilisateur anonyme
24 nov. 2007 à 10:54
bien, tu as tes points de restauration qui sont inutilisables.
----------
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP330\A0122160.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.9
[INFO] The file was moved to '4776e573.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP330\A0122171.inf
[DETECTION] Contains detection pattern of the VBS script virus VBS/IETitle.A
[INFO] The file was moved to '4776e578.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP332\A0122423.exe
[DETECTION] Contains detection pattern of the dropper DR/MartShop.2
[INFO] The file was moved to '4776e731.qua'!
------------------------------
fais ceci:
http://www.commentcamarche.net/faq/sujet 5097 virus system volume information
-------------------------------------------
-------------------------------------------------------------------------------------
fais une sauvegarde de ta BDR.
https://leblogdeclaude.blogspot.com/2006/10/informatique-sauvegarde-de-la-base-de.html
--------------------------------------------------------------------------
ouvres notepad.exe
copie le texte en dessous (avec sélectionner le texte ctrl+c et ctrl+v pour le coller)
enregistre le texte sous fix.txt sur le bureau
------------------------------------------

registry keys to delete:
HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocSe rver32
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"
HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ProgID
@="ShoppingReport.HbAx.1"
HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ToolboxB itmap32
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll, 102"
HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\VersionI ndependentProgID
@="ShoppingReport.HbAx"
HKLM\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocSe rver32
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"
HKLM\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\ProgID
@="ShoppingReport.IEButtonA.1"
HKLM\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\VersionI ndependentProgID
@="ShoppingReport.IEButtonA"
HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocSe rver32
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"
HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID
@="ShoppingReport.HbInfoBand.1"
HKLM\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionI ndependentProgID
@="ShoppingReport.HbInfoBand"
HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocSe rver32
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"
HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\ProgID
@="ShoppingReport.IEButton.1"
HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\VersionI ndependentProgID
@="ShoppingReport.IEButton"
HKLM\SOFTWARE\Classes\ShoppingReport.HbAx
HKLM\SOFTWARE\Classes\ShoppingReport.HbAx\CLSID
HKLM\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer
HKLM\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer
@="ShoppingReport.HbAx.1"
HKLM\SOFTWARE\Classes\ShoppingReport.HbAx.1
HKLM\SOFTWARE\Classes\ShoppingReport.HbAx.1\CLSID
HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand
HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CLSID
HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer
HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer
@="ShoppingReport.HbInfoBand.1"
HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1
HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1\CLSID
HKLM\SOFTWARE\Classes\ShoppingReport.IEButton
HKLM\SOFTWARE\Classes\ShoppingReport.IEButton\CLSID
HKLM\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer
HKLM\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer
@="ShoppingReport.IEButton.1"
HKLM\SOFTWARE\Classes\ShoppingReport.IEButton.1
HKLM\SOFTWARE\Classes\ShoppingReport.IEButton.1\CLSID
HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA
HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA\CLSID
HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer
HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer
@="ShoppingReport.IEButtonA.1"
HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA.1
HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA.1\CLSID
HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl
HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl
@="ShoppingReport"
HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CLSID
HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer
HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer
@="ShoppingReport.RprtCtrl.1"
HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1
HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1
@="ShoppingReport"
HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1\CLSID
HKLM\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\ win32
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\4"
HKLM\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HE LPDIR
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"
HKLM\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\ win32
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\3"
HKLM\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HE LPDIR
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"
HKLM\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0\ win32
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"
HKLM\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HE LPDIR
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}
"HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,204"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}
"Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,203"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
"HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,202"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
"Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,201"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
"DisplayIcon"="C:\\Program Files\\ShoppingReport\\Uninst.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
"UninstallString"="C:\\Program Files\\ShoppingReport\\Uninst.exe"
HKLM\SOFTWARE\ShoppingReport
HKU\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport
HKU\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport
"currentResDir"="C:\\Documents and Settings\\PIN\\Application Data\\ShoppingReport\\cs\\res2"

Files to Delete:
c:\Documents and Settings\PIN\Application Data\ShoppingReport
c:\Program Files\ShoppingReport
c:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll

------------------------------------------------------------------------------------------
ensuite,
Télécharge The Avenger (Swandog46) sur ton bureau
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/

* Clic droit sur Avenger.zip
* Extrais avenger.exe sur ton bureau (clic sur "extraire")
---------------------------------

lance The Avenger.
coche load script from file (lire un script à partir d'un fichier) recherche alors fix.txt qui est sur ton bureau.
Ensuite lance-le avec l'icone du feu vert.
copies le rapport




0
Réponse 15 / 26
Tamarin
24 nov. 2007 à 16:22
Holala beaucoup de problème cette après midi :

1/ Je n'ai pas d'onglet décurité dans les options de System Volume Information donc j'ai télécharger Security Configuration Manager de Microsoft pour rajoutter cet onglet afin de supprimer les 3 points de restauration de restaurations inutilisable que tu m'as dit. Le problème et qu'une foi le téléchargement effectué, on me dit de :

Lancez NTFS.EXE

-Dans le répertoire de décompression, sélectionnez SETUP.INF,click droit/Installer

-Un écran vous demande alors si vous souhaitez remplacer le fichier ESENT.DLL, refusez en cliquant sur NON POUR TOUS

Ne cliquez en aucun cas sur oui, pour remplacer les fichiers, vous prendrez le risque de rendre votre système instable!

-Redémarrer votre poste de travail

Sélectionnez à présent le fichier à sécuriser, click droit/Propriétés/Onglet sécurité, appliquez votre stratégie NTFS.


alors que dans mon document téléchargé, je n'ai pas le fichier SETUP.INF, j'ai les fichiers suivant :

-symbols
-immc (win32 cabinet sef-exctractor)
-mssce(archive winrar)
-mssce(mssce AXA)
-readme(txt)
-regsvr32(microsoft(C) reister Server de microsoft Corporation)
-scefiles(info de configuration)
-scesetup(info de conf)
-setup(info de conf).

J'ai extrait le fichier winrar dans un dossier mais le SETUP.INF n'est pas présent.

Donc je me retrouve coincé pr effacé les trois points restauration inutilisable.

J'ai vu qu'il existe une autre manip qui consiste à redémarer en mode sans échec mais je ne sais pas si je suis capable de passer par là.

Aurais-tu qqc à me conseiller?
-----------------------------------------------------------------------------------------------------------------------------------------------------------------


2/ Sinon j'ai quand meme téléchargé the Avenger mais il semble y avoir un probleme, des messages d'erreurs sont apparus.
Voici le rapport :

(le fichier créé s'appel error log)

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: @="ShoppingReport.HbAx.1


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll, 102


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: @="ShoppingReport.HbAx


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll


------------------------------------------------------------------------------------------------------------------------------------------------------------------

Donc au final j'ai pas trop géré la manip d'aujourd'hui et ça me fait chier! lol.

Merci encore pour tout et félicitation pour ton blog qui est une caverne d'Alibaba pour les novices!
0
Réponse 16 / 26
Utilisateur anonyme
24 nov. 2007 à 17:35
Bien,
tout d'abord, merci de ton appréciation sympa !
"Merci encore pour tout et félicitation pour ton blog qui est une caverne d'Alibaba pour les novices!"
--------------------------------------------------------------------
avec The Avenger rien de grave !
Mais je voudrais voir si tout est ok:
Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de : ShoppingReport
- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.
--------------------------------------
Donc je me retrouve coincé pour effacé les trois points restauration inutilisable.
télécharge ceci:
https://www.zebulon.fr/telechargements/utilitaires/systeme-utilitaires/restorwin.html




0
Réponse 17 / 26
tamarin
24 nov. 2007 à 20:22
bon,

Voici le rapport de OAD avant la suppression du point de registre :




24/11/2007 ---- 19:56:54,62

----------------------------------
§§§§§§ [ShoppingReport] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ProgID]
@="ShoppingReport.HbAx.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ToolboxBitmap32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll, 102"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\VersionIndependentProgID]
@="ShoppingReport.HbAx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\ProgID]
@="ShoppingReport.IEButtonA.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\VersionIndependentProgID]
@="ShoppingReport.IEButtonA"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID]
@="ShoppingReport.HbInfoBand.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionIndependentProgID]
@="ShoppingReport.HbInfoBand"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\ProgID]
@="ShoppingReport.IEButton.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\VersionIndependentProgID]
@="ShoppingReport.IEButton"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer]
@="ShoppingReport.HbAx.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer]
@="ShoppingReport.HbInfoBand.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer]
@="ShoppingReport.IEButton.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer]
@="ShoppingReport.IEButtonA.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl]
@="ShoppingReport"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer]
@="ShoppingReport.RprtCtrl.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1]
@="ShoppingReport"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0\win32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HELPDIR]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}]
"HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,204"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}]
"Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,203"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]
"HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,202"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]
"Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,201"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport]
"DisplayIcon"="C:\\Program Files\\ShoppingReport\\Uninst.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport]
"UninstallString"="C:\\Program Files\\ShoppingReport\\Uninst.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport]

[HKEY_USERS\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport]

[HKEY_USERS\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport]
"currentResDir"="C:\\Documents and Settings\\PIN\\Application Data\\ShoppingReport\\cs\\res2"

*******************
[Fichier]
*******************

c:\Documents and Settings\PIN\Application Data\ShoppingReport
c:\Program Files\ShoppingReport
c:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll


*********************
[Même date]
*********************

[R‚pertoire ] --- REP ---> C:\Program Files\Files



Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------




----------------------------------------------------------------------------------------------------------------------------------------------


J'ai ensuite supprimé le point de restoration qui se trouvais dans restorwin (j'espère avoir fait la bonne manip!) et refais un autre rapport OAD que voici :


24/11/2007 ---- 20:18:20,03

----------------------------------
§§§§§§ [ShoppingReport] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ProgID]
@="ShoppingReport.HbAx.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ToolboxBitmap32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll, 102"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\VersionIndependentProgID]
@="ShoppingReport.HbAx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\ProgID]
@="ShoppingReport.IEButtonA.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\VersionIndependentProgID]
@="ShoppingReport.IEButtonA"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID]
@="ShoppingReport.HbInfoBand.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionIndependentProgID]
@="ShoppingReport.HbInfoBand"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\ProgID]
@="ShoppingReport.IEButton.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\VersionIndependentProgID]
@="ShoppingReport.IEButton"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer]
@="ShoppingReport.HbAx.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer]
@="ShoppingReport.HbInfoBand.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer]
@="ShoppingReport.IEButton.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer]
@="ShoppingReport.IEButtonA.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl]
@="ShoppingReport"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer]
@="ShoppingReport.RprtCtrl.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1]
@="ShoppingReport"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0\win32]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HELPDIR]
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}]
"HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,204"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}]
"Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,203"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]
"HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,202"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]
"Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,201"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport]
"DisplayIcon"="C:\\Program Files\\ShoppingReport\\Uninst.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport]
"UninstallString"="C:\\Program Files\\ShoppingReport\\Uninst.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport]

[HKEY_USERS\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport]

[HKEY_USERS\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport]
"currentResDir"="C:\\Documents and Settings\\PIN\\Application Data\\ShoppingReport\\cs\\res2"

*******************
[Fichier]
*******************

c:\Documents and Settings\PIN\Application Data\ShoppingReport
c:\Program Files\ShoppingReport
c:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll


*********************
[Même date]
*********************

[R‚pertoire ] --- REP ---> C:\Program Files\Files



Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0
Réponse 18 / 26
tamarin
24 nov. 2007 à 20:32
Aïe je viens d'exporter une Base de registre pour la sauvegarder et j'ai voulu faire un test pr voir si tout va bien en l'important tout de suite. J'obtient un message d'erreur me disant : impossible d'importer ................. : toutes les données n'ont pas été inscrites correctement dans le registre. Certeaines clefs sont ouvertes par le système ou par d'autres processus.

J'en conclu que mes sauvegarde de Base de registre ne sont pas efficaces, que faire?
0
Réponse 19 / 26
Utilisateur anonyme
25 nov. 2007 à 10:29
pour exporter l'entièreté il faut que tu soit tout en haut de la BDR dans le panneau de droite.

--------------------------------------------------------------------------------------------------------------------------
Ce qui bien indiqué dans ma page:
https://leblogdeclaude.blogspot.com/2006/10/informatique-sauvegarde-de-la-base-de.html
la deuxième image.
http://photos1.blogger.com/blogger/8123/1999/1600/ici.2.jpg
-------------------------------------------------------------
pour le script, on dirait qu'il n'a pas été plus loin que les 5 premières lignes !
---------------------------------------------------------
refais ceci:
ouvres notepad.exe
copie le texte en dessous (avec sélectionner le texte ctrl+c et ctrl+v pour le coller)
enregistre le texte sous fix.txt sur le bureau (supprimes l'ancien script avant)

------------------------------------------------------------------------------------------------------------------------------

Files to Delete:
c:\Documents and Settings\PIN\Application Data\ShoppingReport
c:\Program Files\ShoppingReport
c:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll

registry keys to delete:
HKLM\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\ProgID
@="ShoppingReport.IEButtonA.1"
HKLM\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\VersionI ndependentProgID
@="ShoppingReport.IEButtonA"
HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocSe rver32
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"
HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID
@="ShoppingReport.HbInfoBand.1"
HKLM\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionI ndependentProgID
@="ShoppingReport.HbInfoBand"
HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocSe rver32
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"
HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\ProgID
@="ShoppingReport.IEButton.1"
HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\VersionI ndependentProgID
@="ShoppingReport.IEButton"
HKLM\SOFTWARE\Classes\ShoppingReport.HbAx
HKLM\SOFTWARE\Classes\ShoppingReport.HbAx\CLSID
HKLM\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer
HKLM\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer
@="ShoppingReport.HbAx.1"
HKLM\SOFTWARE\Classes\ShoppingReport.HbAx.1
HKLM\SOFTWARE\Classes\ShoppingReport.HbAx.1\CLSID
HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand
HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CLSID
HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer
HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer
@="ShoppingReport.HbInfoBand.1"
HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1
HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1\CLSID
HKLM\SOFTWARE\Classes\ShoppingReport.IEButton
HKLM\SOFTWARE\Classes\ShoppingReport.IEButton\CLSID
HKLM\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer
HKLM\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer
@="ShoppingReport.IEButton.1"
HKLM\SOFTWARE\Classes\ShoppingReport.IEButton.1
HKLM\SOFTWARE\Classes\ShoppingReport.IEButton.1\CLSID
HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA
HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA\CLSID
HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer
HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer
@="ShoppingReport.IEButtonA.1"
HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA.1
HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA.1\CLSID
HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl
HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl
@="ShoppingReport"
HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CLSID
HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer
HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer
@="ShoppingReport.RprtCtrl.1"
HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1
HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1
@="ShoppingReport"
HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1\CLSID
HKLM\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\ win32
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\4"
HKLM\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HE LPDIR
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"
HKLM\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\ win32
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll\\3"
HKLM\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HE LPDIR
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"
HKLM\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0\ win32
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll"
HKLM\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HE LPDIR
@="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}
"HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,204"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}
"Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,203"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
"HotIcon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,202"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
"Icon"="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll,201"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
"DisplayIcon"="C:\\Program Files\\ShoppingReport\\Uninst.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
"UninstallString"="C:\\Program Files\\ShoppingReport\\Uninst.exe"
HKLM\SOFTWARE\ShoppingReport
HKU\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport
HKU\S-1-5-21-39989766-2330583763-384686628-1006\Software\ShoppingReport
"currentResDir"="C:\\Documents and Settings\\PIN\\Application Data\\ShoppingReport\\cs\\res2"

-----------------------------------
lance The Avenger.
coche load script from file (lire un script à partir d'un fichier) recherche alors fix.txt qui est sur ton bureau.
Ensuite lance-le avec l'icone du feu vert.
copies le rapport
0
Réponse 20 / 26
tamarin
25 nov. 2007 à 11:28
salut,

pour ce qui est de la base de registre, les problèmes persistent lors de l'importation, meme si j'ai bien enregistrer en étant tout en haut à droite, poste de travail en surbrillance....

-------------------------------------------------------------------------------------------------------


Une erreur se produit encore lors de l'execution du script, rapport :

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: @="ShoppingReport.IEButtonA.1


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: @="ShoppingReport.IEButtonA


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: @="ShoppingReport.HbInfoBand.1


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: @="ShoppingReport.HbInfoBand


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: @="C:\\Program Files\\ShoppingReport\\Bin\\2.0.24\\ShoppingReport.dll


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: @="ShoppingReport.IEButton.1


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: @="ShoppingReport.IEButton


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: @="ShoppingReport.HbAx.1


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: @="ShoppingReport.HbInfoBand.1
0

Discussions similaires

Free : mon FreePlug classic est bloqué sur le voyant rouge
spark09 -
cc -

16 réponses
Que signifie cet emoji :3
Moi -
AssassinTourist -

2 réponses
Signification de " :3 "
blanchecanelle -
Pistounette -

5 réponses