[Résolu]Pop Up insupportable

[Mark]

Salut viruSick, Falkra

 

Je vois que tu es en ligne mais Falkra est absent pour le moment. Du 98, ça m'intéresse (nostalgie...).

 

Juste pour faire avancer avant que Falkra ne revienne :

 

Parle-nous de McAfee et BitDefender (antivirus installés) : as-tu tenté de désinstaller McAfee ? BitDefender est-il à jour et actif ?

~~~~~~~~~~~~~~~~

 

Tu peux également lancer HijackThis avec "Do a system scan only", puis coche la ligne suivante :

 

O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://directplugin.com/plugin/111748.exe

 

Ferme ton navigateur puis clique "Fix checked". Ferme HijackThis.

==========

==========

 

Le problème majeur avec 98 est sa stabilité... Possible que nous ne puissions pas le remettre en parfait état, mais on peut essayer de dégager l'infection.

 

Alors parle-nous de tes antivirus ; Falkra va revenir dès que possible.

 

@++

[Falkra]

Salut Qc001.

 

Moi?Installer le sponsor??JAMAIS DE LA VIE!!

C'est une moquerie publique! (ils ont dit que c'est un adware!!)

J'ai fait ce que tu m'as dit.

He, mollo amigo, je demande, voyant que MSNPlus est installé, c'est tout.

Je ne me moque pas.

 

La pus drole: C:\Program Files\FunWebProducts c'est pas un virus par exemple ca??

C'est une saleté d'adware, installée en tant que sponsor sans doute.

 

Vire aussi cette ligne via HijackThis (coche, et fais fix checked)

O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://directplugin.com/plugin/111748.exe

 

On va shooter quelques dossiers, dont ça, juste après.

[viruSick]

Bon alors j'ai fait ce que tu m'a dit et puis j'ai supprimé FunWebProducts..

Desole mais je criais pas contre toi mais je me moquais du sponsor..

Par la suite, je te donne le nom de tous les dossiers de Program Files:

 

 

 

!$!$!$!$.mp2(DOSSIER/!\)

Acccessoires

Adaptec

Adobe

Akram Media Creator

Aliraid

ArcSoft

Bd

Borland

Chat

Cleanar

Common Files

Controle Parental

Core Design

Core FTP

Cresta

Crystal Button 2008

Crystal FTP Pro

Dap

Directx

EA SPORTS

EasyPHP 2.0b1

Fc

Fichiers communs

FirstClass

FrontPageExpress

Frx

Game Vision

Google

Hewlett-Packard

Hotelguide Europe (Douteux, non??)

InstallShield Installation Information (caché)

Internet Explorer

Inventel

Java

Logitech

Macromedia

MAflights

McAfee

Messager Wanadoo

MessengerPlus3

Microsoft FrontPage

Microsoft Hardware

Microsoft Office

Microsoft Picture It! PhotoPub

Microsoft Référence Microsoft Visual Studio

Mijuice Media Player

Mp3

MSN Games

MSN Messenger

Mvm

mysql5.0.51b

NetMeeting

Netscape

Nikon

Notepad++

OfficeUpdate

Oracle

Outlook Express

Photoed

Photolmpact SE

Plus!

PopCap Games

Publication Web

QMgr (Caché)

QuickTime

Real

Sagem

Securitoo

Services en ligne

ShopperReports (douteux, non??)

Snapshot Viewer

Softex

SoftKey

Softwin

SuperLink

Symantec (version supprimée de Norton)

Trend Micro (HijackThis)

TryMedia (??)

Uninstall Information

USB MEMORY BAR

Via

VIA Technologies, Inc

VideoLAN

ViewLAN

Viewpoint

Visicom Media

Voila

wamp (PHP -- Apache -- MySQL---...)

Wanadoo

Web Publish

Webteh

Winamp

Window~1

Windows Media Player

Windows Messaging

WindowsUpdate

WinRAR

Yahoo!

ZAP Picture Browzer

[viruSick]

En ce qui concerne les Antivirus....

 

McAfee est un antivirus que mon père a installé sur l'ordi il y a 8 ans..Il ne se met pas à jour je veux le désinstaller mais je ne trouve pas le temps, ou j'oublie tout le temps....comme je l'ai supprimé du "démarrage" et je ne le vois pas..

Bitdefender 8 c'est l'antivirus que j'ai installé cet été étant LE SEUL qui peut rouler sur cette machine antique sans la ralentir enormement....je le met chaque 3 heures à jour..j'ai voulu installé le 10, mais le programme d'installation s'ouvre(Processus) mais refuse de s'afficher....

J'attend ta réponse..

[Falkra]

Si McAfee ne se met pas à jour, il ne sert plus à rien.

Mais ta bécane a vraiment 15 ans, et c'est vraiment 8 ans, ou c'est pour dire "il y a longtemps" ?

 

Dans ton program files, il y a viewpoint à virer, mais essaie d'abord de le désinstaller par ajout/suppression de programmes, c'est plus clean.

[viruSick]

Merci, j'ai supprimé mcafee et viewpoint..mon ordi marche "un peu" plus rapidement. quant à ShopperReports et Hotelguide Europe ??

 

PS: J'imagine ou le sujet a été fermé et un nouveau post annoncant que zebulon ne resoud plus les problemes de Win 98 ??

En tout cas peu importe car maintenant il est ouvert..

 

PS 2: en vrai l'ordi il aura 18 ans en fevrier prochain..Il n'a été formatté qu'une seule fois il y a environ 13/14 ans..(les jours du Win95)

Il a changé de Windows 95 a Win 98 sans formattage.

et c'est bien McAfee Version 2000 (il y a 8ans bref!)

Modifié le 27 juillet 2008 par viruSick

[viruSick]

voila un nouveau rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:15:30, on 10/07/08

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS.000\SYSTEM\KERNEL32.DLL

C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE

C:\WINDOWS.000\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE

C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE

C:\PROGRAM FILES\MESSENGERPLUS! 3\MSGPLUS.EXE

C:\WINDOWS.000\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDNAGENT.EXE

C:\WINDOWS.000\SYSTEM\WMIEXE.EXE

C:\WINDOWS.000\SYSTEM\DDHELP.EXE

C:\WINDOWS.000\EXPLORER.EXE

C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE

C:\WINDOWS.000\LOADQM.EXE

C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDMCON.EXE

C:\WINDOWS.000\TASKMON.EXE

C:\WINDOWS.000\SYSTEM\HPZTSB04.EXE

C:\WINDOWS.000\SYSTEM\LVCOMS.EXE

C:\WINDOWS.000\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\MESSAGER WANADOO\STARTMESSAGER.EXE

C:\WINDOWS.000\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\SOFTEX\WINROUTE\WINROUTE.EXE

C:\PROGRAM FILES\WINAMP\WINAMPA.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME DEVICES\SIDEWINDER GDP.EXE

C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE

C:\PROGRAM FILES\WANADOO\GESTIONNAIREINTERNET.EXE

C:\PROGRAM FILES\WANADOO\COMCOMP.EXE

C:\PROGRAM FILES\WANADOO\POLLINGMODULE.EXE

C:\WINDOWS.000\SYSTEM\TAPISRV.EXE

C:\WINDOWS.000\SYSTEM\RNAAPP.EXE

C:\PROGRAM FILES\WANADOO\WATCH.EXE

C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer 6

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~2.DLL

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS.000\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS.000\SYSTEM\hpztsb04.exe

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS.000\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVComs] C:\WINDOWS.000\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS.000\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [AlogServEXE] C:\Program Files\McAfee\McAfee VirusScan\AlogServ.exe

O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\McAfee\McAfee VirusScan\avconsol.exe /minimize

O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~2\StartMessager.exe Messager Wanadoo

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [winroute] C:\Program Files\Softex\winroute\winroute.exe

O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS.000\SYSTEM\GREENMK.exe

O4 - HKLM\..\Run: [OWCCardbusTray] ocbtray.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"

O4 - HKLM\..\RunServices: [bitDefender Communicator] "C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\\xcommsvr.exe"

O4 - HKLM\..\RunServices: [bitDefender Scan Server] "C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\\bdss.exe"

O4 - HKLM\..\RunServices: [bitDefender Live! Init] "C:\Program Files\Softwin\BitDefender8\bdinit.exe"

O4 - HKLM\..\RunServices: [Apache2.2] "C:\APPSERV\APACHE2.2\BIN\HTTPD.EXE" -n Apache2.2 -k runservice

O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\RunServices: [VsecomrEXE] C:\Program Files\McAfee\McAfee VirusScan\VSEcomR.EXE

O4 - HKLM\..\RunServices: [VsStatEXE] C:\Program Files\McAfee\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRAM FILES\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKUS\.DEFAULT\..\Run: [WEBCAMRT.EXE] (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [WOOKIT] C:\PROGRAM FILES\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx (User 'Default user')

O4 - .DEFAULT Startup: Assistant de configuration de manette de jeu SideWinder.lnk = C:\Program Files\Microsoft Hardware\Game Devices\SideWinder GDP.exe (User 'Default user')

O4 - Startup: Assistant de configuration de manette de jeu SideWinder.lnk = C:\Program Files\Microsoft Hardware\Game Devices\SideWinder GDP.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS.000\SYSTEM\Shdocvw.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_11\BIN\SSV.DLL

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_11\BIN\SSV.DLL

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS.000\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS.000\bdoscandel.exe

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_ansi.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

 

--

End of file - 9125 bytes

[Falkra]

PS 2: en vrai l'ordi il aura 18 ans en fevrier prochain..Il n'a été formatté qu'une seule fois il y a environ 13/14 ans..(les jours du Win95)

Il a changé de Windows 95 a Win 98 sans formattage.

et c'est bien McAfee Version 2000 (il y a 8ans bref!)

Début 90, mais attends, j'ai commencé en 97 sur un 233 MMX, alors il y a 18 ans, on était au 80486 25 Mhz, vous l'avez fait évoluer, sinon win98 ne tuornerait pas.

 

Win98 ou pas, on va te dépatouiller de ça, mais c'est vrai que win98 bloque énormément de choses et ne garantit aucune sécurité par la suite, une réinfection sera facile (éviter les sites XXX, porno, cracks*, etc...). Je dis ça de manière générale.

 

 

Shopper Reports est bien un adware, il faudra le virer, mais attends, on va essayer un truc.

Lance hijackThis et clique sur le bouton "Open the misc tools section".

clique sur "generate startup list", valide avec oui et ça ouvre le bloc notes, poste ce rapport.

Clique ensuite sur "Open uninstall manager" et ça fait la liste des programmes à désinstaller, et clique sur save list, en bas sur la droite, et choisis un emplacement pour sauvegarder un fichier texte.

Poste aussi son contenu dans une de tes prochaines réponses (tu peux faire un 2eme post).

[viruSick]

Bon je croyais que la "startup list" etait si compliquée à analyser..mais bon, je te la passe(apres avoir coché les deux cases pour completer le scan)

 

StartupList report, 10/07/08, 22:24:20

StartupList version: 1.52.2

Started from : C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

Detected: Windows 98 SE (Win9x 4.10.2222A)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS.000\SYSTEM\KERNEL32.DLL

C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE

C:\WINDOWS.000\SYSTEM\SPOOL32.EXE

C:\WINDOWS.000\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE

C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE

C:\PROGRAM FILES\MESSENGERPLUS! 3\MSGPLUS.EXE

C:\WINDOWS.000\SYSTEM\mmtask.tsk

C:\WINDOWS.000\EXPLORER.EXE

C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE

C:\WINDOWS.000\LOADQM.EXE

C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDNAGENT.EXE

C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDMCON.EXE

C:\WINDOWS.000\TASKMON.EXE

C:\WINDOWS.000\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS.000\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\EASYPHP 2.0B1\EASYPHP.EXE

C:\PROGRAM FILES\EASYPHP 2.0B1\APACHE\BIN\APACHE.EXE

C:\WINDOWS.000\SYSTEM\WINOA386.MOD

C:\PROGRAM FILES\EASYPHP 2.0B1\MYSQL\BIN\MYSQLD.EXE

C:\PROGRAM FILES\EASYPHP 2.0B1\APACHE\BIN\APACHE.EXE

C:\PROGRAM FILES\NOTEPAD++\NOTEPAD++.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS.000\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\WINDOWS.000\Menu Démarrer\Programmes\Démarrage]

Assistant de configuration de manette de jeu SideWinder.lnk = C:\Program Files\Microsoft Hardware\Game Devices\SideWinder GDP.exe

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\WINDOWS.000\All users\Menu Démarrer\Programmes\Démarrage]

*No files*

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

SystemTray = SysTray.Exe

LoadQM = loadqm.exe

BDNewsAgent = "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"

BDMCon = "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"

ScanRegistry = C:\WINDOWS.000\scanregw.exe /autorun

TaskMonitor = C:\WINDOWS.000\taskmon.exe

HPDJ Taskbar Utility = C:\WINDOWS.000\SYSTEM\hpztsb04.exe

DXM6Patch_981116 = C:\WINDOWS.000\p_981116.exe /Q:A

LVComs = C:\WINDOWS.000\SYSTEM\LVComS.exe

StillImageMonitor = C:\WINDOWS.000\SYSTEM\STIMON.EXE

AlogServEXE = C:\Program Files\McAfee\McAfee VirusScan\AlogServ.exe

AvconsoleEXE = C:\Program Files\McAfee\McAfee VirusScan\avconsol.exe /minimize

MessagerStarter Wanadoo = C:\PROGRA~1\MESSAG~2\StartMessager.exe Messager Wanadoo

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

winroute = C:\Program Files\Softex\winroute\winroute.exe

ALiUSBfix = C:\WINDOWS.000\SYSTEM\GREENMK.exe

OWCCardbusTray = ocbtray.exe

WOOWATCH = C:\PROGRA~1\WANADOO\Watch.exe

WOOTASKBARICON = C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe

WinampAgent = "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

BitDefender Communicator = "C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\\xcommsvr.exe"

BitDefender Scan Server = "C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\\bdss.exe"

BitDefender Live! Init = "C:\Program Files\Softwin\BitDefender8\bdinit.exe"

Apache2.2 = "C:\APPSERV\APACHE2.2\BIN\HTTPD.EXE" -n Apache2.2 -k runservice

MessengerPlus3 = "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

VsecomrEXE = C:\Program Files\McAfee\McAfee VirusScan\VSEcomR.EXE

VsStatEXE = C:\Program Files\McAfee\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

WEBCAMRT.EXE =

WOOKIT = C:\PROGRAM FILES\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS.000\SYSTEM\MSHTA.EXE "%1" %*

 

--------------------------------------------------

 

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

 

(Default) = C:\WINDOWS.000\NOTEPAD.EXE %1

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[setupcPerUser] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS.000\INF\setupc.inf

 

[AppletsPerUser] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS.000\INF\applets.inf

 

[FontsPerUser] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS.000\INF\fonts.inf

 

[{5A8D6EE0-3E18-11D0-821E-444553540000}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS.000\INF\icw.inf,PerUserStub,,36

 

[PerUser_ICW_Inis] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS.000\INF\icw97.inf

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

 

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS.000\SYSTEM\ie4uinit.inf,Shell.UserStub,,36

 

[>PerUser_MSN_Clean] *

StubPath = C:\WINDOWS.000\msnmgsr1.exe

 

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *

StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

 

[PerUser_Msinfo] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS.000\INF\msinfo.inf

 

[PerUser_Msinfo2] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS.000\INF\msinfo.inf

 

[MotownMmsysPerUser] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS.000\INF\motown.inf

 

[MotownAvivideoPerUser] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS.000\INF\motown.inf

 

[MmoptPreferredAudioDevices] *

StubPath = rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,@0,SUSB\VID_054C&PID_00C0&MI_01\1USB&VID_054C&PID_00C0&INST_0

 

[MotownMPlayPerUser] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS.000\INF\mplay98.inf

 

[PerUser_Base] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS.000\INF\msmail.inf

 

[shellPerUser] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS.000\INF\shell.inf

 

[shell2PerUser] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS.000\INF\shell2.inf

 

[PerUser_winbase_Links] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS.000\INF\subase.inf

 

[PerUser_winapps_Links] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS.000\INF\subase.inf

 

[PerUser_LinkBar_URLs] *

StubPath = C:\WINDOWS.000\COMMAND\sulfnbk.exe /L

 

[TapiPerUser] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS.000\INF\tapi.inf

 

[{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS.000\INF\webfdr16.inf,PerUserStub.Install,1

 

[PerUserOldLinks] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS.000\INF\appletpp.inf

 

[MmoptRegisterPerUser] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS.000\INF\mmopt.inf

 

[OlsPerUser] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS.000\INF\ols.inf

 

[OlsMsnPerUser] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS.000\INF\ols.inf

 

[PerUser_Paint_Inis] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS.000\INF\applets.inf

 

[PerUser_Calc_Inis] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS.000\INF\applets.inf

 

[PerUser_CVT_Inis] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS.000\INF\applets1.inf

 

[MotownRecPerUser] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS.000\INF\motown.inf

 

[PerUser_Vol] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS.000\INF\motown.inf

 

[PerUser_MSWordPad_Inis] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS.000\INF\wordpad.inf

 

[PerUser_RNA_Inis] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS.000\INF\rna.inf

 

[PerUser_Dialer_Inis] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS.000\INF\appletpp.inf

 

[PerUser_CDPlayer_Inis] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS.000\INF\mmopt.inf

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS.000\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

 

[OlsAolPerUser] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS.000\INF\ols.inf

 

[OlsFTPerUser] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection OlsFTPerUser 64 C:\WINDOWS.000\INF\ols.inf

 

[OlsCompuservePerUser] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 C:\WINDOWS.000\INF\ols.inf

 

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *

StubPath = C:\WINDOWS.000\SYSTEM\updcrl.exe -e -u C:\WINDOWS.000\SYSTEM\verisignpub1.crl

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS.000\INF\wpie5x86.inf,PerUserStub

 

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS.000\INF\wmp.inf,PerUserStub

 

[Theme_Windows_PerUser] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 C:\WINDOWS.000\INF\themes.inf

 

[Theme_MoreWindows_PerUser] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 C:\WINDOWS.000\INF\themes.inf

 

[PerUser_DCC_Inis] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 C:\WINDOWS.000\INF\rna.inf

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *

StubPath = C:\WINDOWS.000\inf\unregmp2.exe /ShowWMP

 

[PerUser_Wingames_Inis] *

StubPath = rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS.000\INF\appletpp.inf

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*Registry key not found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS.000\WIN.INI:

 

load=

run=

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS.000\SYSTEM.INI:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\Program Files\McAfee\McAfee VirusScan\SCRSCAN.EXE

drivers=mmsystem.dll power.drv

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS.000\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS.000\Explorer\Explorer.exe: not present

C:\WINDOWS.000\System\Explorer.exe: not present

C:\WINDOWS.000\System32\Explorer.exe: not present

C:\WINDOWS.000\Command\Explorer.exe: not present

C:\WINDOWS.000\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

C:\WINDOWS.000\WININIT.INI listing:

 

*File not found*

 

--------------------------------------------------

 

C:\WINDOWS.000\WININIT.BAK listing:

(Created 10/7/2008, 19:29:50)

 

[rename]

NUL=C:\PROGRA~1\GLOBAL~1\CUTEFT~1\CUTESH~1.DLL

NUL=C:\PROGRA~1\GLOBAL~1\CUTEFT~1\

NUL=C:\PROGRA~1\GLOBAL~1\

 

--------------------------------------------------

 

C:\AUTOEXEC.BAT listing:

 

SET PATH=%PATH%;C:\WINDOWS.000\Twain_32\Scanwiz;C:\WINDOWS.000\Twain\Scanwiz

mode con codepage prepare=((850) C:\WINDOWS.000\COMMAND\ega.cpi)

mode con codepage select=850

keyb fr,,C:\WINDOWS.000\COMMAND\keyboard.sys

SET PATH=%PATH%;C:\APPSERV\APACHE2.2\BIN

SET PATH=%PATH%;C:\APPSERV\MYSQL\BIN

 

--------------------------------------------------

 

C:\CONFIG.SYS listing:

 

DEVICE=C:\SAMSUNG\SSCDROM.SYS /D:SSCD000 /v

device=C:\WINDOWS.000\COMMAND\display.sys con=(ega,,1)

Country=033,850,C:\WINDOWS.000\COMMAND\country.sys

 

--------------------------------------------------

 

C:\WINDOWS.000\WINSTART.BAT listing:

 

*File not found*

 

--------------------------------------------------

 

C:\WINDOWS.000\DOSSTART.BAT listing:

 

C:\WINDOWS.000\COMMAND\MSCDEX /D:SSCD000

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS.000

- .reg open command is normal (regedit.exe %1)

- Regedit.exe has no CompanyName property! It is either missing or named something else.

- Regedit.exe has no OriginalFilename property! It is either missing or named something else.

- Regedit.exe has no FileDescription property! It is either missing or named something else.

 

Registry check failed!

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

(no name) - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL - {02478D38-C3F9-4EFB-9B51-7695ECA05670}

(no name) - C:\PROGRAM FILES\ADOBE\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}

(no name) - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

*No jobs found*

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[Microsoft XML Parser for Java]

CODEBASE = file://C:\WINDOWS.000\Java\classes\xmldso4.cab

OSD = C:\WINDOWS.000\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

[DirectAnimation Java Classes]

CODEBASE = file://C:\WINDOWS.000\SYSTEM\dajava.cab

OSD = C:\WINDOWS.000\Downloaded Program Files\DirectAnimation Java Classes.osd

 

[internet Explorer Classes for Java]

CODEBASE = file://C:\WINDOWS.000\SYSTEM\iejava.cab

OSD = C:\WINDOWS.000\Downloaded Program Files\Internet Explorer Classes for Java.osd

 

[{32564D57-0000-0010-8000-00AA00389B71}]

CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab

 

[{00000075-9980-0010-8000-00AA00389B71}]

CODEBASE = http://codecs.microsoft.com/codecs/i386/voxacm.CAB

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS.000\SYSTEM\MACROMED\FLASH\FLASH9C.OCX

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

[{33564D57-9980-0010-8000-00AA00389B71}]

CODEBASE = http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab

 

[Java Plug-in 1.4.1_02]

InProcServer32 = C:\PROGRAM FILES\JAVA\JRE1.5.0_11\BIN\SSV.DLL

 

[{33564D57-0000-0010-8000-00AA00389B71}]

CODEBASE = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

 

[Java Plug-in 1.5.0_04]

InProcServer32 = C:\PROGRAM FILES\JAVA\JRE1.5.0_11\BIN\SSV.DLL

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

 

[YInstStarter Class]

InProcServer32 = C:\PROGRAM FILES\YAHOO!\COMMON\YINSTHELPER.DLL

CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll

 

[Java Plug-in 1.5.0_08]

InProcServer32 = C:\PROGRAM FILES\JAVA\JRE1.5.0_11\BIN\SSV.DLL

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

 

[MessengerStatsClient Class]

InProcServer32 = C:\WINDOWS.000\DOWNLOADED PROGRAM FILES\MESSENGERSTATSPACLIENT.DLL

CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

 

[Minesweeper Flags Class]

InProcServer32 = C:\WINDOWS.000\DOWNLOADED PROGRAM FILES\MINESWEEPER.DLL

CODEBASE = http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

 

[CKAVWebScan Object]

InProcServer32 = C:\WINDOWS.000\SYSTEM\KASPERSKY LAB\KASPERSKY ONLINE SCANNER\KAVWEBSCAN.DLL

CODEBASE = http://webscanner.kaspersky.fr/kavwebscan_ansi.cab

 

[Java Plug-in 1.5.0_11]

InProcServer32 = C:\PROGRAM FILES\JAVA\JRE1.5.0_11\BIN\SSV.DLL

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

 

[Java Plug-in 1.5.0_11]

InProcServer32 = C:\PROGRAM FILES\JAVA\JRE1.5.0_11\BIN\SSV.DLL

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

 

[Java Plug-in 1.5.0_11]

InProcServer32 = C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

 

[bDSCANONLINE Control]

InProcServer32 = C:\WINDOWS.000\DOWNLO~1\OSCAN8.OCX

CODEBASE = http://www.zebulon.fr/scan8/oscan8.cab

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\WINDOWS.000\SYSTEM\rnr20.dll

Protocol #1: C:\WINDOWS.000\SYSTEM\mswsosp.dll

Protocol #2: C:\WINDOWS.000\SYSTEM\msafd.dll

Protocol #3: C:\WINDOWS.000\SYSTEM\msafd.dll

Protocol #4: C:\WINDOWS.000\SYSTEM\msafd.dll

Protocol #5: C:\WINDOWS.000\SYSTEM\rsvpsp.dll

Protocol #6: C:\WINDOWS.000\SYSTEM\rsvpsp.dll

 

--------------------------------------------------

 

Enumerating Win9x VxD services:

 

VNETSUP: vnetsup.vxd

NDIS: ndis.vxd,ndis2sup.vxd

JAVASUP: JAVASUP.VXD

CONFIGMG: *CONFIGMG

NTKern: *NTKERN

VWIN32: *VWIN32

VFBACKUP: *VFBACKUP

VCOMM: *VCOMM

COMBUFF: *COMBUFF

IFSMGR: *IFSMGR

IOS: *IOS

MTRR: *mtrr

SPOOLER: *SPOOLER

UDF: *UDF

VFAT: *VFAT

VCACHE: *VCACHE

VCOND: *VCOND

VCDFSD: *VCDFSD

VXDLDR: *VXDLDR

VDEF: *VDEF

VPICD: *VPICD

VTD: *VTD

REBOOT: *REBOOT

VDMAD: *VDMAD

VSD: *VSD

V86MMGR: *V86MMGR

PAGESWAP: *PAGESWAP

DOSMGR: *DOSMGR

VMPOLL: *VMPOLL

SHELL: *SHELL

PARITY: *PARITY

BIOSXLAT: *BIOSXLAT

VMCPD: *VMCPD

VTDAPI: *VTDAPI

PERF: *PERF

VRTWD: C:\WINDOWS.000\SYSTEM\vrtwd.386

VFIXD: C:\WINDOWS.000\SYSTEM\vfixd.vxd

VNETBIOS: vnetbios.vxd

Hpziol00: *Hpziol00

VREDIR: vredir.vxd

DFS: dfs.vxd

NDISWAN: ndiswan.vxd

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

WebCheck: C:\WINDOWS.000\SYSTEM\WEBCHECK.DLL

 

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*Registry key not found*

 

--------------------------------------------------

 

End of report, 26 585 bytes

Report generated in 1,049 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

 

 

 

Adobe Acrobat 4.0, 5.0

Adobe Flash Player ActiveX

Adobe Shockwave Player

Akram Media Creator 1.11

ALi RAID Driver

ALi USB2.0 Driver

Arabic Language Support

Archiveur WinRAR

ArcSoft Panorama Maker 3

BitDefender 8 Free Edition

BSPlayer

Core FTP LE 2.1

Crystal Button 2008 InMotion! (v.3.2)

Download Accelerator Plus (DAP)

EasyPHP 2.0b1

Encyclopédie des Animaux

Gestionnaire Internet

Google Toolbar for Internet Explorer

HijackThis 2.0.2

hp deskjet 840c series

Insaniquarium Deluxe 1.0

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 4

J2SE Runtime Environment 5.0 Update 8

Japanese Language Support

Kaspersky Online Scanner

Logiciel de périphérique de jeu SideWinder

Messenger Plus! 3

Microsoft Internet Explorer 6 Service Pack 1 et Outils Internet

Microsoft Office 2000 Premium

Microsoft Office 97 Professional

Microsoft Outlook Express 6

Microsoft Web Publishing Wizard 1.6

Mise à jour système du Lecteur Windows Media (Série 9)

Mjuice Components

MSN Messenger 7.0

Notepad++

QuickTime

QuickTime for Windows (32-bit)

RealPlayer

Shockwave

The New World Order

USB Disk 2.0 Series Driver v1.18r004

USB MEMORY BAR Tool

USB MP3 Player WIN98 Drivers

VIA DMI

Winamp (remove only)

Winroute

Yahoo! Anti-Spy

Yahoo! Browser Services

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

Yahoo! Toolbar

ZAP Picture Browser

Zuma Deluxe 1.0

[Falkra]

Je regarde ça.

 

Est-ce que tu sais graver une image ISO pour faire un cd, puis utiliser un LiveCD (je demande car je ne vois pas de logiciel de gravure) ?