en espérant que tout y est:
"Silent Runners.vbs", revision 33, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"internat.exe" = "internat.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"PCTVOICE" = "pctspk.exe" [empty string]
"Hcontrol" = "C:\WINNT\Hcontrol.exe" ["ASUSTeK COMPUTER INC."]
"NeroCheck" = "C:\WINNT\System32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"WinPatrol" = "C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" ["BillP Studios"]
"TrojanScanner" = "C:\Program Files\Trojan Remover\Trjscan.exe" ["Simply Super Software"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" [null data]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\winnt\downloaded program files\googletoolbar2.dll" ["Google Inc."]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = "PCTools Browser Monitor" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshellext.dll" ["RealNetworks"]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}" = "SpySubtract Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\interMute\SpySubtract\sshook.dll" ["InterMute, Inc."]
"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
"{EBDF1F20-C829-11D1-8233-0020AF3E97A6}" = "PDG Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\PDG3~1\contmenu.dll" [null data]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! draw32\DLLName = "draw32.dll" [** WMI GetObject error **]
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINNT\system32\AVASTSS.scr" ["ALWIL Software"]
Enabled Wallpaper and Active Desktop:
-------------------------------------
Active Desktop is enabled.
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINNT\Web\Wallpaper\fond ecran Martinique.jpg"
Startup items in "Administrateur" & "All Users" startup folders:
----------------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"InterVideo WinCinema Manager" -> shortcut to: "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [empty string]
"SpySubtract" -> shortcut to: "C:\Program Files\interMute\SpySubtract\SpySub.exe -autostart" ["InterMute, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 37
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
wat's up