zegut

Bonsoir, Je vous explique ma situation ,je viens d'emménager il y a quelques jours dans un appartement pour quelques mois, j'ai demandé à l'une de mes voisines si elle aurait la gentillesse de partager sa connexion en échange d'une rétribution (financière) mensuelle. Bref, chose faite, elle m'a (très sympa) communiqué sa clef WEP, et je peux surfer, etc... J'en arrive à mon problème. J'ai voulu connecter la PS3 pour jouer à SoulCalibur V en ligne mais, lorsque je fais le scan, il ne trouve pas la box de ma voisine. Pourtant sur mon PC, dans la liste des box, je vois celle à laquelle je suis connecté. J'ai essayé IP manuelle, etc. J'ai même essayé en Ethernet, mais il n'identifie pas le réseau… Bref, j'ai besoin de toute votre science, merci à vous d'avance.

Bonsoir , oui en fait , j'ai explore.exe , firefox.exe , iexplore.exe qui sont à plus de 50000ko dans le gestionnaires des tâches mon pc fais un bruit sourd j'ai fais plusieurs scan en ligne utilisé adadware , spybot etc au moment ou je vous parle firefox est à 73600ko explore.exe 15840ko . Bref je ne trouve pas la solution pour sesser ou diminuer ces processus à part si je l'ai desactive "terminer processus " merci de me suivre.

Bonjour , Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 18:01:20, on 18/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\DEHFOS\Mes documents\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [Eval] "C:\Program Files\Phoenix Technologies\cME\RPro\Eval\Eval.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138202993687 O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 4532 bytes

Bonjour , j'ai des processus qui font grimper mon cpu j'ai tenté des scan en lignes + ad adware , spybot etc et rien de changer aidez moi svp !!!! J'ai le pc qui fais un bruit sourd merci de m'aider. AMD Atlon 2800 192mo de ram windows xp service pack 2 Log hijackthis. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 17:45:00, on 18/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\DEHFOS\Mes documents\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [Eval] "C:\Program Files\Phoenix Technologies\cME\RPro\Eval\Eval.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138202993687 O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 4532 bytes merci

J'ai bien installé des programmes , j'ai envie de dire comme tout le monde , ce je peux te dire c'est que j'ai les 2 processus explorer.exe et iexplore.exe qui me prennent une quantité énorme de mémoire au point que dès que j'allume le pc maintenant il fais un bruit énorme mais ça depuis un moment on dirai le ventilateur ! une fois que le bureau est affiché ça va a peu près mais c'est vraiment entre le démarrage et l'apparition du bureau que le tps est super long ,j'ai également dans mes logiciel une console de récupération appelé Phoenix Core Managed Environement et trés souvent celle-ci apparait au demarrage , je doit cliquer dessus pour refaire démarrer le pc et parfois lorsque je clique pour avoir ensuite la session windows j'ai l'écran noir figer et je suis obliger de couper l'alimentation et redemarrer ,j'espère être clair. Merci de m'aider dans mes galères. Le log obtenuWinPFind3 logfile created on: 25/09/2007 16:32:46 WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\DEHFOS\Bureau\WinPFind3u\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 7.0.5730.11) 191,48 Mb Total Physical Memory | 55,43 Mb Available Physical Memory | 28,95% Memory free 463,76 Mb Paging File | 230,74 Mb Available in Paging File | 49,75% Paging File free Paging file location(s): C:\pagefile.sys 0 0; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 65,92 Gb Total Space | 58,08 Gb Free Space | 88,11% Space Free D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: VOTRE-324AA4A56 Current User Name: DEHFOS Logged in as Administrator. Current Boot Mode: Normal [Processes - Non-Microsoft Only] avgnt.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.02.00.13 | Size = 249896 bytes | Modified Date = 11/09/2007 20:10:32 | Attr = ] avguard.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.81 | Size = 214056 bytes | Modified Date = 24/09/2007 19:47:42 | Attr = ] hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 19/02/2006 02:41:10 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ] sched.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 11/09/2007 20:10:32 | Attr = ] winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 | Attr = ] [Win32 Services - Non-Microsoft Only] (AntiVirScheduler) AntiVir PersonalEdition Classic Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 11/09/2007 20:10:32 | Attr = ] (AntiVirService) AntiVir PersonalEdition Classic Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.81 | Size = 214056 bytes | Modified Date = 24/09/2007 19:47:42 | Attr = ] (dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 19/08/2004 16:09:52 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 04:24:18 | Attr = ] (PhnxVCDService) Phoenix VCD Service [Win32_Own | Disabled | Stopped] -> %System32%\PhnxCDSvr.exe -> Phoenix Technologies Ltd. [Ver = 2.1.1.13 | Size = 49152 bytes | Modified Date = 21/07/2005 01:17:30 | Attr = R ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Stopped] -> -> File not found (WMConnectCDS) Service Windows Media Connect [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Windows Media Connect 2\wmccds.exe -> File not found [Registry - Non-Microsoft Only] < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AAWTray -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\AAWTray.exe -> File not found avgnt -> %ProgramFiles%\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.02.00.13 | Size = 249896 bytes | Modified Date = 11/09/2007 20:10:32 | Attr = ] HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 19/02/2006 02:41:10 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ] < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL -> Installed = 1 -> MAPI -> Installed = 1 -> MSFS -> Installed = 1 -> < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ccleaner -> %ProgramFiles%\CCleaner\ccleaner.exe -> Piriform Ltd [Ver = 1.41.0544 | Size = 598656 bytes | Modified Date = 13/07/2007 11:10:18 | Attr = ] < AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost -> -> < Internet Explorer Settings > -> -> HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome -> HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: Local Page -> C:\windows\system32\blank.htm -> HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home -> HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKCU: Local Page -> C:\windows\system32\blank.htm -> HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKCU: Start Page -> http://www.neufportail.fr/ -> HKCU: ProxyEnable -> 0 -> < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> msn.com [ - ] -> -> < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 04:16:42 | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [sSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ] < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found WebBrowser\\{965B54B0-71E0-4611-8DE7-F73FA0B20E26} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> File not found < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ] {85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {88317C58-0B89-4AEE-ACA6-ED4AD09D4599} -> (VIA Rhine II Fast Ethernet Adapter) -> < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp -> Reg Data - Key not found -> File not found msdaipp -> Reg Data - Key not found -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 -> {512FC5A1-7DE1-43F1-BC0C-371622FCB409} -> TotalScan Installer Class - CodeBase = http://www.nanoscan.com/as/v1/cabs/ascstubie.cab -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://www.update.microsoft.com/windowsupd...b?1190487864765 -> {8436FE12-31DB-48BF-83BF-FE682F9160B4} -> NanoInstaller Class - CodeBase = http://www.nanoscan.com/cabs/nanoinst.cab -> {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -> [Registry - Additional Scans - Non-Microsoft Only] < ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> -> {22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> -> {2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -> {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -> {44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT -> {5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -> {6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub -> {7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install -> {89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll -> {89820200-ECBD-11cf-8B85-00AA005B4383} -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -> {89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -> <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -> C:\WINDOWS\system32\ieudinit.exe -> >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP -> >{26923b43-4d38-484f-9b9e-de460746276c} -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig -> >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -> >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -> >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found -> .cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} -> .cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} -> .exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} -> .hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found -> .hta [@ = htafile] -> PersistentHandler = Reg Data - Key not found -> .html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} -> .inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found -> .pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found -> .reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found -> .txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found -> .vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found -> .wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found -> < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Service de transfert intelligent en arrière-plan -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfère des données entre les clients et les serveurs en tâche de fond. Si le service BITS est désactivé, les fonctionnalités telles que Windows Update ne fonctionneront pas correctement. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> Root\LEGACY_BITS00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Pare-feu Windows / Partage de connexion Internet -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1372 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\utorrent.exe -> C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\VideoLAN\VLC\vlc.exe -> C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:*:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> Root\LEGACY_SHAREDACCESS00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Active le téléchargement et l'installation des mises à jour Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité des mises à jour automatiques ou le site Windows Update. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> Root\LEGACY_WUAUSERV00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> < Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {0F9196C6-58B4-445B-B56E-B1200FECC151} -> Microsoft Bootvis -> {20D4A895-748C-4D88-871C-FDB1695B0169} -> Platform -> {20F0F67B-CB0F-4C85-B6F2-133D9CB70614} -> Samsung PC Studio -> {2376813B-2E5A-4641-B7B3-A0D5ADB55229} -> HPPhotoSmartExpress -> {3248F0A8-6813-11D6-A77B-00B0D0160020} -> Java 6 Update 2 -> {350C940c-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP -> {4EA684E9-5C81-4033-A696-3019EC57AC3A} -> HPProductAssistant -> {63569CE9-FA00-469C-AF5C-E5D4D93ACF91} -> Windows Genuine Advantage v1.3.0254.0 -> {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0 -> {90840409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Excel Viewer 2003 -> {9085040C-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Word Viewer 2003 -> {9541FED0-327F-4DF0-8B96-EF57EF622F19} -> Sonic RecordNow! Plus -> {97C82B44-D408-4F14-9252-47FC1636D23E}_is1 -> IZArc 3.81 -> {9B365D9D-C47D-458D-A46F-491A4B33EEAB} -> Phoenix Core Managed Environment (cME) -> {AC76BA86-7AD7-1036-7B44-A70900000002} -> Adobe Reader 7.0.9 - Français -> {BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1 -> ConvertXtoDVD 2.2.0.251 -> {BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} -> HP Software Update -> {BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C} -> HP Photosmart, Officejet and Deskjet 7.0.A -> {C151CE54-E7EA-4804-854B-F515368B0798} -> Athlon 64 Processor Driver -> {C4A4722E-79F9-417C-BD72-8D359A090C97} -> Samsung PC Studio -> {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 -> {D5ED6AD5-7A70-47EB-BF38-3A8BCDECA713} -> OTB -> {DBC20735-34E6-4E97-A9E5-2066B66B243D} -> TrayApp -> {EB21A812-671B-4D08-B974-2A347F0D8F70} -> HP Photosmart Essential -> {F157460F-720E-482f-8625-AD7843891E5F} -> InstantShareDevicesMFC -> AntiVir PersonalEdition Classic -> Avira AntiVir PersonalEdition Classic -> CCleaner -> CCleaner (remove only) -> HijackThis -> HijackThis 2.0.0 -> HP Imaging Device Functions -> HP Imaging Device Functions 7.0 -> HP Solution Center & Imaging Support Tools -> HP Solution Center 7.0 -> HPExtendedCapabilities -> HP Customer Participation Program 7.0 -> IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs -> ie7 -> Windows Internet Explorer 7 -> InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169} -> VIA Platform Device Manager -> InstallShield_{9B365D9D-C47D-458D-A46F-491A4B33EEAB} -> Phoenix Core Managed Environment (cME) -> KB928365.T1_1ToU569_1 -> Security Update pour Microsoft .NET Framework 2.0 (KB928365) -> KB937143-IE7 -> Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) -> KB938127-IE7 -> Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) -> M928366 -> Microsoft .NET Framework 1.1 Hotfix (KB928366) -> Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1 -> Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 -> NanoScan -> Panda NanoScan -> NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs -> S3 -> UniChrome Pro IGP Display Driver and Utilities -> SAMSUNG CDMA Modem -> SAMSUNG CDMA Modem Driver Set -> Samsung Mobile phone USB driver -> Samsung Mobile phone USB driver Software -> SAMSUNG Mobile USB Modem -> SAMSUNG Mobile USB Modem Software -> SAMSUNG Mobile USB Modem 1.0 -> SAMSUNG Mobile USB Modem 1.0 Software -> ShockwaveFlash -> Adobe Flash Player 9 ActiveX -> TotalScan -> Panda TotalScan -> uTorrent -> µTorrent -> VIA Vinyl Audio Codecs Driver Setup Program -> VIA Vinyl Audio Codecs Driver Setup Program -> VLC media player -> VideoLAN VLC media player 0.8.5 -> VTDisplay -> S3 S3Display -> VTGamma2 -> S3 S3Gamma2 -> VTInfo2 -> S3 S3Info2 -> VTOverlay -> S3 S3Overlay -> VTTrayPlus -> S3 S3TrayPlus -> WGA -> Windows Genuine Advantage Validation Tool (KB892130) -> WgaNotify -> Windows Genuine Advantage Notifications (KB905474) -> Windows Media Format Runtime -> Windows Media Format Runtime -> Windows Media Player -> Lecteur Windows Media 10 -> Xvid_is1 -> Xvid 1.1.2 final uninstall -> [Files/Folders - Created Within 60 days] 31.2.5144 -> %SystemDrive%\31.2.5144 -> [Folder | Created Date = 18/09/2007 18:29:25 | Attr = ] install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Created Date = 18/09/2007 20:00:38 | Attr = ] mes documents -> %SystemDrive%\mes documents -> [Folder | Created Date = 01/08/2007 14:32:34 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 23/09/2007 22:57:28 | Attr = HS] ToolsCleaner2 -> %SystemDrive%\ToolsCleaner2 -> [Folder | Created Date = 23/09/2007 22:07:03 | Attr = ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 07/09/2007 18:32:22 | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 07/09/2007 18:31:57 | Attr = H ] AU_Temp -> %SystemRoot%\AU_Temp -> [Folder | Created Date = 14/09/2007 18:01:06 | Attr = ] fllib.dll -> %SystemRoot%\fllib.dll -> [Ver = | Size = 20 bytes | Created Date = 16/09/2007 14:14:37 | Attr = ] hpoins11.dat -> %SystemRoot%\hpoins11.dat -> [Ver = | Size = 129249 bytes | Created Date = 05/08/2007 15:19:54 | Attr = ] hpoins11.dat.temp -> %SystemRoot%\hpoins11.dat.temp -> [Ver = | Size = 129223 bytes | Created Date = 05/08/2007 15:08:37 | Attr = ] hpomdl11.dat.temp -> %SystemRoot%\hpomdl11.dat.temp -> [Ver = | Size = 11634 bytes | Created Date = 05/08/2007 15:08:36 | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 07/09/2007 18:32:47 | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 09/09/2007 00:45:48 | Attr = ] iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Created Date = 16/09/2007 13:33:26 | Attr = ] LPT$VPN.719 -> %SystemRoot%\LPT$VPN.719 -> [Ver = | Size = 37121453 bytes | Created Date = 14/09/2007 18:03:13 | Attr = ] McAfee.com -> %SystemRoot%\McAfee.com -> [Folder | Created Date = 17/09/2007 22:54:19 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 07/09/2007 18:29:43 | Attr = ] PATCH.EXE -> %SystemRoot%\PATCH.EXE -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 286720 bytes | Created Date = 07/09/2007 18:00:14 | Attr = ] PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 02/08/2007 21:32:55 | Attr = H ] VPTNFILE.719 -> %SystemRoot%\VPTNFILE.719 -> [Ver = | Size = 37121453 bytes | Created Date = 14/09/2007 18:01:52 | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 07/09/2007 18:34:17 | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 94 bytes | Created Date = 03/09/2007 22:03:20 | Attr = ] Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [Ver = | Size = 242 bytes | Created Date = 19/09/2007 15:41:59 | Attr = ] ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 17/09/2007 21:53:29 | Attr = ] dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ] fr-fr -> %System32%\fr-fr -> [Folder | Created Date = 07/09/2007 18:34:16 | Attr = ] inetsrv -> %System32%\inetsrv -> [Folder | Created Date = 20/09/2007 17:04:45 | Attr = ] java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 17/09/2007 22:09:02 | Attr = ] javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Created Date = 17/09/2007 22:09:02 | Attr = ] javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 17/09/2007 22:09:02 | Attr = ] javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Created Date = 17/09/2007 22:09:02 | Attr = ] LogFiles -> %System32%\LogFiles -> [Folder | Created Date = 09/09/2007 22:20:17 | Attr = ] NtmsData -> %System32%\NtmsData -> [Folder | Created Date = 24/09/2007 14:30:27 | Attr = ] pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 17/09/2007 21:53:32 | Attr = ] Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ] Samsung_USB_Drivers -> %System32%\Samsung_USB_Drivers -> [Folder | Created Date = 03/09/2007 18:10:51 | Attr = ] SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ] swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ] swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ] swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2238 bytes | Created Date = 19/09/2007 19:43:11 | Attr = ] VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ] avgntdd.sys -> %System32%\drivers\avgntdd.sys -> AVIRA GmbH [Ver = 6.38.00.01 | Size = 40000 bytes | Created Date = 11/09/2007 18:14:20 | Attr = ] avgntmgr.sys -> %System32%\drivers\avgntmgr.sys -> AVIRA GmbH [Ver = 6.37.01.01 | Size = 14848 bytes | Created Date = 11/09/2007 18:14:20 | Attr = ] avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.11 | Size = 62016 bytes | Created Date = 11/09/2007 18:14:17 | Attr = ] fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 66336 bytes | Created Date = 06/09/2007 11:31:04 | Attr = HS] fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 1220 bytes | Created Date = 06/09/2007 11:31:04 | Attr = HS] fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 1824 bytes | Created Date = 06/09/2007 11:31:04 | Attr = HS] fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 1172 bytes | Created Date = 06/09/2007 11:31:04 | Attr = HS] ssmdrv.sys -> %System32%\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 11/09/2007 18:14:19 | Attr = ] ssm_bus.sys -> %System32%\drivers\ssm_bus.sys -> MCCI [Ver = V4.34 | Size = 58320 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ] ssm_cm.sys -> %System32%\drivers\ssm_cm.sys -> MCCI [Ver = V4.34 | Size = 6176 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ] ssm_cmnt.sys -> %System32%\drivers\ssm_cmnt.sys -> MCCI [Ver = V4.34 | Size = 6176 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ] ssm_mdfl.sys -> %System32%\drivers\ssm_mdfl.sys -> MCCI [Ver = V4.34 | Size = 8336 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ] ssm_mdm.sys -> %System32%\drivers\ssm_mdm.sys -> MCCI [Ver = V4.34 | Size = 94000 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ] ssm_wh.sys -> %System32%\drivers\ssm_wh.sys -> MCCI [Ver = V4.34 | Size = 5840 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ] ssm_whnt.sys -> %System32%\drivers\ssm_whnt.sys -> MCCI [Ver = V4.34 | Size = 5840 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ] StarOpen.sys -> %System32%\drivers\StarOpen.sys -> [Ver = | Size = 5632 bytes | Created Date = 03/09/2007 18:10:16 | Attr = ] hosts.20070919-162720.backup -> %System32%\drivers\etc\hosts.20070919-162720.backup -> [Ver = | Size = 734 bytes | Created Date = 19/09/2007 15:27:20 | Attr = ] AntiVir PersonalEdition Classic -> %AllUsersAppData%\AntiVir PersonalEdition Classic -> [Folder | Created Date = 11/09/2007 18:14:14 | Attr = ] Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 04/09/2007 22:07:31 | Attr = ] Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Created Date = 17/09/2007 23:33:21 | Attr = ] Kaspersky Lab Setup Files -> %AllUsersAppData%\Kaspersky Lab Setup Files -> [Folder | Created Date = 06/09/2007 11:24:13 | Attr = ] LauncherAccess.dt -> %AllUsersAppData%\LauncherAccess.dt -> [Ver = | Size = 0 bytes | Created Date = 03/09/2007 18:30:00 | Attr = ] Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 04/09/2007 22:08:18 | Attr = ] Samsung -> %UserAppData%\Samsung -> [Folder | Created Date = 03/09/2007 18:31:52 | Attr = ] Uniblue -> %UserAppData%\Uniblue -> [Folder | Created Date = 10/09/2007 18:54:44 | Attr = ] vlc -> %UserAppData%\vlc -> [Folder | Created Date = 03/08/2007 18:44:39 | Attr = ] {AC84089A-4614-4D65-9C7F-C70274C17586} -> %LocalAppData%\{AC84089A-4614-4D65-9C7F-C70274C17586} -> [Folder | Created Date = 05/09/2007 19:23:16 | Attr = ] Nouveau dossier -> %AllUsersDocuments%\Nouveau dossier -> [Folder | Created Date = 08/09/2007 23:44:39 | Attr = ] 10000.jpg -> %UserDocuments%\10000.jpg -> [Ver = | Size = 43530 bytes | Created Date = 03/09/2007 19:26:49 | Attr = ] ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe -> %UserDocuments%\ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe -> [Ver = | Size = 19142000 bytes | Created Date = 19/09/2007 14:44:29 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe:Zone.Identifier -> Amee..[JAM-HOT.com].wmv.torrent -> %UserDocuments%\Amee..[JAM-HOT.com].wmv.torrent -> [Ver = | Size = 17139 bytes | Created Date = 21/09/2007 22:09:12 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\Amee..[JAM-HOT.com].wmv.torrent:Zone.Identifier -> Babylon6_setup_eng_eng_oxford.exe -> %UserDocuments%\Babylon6_setup_eng_eng_oxford.exe -> [Ver = | Size = 13584608 bytes | Created Date = 19/09/2007 11:52:56 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\Babylon6_setup_eng_eng_oxford.exe:Zone.Identifier -> cv conseiller insertion Pro.rtf -> %UserDocuments%\cv conseiller insertion Pro.rtf -> [Ver = | Size = 3102 bytes | Created Date = 20/09/2007 12:21:23 | Attr = ] DSPP_CIP.doc -> %UserDocuments%\DSPP_CIP.doc -> [Ver = | Size = 144384 bytes | Created Date = 20/09/2007 18:23:56 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\DSPP_CIP.doc:Zone.Identifier -> formations_crp.pdf -> %UserDocuments%\formations_crp.pdf -> [Ver = | Size = 179530 bytes | Created Date = 16/09/2007 18:08:39 | Attr = ] funrecent.fmp -> %UserDocuments%\funrecent.fmp -> [Ver = | Size = 20 bytes | Created Date = 03/09/2007 18:43:29 | Attr = ] HiJackThis_v2.exe -> %UserDocuments%\HiJackThis_v2.exe -> Trend Micro Inc. [Ver = 2.00 | Size = 1308216 bytes | Created Date = 21/09/2007 20:47:52 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\HiJackThis_v2.exe:Zone.Identifier -> lettre conseil général.rtf -> %UserDocuments%\lettre conseil général.rtf -> [Ver = | Size = 1721 bytes | Created Date = 13/09/2007 17:09:35 | Attr = ] Masha..[JAM-HOT.com].avi.torrent -> %UserDocuments%\Masha..[JAM-HOT.com].avi.torrent -> [Ver = | Size = 15239 bytes | Created Date = 21/09/2007 22:08:15 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\Masha..[JAM-HOT.com].avi.torrent:Zone.Identifier -> MenuBorderTR.gif -> %UserDocuments%\MenuBorderTR.gif -> [Ver = | Size = 113 bytes | Created Date = 09/09/2007 13:42:11 | Attr = ] My Art -> %UserDocuments%\My Art -> [Folder | Created Date = 25/09/2007 12:25:51 | Attr = ] Samsung PC Studio -> %UserDocuments%\Samsung PC Studio -> [Folder | Created Date = 03/09/2007 18:08:44 | Attr = ] Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent -> %UserDocuments%\Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent -> [Ver = | Size = 14333 bytes | Created Date = 22/09/2007 20:53:16 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent:Zone.Identifier -> SP_A0163.jpg -> %UserDocuments%\SP_A0163.jpg -> [Ver = | Size = 17950 bytes | Created Date = 03/09/2007 19:34:37 | Attr = ] SP_A0164.jpg -> %UserDocuments%\SP_A0164.jpg -> [Ver = | Size = 16338 bytes | Created Date = 03/09/2007 19:34:47 | Attr = ] SP_A0166.jpg -> %UserDocuments%\SP_A0166.jpg -> [Ver = | Size = 17230 bytes | Created Date = 03/09/2007 19:31:21 | Attr = ] supp-dll-mémoire.reg -> %UserDocuments%\supp-dll-mémoire.reg -> [Ver = | Size = 115 bytes | Created Date = 17/09/2007 16:53:02 | Attr = ] Track 01.bin -> %UserDocuments%\Track 01.bin -> [Ver = | Size = 529849152 bytes | Created Date = 02/09/2007 14:26:45 | Attr = ] tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe -> %UserDocuments%\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe -> [Ver = 6.0.1.4 | Size = 6376978 bytes | Created Date = 16/09/2007 14:04:10 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe:Zone.Identifier -> txp4trial.exe -> %UserDocuments%\txp4trial.exe -> [Ver = 6.0.1.4 | Size = 6367757 bytes | Created Date = 16/09/2007 13:31:46 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\txp4trial.exe:Zone.Identifier -> [.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent -> %UserDocuments%\[.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent -> [Ver = | Size = 15141 bytes | Created Date = 21/09/2007 22:08:47 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\[.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent:Zone.Identifier -> HP Photosmart Essential.lnk -> %AllUsersDesktop%\HP Photosmart Essential.lnk -> [Ver = | Size = 1887 bytes | Created Date = 17/09/2007 16:33:42 | Attr = ] Multimedia manager.lnk -> %AllUsersDesktop%\Multimedia manager.lnk -> [Ver = | Size = 1805 bytes | Created Date = 03/09/2007 18:11:50 | Attr = ] Multimedia player.lnk -> %AllUsersDesktop%\Multimedia player.lnk -> [Ver = | Size = 1828 bytes | Created Date = 03/09/2007 18:11:50 | Attr = ] Samsung PC Studio 3.lnk -> %AllUsersDesktop%\Samsung PC Studio 3.lnk -> [Ver = | Size = 1765 bytes | Created Date = 03/09/2007 18:11:50 | Attr = ] 20070112093709031_Samsung_PC_Studio.exe -> %UserDesktop%\20070112093709031_Samsung_PC_Studio.exe -> [Ver = | Size = 57273968 bytes | Created Date = 03/09/2007 18:07:21 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\20070112093709031_Samsung_PC_Studio.exe:Zone.Identifier -> antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe -> %UserDesktop%\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe -> [Ver = | Size = 17180760 bytes | Created Date = 11/09/2007 18:13:13 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe:Zone.Identifier -> ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 21/09/2007 19:23:23 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier -> CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Created Date = 15/09/2007 11:59:58 | Attr = ] ccleaner_ccleaner_1.41.544_francais_14492.exe -> %UserDesktop%\ccleaner_ccleaner_1.41.544_francais_14492.exe -> Piriform Ltd [Ver = 1.41.0.544 | Size = 2720456 bytes | Created Date = 15/09/2007 11:59:15 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\ccleaner_ccleaner_1.41.544_francais_14492.exe:Zone.Identifier -> Diskeeper2007-Home.exe -> %UserDesktop%\Diskeeper2007-Home.exe -> Diskeeper Corporation [Ver = 11.0.709t | Size = 15087208 bytes | Created Date = 09/09/2007 18:34:53 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\Diskeeper2007-Home.exe:Zone.Identifier -> inland.empire.fr.dvdrip.torrent -> %UserDesktop%\inland.empire.fr.dvdrip.torrent -> [Ver = | Size = 38264 bytes | Created Date = 01/09/2007 13:13:12 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\inland.empire.fr.dvdrip.torrent:Zone.Identifier -> IZArc_Setup.exe -> %UserDesktop%\IZArc_Setup.exe -> IZSoftware [Ver = 3.81 Build 1550 | Size = 3723454 bytes | Created Date = 01/08/2007 14:16:39 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\IZArc_Setup.exe:Zone.Identifier -> La Môme.torrent -> %UserDesktop%\La Môme.torrent -> [Ver = | Size = 14246 bytes | Created Date = 17/08/2007 14:40:30 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\La Môme.torrent:Zone.Identifier -> Samsung_PC_Studio_311_FKB.exe -> %UserDesktop%\Samsung_PC_Studio_311_FKB.exe -> Macrovision Corporation [Ver = 10.50.132 | Size = 58032562 bytes | Created Date = 03/09/2007 18:07:55 | Attr = ] WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 25/09/2007 15:30:36 | Attr = ] winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Created Date = 25/09/2007 15:29:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier -> X86 -> %UserDesktop%\X86 -> [Folder | Created Date = 09/09/2007 18:35:15 | Attr = ] µTorrent.lnk -> %UserDesktop%\µTorrent.lnk -> [Ver = | Size = 630 bytes | Created Date = 12/08/2007 16:07:41 | Attr = ] HP -> %CommonProgramFiles%\HP -> [Folder | Created Date = 05/08/2007 15:27:48 | Attr = ] [Files/Folders - Modified Within 60 days] 31.2.5144 -> %SystemDrive%\31.2.5144 -> [Folder | Modified Date = 18/09/2007 19:29:26 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 216 bytes | Modified Date = 20/09/2007 18:12:26 | Attr = HS] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 19/09/2007 15:53:30 | Attr = ] install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Modified Date = 18/09/2007 21:00:42 | Attr = ] mes documents -> %SystemDrive%\mes documents -> [Folder | Modified Date = 09/09/2007 00:56:20 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 24/09/2007 20:39:36 | Attr = R ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 23/09/2007 23:57:30 | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 23/09/2007 23:46:14 | Attr = HS] ToolsCleaner2 -> %SystemDrive%\ToolsCleaner2 -> [Folder | Modified Date = 23/09/2007 23:59:46 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 25/09/2007 16:06:32 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 08/09/2007 22:33:40 | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 07/09/2007 19:32:24 | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 07/09/2007 19:31:58 | Attr = H ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 07/08/2007 21:38:08 | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 16/09/2007 15:08:54 | Attr = R S] AU_Backup -> %SystemRoot%\AU_Backup -> [Folder | Modified Date = 07/09/2007 19:04:46 | Attr = ] AU_Temp -> %SystemRoot%\AU_Temp -> [Folder | Modified Date = 14/09/2007 19:02:08 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 25/09/2007 16:05:04 | Attr = S] BPMNT.dll -> %SystemRoot%\BPMNT.dll -> Trend Micro Inc. [Ver = 8.000-1001 | Size = 86094 bytes | Modified Date = 14/09/2007 19:02:04 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 25/09/2007 16:06:32 | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 20/09/2007 17:06:16 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 23/09/2007 20:54:32 | Attr = S] fllib.dll -> %SystemRoot%\fllib.dll -> [Ver = | Size = 20 bytes | Modified Date = 16/09/2007 15:14:38 | Attr = ] GetServer.ini -> %SystemRoot%\GetServer.ini -> [Ver = | Size = 170 bytes | Modified Date = 14/09/2007 19:01:08 | Attr = ] hcextoutput.dll -> %SystemRoot%\hcextoutput.dll -> [Ver = | Size = 71749 bytes | Modified Date = 14/09/2007 19:02:06 | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 10/09/2007 20:13:00 | Attr = ] hpoins11.dat -> %SystemRoot%\hpoins11.dat -> [Ver = | Size = 129249 bytes | Modified Date = 05/08/2007 16:32:24 | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 07/09/2007 19:33:54 | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 09/09/2007 01:45:50 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 24/09/2007 21:26:06 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 24/09/2007 21:26:10 | Attr = HS] iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 16/09/2007 15:04:24 | Attr = ] LPT$VPN.719 -> %SystemRoot%\LPT$VPN.719 -> [Ver = | Size = 37121453 bytes | Modified Date = 14/09/2007 19:02:04 | Attr = ] McAfee.com -> %SystemRoot%\McAfee.com -> [Folder | Modified Date = 17/09/2007 23:54:20 | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 07/09/2007 19:34:10 | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 09/09/2007 19:52:24 | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 03/08/2007 14:20:52 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 07/09/2007 19:29:44 | Attr = ] PATCH.EXE -> %SystemRoot%\PATCH.EXE -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 286720 bytes | Modified Date = 14/09/2007 19:00:36 | Attr = ] PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 02/08/2007 22:32:56 | Attr = H ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 25/09/2007 16:25:10 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 09/09/2007 23:54:04 | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Modified Date = 03/08/2007 17:32:56 | Attr = ] report -> %SystemRoot%\report -> [Folder | Modified Date = 14/09/2007 19:03:52 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 07/08/2007 21:46:02 | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 03/08/2007 14:23:00 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 237 bytes | Modified Date = 20/09/2007 18:12:26 | Attr = ] system32 -> %System32% -> [Folder | Modified Date = 25/09/2007 16:14:36 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 19/09/2007 16:42:00 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 25/09/2007 16:18:16 | Attr = ] TMUPDATE.DLL -> %SystemRoot%\TMUPDATE.DLL -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 507904 bytes | Modified Date = 14/09/2007 19:00:38 | Attr = ] tsc.exe -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.3.0.1103 | Size = 267845 bytes | Modified Date = 14/09/2007 19:02:08 | Attr = ] tsc.ini -> %SystemRoot%\tsc.ini -> [Ver = | Size = 823 bytes | Modified Date = 14/09/2007 20:16:04 | Attr = ] tsc.ptn -> %SystemRoot%\tsc.ptn -> [Ver = | Size = 1871245 bytes | Modified Date = 14/09/2007 19:02:08 | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 16/09/2007 15:31:56 | Attr = ] UNZIP.DLL -> %SystemRoot%\UNZIP.DLL -> Trend Micro Inc. [Ver = 1.32.0.1000 | Size = 69689 bytes | Modified Date = 14/09/2007 19:00:36 | Attr = ] VPTNFILE.719 -> %SystemRoot%\VPTNFILE.719 -> [Ver = | Size = 37121453 bytes | Modified Date = 14/09/2007 19:02:04 | Attr = ] vsapi32.dll -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1163344 bytes | Modified Date = 14/09/2007 19:02:06 | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 07/09/2007 19:34:18 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 992 bytes | Modified Date = 20/09/2007 18:12:26 | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 94 bytes | Modified Date = 03/09/2007 23:03:22 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 09/09/2007 19:12:16 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 25/09/2007 16:05:10 | Attr = H ] Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [Ver = | Size = 242 bytes | Modified Date = 19/09/2007 16:42:28 | Attr = ] ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 20/09/2007 17:14:04 | Attr = ] CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 07/09/2007 19:31:28 | Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 24/09/2007 00:00:44 | Attr = ] config -> %System32%\config -> [Folder | Modified Date = 07/09/2007 19:34:28 | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Modified Date = 24/09/2007 00:02:26 | Attr = RHS] drivers -> %System32%\drivers -> [Folder | Modified Date = 24/09/2007 21:25:58 | Attr = ] fr-fr -> %System32%\fr-fr -> [Folder | Modified Date = 09/09/2007 01:47:12 | Attr = ] Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 17/09/2007 22:55:06 | Attr = ] imon1.dat -> %System32%\imon1.dat -> [Ver = | Size = 184 bytes | Modified Date = 22/08/2007 22:36:46 | Attr = ] inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 20/09/2007 18:04:46 | Attr = ] LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 09/09/2007 23:20:20 | Attr = ] Macromed -> %System32%\Macromed -> [Folder | Modified Date = 20/09/2007 17:17:02 | Attr = ] mui -> %System32%\mui -> [Folder | Modified Date = 16/09/2007 15:08:46 | Attr = ] NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 24/09/2007 15:31:06 | Attr = ] pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 17/09/2007 22:55:06 | Attr = ] perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 62344 bytes | Modified Date = 09/09/2007 19:13:36 | Attr = ] perfc00C.dat -> %System32%\perfc00C.dat -> [Ver = | Size = 75266 bytes | Modified Date = 09/09/2007 19:13:36 | Attr = ] perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 401064 bytes | Modified Date = 09/09/2007 19:13:36 | Attr = ] perfh00C.dat -> %System32%\perfh00C.dat -> [Ver = | Size = 468072 bytes | Modified Date = 09/09/2007 19:13:36 | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 980254 bytes | Modified Date = 09/09/2007 19:13:36 | Attr = ] Restore -> %System32%\Restore -> [Folder | Modified Date = 23/09/2007 23:46:14 | Attr = ] Samsung_USB_Drivers -> %System32%\Samsung_USB_Drivers -> [Folder | Modified Date = 03/09/2007 19:11:16 | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2238 bytes | Modified Date = 19/09/2007 21:00:52 | Attr = ] Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 17/09/2007 22:55:06 | Attr = ] VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 06/09/2007 00:22:24 | Attr = ] wbem -> %System32%\wbem -> [Folder | Modified Date = 07/08/2007 21:50:10 | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1374 bytes | Modified Date = 25/09/2007 16:06:36 | Attr = ] avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.11 | Size = 62016 bytes | Modified Date = 11/09/2007 20:10:42 | Attr = ] etc -> %System32%\drivers\etc -> [Folder | Modified Date = 19/09/2007 16:27:22 | Attr = ] fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 66336 bytes | Modified Date = 06/09/2007 12:49:00 | Attr = HS] fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 1220 bytes | Modified Date = 06/09/2007 12:40:06 | Attr = HS] fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 1824 bytes | Modified Date = 06/09/2007 12:47:32 | Attr = HS] fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 1172 bytes | Modified Date = 06/09/2007 12:40:06 | Attr = HS] sptd.sys -> %System32%\drivers\sptd.sys -> [Ver = | Size = 685816 bytes | Modified Date = 02/09/2007 15:11:20 | Attr = ] hosts.20070919-162720.backup -> %System32%\drivers\etc\hosts.20070919-162720.backup -> [Ver = | Size = 734 bytes | Modified Date = 18/09/2007 22:05:36 | Attr = ] AntiVir PersonalEdition Classic -> %AllUsersAppData%\AntiVir PersonalEdition Classic -> [Folder | Modified Date = 12/09/2007 19:14:46 | Attr = ] Google -> %AllUsersAppData%\Google -> [Folder | Modified Date = 07/09/2007 19:08:30 | Attr = ] Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 04/09/2007 23:07:32 | Attr = ] Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Modified Date = 18/09/2007 00:33:22 | Attr = ] Kaspersky Lab Setup Files -> %AllUsersAppData%\Kaspersky Lab Setup Files -> [Folder | Modified Date = 06/09/2007 12:24:14 | Attr = ] LauncherAccess.dt -> %AllUsersAppData%\LauncherAccess.dt -> [Ver = | Size = 0 bytes | Modified Date = 25/09/2007 13:25:34 | Attr = ] Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Modified Date = 02/08/2007 22:35:18 | Attr = ] Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 10/09/2007 20:11:54 | Attr = S] Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 19/09/2007 17:04:00 | Attr = ] dvdcss -> %UserAppData%\dvdcss -> [Folder | Modified Date = 12/08/2007 21:09:58 | Attr = ] Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 04/09/2007 23:08:20 | Attr = ] Image Zone Express -> %UserAppData%\Image Zone Express -> [Folder | Modified Date = 04/08/2007 14:16:44 | Attr = ] Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 24/09/2007 20:39:38 | Attr = S] Samsung -> %UserAppData%\Samsung -> [Folder | Modified Date = 03/09/2007 19:31:54 | Attr = ] Uniblue -> %UserAppData%\Uniblue -> [Folder | Modified Date = 10/09/2007 19:54:46 | Attr = ] uTorrent -> %UserAppData%\uTorrent -> [Folder | Modified Date = 24/09/2007 02:05:26 | Attr = ] vlc -> %UserAppData%\vlc -> [Folder | Modified Date = 03/08/2007 19:44:40 | Attr = ] Vso -> %UserAppData%\Vso -> [Folder | Modified Date = 02/09/2007 16:24:02 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 162304 bytes | Modified Date = 24/09/2007 02:01:24 | Attr = ] IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 6946184 bytes | Modified Date = 25/09/2007 14:24:18 | Attr = H ] Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 18/09/2007 18:25:08 | Attr = ] {AC84089A-4614-4D65-9C7F-C70274C17586} -> %LocalAppData%\{AC84089A-4614-4D65-9C7F-C70274C17586} -> [Folder | Modified Date = 05/09/2007 20:23:18 | Attr = ] Nouveau dossier -> %AllUsersDocuments%\Nouveau dossier -> [Folder | Modified Date = 09/09/2007 00:44:40 | Attr = ] ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe -> %UserDocuments%\ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe -> [Ver = | Size = 19142000 bytes | Modified Date = 19/09/2007 15:44:40 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe:Zone.Identifier -> Amee..[JAM-HOT.com].wmv.torrent -> %UserDocuments%\Amee..[JAM-HOT.com].wmv.torrent -> [Ver = | Size = 17139 bytes | Modified Date = 21/09/2007 23:09:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\Amee..[JAM-HOT.com].wmv.torrent:Zone.Identifier -> Babylon6_setup_eng_eng_oxford.exe -> %UserDocuments%\Babylon6_setup_eng_eng_oxford.exe -> [Ver = | Size = 13584608 bytes | Modified Date = 19/09/2007 12:53:10 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\Babylon6_setup_eng_eng_oxford.exe:Zone.Identifier -> ConvertXtoDVD -> %UserDocuments%\ConvertXtoDVD -> [Folder | Modified Date = 29/08/2007 19:08:58 | Attr = ] cv conseiller insertion Pro.rtf -> %UserDocuments%\cv conseiller insertion Pro.rtf -> [Ver = | Size = 3102 bytes | Modified Date = 25/09/2007 12:53:04 | Attr = ] desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 138 bytes | Modified Date = 07/09/2007 19:41:18 | Attr = HS] DSPP_CIP.doc -> %UserDocuments%\DSPP_CIP.doc -> [Ver = | Size = 144384 bytes | Modified Date = 20/09/2007 19:23:58 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\DSPP_CIP.doc:Zone.Identifier -> formations_crp.pdf -> %UserDocuments%\formations_crp.pdf -> [Ver = | Size = 179530 bytes | Modified Date = 16/09/2007 19:08:40 | Attr = ] funrecent.fmp -> %UserDocuments%\funrecent.fmp -> [Ver = | Size = 20 bytes | Modified Date = 03/09/2007 19:43:30 | Attr = ] HiJackThis_v2.exe -> %UserDocuments%\HiJackThis_v2.exe -> Trend Micro Inc. [Ver = 2.00 | Size = 1308216 bytes | Modified Date = 21/09/2007 21:48:16 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\HiJackThis_v2.exe:Zone.Identifier -> lettre conseil général.rtf -> %UserDocuments%\lettre conseil général.rtf -> [Ver = | Size = 1721 bytes | Modified Date = 13/09/2007 18:09:36 | Attr = ] lettre conseiller.doc.rtf -> %UserDocuments%\lettre conseiller.doc.rtf -> [Ver = | Size = 2311 bytes | Modified Date = 25/09/2007 14:11:32 | Attr = ] Ma musique -> %UserDocuments%\Ma musique -> [Folder | Modified Date = 07/09/2007 19:41:20 | Attr = R ] Masha..[JAM-HOT.com].avi.torrent -> %UserDocuments%\Masha..[JAM-HOT.com].avi.torrent -> [Ver = | Size = 15239 bytes | Modified Date = 21/09/2007 23:08:18 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\Masha..[JAM-HOT.com].avi.torrent:Zone.Identifier -> MenuBorderTR.gif -> %UserDocuments%\MenuBorderTR.gif -> [Ver = | Size = 113 bytes | Modified Date = 09/09/2007 14:39:52 | Attr = ] Mes images -> %UserDocuments%\Mes images -> [Folder | Modified Date = 11/09/2007 17:39:42 | Attr = R ] Mes vidéos -> %UserDocuments%\Mes vidéos -> [Folder | Modified Date = 24/09/2007 02:00:52 | Attr = ] My Art -> %UserDocuments%\My Art -> [Folder | Modified Date = 25/09/2007 13:25:52 | Attr = ] papier entête anglis.rtf -> %UserDocuments%\papier entête anglis.rtf -> [Ver = | Size = 2555 bytes | Modified Date = 11/08/2007 23:34:04 | Attr = ] Samsung PC Studio -> %UserDocuments%\Samsung PC Studio -> [Folder | Modified Date = 16/09/2007 15:25:16 | Attr = ] sandraCV.rtf -> %UserDocuments%\sandraCV.rtf -> [Ver = | Size = 3537 bytes | Modified Date = 10/08/2007 13:13:48 | Attr = ] Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent -> %UserDocuments%\Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent -> [Ver = | Size = 14333 bytes | Modified Date = 22/09/2007 21:53:18 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent:Zone.Identifier -> SP_A0163.jpg -> %UserDocuments%\SP_A0163.jpg -> [Ver = | Size = 17950 bytes | Modified Date = 03/09/2007 20:32:46 | Attr = ] SP_A0164.jpg -> %UserDocuments%\SP_A0164.jpg -> [Ver = | Size = 16338 bytes | Modified Date = 03/09/2007 20:32:34 | Attr = ] SP_A0166.jpg -> %UserDocuments%\SP_A0166.jpg -> [Ver = | Size = 17230 bytes | Modified Date = 03/09/2007 20:31:06 | Attr = ] supp-dll-mémoire.reg -> %UserDocuments%\supp-dll-mémoire.reg -> [Ver = | Size = 115 bytes | Modified Date = 17/09/2007 17:53:04 | Attr = ] Track 01.bin -> %UserDocuments%\Track 01.bin -> [Ver = | Size = 529849152 bytes | Modified Date = 02/09/2007 15:28:22 | Attr = ] tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe -> %UserDocuments%\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe -> [Ver = 6.0.1.4 | Size = 6376978 bytes | Modified Date = 16/09/2007 15:04:24 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe:Zone.Identifier -> txp4trial.exe -> %UserDocuments%\txp4trial.exe -> [Ver = 6.0.1.4 | Size = 6367757 bytes | Modified Date = 16/09/2007 14:32:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\txp4trial.exe:Zone.Identifier -> [.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent -> %UserDocuments%\[.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent -> [Ver = | Size = 15141 bytes | Modified Date = 21/09/2007 23:08:48 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\[.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent:Zone.Identifier -> HP Photosmart Essential.lnk -> %AllUsersDesktop%\HP Photosmart Essential.lnk -> [Ver = | Size = 1887 bytes | Modified Date = 17/09/2007 17:34:12 | Attr = ] Multimedia manager.lnk -> %AllUsersDesktop%\Multimedia manager.lnk -> [Ver = | Size = 1805 bytes | Modified Date = 03/09/2007 19:11:52 | Attr = ] Multimedia player.lnk -> %AllUsersDesktop%\Multimedia player.lnk -> [Ver = | Size = 1828 bytes | Modified Date = 03/09/2007 19:11:52 | Attr = ] Samsung PC Studio 3.lnk -> %AllUsersDesktop%\Samsung PC Studio 3.lnk -> [Ver = | Size = 1765 bytes | Modified Date = 03/09/2007 19:11:52 | Attr = ] 20070112093709031_Samsung_PC_Studio.exe -> %UserDesktop%\20070112093709031_Samsung_PC_Studio.exe -> [Ver = | Size = 57273968 bytes | Modified Date = 03/09/2007 19:07:42 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\20070112093709031_Samsung_PC_Studio.exe:Zone.Identifier -> antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe -> %UserDesktop%\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe -> [Ver = | Size = 17180760 bytes | Modified Date = 11/09/2007 19:13:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe:Zone.Identifier -> ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 21/09/2007 20:23:24 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier -> CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Modified Date = 15/09/2007 13:00:00 | Attr = ] ccleaner_ccleaner_1.41.544_francais_14492.exe -> %UserDesktop%\ccleaner_ccleaner_1.41.544_francais_14492.exe -> Piriform Ltd [Ver = 1.41.0.544 | Size = 2720456 bytes | Modified Date = 15/09/2007 12:59:30 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\ccleaner_ccleaner_1.41.544_francais_14492.exe:Zone.Identifier -> Diskeeper2007-Home.exe -> %UserDesktop%\Diskeeper2007-Home.exe -> Diskeeper Corporation [Ver = 11.0.709t | Size = 15087208 bytes | Modified Date = 09/09/2007 19:35:08 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\Diskeeper2007-Home.exe:Zone.Identifier -> inland.empire.fr.dvdrip.torrent -> %UserDesktop%\inland.empire.fr.dvdrip.torrent -> [Ver = | Size = 38264 bytes | Modified Date = 01/09/2007 14:13:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\inland.empire.fr.dvdrip.torrent:Zone.Identifier -> installer -> %UserDesktop%\installer -> [Folder | Modified Date = 21/09/2007 22:46:02 | Attr = ] IZArc_Setup.exe -> %UserDesktop%\IZArc_Setup.exe -> IZSoftware [Ver = 3.81 Build 1550 | Size = 3723454 bytes | Modified Date = 01/08/2007 15:16:46 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\IZArc_Setup.exe:Zone.Identifier -> La Môme.torrent -> %UserDesktop%\La Môme.torrent -> [Ver = | Size = 14246 bytes | Modified Date = 17/08/2007 15:40:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\La Môme.torrent:Zone.Identifier -> WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 25/09/2007 16:30:38 | Attr = ] winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Modified Date = 25/09/2007 16:29:34 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier -> X86 -> %UserDesktop%\X86 -> [Folder | Modified Date = 09/09/2007 19:35:16 | Attr = ] µTorrent.lnk -> %UserDesktop%\µTorrent.lnk -> [Ver = | Size = 630 bytes | Modified Date = 12/08/2007 17:07:42 | Attr = ] HP -> %CommonProgramFiles%\HP -> [Folder | Modified Date = 17/09/2007 17:33:42 | Attr = ] SureThing Shared -> %CommonProgramFiles%\SureThing Shared -> [Folder | Modified Date = 03/08/2007 14:22:14 | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 03/08/2007 14:20:34 | Attr = ] [File String Scan - Non-Microsoft Only] UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.3.0.1103 | Size = 267845 bytes | Modified Date = 14/09/2007 19:02:08 | Attr = ] UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1163344 bytes | Modified Date = 14/09/2007 19:02:06 | Attr = ] PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 24/04/2003 13:00:00 | Attr = ] UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27/04/2006 17:49:30 | Attr = ] UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29/08/2006 19:43:54 | Attr = ] UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 09/01/2006 10:36:06 | Attr = ] UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/2006 06:20:34 | Attr = ] UPX! , UPX0 , -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 06/09/2007 00:22:24 | Attr = ] winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 24/04/2003 13:00:00 | Attr = ] WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 24/04/2003 14:00:00 | Attr = ] UPX0 , -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 809394 bytes | Modified Date = 24/04/2003 14:00:00 | Attr = ] @Alternate Data Stream - 140 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2 -> @Alternate Data Stream - 26 bytes -> %UserDocuments%\ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDocuments%\Amee..[JAM-HOT.com].wmv.torrent:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDocuments%\Babylon6_setup_eng_eng_oxford.exe:Zone.Identifier -> Thawte Consulting , -> %UserDocuments%\Babylon6_setup_eng_eng_oxford.exe -> [Ver = | Size = 13584608 bytes | Modified Date = 19/09/2007 12:53:10 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\DSPP_CIP.doc:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDocuments%\HiJackThis_v2.exe:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDocuments%\Masha..[JAM-HOT.com].avi.torrent:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDocuments%\Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent:Zone.Identifier -> File scan skipped for file %UserDocuments%\Track 01.bin -> File size too big (529849152 bytes) -> @Alternate Data Stream - 26 bytes -> %UserDocuments%\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe:Zone.Identifier -> UPX! , UPX0 , -> %UserDocuments%\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe -> [Ver = 6.0.1.4 | Size = 6376978 bytes | Modified Date = 16/09/2007 15:04:24 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\txp4trial.exe:Zone.Identifier -> UPX! , UPX0 , -> %UserDocuments%\txp4trial.exe -> [Ver = 6.0.1.4 | Size = 6367757 bytes | Modified Date = 16/09/2007 14:32:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\[.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\1408:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\20070112093709031_Samsung_PC_Studio.exe:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier -> UPX! , UPX0 , -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 21/09/2007 20:23:24 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\ccleaner_ccleaner_1.41.544_francais_14492.exe:Zone.Identifier -> Thawte Consulting , -> %UserDesktop%\ccleaner_ccleaner_1.41.544_francais_14492.exe -> Piriform Ltd [Ver = 1.41.0.544 | Size = 2720456 bytes | Modified Date = 15/09/2007 12:59:30 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\Diskeeper2007-Home.exe:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\inland.empire.fr.dvdrip.torrent:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\invisible:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\IZArc_Setup.exe:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\La Môme.torrent:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\laidcv.rtf:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\MBSASetup-FR.msi:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\Mr Brooks:Zone.Identifier -> Thawte Consulting , -> %UserDesktop%\Samsung_PC_Studio_311_FKB.exe -> Macrovision Corporation [Ver = 10.50.132 | Size = 58032562 bytes | Modified Date = 11/01/2007 15:07:18 | Attr = ] FSG! , -> %UserDesktop%\uTorrent-1.6.1-install.exe -> [Ver = 1.6.1 | Size = 697492 bytes | Modified Date = 09/06/2007 15:07:30 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier -> < End of report > e ?

Concernant le rapport c'est tout , ça n'a pas nettoyer les autres outils utliser et j'ai recommencer mais toolscleaner me dis fin du scan le lien que tu ma donner n'est pas bon j'arrive sur orange page introuvable ! est- ce qu'il y a moyen devirer tous ces outils , manuellement ? concernant la mémoire tu à peut etre raison pourtant ,il y aplusieurs semaines l'o ********ToolsCleaner2 (A.Rothstein)******** merci encore si tu as d'autres conseils Debut le 23/09/2007 a 23:45:29,04 *************************************** Aucun Programme trouve! ////// ** Module de recherche complementaire ** (Beta Test 1) *************************************** Fin le 23/09/2007 a 23:46:00,18 Point de Restauration cree! Corbeille videe! Fichiers temporaires nettoyes! rdi était plus rapide je comprends pas !

Voilà le dernier scan à quoi consiste t-il STP ? WinPFind3 logfile created on: 23/09/2007 19:53:20 WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\DEHFOS\Bureau\WinPFind3u\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 7.0.5730.11) 191,48 Mb Total Physical Memory | 96,54 Mb Available Physical Memory | 50,42% Memory free 463,68 Mb Paging File | 234,13 Mb Available in Paging File | 50,49% Paging File free Paging file location(s): C:\pagefile.sys 0 0; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 65,92 Gb Total Space | 52,38 Gb Free Space | 79,46% Space Free D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: VOTRE-324AA4A56 Current User Name: DEHFOS Logged in as Administrator. Current Boot Mode: Normal [Processes - Non-Microsoft Only] aawtray.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\AAWTray.exe -> [Ver = 1, 0, 0, 1 | Size = 88024 bytes | Modified Date = 08/08/2007 15:53:16 | Attr = ] avgnt.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.02.00.13 | Size = 249896 bytes | Modified Date = 11/09/2007 20:10:32 | Attr = ] avguard.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.79 | Size = 210984 bytes | Modified Date = 11/09/2007 20:10:32 | Attr = ] hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 19/02/2006 02:41:10 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ] sched.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 11/09/2007 20:10:32 | Attr = ] winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 1 | Size = 566616 bytes | Modified Date = 27/08/2007 14:38:50 | Attr = ] (AntiVirScheduler) AntiVir PersonalEdition Classic Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 11/09/2007 20:10:32 | Attr = ] (AntiVirService) AntiVir PersonalEdition Classic Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.79 | Size = 210984 bytes | Modified Date = 11/09/2007 20:10:32 | Attr = ] (dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 19/08/2004 16:09:52 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 04:24:18 | Attr = ] (PhnxVCDService) Phoenix VCD Service [Win32_Own | Disabled | Stopped] -> %System32%\PhnxCDSvr.exe -> Phoenix Technologies Ltd. [Ver = 2.1.1.13 | Size = 49152 bytes | Modified Date = 21/07/2005 01:17:30 | Attr = R ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Stopped] -> -> File not found (WMConnectCDS) Service Windows Media Connect [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Windows Media Connect 2\wmccds.exe -> File not found [Registry - Non-Microsoft Only] < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AAWTray -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\AAWTray.exe -> [Ver = 1, 0, 0, 1 | Size = 88024 bytes | Modified Date = 08/08/2007 15:53:16 | Attr = ] avgnt -> %ProgramFiles%\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.02.00.13 | Size = 249896 bytes | Modified Date = 11/09/2007 20:10:32 | Attr = ] HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 19/02/2006 02:41:10 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ] < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL -> Installed = 1 -> MAPI -> Installed = 1 -> MSFS -> Installed = 1 -> < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ccleaner -> %ProgramFiles%\CCleaner\ccleaner.exe -> Piriform Ltd [Ver = 1.41.0544 | Size = 598656 bytes | Modified Date = 13/07/2007 11:10:18 | Attr = ] < AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost -> -> < Internet Explorer Settings > -> -> HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome -> HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: Local Page -> C:\windows\system32\blank.htm -> HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home -> HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKCU: Local Page -> C:\windows\system32\blank.htm -> HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKCU: Start Page -> http://www.neufportail.fr/ -> HKCU: ProxyEnable -> 0 -> < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> msn.com [ - ] -> -> < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 04:16:42 | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [sSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ] < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {965B54B0-71E0-4611-8DE7-F73FA0B20E26} [HKLM] -> %ProgramFiles%\Babylon\Babylon-Pro\Babylon Toolbar\BabylonIEToolBar.dll [babylon] -> Babylon Ltd. [Ver = 2.0.1.4 | Size = 264416 bytes | Modified Date = 16/07/2007 15:49:56 | Attr = ] < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found WebBrowser\\{965B54B0-71E0-4611-8DE7-F73FA0B20E26} [HKLM] -> %ProgramFiles%\Babylon\Babylon-Pro\Babylon Toolbar\BabylonIEToolBar.dll [babylon] -> Babylon Ltd. [Ver = 2.0.1.4 | Size = 264416 bytes | Modified Date = 16/07/2007 15:49:56 | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> File not found < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ] {85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found Translate with &Babylon -> %ProgramFiles%\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll\Translate.htm -> File not found < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {88317C58-0B89-4AEE-ACA6-ED4AD09D4599} -> (VIA Rhine II Fast Ethernet Adapter) -> < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp -> Reg Data - Key not found -> File not found msdaipp -> Reg Data - Key not found -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 -> {512FC5A1-7DE1-43F1-BC0C-371622FCB409} -> TotalScan Installer Class - CodeBase = http://www.nanoscan.com/as/v1/cabs/ascstubie.cab -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://www.update.microsoft.com/windowsupd...b?1190487864765 -> {8436FE12-31DB-48BF-83BF-FE682F9160B4} -> NanoInstaller Class - CodeBase = http://www.nanoscan.com/cabs/nanoinst.cab -> {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab -> [Registry - Additional Scans - Non-Microsoft Only] < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Service de transfert intelligent en arrière-plan -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfère des données entre les clients et les serveurs en tâche de fond. Si le service BITS est désactivé, les fonctionnalités telles que Windows Update ne fonctionneront pas correctement. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> Root\LEGACY_BITS00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Pare-feu Windows / Partage de connexion Internet -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1324 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\utorrent.exe -> C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\VideoLAN\VLC\vlc.exe -> C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:*:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> Root\LEGACY_SHAREDACCESS00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Active le téléchargement et l'installation des mises à jour Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité des mises à jour automatiques ou le site Windows Update. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> Root\LEGACY_WUAUSERV00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> < Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Restrictions\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventRun -> Reg Data - Value = 0 bytes -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^«0O•zI‰j HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> g°Ô‹4:?Ó¼éÜdgó” -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xÜþøÈ“ÜŠ°Ý„} -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> –; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> ½š*ÛBëØV%Mø/g -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_„ìöiÓk•j"À€ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\ -> -> < Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\\PreventRun -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\ -> -> [Files/Folders - Created Within 60 days] 31.2.5144 -> %SystemDrive%\31.2.5144 -> [Folder | Created Date = 18/09/2007 18:29:25 | Attr = ] fixwareout -> %SystemDrive%\fixwareout -> [Folder | Created Date = 20/09/2007 17:20:22 | Attr = ] install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Created Date = 18/09/2007 20:00:38 | Attr = ] mes documents -> %SystemDrive%\mes documents -> [Folder | Created Date = 01/08/2007 14:32:34 | Attr = ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 07/09/2007 18:32:22 | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 07/09/2007 18:31:57 | Attr = H ] AU_Temp -> %SystemRoot%\AU_Temp -> [Folder | Created Date = 14/09/2007 18:01:06 | Attr = ] fllib.dll -> %SystemRoot%\fllib.dll -> [Ver = | Size = 20 bytes | Created Date = 16/09/2007 14:14:37 | Attr = ] hpoins11.dat -> %SystemRoot%\hpoins11.dat -> [Ver = | Size = 129249 bytes | Created Date = 05/08/2007 15:19:54 | Attr = ] hpoins11.dat.temp -> %SystemRoot%\hpoins11.dat.temp -> [Ver = | Size = 129223 bytes | Created Date = 05/08/2007 15:08:37 | Attr = ] hpomdl11.dat.temp -> %SystemRoot%\hpomdl11.dat.temp -> [Ver = | Size = 11634 bytes | Created Date = 05/08/2007 15:08:36 | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 07/09/2007 18:32:47 | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 09/09/2007 00:45:48 | Attr = ] iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Created Date = 16/09/2007 13:33:26 | Attr = ] LPT$VPN.719 -> %SystemRoot%\LPT$VPN.719 -> [Ver = | Size = 37121453 bytes | Created Date = 14/09/2007 18:03:13 | Attr = ] McAfee.com -> %SystemRoot%\McAfee.com -> [Folder | Created Date = 17/09/2007 22:54:19 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 07/09/2007 18:29:43 | Attr = ] PATCH.EXE -> %SystemRoot%\PATCH.EXE -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 286720 bytes | Created Date = 07/09/2007 18:00:14 | Attr = ] PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 02/08/2007 21:32:55 | Attr = H ] VPTNFILE.719 -> %SystemRoot%\VPTNFILE.719 -> [Ver = | Size = 37121453 bytes | Created Date = 14/09/2007 18:01:52 | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 07/09/2007 18:34:17 | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 94 bytes | Created Date = 03/09/2007 22:03:20 | Attr = ] Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [Ver = | Size = 242 bytes | Created Date = 19/09/2007 15:41:59 | Attr = ] ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 17/09/2007 21:53:29 | Attr = ] dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ] fr-fr -> %System32%\fr-fr -> [Folder | Created Date = 07/09/2007 18:34:16 | Attr = ] inetsrv -> %System32%\inetsrv -> [Folder | Created Date = 20/09/2007 17:04:45 | Attr = ] java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 17/09/2007 22:09:02 | Attr = ] javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Created Date = 17/09/2007 22:09:02 | Attr = ] javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 17/09/2007 22:09:02 | Attr = ] javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Created Date = 17/09/2007 22:09:02 | Attr = ] LogFiles -> %System32%\LogFiles -> [Folder | Created Date = 09/09/2007 22:20:17 | Attr = ] pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 17/09/2007 21:53:32 | Attr = ] Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ] Samsung_USB_Drivers -> %System32%\Samsung_USB_Drivers -> [Folder | Created Date = 03/09/2007 18:10:51 | Attr = ] SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ] swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ] swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ] swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2238 bytes | Created Date = 19/09/2007 19:43:11 | Attr = ] VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ] avgntdd.sys -> %System32%\drivers\avgntdd.sys -> AVIRA GmbH [Ver = 6.38.00.01 | Size = 40000 bytes | Created Date = 11/09/2007 18:14:20 | Attr = ] avgntmgr.sys -> %System32%\drivers\avgntmgr.sys -> AVIRA GmbH [Ver = 6.37.01.01 | Size = 14848 bytes | Created Date = 11/09/2007 18:14:20 | Attr = ] avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.11 | Size = 62016 bytes | Created Date = 11/09/2007 18:14:17 | Attr = ] AWRTRD.sys -> %System32%\drivers\AWRTRD.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 8320 bytes | Created Date = 07/08/2007 12:58:08 | Attr = ] fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 66336 bytes | Created Date = 06/09/2007 11:31:04 | Attr = HS] fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 1220 bytes | Created Date = 06/09/2007 11:31:04 | Attr = HS] fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 1824 bytes | Created Date = 06/09/2007 11:31:04 | Attr = HS] fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 1172 bytes | Created Date = 06/09/2007 11:31:04 | Attr = HS] NSDriver.sys -> %System32%\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 9344 bytes | Created Date = 07/08/2007 12:56:58 | Attr = ] ssmdrv.sys -> %System32%\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 11/09/2007 18:14:19 | Attr = ] ssm_bus.sys -> %System32%\drivers\ssm_bus.sys -> MCCI [Ver = V4.34 | Size = 58320 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ] ssm_cm.sys -> %System32%\drivers\ssm_cm.sys -> MCCI [Ver = V4.34 | Size = 6176 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ] ssm_cmnt.sys -> %System32%\drivers\ssm_cmnt.sys -> MCCI [Ver = V4.34 | Size = 6176 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ] ssm_mdfl.sys -> %System32%\drivers\ssm_mdfl.sys -> MCCI [Ver = V4.34 | Size = 8336 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ] ssm_mdm.sys -> %System32%\drivers\ssm_mdm.sys -> MCCI [Ver = V4.34 | Size = 94000 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ] ssm_wh.sys -> %System32%\drivers\ssm_wh.sys -> MCCI [Ver = V4.34 | Size = 5840 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ] ssm_whnt.sys -> %System32%\drivers\ssm_whnt.sys -> MCCI [Ver = V4.34 | Size = 5840 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ] StarOpen.sys -> %System32%\drivers\StarOpen.sys -> [Ver = | Size = 5632 bytes | Created Date = 03/09/2007 18:10:16 | Attr = ] hosts.20070919-162720.backup -> %System32%\drivers\etc\hosts.20070919-162720.backup -> [Ver = | Size = 734 bytes | Created Date = 19/09/2007 15:27:20 | Attr = ] AntiVir PersonalEdition Classic -> %AllUsersAppData%\AntiVir PersonalEdition Classic -> [Folder | Created Date = 11/09/2007 18:14:14 | Attr = ] Babylon -> %AllUsersAppData%\Babylon -> [Folder | Created Date = 19/09/2007 11:53:16 | Attr = ] Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 04/09/2007 22:07:31 | Attr = ] Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Created Date = 17/09/2007 23:33:21 | Attr = ] Kaspersky Lab Setup Files -> %AllUsersAppData%\Kaspersky Lab Setup Files -> [Folder | Created Date = 06/09/2007 11:24:13 | Attr = ] LauncherAccess.dt -> %AllUsersAppData%\LauncherAccess.dt -> [Ver = | Size = 0 bytes | Created Date = 03/09/2007 18:30:00 | Attr = ] Babylon -> %UserAppData%\Babylon -> [Folder | Created Date = 19/09/2007 11:53:16 | Attr = ] Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 04/09/2007 22:08:18 | Attr = ] Samsung -> %UserAppData%\Samsung -> [Folder | Created Date = 03/09/2007 18:31:52 | Attr = ] Uniblue -> %UserAppData%\Uniblue -> [Folder | Created Date = 10/09/2007 18:54:44 | Attr = ] vlc -> %UserAppData%\vlc -> [Folder | Created Date = 03/08/2007 18:44:39 | Attr = ] Babylon -> %LocalAppData%\Babylon -> [Folder | Created Date = 19/09/2007 11:56:20 | Attr = ] {AC84089A-4614-4D65-9C7F-C70274C17586} -> %LocalAppData%\{AC84089A-4614-4D65-9C7F-C70274C17586} -> [Folder | Created Date = 05/09/2007 19:23:16 | Attr = ] Nouveau dossier -> %AllUsersDocuments%\Nouveau dossier -> [Folder | Created Date = 08/09/2007 23:44:39 | Attr = ] 10000.jpg -> %UserDocuments%\10000.jpg -> [Ver = | Size = 43530 bytes | Created Date = 03/09/2007 19:26:49 | Attr = ] ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe -> %UserDocuments%\ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe -> [Ver = | Size = 19142000 bytes | Created Date = 19/09/2007 14:44:29 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe:Zone.Identifier -> Amee..[JAM-HOT.com].wmv.torrent -> %UserDocuments%\Amee..[JAM-HOT.com].wmv.torrent -> [Ver = | Size = 17139 bytes | Created Date = 21/09/2007 22:09:12 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\Amee..[JAM-HOT.com].wmv.torrent:Zone.Identifier -> Babylon6_setup_eng_eng_oxford.exe -> %UserDocuments%\Babylon6_setup_eng_eng_oxford.exe -> [Ver = | Size = 13584608 bytes | Created Date = 19/09/2007 11:52:56 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\Babylon6_setup_eng_eng_oxford.exe:Zone.Identifier -> cv conseiller insertion Pro.rtf -> %UserDocuments%\cv conseiller insertion Pro.rtf -> [Ver = | Size = 2990 bytes | Created Date = 20/09/2007 12:21:23 | Attr = ] DiagHelp.zip -> %UserDocuments%\DiagHelp.zip -> [Ver = | Size = 623220 bytes | Created Date = 19/09/2007 16:26:11 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\DiagHelp.zip:Zone.Identifier -> DSPP_CIP.doc -> %UserDocuments%\DSPP_CIP.doc -> [Ver = | Size = 144384 bytes | Created Date = 20/09/2007 18:23:56 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\DSPP_CIP.doc:Zone.Identifier -> Fixwareout.exe -> %UserDocuments%\Fixwareout.exe -> [Ver = 1.0.0.5 | Size = 486449 bytes | Created Date = 20/09/2007 17:20:10 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\Fixwareout.exe:Zone.Identifier -> formations_crp.pdf -> %UserDocuments%\formations_crp.pdf -> [Ver = | Size = 179530 bytes | Created Date = 16/09/2007 18:08:39 | Attr = ] funrecent.fmp -> %UserDocuments%\funrecent.fmp -> [Ver = | Size = 20 bytes | Created Date = 03/09/2007 18:43:29 | Attr = ] HiJackThis_v2.exe -> %UserDocuments%\HiJackThis_v2.exe -> Trend Micro Inc. [Ver = 2.00 | Size = 1308216 bytes | Created Date = 21/09/2007 20:47:52 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\HiJackThis_v2.exe:Zone.Identifier -> lettre conseil général.rtf -> %UserDocuments%\lettre conseil général.rtf -> [Ver = | Size = 1721 bytes | Created Date = 13/09/2007 17:09:35 | Attr = ] Masha..[JAM-HOT.com].avi.torrent -> %UserDocuments%\Masha..[JAM-HOT.com].avi.torrent -> [Ver = | Size = 15239 bytes | Created Date = 21/09/2007 22:08:15 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\Masha..[JAM-HOT.com].avi.torrent:Zone.Identifier -> MenuBorderTR.gif -> %UserDocuments%\MenuBorderTR.gif -> [Ver = | Size = 113 bytes | Created Date = 09/09/2007 13:42:11 | Attr = ] Samsung PC Studio -> %UserDocuments%\Samsung PC Studio -> [Folder | Created Date = 03/09/2007 18:08:44 | Attr = ] Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent -> %UserDocuments%\Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent -> [Ver = | Size = 14333 bytes | Created Date = 22/09/2007 20:53:16 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent:Zone.Identifier -> SP_A0163.jpg -> %UserDocuments%\SP_A0163.jpg -> [Ver = | Size = 17950 bytes | Created Date = 03/09/2007 19:34:37 | Attr = ] SP_A0164.jpg -> %UserDocuments%\SP_A0164.jpg -> [Ver = | Size = 16338 bytes | Created Date = 03/09/2007 19:34:47 | Attr = ] SP_A0166.jpg -> %UserDocuments%\SP_A0166.jpg -> [Ver = | Size = 17230 bytes | Created Date = 03/09/2007 19:31:21 | Attr = ] supp-dll-mémoire.reg -> %UserDocuments%\supp-dll-mémoire.reg -> [Ver = | Size = 115 bytes | Created Date = 17/09/2007 16:53:02 | Attr = ] Track 01.bin -> %UserDocuments%\Track 01.bin -> [Ver = | Size = 529849152 bytes | Created Date = 02/09/2007 14:26:45 | Attr = ] tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe -> %UserDocuments%\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe -> [Ver = 6.0.1.4 | Size = 6376978 bytes | Created Date = 16/09/2007 14:04:10 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe:Zone.Identifier -> txp4trial.exe -> %UserDocuments%\txp4trial.exe -> [Ver = 6.0.1.4 | Size = 6367757 bytes | Created Date = 16/09/2007 13:31:46 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\txp4trial.exe:Zone.Identifier -> [.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent -> %UserDocuments%\[.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent -> [Ver = | Size = 15141 bytes | Created Date = 21/09/2007 22:08:47 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\[.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent:Zone.Identifier -> Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1790 bytes | Created Date = 19/09/2007 14:46:06 | Attr = ] Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1790 bytes | Created Date = 19/09/2007 14:46:06 | Attr = ] Babylon.lnk -> %AllUsersDesktop%\Babylon.lnk -> [Ver = | Size = 798 bytes | Created Date = 19/09/2007 11:56:17 | Attr = ] HP Photosmart Essential.lnk -> %AllUsersDesktop%\HP Photosmart Essential.lnk -> [Ver = | Size = 1887 bytes | Created Date = 17/09/2007 16:33:42 | Attr = ] Multimedia manager.lnk -> %AllUsersDesktop%\Multimedia manager.lnk -> [Ver = | Size = 1805 bytes | Created Date = 03/09/2007 18:11:50 | Attr = ] Multimedia player.lnk -> %AllUsersDesktop%\Multimedia player.lnk -> [Ver = | Size = 1828 bytes | Created Date = 03/09/2007 18:11:50 | Attr = ] Samsung PC Studio 3.lnk -> %AllUsersDesktop%\Samsung PC Studio 3.lnk -> [Ver = | Size = 1765 bytes | Created Date = 03/09/2007 18:11:50 | Attr = ] 20070112093709031_Samsung_PC_Studio.exe -> %UserDesktop%\20070112093709031_Samsung_PC_Studio.exe -> [Ver = | Size = 57273968 bytes | Created Date = 03/09/2007 18:07:21 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\20070112093709031_Samsung_PC_Studio.exe:Zone.Identifier -> antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe -> %UserDesktop%\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe -> [Ver = | Size = 17180760 bytes | Created Date = 11/09/2007 18:13:13 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe:Zone.Identifier -> ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 21/09/2007 19:23:23 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier -> CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Created Date = 15/09/2007 11:59:58 | Attr = ] ccleaner_ccleaner_1.41.544_francais_14492.exe -> %UserDesktop%\ccleaner_ccleaner_1.41.544_francais_14492.exe -> Piriform Ltd [Ver = 1.41.0.544 | Size = 2720456 bytes | Created Date = 15/09/2007 11:59:15 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\ccleaner_ccleaner_1.41.544_francais_14492.exe:Zone.Identifier -> DiagHelp -> %UserDesktop%\DiagHelp -> [Folder | Created Date = 11/09/2007 18:03:36 | Attr = ] Diskeeper2007-Home.exe -> %UserDesktop%\Diskeeper2007-Home.exe -> Diskeeper Corporation [Ver = 11.0.709t | Size = 15087208 bytes | Created Date = 09/09/2007 18:34:53 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\Diskeeper2007-Home.exe:Zone.Identifier -> inland.empire.fr.dvdrip.torrent -> %UserDesktop%\inland.empire.fr.dvdrip.torrent -> [Ver = | Size = 38264 bytes | Created Date = 01/09/2007 13:13:12 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\inland.empire.fr.dvdrip.torrent:Zone.Identifier -> IZArc_Setup.exe -> %UserDesktop%\IZArc_Setup.exe -> IZSoftware [Ver = 3.81 Build 1550 | Size = 3723454 bytes | Created Date = 01/08/2007 14:16:39 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\IZArc_Setup.exe:Zone.Identifier -> La Môme.torrent -> %UserDesktop%\La Môme.torrent -> [Ver = | Size = 14246 bytes | Created Date = 17/08/2007 14:40:30 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\La Môme.torrent:Zone.Identifier -> Samsung_PC_Studio_311_FKB.exe -> %UserDesktop%\Samsung_PC_Studio_311_FKB.exe -> Macrovision Corporation [Ver = 10.50.132 | Size = 58032562 bytes | Created Date = 03/09/2007 18:07:55 | Attr = ] WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 23/09/2007 18:47:12 | Attr = ] winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Created Date = 23/09/2007 18:46:30 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier -> X86 -> %UserDesktop%\X86 -> [Folder | Created Date = 09/09/2007 18:35:15 | Attr = ] µTorrent.lnk -> %UserDesktop%\µTorrent.lnk -> [Ver = | Size = 630 bytes | Created Date = 12/08/2007 16:07:41 | Attr = ] HP -> %CommonProgramFiles%\HP -> [Folder | Created Date = 05/08/2007 15:27:48 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 19/09/2007 14:44:40 | Attr = ] [Files/Folders - Modified Within 60 days] 31.2.5144 -> %SystemDrive%\31.2.5144 -> [Folder | Modified Date = 18/09/2007 19:29:26 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 216 bytes | Modified Date = 20/09/2007 18:12:26 | Attr = HS] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 19/09/2007 15:53:30 | Attr = ] fixwareout -> %SystemDrive%\fixwareout -> [Folder | Modified Date = 20/09/2007 18:27:38 | Attr = ] install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Modified Date = 18/09/2007 21:00:42 | Attr = ] mes documents -> %SystemDrive%\mes documents -> [Folder | Modified Date = 09/09/2007 00:56:20 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 22/09/2007 15:28:08 | Attr = R ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 20/09/2007 12:40:30 | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 23/09/2007 19:34:36 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 08/09/2007 22:33:40 | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 07/09/2007 19:32:24 | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 07/09/2007 19:31:58 | Attr = H ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 07/08/2007 21:38:08 | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 16/09/2007 15:08:54 | Attr = R S] AU_Backup -> %SystemRoot%\AU_Backup -> [Folder | Modified Date = 07/09/2007 19:04:46 | Attr = ] AU_Temp -> %SystemRoot%\AU_Temp -> [Folder | Modified Date = 14/09/2007 19:02:08 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 23/09/2007 19:33:02 | Attr = S] BPMNT.dll -> %SystemRoot%\BPMNT.dll -> Trend Micro Inc. [Ver = 8.000-1001 | Size = 86094 bytes | Modified Date = 14/09/2007 19:02:04 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 20/09/2007 17:10:30 | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 20/09/2007 17:06:16 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 22/09/2007 21:04:40 | Attr = S] fllib.dll -> %SystemRoot%\fllib.dll -> [Ver = | Size = 20 bytes | Modified Date = 16/09/2007 15:14:38 | Attr = ] GetServer.ini -> %SystemRoot%\GetServer.ini -> [Ver = | Size = 170 bytes | Modified Date = 14/09/2007 19:01:08 | Attr = ] hcextoutput.dll -> %SystemRoot%\hcextoutput.dll -> [Ver = | Size = 71749 bytes | Modified Date = 14/09/2007 19:02:06 | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 10/09/2007 20:13:00 | Attr = ] hpoins11.dat -> %SystemRoot%\hpoins11.dat -> [Ver = | Size = 129249 bytes | Modified Date = 05/08/2007 16:32:24 | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 07/09/2007 19:33:54 | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 09/09/2007 01:45:50 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 22/09/2007 15:29:46 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 19/09/2007 15:46:22 | Attr = HS] iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 16/09/2007 15:04:24 | Attr = ] LPT$VPN.719 -> %SystemRoot%\LPT$VPN.719 -> [Ver = | Size = 37121453 bytes | Modified Date = 14/09/2007 19:02:04 | Attr = ] McAfee.com -> %SystemRoot%\McAfee.com -> [Folder | Modified Date = 17/09/2007 23:54:20 | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 07/09/2007 19:34:10 | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 09/09/2007 19:52:24 | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 03/08/2007 14:20:52 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 07/09/2007 19:29:44 | Attr = ] PATCH.EXE -> %SystemRoot%\PATCH.EXE -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 286720 bytes | Modified Date = 14/09/2007 19:00:36 | Attr = ] PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 02/08/2007 22:32:56 | Attr = H ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 23/09/2007 19:46:48 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 09/09/2007 23:54:04 | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Modified Date = 03/08/2007 17:32:56 | Attr = ] report -> %SystemRoot%\report -> [Folder | Modified Date = 14/09/2007 19:03:52 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 07/08/2007 21:46:02 | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 03/08/2007 14:23:00 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 237 bytes | Modified Date = 20/09/2007 18:12:26 | Attr = ] system32 -> %System32% -> [Folder | Modified Date = 22/09/2007 21:04:40 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 19/09/2007 16:42:00 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 23/09/2007 19:45:24 | Attr = ] TMUPDATE.DLL -> %SystemRoot%\TMUPDATE.DLL -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 507904 bytes | Modified Date = 14/09/2007 19:00:38 | Attr = ] tsc.exe -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.3.0.1103 | Size = 267845 bytes | Modified Date = 14/09/2007 19:02:08 | Attr = ] tsc.ini -> %SystemRoot%\tsc.ini -> [Ver = | Size = 823 bytes | Modified Date = 14/09/2007 20:16:04 | Attr = ] tsc.ptn -> %SystemRoot%\tsc.ptn -> [Ver = | Size = 1871245 bytes | Modified Date = 14/09/2007 19:02:08 | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 16/09/2007 15:31:56 | Attr = ] UNZIP.DLL -> %SystemRoot%\UNZIP.DLL -> Trend Micro Inc. [Ver = 1.32.0.1000 | Size = 69689 bytes | Modified Date = 14/09/2007 19:00:36 | Attr = ] VPTNFILE.719 -> %SystemRoot%\VPTNFILE.719 -> [Ver = | Size = 37121453 bytes | Modified Date = 14/09/2007 19:02:04 | Attr = ] vsapi32.dll -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1163344 bytes | Modified Date = 14/09/2007 19:02:06 | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 07/09/2007 19:34:18 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 992 bytes | Modified Date = 20/09/2007 18:12:26 | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 94 bytes | Modified Date = 03/09/2007 23:03:22 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 09/09/2007 19:12:16 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 23/09/2007 19:33:04 | Attr = H ] Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [Ver = | Size = 242 bytes | Modified Date = 19/09/2007 16:42:28 | Attr = ] ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 20/09/2007 17:14:04 | Attr = ] CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 07/09/2007 19:31:28 | Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 22/09/2007 21:04:38 | Attr = ] config -> %System32%\config -> [Folder | Modified Date = 07/09/2007 19:34:28 | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Modified Date = 22/09/2007 21:04:46 | Attr = RHS] drivers -> %System32%\drivers -> [Folder | Modified Date = 22/09/2007 15:33:14 | Attr = ] fr-fr -> %System32%\fr-fr -> [Folder | Modified Date = 09/09/2007 01:47:12 | Attr = ] Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 17/09/2007 22:55:06 | Attr = ] imon1.dat -> %System32%\imon1.dat -> [Ver = | Size = 184 bytes | Modified Date = 22/08/2007 22:36:46 | Attr = ] inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 20/09/2007 18:04:46 | Attr = ] LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 09/09/2007 23:20:20 | Attr = ] Macromed -> %System32%\Macromed -> [Folder | Modified Date = 20/09/2007 17:17:02 | Attr = ] mui -> %System32%\mui -> [Folder | Modified Date = 16/09/2007 15:08:46 | Attr = ] pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 17/09/2007 22:55:06 | Attr = ] perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 62344 bytes | Modified Date = 09/09/2007 19:13:36 | Attr = ] perfc00C.dat -> %System32%\perfc00C.dat -> [Ver = | Size = 75266 bytes | Modified Date = 09/09/2007 19:13:36 | Attr = ] perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 401064 bytes | Modified Date = 09/09/2007 19:13:36 | Attr = ] perfh00C.dat -> %System32%\perfh00C.dat -> [Ver = | Size = 468072 bytes | Modified Date = 09/09/2007 19:13:36 | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 980254 bytes | Modified Date = 09/09/2007 19:13:36 | Attr = ] Restore -> %System32%\Restore -> [Folder | Modified Date = 20/09/2007 12:40:30 | Attr = ] Samsung_USB_Drivers -> %System32%\Samsung_USB_Drivers -> [Folder | Modified Date = 03/09/2007 19:11:16 | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2238 bytes | Modified Date = 19/09/2007 21:00:52 | Attr = ] Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 17/09/2007 22:55:06 | Attr = ] VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 06/09/2007 00:22:24 | Attr = ] wbem -> %System32%\wbem -> [Folder | Modified Date = 07/08/2007 21:50:10 | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1374 bytes | Modified Date = 23/09/2007 19:34:10 | Attr = ] avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.11 | Size = 62016 bytes | Modified Date = 11/09/2007 20:10:42 | Attr = ] AWRTRD.sys -> %System32%\drivers\AWRTRD.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 8320 bytes | Modified Date = 07/08/2007 13:58:08 | Attr = ] etc -> %System32%\drivers\etc -> [Folder | Modified Date = 19/09/2007 16:27:22 | Attr = ] fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 66336 bytes | Modified Date = 06/09/2007 12:49:00 | Attr = HS] fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 1220 bytes | Modified Date = 06/09/2007 12:40:06 | Attr = HS] fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 1824 bytes | Modified Date = 06/09/2007 12:47:32 | Attr = HS] fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 1172 bytes | Modified Date = 06/09/2007 12:40:06 | Attr = HS] NSDriver.sys -> %System32%\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 9344 bytes | Modified Date = 07/08/2007 13:56:58 | Attr = ] sptd.sys -> %System32%\drivers\sptd.sys -> [Ver = | Size = 685816 bytes | Modified Date = 02/09/2007 15:11:20 | Attr = ] hosts.20070919-162720.backup -> %System32%\drivers\etc\hosts.20070919-162720.backup -> [Ver = | Size = 734 bytes | Modified Date = 18/09/2007 22:05:36 | Attr = ] AntiVir PersonalEdition Classic -> %AllUsersAppData%\AntiVir PersonalEdition Classic -> [Folder | Modified Date = 12/09/2007 19:14:46 | Attr = ] Babylon -> %AllUsersAppData%\Babylon -> [Folder | Modified Date = 19/09/2007 19:51:26 | Attr = ] Google -> %AllUsersAppData%\Google -> [Folder | Modified Date = 07/09/2007 19:08:30 | Attr = ] Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 04/09/2007 23:07:32 | Attr = ] Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Modified Date = 18/09/2007 00:33:22 | Attr = ] Kaspersky Lab Setup Files -> %AllUsersAppData%\Kaspersky Lab Setup Files -> [Folder | Modified Date = 06/09/2007 12:24:14 | Attr = ] LauncherAccess.dt -> %AllUsersAppData%\LauncherAccess.dt -> [Ver = | Size = 0 bytes | Modified Date = 11/09/2007 17:33:34 | Attr = ] Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Modified Date = 02/08/2007 22:35:18 | Attr = ] Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 10/09/2007 20:11:54 | Attr = S] Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 19/09/2007 17:04:00 | Attr = ] Babylon -> %UserAppData%\Babylon -> [Folder | Modified Date = 19/09/2007 19:58:50 | Attr = ] dvdcss -> %UserAppData%\dvdcss -> [Folder | Modified Date = 12/08/2007 21:09:58 | Attr = ] Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 04/09/2007 23:08:20 | Attr = ] Image Zone Express -> %UserAppData%\Image Zone Express -> [Folder | Modified Date = 04/08/2007 14:16:44 | Attr = ] Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 10/09/2007 20:18:50 | Attr = S] Samsung -> %UserAppData%\Samsung -> [Folder | Modified Date = 03/09/2007 19:31:54 | Attr = ] Uniblue -> %UserAppData%\Uniblue -> [Folder | Modified Date = 10/09/2007 19:54:46 | Attr = ] uTorrent -> %UserAppData%\uTorrent -> [Folder | Modified Date = 23/09/2007 02:23:12 | Attr = ] vlc -> %UserAppData%\vlc -> [Folder | Modified Date = 03/08/2007 19:44:40 | Attr = ] Vso -> %UserAppData%\Vso -> [Folder | Modified Date = 02/09/2007 16:24:02 | Attr = ] Babylon -> %LocalAppData%\Babylon -> [Folder | Modified Date = 19/09/2007 12:56:22 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 160256 bytes | Modified Date = 23/09/2007 02:05:18 | Attr = ] IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3767682 bytes | Modified Date = 23/09/2007 02:38:48 | Attr = H ] Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 18/09/2007 18:25:08 | Attr = ] {AC84089A-4614-4D65-9C7F-C70274C17586} -> %LocalAppData%\{AC84089A-4614-4D65-9C7F-C70274C17586} -> [Folder | Modified Date = 05/09/2007 20:23:18 | Attr = ] Nouveau dossier -> %AllUsersDocuments%\Nouveau dossier -> [Folder | Modified Date = 09/09/2007 00:44:40 | Attr = ] ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe -> %UserDocuments%\ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe -> [Ver = | Size = 19142000 bytes | Modified Date = 19/09/2007 15:44:40 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe:Zone.Identifier -> Amee..[JAM-HOT.com].wmv.torrent -> %UserDocuments%\Amee..[JAM-HOT.com].wmv.torrent -> [Ver = | Size = 17139 bytes | Modified Date = 21/09/2007 23:09:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\Amee..[JAM-HOT.com].wmv.torrent:Zone.Identifier -> Babylon6_setup_eng_eng_oxford.exe -> %UserDocuments%\Babylon6_setup_eng_eng_oxford.exe -> [Ver = | Size = 13584608 bytes | Modified Date = 19/09/2007 12:53:10 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\Babylon6_setup_eng_eng_oxford.exe:Zone.Identifier -> ConvertXtoDVD -> %UserDocuments%\ConvertXtoDVD -> [Folder | Modified Date = 29/08/2007 19:08:58 | Attr = ] cv conseiller insertion Pro.rtf -> %UserDocuments%\cv conseiller insertion Pro.rtf -> [Ver = | Size = 2990 bytes | Modified Date = 20/09/2007 13:21:24 | Attr = ] desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 138 bytes | Modified Date = 07/09/2007 19:41:18 | Attr = HS] DiagHelp.zip -> %UserDocuments%\DiagHelp.zip -> [Ver = | Size = 623220 bytes | Modified Date = 19/09/2007 17:26:16 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\DiagHelp.zip:Zone.Identifier -> DSPP_CIP.doc -> %UserDocuments%\DSPP_CIP.doc -> [Ver = | Size = 144384 bytes | Modified Date = 20/09/2007 19:23:58 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\DSPP_CIP.doc:Zone.Identifier -> Fixwareout.exe -> %UserDocuments%\Fixwareout.exe -> [Ver = 1.0.0.5 | Size = 486449 bytes | Modified Date = 20/09/2007 18:20:18 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\Fixwareout.exe:Zone.Identifier -> formations_crp.pdf -> %UserDocuments%\formations_crp.pdf -> [Ver = | Size = 179530 bytes | Modified Date = 16/09/2007 19:08:40 | Attr = ] funrecent.fmp -> %UserDocuments%\funrecent.fmp -> [Ver = | Size = 20 bytes | Modified Date = 03/09/2007 19:43:30 | Attr = ] HiJackThis_v2.exe -> %UserDocuments%\HiJackThis_v2.exe -> Trend Micro Inc. [Ver = 2.00 | Size = 1308216 bytes | Modified Date = 21/09/2007 21:48:16 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\HiJackThis_v2.exe:Zone.Identifier -> lettre conseil général.rtf -> %UserDocuments%\lettre conseil général.rtf -> [Ver = | Size = 1721 bytes | Modified Date = 13/09/2007 18:09:36 | Attr = ] lettre conseiller.doc.rtf -> %UserDocuments%\lettre conseiller.doc.rtf -> [Ver = | Size = 2263 bytes | Modified Date = 30/08/2007 13:32:44 | Attr = ] Ma musique -> %UserDocuments%\Ma musique -> [Folder | Modified Date = 07/09/2007 19:41:20 | Attr = R ] Masha..[JAM-HOT.com].avi.torrent -> %UserDocuments%\Masha..[JAM-HOT.com].avi.torrent -> [Ver = | Size = 15239 bytes | Modified Date = 21/09/2007 23:08:18 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\Masha..[JAM-HOT.com].avi.torrent:Zone.Identifier -> MenuBorderTR.gif -> %UserDocuments%\MenuBorderTR.gif -> [Ver = | Size = 113 bytes | Modified Date = 09/09/2007 14:39:52 | Attr = ] Mes images -> %UserDocuments%\Mes images -> [Folder | Modified Date = 11/09/2007 17:39:42 | Attr = R ] Mes vidéos -> %UserDocuments%\Mes vidéos -> [Folder | Modified Date = 09/09/2007 01:08:52 | Attr = ] papier entête anglis.rtf -> %UserDocuments%\papier entête anglis.rtf -> [Ver = | Size = 2555 bytes | Modified Date = 11/08/2007 23:34:04 | Attr = ] Samsung PC Studio -> %UserDocuments%\Samsung PC Studio -> [Folder | Modified Date = 16/09/2007 15:25:16 | Attr = ] sandraCV.rtf -> %UserDocuments%\sandraCV.rtf -> [Ver = | Size = 3537 bytes | Modified Date = 10/08/2007 13:13:48 | Attr = ] Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent -> %UserDocuments%\Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent -> [Ver = | Size = 14333 bytes | Modified Date = 22/09/2007 21:53:18 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent:Zone.Identifier -> SP_A0163.jpg -> %UserDocuments%\SP_A0163.jpg -> [Ver = | Size = 17950 bytes | Modified Date = 03/09/2007 20:32:46 | Attr = ] SP_A0164.jpg -> %UserDocuments%\SP_A0164.jpg -> [Ver = | Size = 16338 bytes | Modified Date = 03/09/2007 20:32:34 | Attr = ] SP_A0166.jpg -> %UserDocuments%\SP_A0166.jpg -> [Ver = | Size = 17230 bytes | Modified Date = 03/09/2007 20:31:06 | Attr = ] supp-dll-mémoire.reg -> %UserDocuments%\supp-dll-mémoire.reg -> [Ver = | Size = 115 bytes | Modified Date = 17/09/2007 17:53:04 | Attr = ] Track 01.bin -> %UserDocuments%\Track 01.bin -> [Ver = | Size = 529849152 bytes | Modified Date = 02/09/2007 15:28:22 | Attr = ] tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe -> %UserDocuments%\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe -> [Ver = 6.0.1.4 | Size = 6376978 bytes | Modified Date = 16/09/2007 15:04:24 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe:Zone.Identifier -> txp4trial.exe -> %UserDocuments%\txp4trial.exe -> [Ver = 6.0.1.4 | Size = 6367757 bytes | Modified Date = 16/09/2007 14:32:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\txp4trial.exe:Zone.Identifier -> [.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent -> %UserDocuments%\[.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent -> [Ver = | Size = 15141 bytes | Modified Date = 21/09/2007 23:08:48 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\[.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent:Zone.Identifier -> Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1790 bytes | Modified Date = 19/09/2007 15:46:08 | Attr = ] Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1790 bytes | Modified Date = 19/09/2007 15:46:08 | Attr = ] Babylon.lnk -> %AllUsersDesktop%\Babylon.lnk -> [Ver = | Size = 798 bytes | Modified Date = 19/09/2007 12:56:18 | Attr = ] HP Photosmart Essential.lnk -> %AllUsersDesktop%\HP Photosmart Essential.lnk -> [Ver = | Size = 1887 bytes | Modified Date = 17/09/2007 17:34:12 | Attr = ] Multimedia manager.lnk -> %AllUsersDesktop%\Multimedia manager.lnk -> [Ver = | Size = 1805 bytes | Modified Date = 03/09/2007 19:11:52 | Attr = ] Multimedia player.lnk -> %AllUsersDesktop%\Multimedia player.lnk -> [Ver = | Size = 1828 bytes | Modified Date = 03/09/2007 19:11:52 | Attr = ] Samsung PC Studio 3.lnk -> %AllUsersDesktop%\Samsung PC Studio 3.lnk -> [Ver = | Size = 1765 bytes | Modified Date = 03/09/2007 19:11:52 | Attr = ] 20070112093709031_Samsung_PC_Studio.exe -> %UserDesktop%\20070112093709031_Samsung_PC_Studio.exe -> [Ver = | Size = 57273968 bytes | Modified Date = 03/09/2007 19:07:42 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\20070112093709031_Samsung_PC_Studio.exe:Zone.Identifier -> antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe -> %UserDesktop%\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe -> [Ver = | Size = 17180760 bytes | Modified Date = 11/09/2007 19:13:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe:Zone.Identifier -> ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 21/09/2007 20:23:24 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier -> CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Modified Date = 15/09/2007 13:00:00 | Attr = ] ccleaner_ccleaner_1.41.544_francais_14492.exe -> %UserDesktop%\ccleaner_ccleaner_1.41.544_francais_14492.exe -> Piriform Ltd [Ver = 1.41.0.544 | Size = 2720456 bytes | Modified Date = 15/09/2007 12:59:30 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\ccleaner_ccleaner_1.41.544_francais_14492.exe:Zone.Identifier -> DiagHelp -> %UserDesktop%\DiagHelp -> [Folder | Modified Date = 11/09/2007 19:03:38 | Attr = ] Diskeeper2007-Home.exe -> %UserDesktop%\Diskeeper2007-Home.exe -> Diskeeper Corporation [Ver = 11.0.709t | Size = 15087208 bytes | Modified Date = 09/09/2007 19:35:08 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\Diskeeper2007-Home.exe:Zone.Identifier -> inland.empire.fr.dvdrip.torrent -> %UserDesktop%\inland.empire.fr.dvdrip.torrent -> [Ver = | Size = 38264 bytes | Modified Date = 01/09/2007 14:13:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\inland.empire.fr.dvdrip.torrent:Zone.Identifier -> installer -> %UserDesktop%\installer -> [Folder | Modified Date = 21/09/2007 22:46:02 | Attr = ] IZArc_Setup.exe -> %UserDesktop%\IZArc_Setup.exe -> IZSoftware [Ver = 3.81 Build 1550 | Size = 3723454 bytes | Modified Date = 01/08/2007 15:16:46 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\IZArc_Setup.exe:Zone.Identifier -> La Môme.torrent -> %UserDesktop%\La Môme.torrent -> [Ver = | Size = 14246 bytes | Modified Date = 17/08/2007 15:40:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\La Môme.torrent:Zone.Identifier -> WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 23/09/2007 19:48:58 | Attr = ] winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Modified Date = 23/09/2007 19:46:38 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier -> X86 -> %UserDesktop%\X86 -> [Folder | Modified Date = 09/09/2007 19:35:16 | Attr = ] µTorrent.lnk -> %UserDesktop%\µTorrent.lnk -> [Ver = | Size = 630 bytes | Modified Date = 12/08/2007 17:07:42 | Attr = ] HP -> %CommonProgramFiles%\HP -> [Folder | Modified Date = 17/09/2007 17:33:42 | Attr = ] SureThing Shared -> %CommonProgramFiles%\SureThing Shared -> [Folder | Modified Date = 03/08/2007 14:22:14 | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 03/08/2007 14:20:34 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 19/09/2007 15:44:42 | Attr = ] [File String Scan - Non-Microsoft Only] abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %SystemDrive%\rapport.txt -> [Ver = | Size = 220568 bytes | Modified Date = 19/09/2007 21:12:44 | Attr = ] UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.3.0.1103 | Size = 267845 bytes | Modified Date = 14/09/2007 19:02:08 | Attr = ] UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1163344 bytes | Modified Date = 14/09/2007 19:02:06 | Attr = ] PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 24/04/2003 13:00:00 | Attr = ] UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27/04/2006 17:49:30 | Attr = ] UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29/08/2006 19:43:54 | Attr = ] UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 09/01/2006 10:36:06 | Attr = ] UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/2006 06:20:34 | Attr = ] UPX! , UPX0 , -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 06/09/2007 00:22:24 | Attr = ] winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 24/04/2003 13:00:00 | Attr = ] WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 24/04/2003 14:00:00 | Attr = ] UPX0 , -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 809394 bytes | Modified Date = 24/04/2003 14:00:00 | Attr = ] @Alternate Data Stream - 140 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2 -> @Alternate Data Stream - 26 bytes -> %UserDocuments%\ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDocuments%\Amee..[JAM-HOT.com].wmv.torrent:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDocuments%\Babylon6_setup_eng_eng_oxford.exe:Zone.Identifier -> Thawte Consulting , -> %UserDocuments%\Babylon6_setup_eng_eng_oxford.exe -> [Ver = | Size = 13584608 bytes | Modified Date = 19/09/2007 12:53:10 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\DiagHelp.zip:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDocuments%\DSPP_CIP.doc:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDocuments%\Fixwareout.exe:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDocuments%\HiJackThis_v2.exe:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDocuments%\Masha..[JAM-HOT.com].avi.torrent:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDocuments%\Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent:Zone.Identifier -> File scan skipped for file %UserDocuments%\Track 01.bin -> File size too big (529849152 bytes) -> @Alternate Data Stream - 26 bytes -> %UserDocuments%\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe:Zone.Identifier -> UPX! , UPX0 , -> %UserDocuments%\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe -> [Ver = 6.0.1.4 | Size = 6376978 bytes | Modified Date = 16/09/2007 15:04:24 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\txp4trial.exe:Zone.Identifier -> UPX! , UPX0 , -> %UserDocuments%\txp4trial.exe -> [Ver = 6.0.1.4 | Size = 6367757 bytes | Modified Date = 16/09/2007 14:32:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDocuments%\[.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\1408:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\20070112093709031_Samsung_PC_Studio.exe:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier -> UPX! , UPX0 , -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 21/09/2007 20:23:24 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\ccleaner_ccleaner_1.41.544_francais_14492.exe:Zone.Identifier -> Thawte Consulting , -> %UserDesktop%\ccleaner_ccleaner_1.41.544_francais_14492.exe -> Piriform Ltd [Ver = 1.41.0.544 | Size = 2720456 bytes | Modified Date = 15/09/2007 12:59:30 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\Diskeeper2007-Home.exe:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\inland.empire.fr.dvdrip.torrent:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\invisible:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\IZArc_Setup.exe:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\La Môme.torrent:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\laidcv.rtf:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\MBSASetup-FR.msi:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\Mr Brooks:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\roldfic.zip:Zone.Identifier -> Thawte Consulting , -> %UserDesktop%\Samsung_PC_Studio_311_FKB.exe -> Macrovision Corporation [Ver = 10.50.132 | Size = 58032562 bytes | Modified Date = 11/01/2007 15:07:18 | Attr = ] FSG! , -> %UserDesktop%\uTorrent-1.6.1-install.exe -> [Ver = 1.6.1 | Size = 697492 bytes | Modified Date = 09/06/2007 15:07:30 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier -> < End of report >

J'ai fais ce que tu ma indiqué fichier introuvable?

Concernant le fichier d'échange j'ai remis les parametres par default sinon je n'ai pas fait de réglage particulier concernant internet ça tourne à peu près ,par contre c'est le tps d'ouverture et de fermeture windows qui est toujours aussi lent le scan suivant fait reference à Avg et effectivement il y a parfois le centre de sécurité (pare feu de windows me rappel que avg n'est pas à jour avec le signe windows en rouge , alors que je n'utilise plus avg je pensai l'avoir virer et le centre de securite ne fais que reference à avg ? comment retrouver ce fichier infecter ;*********************************************************************************************************************************************************************************** ANALYSIS: 2007-09-22 15:35:40 PROTECTIONS: 2 MALWARE: 1 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== Système anti-virus AVG 7.0.289 7.0.289 Yes No Avira AntiVir PersonalEdition 6.39.1.164 No Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe ;=================================================================================================================================================================================== SUSPECTS Location ;=================================================================================================================================================================================== ;===================================================================================================================================================================================

Merci de me suivre j'ai fais le scan en mode sans echec , je suis surpris que antivir trouve 2 virus qui ont un rapport avec l'outil wareout et hijackthis ? nom des virus APPL/NirCmd.2 et PCK/Dumped. wareout concernai bien le redemarage par cmd , il faut savoir que depuis je n'ai plus le message de bienvenue de windows et qu'ala place j'ai un ecran tout bleu et après le bureau ? J'aurai également un problème avec hijack concernant le fichier version traduite originale.exe , alors que n'est fais que télecharger la version française hijack , pas sur le site officiel? Personnellement je suis encore plus paumé !!!!! Du coup hijackthis je me demande si je dois pas le virer ? Mon pc déconne , toujours au ralentit pour tout. AntiVir PersonalEdition Classic Report file date: vendredi 21 septembre 2007 20:28 Scanning for 1077818 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: DEHFOS Computer name: VOTRE-324AA4A56 Version information: BUILD.DAT : 268 15604 Bytes 31/08/2007 13:04:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 11/09/2007 18:10:31 AVSCAN.DLL : 7.0.6.0 49192 Bytes 11/09/2007 18:10:31 LUKE.DLL : 7.0.5.3 147496 Bytes 11/09/2007 18:10:31 LUKERES.DLL : 7.0.6.1 10280 Bytes 11/09/2007 18:10:31 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58 ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 18:10:37 ANTIVIR2.VDF : 6.39.1.120 1918464 Bytes 12/09/2007 17:18:14 ANTIVIR3.VDF : 6.39.1.163 208896 Bytes 21/09/2007 17:55:02 AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 19/09/2007 15:18:34 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 11/09/2007 18:10:31 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 11/09/2007 18:10:39 AVREG.DLL : 7.0.1.6 30760 Bytes 11/09/2007 18:10:31 AVARKT.DLL : 1.0.0.20 278568 Bytes 11/09/2007 18:10:30 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 11/09/2007 18:10:30 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 11/09/2007 18:10:09 RCTEXT.DLL : 7.0.62.0 86056 Bytes 11/09/2007 18:10:09 SQLITE3.DLL : 3.3.17.1 339968 Bytes 11/09/2007 18:10:32 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: c:\program files\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: vendredi 21 septembre 2007 20:28 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! [WARNING] The boot sector file could not be read! [WARNING] Error code: 0x0083 Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '20' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\fixwareout\FindT\nircmd.exe [DETECTION] Contains detection pattern of the application APPL/NirCmd.2 [iNFO] The file was moved to '47660ffb.qua'! C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file [iNFO] The file was moved to '4746111a.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' Search path D:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: vendredi 21 septembre 2007 21:03 Used time: 34:47 min The scan has been done completely. 3028 Scanning directories 147301 Files were scanned 2 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 147299 Files not concerned 630 Archives were scanned 2 Warnings 1 Notes StartupList report, 21/09/2007, 21:51:12 StartupList version: 1.52.2 Started from : C:\Documents and Settings\DEHFOS\Mes documents\HiJackThis_v2.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16512) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\DEHFOS\Mes documents\HiJackThis_v2.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\DEHFOS\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run HP Software Update = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" avgnt = "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" AAWTray = C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe ccleaner = "C:\Program Files\CCleaner\ccleaner.exe" /AUTO -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [optionalcomponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] * StubPath = C:\WINDOWS\system32\ieudinit.exe [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found* -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -------------------------------------------------- Enumerating Task Scheduler jobs: SesamTVMC.job Spybot - Search & Destroy - Scheduled Task.job -------------------------------------------------- Enumerating Download Program Files: [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [bDSCANONLINE Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\oscan8.ocx CODEBASE = http://www.zebulon.fr/scan8/oscan8.cab [Java Plug-in 1.6.0_02] InProcServer32 = C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll CODEBASE = http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll NameSpace #4: C:\WINDOWS\System32\nwprovau.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Ad-Aware 2007 Service: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" (disabled) abp480n5: \SystemRoot\system32\DRIVERS\ABP480N5.SYS (disabled) Pilote ACPI Microsoft: system32\DRIVERS\ACPI.sys (system) adpu160m: \SystemRoot\system32\DRIVERS\adpu160m.sys (disabled) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) AFD: \SystemRoot\System32\drivers\afd.sys (system) Filtre de bus AGP Intel: \SystemRoot\system32\DRIVERS\agp440.sys (disabled) Filtre de bus AGP Compaq: \SystemRoot\system32\DRIVERS\agpCPQ.sys (disabled) Aha154x: \SystemRoot\system32\DRIVERS\aha154x.sys (disabled) aic78u2: \SystemRoot\system32\DRIVERS\aic78u2.sys (disabled) aic78xx: \SystemRoot\system32\DRIVERS\aic78xx.sys (disabled) Avertissement: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) AliIde: \SystemRoot\system32\DRIVERS\aliide.sys (disabled) Filtre de bus AGP ALI: \SystemRoot\system32\DRIVERS\alim1541.sys (disabled) Pilote de filtre du bus AMD AGP: \SystemRoot\system32\DRIVERS\amdagp.sys (disabled) Pilote de processeur AMD: system32\DRIVERS\AmdK8.sys (system) amsint: \SystemRoot\system32\DRIVERS\amsint.sys (disabled) AntiVir PersonalEdition Classic Scheduler: "C:\Program Files\AntiVir PersonalEdition Classic\sched.exe" (autostart) AntiVir PersonalEdition Classic Guard: "C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe" (autostart) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) asc: \SystemRoot\system32\DRIVERS\asc.sys (disabled) asc3350p: \SystemRoot\system32\DRIVERS\asc3350p.sys (disabled) asc3550: \SystemRoot\system32\DRIVERS\asc3550.sys (disabled) ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start) Pilote de média asynchrone RAS: system32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: system32\DRIVERS\atapi.sys (system) Protocole client ATM ARP: system32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: system32\DRIVERS\audstub.sys (manual start) avgio: \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys (system) avgntflt: \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys (manual start) AVG Network redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart) avipbb: system32\DRIVERS\avipbb.sys (system) Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) cbidf: \SystemRoot\system32\DRIVERS\cbidf2k.sys (disabled) cd20xrnt: \SystemRoot\system32\DRIVERS\cd20xrnt.sys (disabled) Pilote de CD-ROM: system32\DRIVERS\cdrom.sys (system) Service d'indexation: %SystemRoot%\system32\cisvc.exe (disabled) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (disabled) .NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start) CmdIde: \SystemRoot\system32\DRIVERS\cmdide.sys (disabled) Application système COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Cpqarray: \SystemRoot\system32\DRIVERS\cpqarray.sys (disabled) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) dac2w2k: \SystemRoot\system32\DRIVERS\dac2w2k.sys (disabled) dac960nt: \SystemRoot\system32\DRIVERS\dac960nt.sys (disabled) Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de disque: system32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) dpti2o: \SystemRoot\system32\DRIVERS\dpti2o.sys (disabled) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) drvmcdb: system32\DRIVERS\drvmcdb.sys (system) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) FBAPI: \??\C:\WINDOWS\system32\drivers\FBAPI.sys (autostart) Pilote de contrôleur de lecteur de disquettes: system32\DRIVERS\fdc.sys (manual start) Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet: system32\DRIVERS\fetnd5.sys (manual start) VIA Rhine Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5b.sys (manual start) FltMgr: system32\DRIVERS\fltMgr.sys (system) Pilote du Gestionnaire de volume: system32\DRIVERS\ftdisk.sys (system) Filtre AGP version 3.0 générique Microsoft pour plates-formes à base de processeur K8: system32\DRIVERS\gagp30kx.sys (system) gmer: System32\DRIVERS\gmer.sys (manual start) GMSIPCI: \??\D:\INSTALL\GMSIPCI.SYS (manual start) Classificateur de paquets générique: system32\DRIVERS\msgpc.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote de classe HID Microsoft: system32\DRIVERS\hidusb.sys (manual start) hpn: \SystemRoot\system32\DRIVERS\hpn.sys (disabled) IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start) Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start) USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) i2omp: \SystemRoot\system32\DRIVERS\i2omp.sys (disabled) Pilote pour clavier i8042 et souris sur port PS/2: system32\DRIVERS\i8042prt.sys (system) InstallDriver Table Manager: "C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (disabled) Pilote de filtre de gravure CD: system32\DRIVERS\imapi.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\system32\imapi.exe (manual start) ini910u: \SystemRoot\system32\DRIVERS\ini910u.sys (disabled) IntelIde: \SystemRoot\system32\DRIVERS\intelide.sys (disabled) Pilote du pare-feu Windows IPv6: system32\DRIVERS\Ip6Fw.sys (manual start) Pilote de filtre de trafic IP: system32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: system32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: system32\DRIVERS\ipnat.sys (manual start) Pilote IPSEC: system32\DRIVERS\ipsec.sys (system) Service énumérateur IR: system32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: system32\DRIVERS\isapnp.sys (system) Pilote de la classe Clavier: system32\DRIVERS\kbdclass.sys (system) Pilote HID de clavier: system32\DRIVERS\kbdhid.sys (system) KLIF: \??\C:\WINDOWS\system32\drivers\klif.sys (manual start) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Machnm32 Driver: \??\C:\WINDOWS\system32\Machnm32.sys (autostart) Affichage des messages: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Partage de Bureau à distance NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start) Pilote de la classe Souris: system32\DRIVERS\mouclass.sys (system) Pilote HID de souris: system32\DRIVERS\mouhid.sys (manual start) mraid35x: \SystemRoot\system32\DRIVERS\mraid35x.sys (disabled) Redirecteur client WebDav: system32\DRIVERS\mrxdav.sys (manual start) MRXSMB: system32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Pilote BIOS de gestion de systèmes Microsoft: system32\DRIVERS\mssmbios.sys (manual start) Pilote TAPI NDIS d'accès distant: system32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: system32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: system32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: system32\DRIVERS\netbios.sys (system) NetBIOS sur TCP/IP: system32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) Ouverture de session réseau: %SystemRoot%\system32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\system32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote de filtre de trafic IPX: system32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: system32\DRIVERS\nwlnkfwd.sys (manual start) Office Source Engine: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" (disabled) Pilote de port parallèle: system32\DRIVERS\parport.sys (manual start) Pilote de bus PCI: system32\DRIVERS\pci.sys (system) PCIIde: \SystemRoot\system32\DRIVERS\pciide.sys (disabled) VSO Software pcouffin: System32\Drivers\pcouffin.sys (manual start) perc2: \SystemRoot\system32\DRIVERS\perc2.sys (disabled) perc2hib: \SystemRoot\system32\DRIVERS\perc2hib.sys (disabled) PhnxVcd: System32\Drivers\PhnxVcd.sys (manual start) Phoenix VCD Service: C:\WINDOWS\system32\PhnxCDSvr.exe (disabled) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (disabled) Services IPSEC: %SystemRoot%\system32\lsass.exe (autostart) Miniport réseau étendu (PPTP): system32\DRIVERS\raspptp.sys (manual start) Pilote processeur: system32\DRIVERS\processr.sys (system) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: system32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: system32\DRIVERS\ptilink.sys (manual start) Disk Filter Driver: system32\drivers\ptpd.sys (system) PxHelp20: System32\Drivers\PxHelp20.sys (system) ql1080: \SystemRoot\system32\DRIVERS\ql1080.sys (disabled) Ql10wnt: \SystemRoot\system32\DRIVERS\ql10wnt.sys (disabled) ql12160: \SystemRoot\system32\DRIVERS\ql12160.sys (disabled) ql1240: \SystemRoot\system32\DRIVERS\ql1240.sys (disabled) ql1280: \SystemRoot\system32\DRIVERS\ql1280.sys (disabled) Pilote de connexion automatique d'accès distant: system32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): system32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: system32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: system32\DRIVERS\raspti.sys (manual start) Rdbss: system32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Pilote de redirecteur de périphérique Terminal Server: system32\DRIVERS\rdpdr.sys (manual start) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) Pilote de filtre de lecture digitale de CD audio: system32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\system32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: system32\DRIVERS\secdrv.sys (manual start) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de filtre Serenum: system32\DRIVERS\serenum.sys (manual start) Pilote de port série: system32\DRIVERS\serial.sys (system) Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Filtre de bus AGP SIS: \SystemRoot\system32\DRIVERS\sisagp.sys (disabled) Sparrow: \SystemRoot\system32\DRIVERS\sparrow.sys (disabled) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) sptd: System32\Drivers\sptd.sys (system) Pilote de filtre de restauration système: system32\DRIVERS\sr.sys (system) Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Srv: system32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) ssmdrv: system32\DRIVERS\ssmdrv.sys (system) SAMSUNG Mobile USB Device II 1.0 driver (WDM): system32\DRIVERS\ssm_bus.sys (manual start) SAMSUNG Mobile USB Modem II 1.0 Filter: system32\DRIVERS\ssm_mdfl.sys (manual start) SAMSUNG Mobile USB Modem II 1.0 Drivers: system32\DRIVERS\ssm_mdm.sys (manual start) Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) Pilote de bus logiciel: system32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{27D524CB-A5A3-467C-A170-BE5A05D05B86} (manual start) symc810: \SystemRoot\system32\DRIVERS\symc810.sys (disabled) symc8xx: \SystemRoot\system32\DRIVERS\symc8xx.sys (disabled) sym_hi: \SystemRoot\system32\DRIVERS\sym_hi.sys (disabled) sym_u3: \SystemRoot\system32\DRIVERS\sym_u3.sys (disabled) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: system32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: system32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) TosIde: \SystemRoot\system32\DRIVERS\toside.sys (disabled) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) ultra: \SystemRoot\system32\DRIVERS\ultra.sys (disabled) Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (disabled) Pilote de mise à jour microcode: system32\DRIVERS\update.sys (manual start) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Onduleur: %SystemRoot%\System32\ups.exe (manual start) Pilote parent générique USB Microsoft: system32\DRIVERS\usbccgp.sys (manual start) Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0: system32\DRIVERS\usbehci.sys (manual start) Concentrateur USB2: system32\DRIVERS\usbhub.sys (manual start) Classe d'imprimantes USB Microsoft: system32\DRIVERS\usbprint.sys (manual start) Pilote de scanneur USB: system32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: system32\DRIVERS\USBSTOR.SYS (manual start) Pilote miniport de contrôleur hôte universel USB Microsoft: system32\DRIVERS\usbuhci.sys (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) Filtre de bus AGP VIA: \SystemRoot\system32\DRIVERS\viaagp.sys (disabled) viagfx: system32\DRIVERS\vtmini.sys (manual start) ViaIde: system32\DRIVERS\viaide.sys (system) viamraid: system32\DRIVERS\viamraid.sys (system) Vinyl AC'97 Audio Controller (WDM): system32\drivers\vinyl97.sys (manual start) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: system32\DRIVERS\wanarp.sys (manual start) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Service Windows Media Connect: C:\Program Files\Windows Media Connect 2\wmccds.exe (disabled) Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte de performance WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start) Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled) Centre de sécurité: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Service d'approvisionnement réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\DOCUME~1\DEHFOS\LOCALS~1\TEMPOR~1\Content.IE5\index.dat||C:\DOCUME~1\DEHFOS\Cookies\index.dat||C:\DOCUME~1\DEHFOS\LOCALS~1\Temp\_iu14D2N.tmp|||\ -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 36 438 bytes Report generated in 0,938 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

Lorsque wareout à terminer j'ai eu un message en anglais qu'il y aurai un dnsbak.reg je poste les logs merci de m'aider j'espere arriver à retablir le pc. Username "DEHFOS" - 20/09/2007 18:21:03 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check Cache de résolution DNS vidé. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\"" "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\"" "AAWTray"="C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\AAWTray.exe" "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "ccleaner"="\"C:\\Program Files\\CCleaner\\ccleaner.exe\" /AUTO" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ DiagHelp version - http://www.malekal.com excute le 20/09/2007 à 18:28:45,70 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->20/09/2007 18:28:32 C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->20/09/2007 18:28:22 C:\WINDOWS\prefetch\MSCONFIG.EXE-35E4DAE9.pf -->20/09/2007 18:26:23 C:\WINDOWS\prefetch\CCLEANER.EXE-0BCE437C.pf -->20/09/2007 18:26:23 C:\WINDOWS\prefetch\CTFMON.EXE-0E17969B.pf -->20/09/2007 18:26:18 C:\WINDOWS\prefetch\JUSCHED.EXE-03785878.pf -->20/09/2007 18:26:15 C:\WINDOWS\prefetch\AAWTRAY.EXE-18C6B527.pf -->20/09/2007 18:26:15 C:\WINDOWS\prefetch\HPWUSCHD2.EXE-02F6D2DD.pf -->20/09/2007 18:26:13 C:\WINDOWS\prefetch\AVGNT.EXE-073A2808.pf -->20/09/2007 18:26:07 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->20/09/2007 18:25:52 C:\WINDOWS\System32\drivers\avipbb.sys -->11/09/2007 20:10:40 C:\WINDOWS\System32\drivers\fidbox.dat -->06/09/2007 12:48:58 C:\WINDOWS\System32\drivers\fidbox2.dat -->06/09/2007 12:47:31 C:\WINDOWS\System32\drivers\fidbox2.idx -->06/09/2007 12:40:04 C:\WINDOWS\System32\drivers\fidbox.idx -->06/09/2007 12:40:04 C:\WINDOWS\System32\drivers\sptd.sys -->02/09/2007 15:11:18 C:\WINDOWS\System32\drivers\AWRTRD.sys -->07/08/2007 13:58:08 C:\WINDOWS\System32\wpa.dbl -->20/09/2007 18:23:51 C:\WINDOWS\System32\tmp.txt -->19/09/2007 21:00:50 C:\WINDOWS\System32\tmp.reg -->19/09/2007 21:00:50 C:\WINDOWS\System32\jupdate-1.6.0_02-b06.log -->17/09/2007 23:08:58 C:\WINDOWS\System32\Uninstall.ico -->17/09/2007 22:55:05 C:\WINDOWS\System32\pavas.ico -->17/09/2007 22:55:05 C:\WINDOWS\System32\Help.ico -->17/09/2007 22:55:05 C:\WINDOWS\System32\PerfStringBackup.INI -->09/09/2007 19:13:34 C:\WINDOWS\System32\perfh00C.dat -->09/09/2007 19:13:34 C:\WINDOWS\System32\perfh009.dat -->09/09/2007 19:13:34 C:\WINDOWS\System32\perfc00C.dat -->09/09/2007 19:13:34 C:\WINDOWS\System32\perfc009.dat -->09/09/2007 19:13:34 C:\WINDOWS\System32\MRT.exe -->06/09/2007 04:50:42 C:\WINDOWS\System32\VCCLSID.exe -->06/09/2007 00:22:23 C:\WINDOWS\System32\TZLog.log -->29/08/2007 08:56:17 C:\WINDOWS\System32\imon1.dat -->22/08/2007 22:36:44 C:\WINDOWS\System32\wuaucpl.cpl.mui -->30/07/2007 19:20:06 C:\WINDOWS\System32\wuapi.dll.mui -->30/07/2007 19:19:52 C:\WINDOWS\System32\wuaueng.dll -->30/07/2007 19:19:42 C:\WINDOWS\System32\wuapi.dll -->30/07/2007 19:19:36 C:\WINDOWS\System32\wucltui.dll -->30/07/2007 19:19:32 C:\WINDOWS\System32\wuweb.dll -->30/07/2007 19:19:28 C:\WINDOWS\System32\wuaucpl.cpl -->30/07/2007 19:19:28 C:\WINDOWS\System32\cdm.dll -->30/07/2007 19:19:20 C:\WINDOWS\System32\wuauclt.exe -->30/07/2007 19:19:16 C:\WINDOWS\WindowsUpdate.log -->20/09/2007 18:24:00 C:\WINDOWS\wiadebug.log -->20/09/2007 18:23:04 C:\WINDOWS\wiaservc.log -->20/09/2007 18:22:59 C:\WINDOWS\bootstat.dat -->20/09/2007 18:22:42 C:\WINDOWS\SchedLgU.Txt -->20/09/2007 18:21:58 C:\WINDOWS\win.ini -->20/09/2007 18:12:24 C:\WINDOWS\system.ini -->20/09/2007 18:12:24 C:\WINDOWS\Sti_Trace.log -->20/09/2007 18:05:05 C:\WINDOWS\fllib.dll -->16/09/2007 15:14:37 C:\WINDOWS\iun6002.exe -->16/09/2007 15:04:22 C:\WINDOWS\tsc.ini -->14/09/2007 20:16:03 C:\WINDOWS\tsc.ptn -->14/09/2007 19:02:07 C:\WINDOWS\tsc.exe -->14/09/2007 19:02:06 C:\WINDOWS\hcextoutput.dll -->14/09/2007 19:02:05 C:\WINDOWS\vsapi32.dll -->14/09/2007 19:02:04 MD5 des fichiers sensibles tcpip.sys 1dbf125862891817f374f407626967f4 null.sys 73c1e1f395918bc2c6dd67af7591a3ad svchost.exe 2979b03d5382a602623c0535b16ab9c0 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 0854-E6B7 Répertoire de C:\WINDOWS\system32 19/08/2004 16:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 58 127 626 240 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 0854-E6B7 Répertoire de C:\WINDOWS\Downloaded Program Files 19/09/2007 18:16 <REP> . 19/09/2007 18:16 <REP> .. 07/03/2007 01:59 300 680 arclib.dll 24/08/2006 08:28 141 424 asinst.dll 22/08/2006 09:06 537 asinst.inf 07/12/2004 17:07 32 bdcore.dll 25/05/2006 01:21 118 784 bdupd.dll 18/09/2007 01:30 <REP> CONFLICT.1 25/01/2006 17:02 65 desktop.ini 15/06/2006 18:33 1 132 192 EPUWALcontrol.dll 07/06/2006 10:09 1 249 erma.inf 25/05/2006 01:21 53 248 ipsupd.dll 14/03/2007 04:02 1 055 jinstall-6u1.inf 12/07/2007 04:22 1 055 jinstall-6u2.inf 16/03/2005 12:34 7 407 lang.ini 13/04/2007 15:27 367 LegitCheckControl.inf 22/08/2007 09:55 12 592 LibComm.dll 07/12/2004 17:07 32 libfn.dll 14/03/2005 14:38 126 live.ini 01/06/2006 02:57 1 331 oscan8.inf 01/06/2006 02:54 471 040 oscan8.ocx 31/05/2006 04:15 10 oscan81.ocx_x 22/08/2007 09:55 43 824 PSComm.dll 22/08/2007 09:55 100 656 PSNAdbrk.dll 14/03/2005 14:58 7 073 scanoptions.tsi 18/09/2007 06:21 3 868 vet.da1 18/09/2007 04:25 10 627 256 vet.dat 13/07/2007 06:11 1 353 016 vete.dll 02/11/2005 18:01 1 777 xscan.inf 02/11/2005 18:07 435 712 xscan53.ocx 27 fichier(s) 14 816 408 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 18/09/2007 01:30 <REP> . 18/09/2007 01:30 <REP> .. 15/06/2006 18:33 1 132 192 EPUWALcontrol.dll 18/07/2007 14:49 12 592 libcomm.dll 2 fichier(s) 1 144 784 octets Total des fichiers listés : 29 fichier(s) 15 961 192 octets 5 Rép(s) 58 127 622 144 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMuleMorphXT" "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-20 18:28:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:b3,48,ad,a3,bf,8f,e8,47,89,42,74,de,10,05,b7,2a,de,a7,c4,73,47,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:b3,48,ad,a3,bf,8f,e8,47,89,42,74,de,10,05,b7,2a,de,a7,c4,73,47,.. scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{28F9151B-ABDA-3820-0818-ABEE25D08BD3}] "dbcflollnpfipicpijelnbnibljgbjgeiagjloln"=hex:6a,61,67,6d,69,62,67,69,6c,62,6a,61,69,6b,6b,6b,6a,65,69,6d,00,.. "cbafdhkeocioanfgdcmpifceoefacdmeohdgol"=hex:6a,61,67,6d,69,62,67,69,6c,62,6a,61,69,6b,6b,6b,6a,65,69,6d,00,.. "iacflollnpfipicpij"=hex:61,61,00,00 "haafdhkeocioanfg"=hex:61,61,00,00 "iagknodhoedlmmefbk"=hex:61,61,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8601FE80-E8A0-CFFE-616C-C8E0162C36D9}] "dbmmfodjaokjmggpgnlodjliedljakdhmjkjlicj"=hex:6a,61,69,69,62,67,64,70,69,6e,6e,6c,6a,67,6b,6e,6a,64,6f,66,00,.. "cboflbpjcnkihdijacmifpahkebdadlhahlboo"=hex:6a,61,69,69,62,67,64,70,69,6e,6e,6c,6a,67,6b,6e,6a,64,6f,66,00,.. "iammfodjaokjmggpgn"=hex:61,61,00,00 "haoflbpjcnkihdij"=hex:61,61,00,00 "iaignaahcboelbacjp"=hex:61,61,00,00 scanning hidden files ... scan completed successfully hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 356 - alg.exe 436 - AAWTray.exe 456 - csrss.exe 480 - winlogon.exe 524 - services.exe 536 - lsass.exe 688 - svchost.exe 748 - svchost.exe 828 - svchost.exe 860 - svchost.exe 964 - svchost.exe 1084 - spoolsv.exe 1132 - avguard.exe 1516 - sched.exe 1520 - explorer.exe 1596 - svchost.exe 1948 - cmd.exe 1956 - avgnt.exe Total number of processes = 19 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806CE000 - \WINDOWS\system32\hal.dll FB02C000 - \WINDOWS\system32\KDCOM.DLL FAF3C000 - \WINDOWS\system32\BOOTVID.dll FA941000 - sptd.sys FB02E000 - \WINDOWS\System32\Drivers\WMILIB.SYS FA929000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS FA8FA000 - ACPI.sys FA8E9000 - pci.sys FAB2C000 - isapnp.sys FB030000 - viaide.sys FADAC000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS FAB3C000 - MountMgr.sys FA8CA000 - ftdisk.sys FADB4000 - PartMgr.sys FAB4C000 - VolSnap.sys FA8B2000 - atapi.sys FAB5C000 - viamraid.sys FAB6C000 - disk.sys FAB7C000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS FA892000 - fltMgr.sys FA880000 - sr.sys FA86B000 - drvmcdb.sys FADBC000 - PxHelp20.sys FA854000 - KSecDD.sys FA7C7000 - Ntfs.sys FA79A000 - NDIS.sys FAB8C000 - RITCPT.sys FB032000 - ptpd.sys FA77F000 - Mup.sys FAB9C000 - gagp30kx.sys FAD5C000 - \SystemRoot\system32\DRIVERS\AmdK8.sys FA24B000 - \SystemRoot\system32\DRIVERS\vtmini.sys FA237000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS FAD6C000 - \SystemRoot\system32\DRIVERS\imapi.sys FAD7C000 - \SystemRoot\system32\DRIVERS\cdrom.sys FAD8C000 - \SystemRoot\system32\DRIVERS\redbook.sys FA214000 - \SystemRoot\system32\DRIVERS\ks.sys FAE6C000 - \SystemRoot\system32\DRIVERS\usbuhci.sys FA1F1000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS FAE74000 - \SystemRoot\system32\DRIVERS\usbehci.sys FA1BF000 - \SystemRoot\system32\drivers\vinyl97.sys FA19B000 - \SystemRoot\system32\drivers\portcls.sys FAD9C000 - \SystemRoot\system32\drivers\drmk.sys FA306000 - \SystemRoot\system32\DRIVERS\fetnd5b.sys FAE7C000 - \SystemRoot\system32\DRIVERS\fdc.sys FA18A000 - \SystemRoot\system32\DRIVERS\serial.sys FB008000 - \SystemRoot\system32\DRIVERS\serenum.sys FA176000 - \SystemRoot\system32\DRIVERS\parport.sys FB237000 - \SystemRoot\system32\DRIVERS\audstub.sys FA2F6000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys FB00C000 - \SystemRoot\system32\DRIVERS\ndistapi.sys FA15F000 - \SystemRoot\system32\DRIVERS\ndiswan.sys FA2E6000 - \SystemRoot\system32\DRIVERS\raspppoe.sys FA2D6000 - \SystemRoot\system32\DRIVERS\raspptp.sys FAE84000 - \SystemRoot\system32\DRIVERS\TDI.SYS FA14E000 - \SystemRoot\system32\DRIVERS\psched.sys FA2C6000 - \SystemRoot\system32\DRIVERS\msgpc.sys FAE8C000 - \SystemRoot\system32\DRIVERS\ptilink.sys FAE94000 - \SystemRoot\system32\DRIVERS\raspti.sys FA2B6000 - \SystemRoot\System32\Drivers\pcouffin.sys FA2A6000 - \SystemRoot\System32\Drivers\PhnxVcd.sys FA276000 - \SystemRoot\system32\DRIVERS\termdd.sys FAE9C000 - \SystemRoot\system32\DRIVERS\kbdclass.sys FAEA4000 - \SystemRoot\system32\DRIVERS\mouclass.sys FB04E000 - \SystemRoot\system32\DRIVERS\swenum.sys FA100000 - \SystemRoot\system32\DRIVERS\update.sys FB01C000 - \SystemRoot\system32\DRIVERS\mssmbios.sys FABCC000 - \SystemRoot\System32\Drivers\NDProxy.SYS FABDC000 - \SystemRoot\system32\DRIVERS\usbhub.sys FB050000 - \SystemRoot\system32\DRIVERS\USBD.SYS FB052000 - \SystemRoot\System32\Drivers\i2omgmt.SYS FB054000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS FB10E000 - \SystemRoot\System32\Drivers\Null.SYS FB056000 - \SystemRoot\System32\Drivers\Beep.SYS FAEBC000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS FAEC4000 - \SystemRoot\System32\drivers\vga.sys FB05A000 - \SystemRoot\System32\Drivers\mnmdd.SYS FB05C000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys FAECC000 - \SystemRoot\System32\Drivers\Msfs.SYS FAED4000 - \SystemRoot\System32\Drivers\Npfs.SYS FA72B000 - \SystemRoot\system32\DRIVERS\rasacd.sys F9005000 - \SystemRoot\system32\DRIVERS\ipsec.sys F8FAD000 - \SystemRoot\system32\DRIVERS\tcpip.sys F8F85000 - \SystemRoot\system32\DRIVERS\netbt.sys F8F63000 - \SystemRoot\System32\drivers\afd.sys FABFC000 - \SystemRoot\system32\DRIVERS\netbios.sys FAEDC000 - \SystemRoot\System32\Drivers\StarOpen.SYS FAEE4000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys F8F38000 - \SystemRoot\system32\DRIVERS\rdbss.sys F8EC9000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys FAC1C000 - \SystemRoot\System32\Drivers\Fips.SYS F8EA8000 - \SystemRoot\system32\DRIVERS\ipnat.sys FAC2C000 - \SystemRoot\system32\DRIVERS\wanarp.sys FAEFC000 - \SystemRoot\System32\Drivers\Cinemsup.SYS FAC4C000 - \SystemRoot\system32\DRIVERS\avipbb.sys FB05E000 - \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys FAF04000 - \SystemRoot\system32\DRIVERS\usbccgp.sys FAFEC000 - \SystemRoot\system32\DRIVERS\hidusb.sys FAC8C000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS FAFF0000 - \SystemRoot\system32\DRIVERS\mouhid.sys FAFF4000 - \SystemRoot\system32\DRIVERS\kbdhid.sys FACAC000 - \SystemRoot\System32\Drivers\Cdfs.SYS F8DC8000 - \SystemRoot\System32\Drivers\dump_atapi.sys FB068000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F90EC000 - \SystemRoot\System32\drivers\Dxapi.sys FAF0C000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys FB0FB000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\vtdisp.dll F04B8000 - \SystemRoot\system32\DRIVERS\ndisuio.sys F0223000 - \SystemRoot\system32\drivers\wdmaud.sys F0560000 - \SystemRoot\system32\drivers\sysaudio.sys F00F2000 - \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys F0075000 - \SystemRoot\system32\DRIVERS\mrxdav.sys FB0B6000 - \??\C:\WINDOWS\system32\drivers\FBAPI.sys FB219000 - \??\C:\WINDOWS\system32\Machnm32.sys EFE1B000 - \SystemRoot\system32\DRIVERS\srv.sys EFBA7000 - \SystemRoot\System32\Drivers\HTTP.sys EFA8C000 - \SystemRoot\system32\drivers\kmixer.sys FB17E000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 122 Liste des programmes installes Ad-Aware 2007 Adobe Reader 7.0.9 - Français Athlon 64 Processor Driver µTorrent Avira AntiVir PersonalEdition Classic Babylon Babylon Toolbar CCleaner (remove only) ConvertXtoDVD 2.2.0.251 eMulev0.47c.-MorphXTv9.6 HP Customer Participation Program 7.0 HP Imaging Device Functions 7.0 HP Photosmart Essential HP Photosmart, Officejet and Deskjet 7.0.A HP Software Update HP Solution Center 7.0 HPPhotoSmartExpress HPProductAssistant InstantShareDevicesMFC IZArc 3.81 Java 6 Update 2 Lecteur Windows Media 10 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Excel Viewer 2003 Microsoft Office Word Viewer 2003 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) OTB Phoenix Core Managed Environment (cME) Phoenix Core Managed Environment (cME) Platform S3 S3Display S3 S3Gamma2 S3 S3Info2 S3 S3Overlay S3 S3TrayPlus SAMSUNG CDMA Modem Driver Set Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung PC Studio Samsung PC Studio Security Update pour Microsoft .NET Framework 2.0 (KB928365) Sonic RecordNow! Plus Sonic Simple Backup TrayApp UniChrome Pro IGP Display Driver and Utilities VIA Platform Device Manager VIA Vinyl Audio Codecs Driver Setup Program VideoLAN VLC media player 0.8.5 WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Media Format Runtime Xvid 1.1.2 final uninstall Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 0854-E6B7 Répertoire de C:\Program Files 19/09/2007 21:33 <REP> . 19/09/2007 21:33 <REP> .. 09/12/2006 22:10 <REP> 7-Zip 25/01/2006 16:15 <REP> Adobe 16/09/2007 15:23 <REP> adslTV 25/01/2006 16:27 <REP> AMD 20/09/2007 18:07 <REP> AntiVir PersonalEdition Classic 08/05/2007 13:22 <REP> ArcSoft 19/09/2007 12:53 <REP> Babylon 15/09/2007 12:59 <REP> CCleaner 24/08/2007 15:21 <REP> Digital-Jesters 16/09/2007 15:23 <REP> eMule 11/09/2007 23:28 <REP> Eset 19/09/2007 15:44 <REP> Fichiers communs 05/08/2007 16:26 <REP> Hewlett-Packard 20/09/2007 16:33 <REP> Hijackthis Version Française 05/08/2007 16:26 <REP> HP 17/09/2007 23:13 <REP> Internet Explorer 01/08/2007 15:17 <REP> IZArc 17/09/2007 23:08 <REP> Java 04/05/2007 13:06 <REP> Lavalys 19/09/2007 15:45 <REP> Lavasoft 10/09/2007 20:18 <REP> Microsoft Bootvis 25/01/2006 17:04 <REP> microsoft frontpage 11/06/2007 16:04 <REP> Microsoft Office 05/06/2007 18:01 <REP> Movie Maker 25/01/2006 15:59 <REP> MSN Gaming Zone 07/06/2007 21:38 <REP> NetMeeting 05/06/2007 16:44 <REP> Online Services 19/06/2007 14:11 <REP> Optimark 20/06/2007 15:13 <REP> Outlook Express 25/01/2006 17:24 <REP> Phoenix Technologies 25/01/2006 16:19 <REP> S3Inc 03/09/2007 19:09 <REP> Samsung 25/01/2006 16:02 <REP> Services en ligne 25/01/2006 16:25 <REP> Sonic 31/08/2007 15:49 <REP> Spybot - Search & Destroy 29/04/2007 20:59 <REP> STK014 09/06/2007 15:12 <REP> uTorrent 25/01/2006 16:13 <REP> VIA 25/01/2006 16:20 <REP> VIAudioi 09/12/2006 19:16 <REP> VideoLAN 14/06/2007 17:53 <REP> VSO 18/09/2007 17:34 <REP> Windows Live Safety Center 16/09/2007 15:21 <REP> Windows Media Player 05/06/2007 18:01 <REP> Windows NT 25/01/2006 17:04 <REP> xerox 15/09/2007 12:51 <REP> Xvid 0 fichier(s) 0 octets 48 Rép(s) 58 127 396 864 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 0854-E6B7 Répertoire de C:\Program Files\fichiers communs 19/09/2007 15:44 <REP> . 19/09/2007 15:44 <REP> .. 25/01/2006 16:16 <REP> Adobe 29/04/2007 19:54 <REP> ArcSoft 20/06/2007 21:55 <REP> Borland Shared 13/07/2007 18:34 <REP> Hewlett-Packard 17/09/2007 17:33 <REP> HP 08/12/2006 21:24 <REP> InstallShield 24/04/2007 22:48 <REP> Java 21/06/2007 12:37 <REP> Microsoft Shared 25/01/2006 16:01 <REP> MSSoap 25/01/2006 16:50 <REP> ODBC 05/05/2007 14:03 <REP> Python 25/01/2006 16:01 <REP> Services 04/06/2007 18:25 <REP> Softwin 25/01/2006 16:50 <REP> SpeechEngines 03/08/2007 14:22 <REP> SureThing Shared 03/08/2007 14:20 <REP> System 19/09/2007 15:44 <REP> Wise Installation Wizard 23/05/2007 23:37 <REP> {0854E6B7-063F-1036-1123-051213040021} 21/05/2007 10:50 <REP> {3854E6B7-063F-1036-1123-051213040021} 0 fichier(s) 0 octets 21 Rép(s) 58 127 396 864 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 0854-E6B7 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 25/01/2006 16:09 <REP> . 25/01/2006 16:09 <REP> .. 18/05/2001 15:57 561 209 MSONSEXT.DLL 03/06/1999 12:09 122 937 MSOWS409.DLL 07/03/2001 07:00 127 033 MSOWS40c.DLL 3 fichier(s) 811 179 octets 2 Rép(s) 58 127 396 864 octets libres c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.0.123\French\setup.exe c:\Documents and Settings\DEHFOS\Application Data\ezpinst.exe c:\Documents and Settings\DEHFOS\Application Data\inst.exe c:\Documents and Settings\DEHFOS\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\DEHFOS\Bureau\20070112093709031_Samsung_PC_Studio.exe c:\Documents and Settings\DEHFOS\Bureau\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe c:\Documents and Settings\DEHFOS\Bureau\ATF-Cleaner.exe c:\Documents and Settings\DEHFOS\Bureau\ccleaner_ccleaner_1.41.544_francais_14492.exe c:\Documents and Settings\DEHFOS\Bureau\Diskeeper2007-Home.exe c:\Documents and Settings\DEHFOS\Bureau\dotnetfx.exe c:\Documents and Settings\DEHFOS\Bureau\HijackThisFR.exe c:\Documents and Settings\DEHFOS\Bureau\IZArc_Setup.exe c:\Documents and Settings\DEHFOS\Bureau\Samsung_PC_Studio_311_FKB.exe c:\Documents and Settings\DEHFOS\Bureau\uTorrent-1.6.1-install.exe c:\Documents and Settings\DEHFOS\Bureau\xlviewer.exe c:\Documents and Settings\DEHFOS\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\DEHFOS\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\DEHFOS\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\DEHFOS\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\DEHFOS\Bureau\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\DEHFOS\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\DEHFOS\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\DEHFOS\Bureau\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\DEHFOS\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\DEHFOS\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\DEHFOS\Bureau\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\DEHFOS\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\DEHFOS\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\DEHFOS\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\DEHFOS\Bureau\installer\adsl-tv_adsl_tv_1.97_francais_19182.exe c:\Documents and Settings\DEHFOS\Bureau\installer\ccsetup140.exe c:\Documents and Settings\DEHFOS\Bureau\installer\eMulev0.47c.-MorphXTv9.6-installer.exe c:\Documents and Settings\DEHFOS\Bureau\installer\everest_everest_2.20_francais_12281.exe c:\Documents and Settings\DEHFOS\Bureau\installer\Firefox Setup 2.0.0.4.exe c:\Documents and Settings\DEHFOS\Bureau\installer\setupFR.exe c:\Documents and Settings\DEHFOS\Bureau\installer\setupfre.exe c:\Documents and Settings\DEHFOS\Bureau\installer\spybotsd14.exe c:\Documents and Settings\DEHFOS\Bureau\installer\vsoConvertXtoDVD2_setup.exe c:\Documents and Settings\DEHFOS\Bureau\installer\WDVIEWER.EXE c:\Documents and Settings\DEHFOS\Bureau\installer\WinsockxpFix.exe c:\Documents and Settings\DEHFOS\Bureau\installer\XviD-1.1.2-01112006.exe c:\Documents and Settings\DEHFOS\Bureau\X86\setup.exe c:\Documents and Settings\DEHFOS\Local Settings\Application Data\Microsoft\MBSA\2.0\Cache\WindowsUpdateAgent20-x86.exe c:\Documents and Settings\DEHFOS\Mes documents\ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe c:\Documents and Settings\DEHFOS\Mes documents\Babylon6_setup_eng_eng_oxford.exe c:\Documents and Settings\DEHFOS\Mes documents\Fixwareout.exe c:\Documents and Settings\DEHFOS\Mes documents\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe c:\Documents and Settings\DEHFOS\Mes documents\txp4trial.exe c:\Documents and Settings\DEHFOS\Mes documents\Downloads\NOD32 2.7 FR\NOD32 2.7 french\NOD32_pour_Windows_NT-2000-XP-64bits-Vista.exe c:\Documents and Settings\DEHFOS\Mes documents\Downloads\NOD32 2.7 FR\NOD32 2.7 french\NOD32.patch\NOD32.FiX.v2.1.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Logfile of HijackThis v1.99.1 Scan saved at 19:08:45, on 20/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon-Pro\Babylon Toolbar\BabylonIEToolBar.dll O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

Bonjour à tous je suis pas spécialiste en informatique et j'ai mon pc qui déconne grave , ouverture , fermeture windows trés lent , internet pareil. J' ai du faire tous les scans qui existe mais rien et puis je me servi de l'outil WINDOWS LIVE ON CARE. le resultat est le suivant Browser modifier C:\windows\system32 \unchosts.Izma JE me suis renseigné se serai un trojan appeler Matcash Family qui à d'autres appelations il se multiplierai. J'ai plusieurs log à vous poster SVP aidez moi je deviens fous c'est plus un pc que j'ai c'est une vrai verolle. AMD Atlon xp 2800 80 Giga windows xp sp2 . IE7 ANtivirus antivir , Ccleaner , spybot Sd , Ad-adware. Rapport hijack , spybot , antivir . Logfile of HijackThis v1.99.1 Scan saved at 16:33:28, on 20/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Optimark\OTB\OTB.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon-Pro\Babylon Toolbar\BabylonIEToolBar.dll O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [FileBackup] "C:\Program Files\Optimark\OTB\OTB.exe" O4 - HKLM\..\Run: [AudioDeck] "C:\Program Files\VIAudioi\SBADeck\ADeck.exe" 1 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing). AntiVir PersonalEdition Classic Report file date: mercredi 19 septembre 2007 19:53 Scanning for 1075504 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: VOTRE-324AA4A56 Version information: BUILD.DAT : 268 15604 Bytes 31/08/2007 13:04:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 11/09/2007 18:10:31 AVSCAN.DLL : 7.0.6.0 49192 Bytes 11/09/2007 18:10:31 LUKE.DLL : 7.0.5.3 147496 Bytes 11/09/2007 18:10:31 LUKERES.DLL : 7.0.6.1 10280 Bytes 11/09/2007 18:10:31 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58 ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 18:10:37 ANTIVIR2.VDF : 6.39.1.120 1918464 Bytes 12/09/2007 17:18:14 ANTIVIR3.VDF : 6.39.1.152 174592 Bytes 19/09/2007 15:18:32 AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 19/09/2007 15:18:34 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 11/09/2007 18:10:31 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 11/09/2007 18:10:39 AVREG.DLL : 7.0.1.6 30760 Bytes 11/09/2007 18:10:31 AVARKT.DLL : 1.0.0.20 278568 Bytes 11/09/2007 18:10:30 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 11/09/2007 18:10:30 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 11/09/2007 18:10:09 RCTEXT.DLL : 7.0.62.0 86056 Bytes 11/09/2007 18:10:09 SQLITE3.DLL : 3.3.17.1 339968 Bytes 11/09/2007 18:10:32 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: high Start of the scan: mercredi 19 septembre 2007 19:53 Starting search for hidden objects. '34840' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'Babylon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'AAWTray.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'OTB.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 26 processes with 26 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! [WARNING] The boot sector file could not be read! [WARNING] Error code: 0x0083 Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '17' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\kdcne.exe [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! End of the scan: mercredi 19 septembre 2007 20:20 Used time: 27:23 min The scan has been done completely. 3150 Scanning directories 148965 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 148965 Files not concerned 878 Archives were scanned 3 Warnings 240 Notes 34840 Objects were scanned with rootkit scan 0 Hidden objects were found --- Search result list --- Common Dialogs: History (4 files) (Clé du registre, nothing done) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU Log: Activity: SchedLgU.Txt (Sauver le fichier, nothing done) C:\WINDOWS\SchedLgU.Txt Log: Activity: ntbtlog.txt (Sauver le fichier, nothing done) C:\WINDOWS\ntbtlog.txt Log: Shutdown: System32\wbem\logs\wbemess.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wbemess.log Log: Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wmiprov.log Internet Explorer: Download directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Internet Explorer\Download Directory!= Internet Explorer: User agent (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32) MS Media Player: Anonymous ID (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0 MS DirectDraw: Most recent application (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!= MS Search Assistant: Typed search terms history (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Search Assistant\ACMru Windows Explorer: User Assistant history IE (7 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: User Assistant history files (74 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: Last visited history (3 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU Windows Explorer: Recent file global history (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Explorer: Last Copy/MoveTo folder (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder Windows Media SDK: Computer name (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName Windows Media SDK: Unique ID (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000} Windows Media SDK: Volume serial number (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber Félicitations!: Aucun mouchard n'a été trouvé. () --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2007-06-03 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2007-05-23 advcheck.dll (1.5.3.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2007-07-31 Tools.dll (2.1.2.0) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2007-09-19 Includes\Cookies.sbi (*) 2007-07-25 Includes\Dialer.sbi (*) 2007-09-19 Includes\DialerC.sbi (*) 2007-08-29 Includes\Hijackers.sbi (*) 2007-09-19 Includes\HijackersC.sbi (*) 2007-07-25 Includes\Keyloggers.sbi (*) 2007-09-19 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2007-09-12 Includes\Malware.sbi (*) 2007-09-19 Includes\MalwareC.sbi (*) 2007-09-05 Includes\PUPS.sbi (*) 2007-09-19 Includes\PUPSC.sbi (*) 2007-09-19 Includes\Revision.sbi (*) 2007-05-30 Includes\Security.sbi (*) 2007-09-19 Includes\SecurityC.sbi (*) 2007-09-12 Includes\Spybots.sbi (*) 2007-09-19 Includes\SpybotsC.sbi (*) 2007-08-21 Includes\Tracks.uti (*) 2007-09-12 Includes\Trojans.sbi (*) 2007-09-19 Includes\TrojansC.sbi (*) 2007-06-06 Plugins\TCPIPAddress.dll --- System information --- Windows XP (Build: 2600) Service Pack 2 / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) / Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n For more information, visit http://support.microsoft.com/kb/928365 / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs / Windows / SP1: Microsoft National Language Support Downlevel APIs / Windows Media Player 10: Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) / Windows Media Player 10: Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782) / Windows Media Player 6.4: Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) / Windows XP: Mise à jour de sécurité pour Windows XP (KB923689) / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) / Windows XP / SP3: Correctif Windows XP - KB873339 / Windows XP / SP3: Correctif Windows XP - KB885250 / Windows XP / SP3: Correctif Windows XP - KB885835 / Windows XP / SP3: Correctif Windows XP - KB885836 / Windows XP / SP3: Correctif Windows XP - KB886185 / Windows XP / SP3: Correctif Windows XP - KB887472 / Windows XP / SP3: Correctif Windows XP - KB887742 / Windows XP / SP3: Correctif Windows XP - KB887797 / Windows XP / SP3: Correctif Windows XP - KB888113 / Windows XP / SP3: Correctif Windows XP - KB888302 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB890046) / Windows XP / SP3: Correctif Windows XP - KB890859 / Windows XP / SP3: Correctif Windows XP - KB891781 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB893066) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB893756) / Windows XP / SP3: Windows Installer 3.1 (KB893803) / Windows XP / SP3: Mise à jour pour Windows XP (KB894391) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896358) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896422) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896423) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896424) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896428) / Windows XP / SP3: Mise à jour pour Windows XP (KB898461) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899587) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899591) / Windows XP / SP3: Mise à jour pour Windows XP (KB900485) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB900725) / Windows XP / SP3: Mise à jour pour Windows XP (KB900930) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901017) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901214) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB902400) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB904706) / Windows XP / SP3: Mise à jour pour Windows XP (KB904942) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905414) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905749) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905915) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB908519) / Windows XP / SP3: Mise à jour pour Windows XP (KB908531) / Windows XP / SP3: Mise à jour pour Windows XP (KB910437) / Windows XP / SP3: Mise à jour pour Windows XP (KB911280) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911562) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911567) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911927) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB912919) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB913580) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB914388) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB914389) / Windows XP / SP3: Correctif pour Windows XP (KB914440) / Windows XP / SP3: Hotfix for Windows XP (KB915865) / Windows XP / SP3: Mise à jour pour Windows XP (KB916595) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917344) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917422) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917953) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB918118) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB918439) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB919007) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920213) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920214) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920670) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920683) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920685) / Windows XP / SP3: Mise à jour pour Windows XP (KB920872) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB921398) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB921503) / Windows XP / SP3: Mise à jour pour Windows XP (KB922582) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB922616) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB922760) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB922819) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB923191) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB923414) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB923980) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB924191) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB924270) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB924496) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB924667) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB925486) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB925902) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB926255) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB926436) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB927779) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB927802) / Windows XP / SP3: Mise à jour pour Windows XP (KB927891) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB928255) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB928843) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB929123) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB929969) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB930178) / Windows XP / SP3: Mise à jour pour Windows XP (KB930916) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB931261) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB931784) / Windows XP / SP3: Mise à jour pour Windows XP (KB931836) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB932168) / Windows XP / SP3: Mise à jour pour Windows XP (KB933360) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB933566) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB935839) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB935840) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB936021) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB937143) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB938127) / Windows XP / SP3: Mise à jour pour Windows XP (KB938828) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB938829) --- Startup entries list --- Located: HK_LM:Run, AAWTray command: C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe file: C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe size: 88024 MD5: 4659f02259d1b628b360ef4b092ccf01 Located: HK_LM:Run, AudioDeck command: "C:\Program Files\VIAudioi\SBADeck\ADeck.exe" 1 file: C:\Program Files\VIAudioi\SBADeck\ADeck.exe size: 450560 MD5: accbea050864b65d208434e9539bd5c3 Located: HK_LM:Run, avgnt command: "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min file: C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe size: 249896 MD5: ba5e0a9b7ccde337b22ccc00971aae1c Located: HK_LM:Run, FileBackup command: "C:\Program Files\Optimark\OTB\OTB.exe" file: C:\Program Files\Optimark\OTB\OTB.exe size: 1048576 MD5: 2e80cc8d087b689d61be632f7125f785 Located: HK_LM:Run, HP Software Update command: "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe size: 49152 MD5: 926a397334fe426a6c7657096fe681db Located: HK_LM:Run, RestoreIT! command: "C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE" VBStart file: C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE size: 118784 MD5: e0b387eb1c7399c2593fef98a0aaac19 Located: HK_LM:Run, SunJavaUpdateSched command: "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" file: C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe size: 132496 MD5: 896e712a34d654a337c8cbb9deb07200 Located: HK_LM:Run, VTTrayp command: VTtrayp.exe file: C:\WINDOWS\system32\VTtrayp.exe size: 143360 MD5: b7401a1c424e0836d7846e42548946b4 Located: HK_LM:Run, Babylon Client (DISABLED) command: C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart file: Located: HK_CU:Run, ccleaner command: "C:\Program Files\CCleaner\ccleaner.exe" /AUTO file: C:\Program Files\CCleaner\ccleaner.exe size: 598656 MD5: 6c28cdf8261026d9f9fa876f362d7228 Located: HK_CU:Run, CTFMON.EXE command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 64e41e8fee655b03e3f19ded21ba5118 Located: Démarrage (désactivé), Lancement rapide d'Adobe Reader (DISABLED) command: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE file: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE size: 29696 MD5: 43362b96870ce8649f4f2ec893da93f0 Located: System.ini, crypt32chain command: crypt32.dll file: crypt32.dll Located: System.ini, cryptnet command: cryptnet.dll file: cryptnet.dll Located: System.ini, cscdll command: cscdll.dll file: cscdll.dll Located: System.ini, ScCertProp command: wlnotify.dll file: wlnotify.dll Located: System.ini, Schedule command: wlnotify.dll file: wlnotify.dll Located: System.ini, sclgntfy command: sclgntfy.dll file: sclgntfy.dll Located: System.ini, SensLogn command: WlNotify.dll file: WlNotify.dll Located: System.ini, termsrv command: wlnotify.dll file: wlnotify.dll Located: System.ini, WgaLogon command: WgaLogon.dll file: WgaLogon.dll Located: System.ini, wlballoon (DISABLED) command: wlnotify.dll file: wlnotify.dll --- Browser helper object list --- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) BHO name: CLSID name: Adobe PDF Reader Link Helper description: Adobe Acrobat reader classification: Legitimate known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll info link: http://www.adobe.com/products/acrobat/readstep2.html info source: TonyKlein Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\ Long name: AcroIEHelper.dll Short name: ACROIE~1.DLL Date (created): 18/12/2006 04:16:42 Date (last access): 19/09/2007 15:40:56 Date (last write): 18/12/2006 04:16:42 Filesize: 59032 Attributes: archive MD5: 4EA3A6CD9D20584FFAFDB1E47DBF0E20 CRC32: 7B0A854F Version: 7.0.9.50 {53707962-6F74-2D53-2644-206D7942484F} () BHO name: CLSID name: description: Spybot-S&D IE Browser plugin classification: Legitimate known filename: SDhelper.dll info link: http://spybot.eon.net.au/ info source: Patrick M. Kolla Path: C:\PROGRA~1\SPYBOT~1\ Long name: SDHelper.dll Short name: Date (created): 03/06/2007 22:14:16 Date (last access): 19/09/2007 16:58:56 Date (last write): 31/05/2005 01:04:00 Filesize: 853672 Attributes: archive MD5: 250D787A5712D7768DDC133B3E477759 CRC32: D4589A41 Version: 1.4.0.0 {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) BHO name: CLSID name: SSVHelper Class Path: C:\Program Files\Java\jre1.6.0_02\bin\ Long name: ssv.dll Short name: Date (created): 17/09/2007 23:07:58 Date (last access): 19/09/2007 15:40:56 Date (last write): 12/07/2007 04:00:36 Filesize: 501136 Attributes: archive MD5: D6137540BDF0F9F9B9055C60ADD8007A CRC32: 29E910AF Version: 6.0.20.6 --- ActiveX list --- {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) DPF name: CLSID name: Windows Genuine Advantage Validation Tool Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf Codebase: http://go.microsoft.com/fwlink/?linkid=39204 description: classification: Legitimate known filename: LegitCheckControl.DLL info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\system32\ Long name: LegitCheckControl.DLL Short name: LEGITC~1.DLL Date (created): 12/07/2005 18:04:22 Date (last access): 19/09/2007 16:09:22 Date (last write): 24/04/2007 11:32:06 Filesize: 1485696 Attributes: archive MD5: F41FA54CD85AF8AACF8C7E084F6742F4 CRC32: 6328586B Version: 1.7.36.0 {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) DPF name: CLSID name: Windows Live Safety Center Base Module Installer: C:\WINDOWS\Downloaded Program Files\wlscBase.inf Codebase: http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab description: classification: Legitimate known filename: wlscBase.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: wlscBase.dll Short name: Date (created): 27/03/2007 14:25:30 Date (last access): 19/09/2007 16:04:50 Date (last write): 27/03/2007 14:25:30 Filesize: 465816 Attributes: archive MD5: 85A9ED549078B78D6C0BE4565045F7BA CRC32: F69A3C13 Version: 1.4.8300.1 {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) DPF name: CLSID name: WScanCtl Class Installer: C:\WINDOWS\Downloaded Program Files\webscan.inf Codebase: http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab description: classification: Legitimate known filename: webscan.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: webscan.dll Short name: Date (created): 20/11/2006 12:02:34 Date (last access): 19/09/2007 16:04:50 Date (last write): 20/11/2006 12:02:34 Filesize: 180282 Attributes: archive MD5: 76EA3ABECE61FBA3C07F61E42BB0CA48 CRC32: AECD0E4D Version: 1.1.0.1049 {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_02 Installer: C:\WINDOWS\Downloaded Program Files\jinstall-6u2.inf Codebase: http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab description: Sun Java classification: Legitimate known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll info link: info source: Patrick M. Kolla Path: C:\Program Files\Java\jre1.6.0_02\bin\ Long name: npjpi160_02.dll Short name: NPJPI1~1.DLL Date (created): 12/07/2007 02:22:38 Date (last access): 19/09/2007 16:01:42 Date (last write): 12/07/2007 04:00:36 Filesize: 132496 Attributes: archive MD5: E3811F1A1C5063C941EC0E2766C3EA39 CRC32: AEFD3747 Version: 6.0.20.6 {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_02 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab description: classification: Legitimate known filename: npjpi160_02.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files\Java\jre1.6.0_02\bin\ Long name: npjpi160_02.dll Short name: NPJPI1~1.DLL Date (created): 12/07/2007 02:22:38 Date (last access): 19/09/2007 16:01:42 Date (last write): 12/07/2007 04:00:36 Filesize: 132496 Attributes: archive MD5: E3811F1A1C5063C941EC0E2766C3EA39 CRC32: AEFD3747 Version: 6.0.20.6 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_02 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab description: classification: Legitimate known filename: npjpi150_06.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files\Java\jre1.6.0_02\bin\ Long name: npjpi160_02.dll Short name: NPJPI1~1.DLL Date (created): 12/07/2007 02:22:38 Date (last access): 19/09/2007 16:01:42 Date (last write): 12/07/2007 04:00:36 Filesize: 132496 Attributes: archive MD5: E3811F1A1C5063C941EC0E2766C3EA39 CRC32: AEFD3747 Version: 6.0.20.6 --- Process list --- PID: 0 ( 0) [system] PID: 184 ( 4) \SystemRoot\System32\smss.exe PID: 240 ( 184) \??\C:\WINDOWS\system32\csrss.exe PID: 264 ( 184) \??\C:\WINDOWS\system32\winlogon.exe PID: 308 ( 264) C:\WINDOWS\system32\services.exe size: 108544 MD5: 63DCDE1A0D86EEB8924D6738FF616EAD PID: 320 ( 264) C:\WINDOWS\system32\lsass.exe size: 13312 MD5: 259AF82A0932EEA4F316F92DB94707B6 PID: 508 ( 308) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 2979B03D5382A602623C0535B16AB9C0 PID: 592 ( 308) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 2979B03D5382A602623C0535B16AB9C0 PID: 644 ( 308) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe size: 566616 MD5: C7572C802FEC8F539253C2D52BC2972C PID: 796 ( 768) C:\WINDOWS\Explorer.EXE size: 1037312 MD5: D0288319660EDCFED07C7E74C4EA38A5 PID: 820 ( 308) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 2979B03D5382A602623C0535B16AB9C0 PID: 1208 ( 796) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 4393096 MD5: 09CA174A605B480318731E691DC98539 PID: 4 ( 0) System --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 19/09/2007 17:00:20 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.google.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar http://www.google.com/ie HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page http://www.neufportail.fr/ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page %SystemRoot%\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://go.microsoft.com/fwlink/?LinkId=54896 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page http://go.microsoft.com/fwlink/?LinkId=69157 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://go.microsoft.com/fwlink/?LinkId=69157 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://go.microsoft.com/fwlink/?LinkId=54896 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://www.google.com/ie HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- Protocol 0: MSAFD Tcpip [TCP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 1: MSAFD Tcpip [uDP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 2: MSAFD Tcpip [RAW/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 3: RSVP UDP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\rsvpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 4: RSVP TCP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\rsvpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 5: MSAFD nwlnkipx [iPX] GUID: {11058240-BE47-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD nwlnkipx * Protocol 6: MSAFD nwlnkspx [sPX] GUID: {11058241-BE47-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD nwlnkspx * Protocol 7: MSAFD nwlnkspx [sPX] [Pseudo Stream] GUID: {11058241-BE47-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD nwlnkspx * Protocol 8: MSAFD nwlnkspx [sPX II] GUID: {11058241-BE47-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD nwlnkspx * Protocol 9: MSAFD nwlnkspx [sPX II] [Pseudo Stream] GUID: {11058241-BE47-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD nwlnkspx * Protocol 10: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 11: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3BBF674C-1113-41D3-B7DF-E12A5AB9EF53}] SEQPACKET 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3BBF674C-1113-41D3-B7DF-E12A5AB9EF53}] DATAGRAM 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB458613-4778-4C16-92F4-0450C437C848}] SEQPACKET 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB458613-4778-4C16-92F4-0450C437C848}] DATAGRAM 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{74046427-157B-460E-8CF1-35C9520B9896}] SEQPACKET 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{74046427-157B-460E-8CF1-35C9520B9896}] DATAGRAM 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Namespace Provider 0: Tcpip GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP TCP/IP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: TCP/IP Namespace Provider 1: NTDS GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC} Filename: %SystemRoot%\System32\winrnr.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\winrnr.dll DB protocol: NTDS Namespace Provider 2: Network Location Awareness (NLA) Namespace GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: NLA-Namespace Namespace Provider 3: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B} Filename: %SystemRoot%\System32\nwprovau.dll Description: Microsoft Windows NT/2k/XP Novell Netware name space provider DB filename: %SystemRoot%\system32\nwprovau.dll DB protocol: NWLink IPX/SPX/NetBIOS* --- Uninstall list --- (AddressBook) Avira AntiVir PersonalEdition Classic (AntiVir PersonalEdition Classic) uninstall cmd: C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE publisher: Avira GmbH help link: http://www.avira.com/classic-support Babylon (Babylon) uninstall cmd: C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe (Branding) CCleaner (remove only) (CCleaner) uninstall cmd: "C:\Program Files\CCleaner\uninst.exe" (Connection Manager) (DirectDrawEx) eMulev0.47c.-MorphXTv9.6 (eMule_is1) install date: 20070609 install location: C:\Program Files\eMule\ uninstall cmd: "C:\Program Files\eMule\unins000.exe" publisher: Morph team help link: http://forum.emule-project.net/index.php?showforum=28 HP Imaging Device Functions 7.0 7.0 (HP Imaging Device Functions) uninstall cmd: C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat publisher: HP help link: http://www.hp.com/support HP Solution Center 7.0 7.0 (HP Solution Center & Imaging Support Tools) uninstall cmd: C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat publisher: HP help link: http://www.hp.com/support HP Customer Participation Program 7.0 7.0 (HPExtendedCapabilities) uninstall cmd: C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat publisher: HP help link: http://www.hp.com/support Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs) install date: 20070907 uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" publisher: Microsoft Corporation (IE40) (IE4Data) Windows Internet Explorer 7 20061107.210142 (ie7) install date: 20070907 uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://www.microsoft.com/ie (IEData) (InstallShield Uninstall Information) VIA Platform Device Manager 1.13 (InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) version: 17629184 version (major): 1 version (minor): 13 install date: 20060125 install source: D:\VIA\ uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} publisher: VIA Technologies, Inc. comments: VIA Hyperion Pro Setup Program contact: http://forums.viaarena.com/ help link: http://www.viaarena.com/ help telephone: NULL readme: NULL Phoenix Core Managed Environment (cME) 1.0.2.20 (InstallShield_{9B365D9D-C47D-458D-A46F-491A4B33EEAB}) version: 16777218 version (major): 1 estimated size: 5971 install date: 20060125 install location: C:\Program Files\Phoenix Technologies\cME\ install source: d:\ uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{9B365D9D-C47D-458D-A46F-491A4B33EEAB} /l1036 publisher: Phoenix Technologies Ltd contact: Service support clientèle help link: http://support.phoenix.com (KB884016) (KB893803) Security Update pour Microsoft .NET Framework 2.0 (KB928365) 2 (KB928365.T1_1ToU569_1) uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} publisher: Microsoft Corporation help link: http://support.microsoft.com/kb/928365 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) 1 (KB937143-IE7) install date: 20070908 uninstall cmd: "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=937143 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) 1 (KB938127-IE7) install date: 20070908 uninstall cmd: "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=938127 Microsoft .NET Framework 1.1 Hotfix (KB928366) (M928366) uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033)) uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0) install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe publisher: Microsoft Corporation help link: http://go.microsoft.com/fwlink/?LinkId=45396 (MobileOptionPack) (MSI30-Beta1) (MSI30-Beta2) (MSI30-KB884016) (MSI30-RC1) (MSI30-RC2) (MSI30a-KB884016) (MSI31-Beta) (MSI31-RC1) Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping) install date: 20070907 uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" publisher: Microsoft Corporation (PCHealth) uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf (RecordNow.exe) uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} (RestoreIT!) uninstall cmd: C:\Program Files\Phoenix Technologies\cME\RPro\ XP\un_vback.exe UniChrome Pro IGP Display Driver and Utilities (S3) uninstall cmd: C:\PROGRA~1\S3Inc\S3\s3setvga.exe -s -fC:\PROGRA~1\S3Inc\S3\S3.uns SAMSUNG CDMA Modem Driver Set (SAMSUNG CDMA Modem) uninstall cmd: C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe Samsung Mobile phone USB driver Software (Samsung Mobile phone USB driver) uninstall cmd: C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem Software (SAMSUNG Mobile USB Modem) uninstall cmd: C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe SAMSUNG Mobile USB Modem 1.0 Software (SAMSUNG Mobile USB Modem 1.0) uninstall cmd: C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe (SchedulingAgent) µTorrent 1.6.1 (uTorrent) install location: C:\Program Files\uTorrent uninstall cmd: "C:\Program Files\uTorrent\uninstall.exe" VIA Vinyl Audio Codecs Driver Setup Program (VIA Vinyl Audio Codecs Driver Setup Program) uninstall cmd: RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu" VideoLAN VLC media player 0.8.5 0.8.5 (VLC media player) uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe publisher: VideoLAN Team S3 S3Display (VTDisplay) uninstall cmd: vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display' S3 S3Gamma2 (VTGamma2) uninstall cmd: vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2' S3 S3Info2 (VTInfo2) uninstall cmd: vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2' S3 S3Overlay (VTOverlay) uninstall cmd: vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay' (VTTimer) uninstall cmd: VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer' S3 S3TrayPlus (VTTrayPlus) uninstall cmd: vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3TrayPlus' Windows Genuine Advantage Validation Tool (KB892130) 1.5.0530.0 (WGA) install date: 20061208 publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=892130 Windows Genuine Advantage Notifications (KB905474) 1.7.0018.5 (WgaNotify) install date: 20070620 publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=905474 Windows Media Format Runtime (Windows Media Format Runtime) uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Lecteur Windows Media 10 (Windows Media Player) uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Xvid 1.1.2 final uninstall 1.1 (Xvid_is1) install location: C:\Program Files\Xvid\ uninstall cmd: "C:\Program Files\Xvid\unins000.exe" publisher: Xvid team (Koepi) help link: http://forum.doom9.org/forumdisplay.php?f=52 Platform 1.13 ({20D4A895-748C-4D88-871C-FDB1695B0169}) version: 17629184 version (major): 1 version (minor): 13 install date: 20060125 install source: D:\VIA\ publisher: VIA Technologies, Inc. comments: VIA Hyperion Pro Setup Program contact: http://forums.viaarena.com/ help link: http://www.viaarena.com/ help telephone: NULL readme: NULL Samsung PC Studio 3.0.0.61111 ({20F0F67B-CB0F-4C85-B6F2-133D9CB70614}) version: 50331648 version (major): 3 estimated size: 2589 install date: 20070903 install location: C:\Program Files\Samsung\Samsung PC Studio 3\ publisher: Samsung Electronics Co., Ltd. contact: Customer Support Department help link: http://www.samsungmobile.co.kr help telephone: 1-555-555-4505 HPPhotoSmartExpress 70.0.170.000 ({2376813B-2E5A-4641-B7B3-A0D5ADB55229}) version: 1174405290 version (major): 70 estimated size: 10146 install date: 20070805 install source: D:\setup\HPPhotoSmartExpress\ publisher: Hewlett-Packard Java 6 Update 2 1.6.0.20 ({3248F0A8-6813-11D6-A77B-00B0D0160020}) version: 17170432 version (major): 1 version (minor): 6 estimated size: 118662 install date: 20070917 install source: http://javadl.sun.com/webapps/download/Get...6/windows-i586/ uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} publisher: Sun Microsystems, Inc. contact: http://java.com help link: http://java.com readme: C:\Program Files\Java\jre1.6.0_02\README.txt WebFldrs XP 9.50.7523 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227}) version: 154279267 version (major): 9 version (minor): 50 estimated size: 2608 install date: 20060125 install source: C:\WINDOWS\system32\ publisher: Microsoft Corporation help link: http://www.microsoft.com/windows HPProductAssistant 70.0.170.000 ({4EA684E9-5C81-4033-A696-3019EC57AC3A}) version: 1174405290 version (major): 70 estimated size: 4539 install date: 20070805 install source: D:\setup\hpproductassistant\ publisher: Hewlett-Packard Sonic Simple Backup 5.1 ({60E971B7-51A0-48CA-8687-C6B8F094A409}) version: 83951616 version (major): 5 version (minor): 1 estimated size: 24559 install date: 20060125 install source: D:\SIMPLEBACKUP_51\ uninstall cmd: MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409} publisher: Sonic Solutions help link: http://support.sonic.com/ Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91}) version: 16974078 version (major): 1 version (minor): 3 estimated size: 519 install date: 20060125 uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} publisher: Microsoft comments: Your Comments contact: Customer Support Department help link: http://www.microsoft.com/genuine/downloads...idate.aspx/help help telephone: 1-425.882.8080 Babylon Toolbar 1.0 ({67A339E5-D8AA-4E88-9278-A571B397F798}) version: 16777216 version (major): 1 estimated size: 1113 install date: 20070919 install source: C:\Program Files\Babylon\Babylon-Pro\Utils\ uninstall cmd: MsiExec.exe /I{67A339E5-D8AA-4E88-9278-A571B397F798} publisher: Babylon Ltd. help link: http://www.babylon.com Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF}) version: 33605159 version (major): 2 estimated size: 209842 install date: 20070909 install source: C:\DOCUME~1\DEHFOS\LOCALS~1\Temp\IXP000.TMP\ publisher: Microsoft Corporation 3.0.7.009 ({8ADC27DB-E2C8-446C-A576-166C05C2DD24}) version: 50331655 version (major): 3 estimated size: 184 install date: 20070805 install source: D:\setup\HPSoftwareUpdate\ publisher: Hewlett-Packard Microsoft Office Excel Viewer 2003 11.0.6412.0 ({90840409-6000-11D3-8CFE-0150048383C9}) version: 184555788 version (major): 11 estimated size: 26721 install date: 20070817 install source: C:\MSOCache\All Users\90840409-6000-11D3-8CFE-0150048383C9\ uninstall cmd: MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9} publisher: Microsoft Corporation help link: http://www.microsoft.com/support Microsoft Office Word Viewer 2003 11.0.6506.0 ({9085040C-6000-11D3-8CFE-0150048383C9}) version: 184555882 version (major): 11 estimated size: 72533 install date: 20070815 install source: C:\MSOCache\All Users\9085040c-6000-11D3-8CFE-0150048383C9\ uninstall cmd: MsiExec.exe /I{9085040C-6000-11D3-8CFE-0150048383C9} publisher: Microsoft Corporation help link: http://www.microsoft.com/support Sonic RecordNow! Plus 7.3 ({9541FED0-327F-4DF0-8B96-EF57EF622F19}) version: 117637120 version (major): 7 version (minor): 3 estimated size: 39216 install date: 20060125 install source: D:\RECORDNOW_73\ uninstall cmd: MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} publisher: Sonic Solutions help link: http://support.sonic.com/ IZArc 3.81 3.81 Build 1550 ({97C82B44-D408-4F14-9252-47FC1636D23E}_is1) install date: 20070801 install location: C:\Program Files\IZArc\ uninstall cmd: "C:\Program Files\IZArc\unins000.exe" publisher: Ivan Zahariev help link: http://www.izarc.org Phoenix Core Managed Environment (cME) 1.0.2.20 ({9B365D9D-C47D-458D-A46F-491A4B33EEAB}) version: 16777218 version (major): 1 estimated size: 5971 install date: 20060125 install location: C:\Program Files\Phoenix Technologies\cME\ install source: d:\ publisher: Phoenix Technologies Ltd contact: Service support clientèle help link: http://support.phoenix.com Adobe Reader 7.0.9 - Français 7.0.9 ({AC76BA86-7AD7-1036-7B44-A70900000002}) version: 117440521 version (major): 7 estimated size: 78408 install date: 20070608 install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\FRA\ uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002} publisher: Adobe Systems Incorporated comments: contact: help link: http://www.adobe.fr/support/main.html help telephone: readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm ConvertXtoDVD 2.2.0.251 2.2.0.251 ({BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1) install date: 20070614 install location: C:\Program Files\VSO\ConvertXtoDVD\ uninstall cmd: "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe" publisher: VSO-Software SARL help link: http://www.vso-software.fr HP Software Update 3.0.7.014 ({BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}) version: 50331655 version (major): 3 estimated size: 3506 install date: 20070805 install source: D:\setup\HPSoftwareUpdate\ uninstall cmd: MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} publisher: Hewlett-Packard contact: http://www.hp.com/support HP Photosmart, Officejet and Deskjet 7.0.A ({BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}) uninstall cmd: C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat publisher: HP help link: http://www.hp.com/support Athlon 64 Processor Driver 1.2.2.2 ({C151CE54-E7EA-4804-854B-F515368B0798}) version: 16908290 install location: C:\Program Files\AMD\Athlon 64 Processor Driver uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c Samsung PC Studio 3.1.2.70602 ({C4A4722E-79F9-417C-BD72-8D359A090C97}) version: 50331648 install date: 20070903 install location: C:\Program Files\Samsung\Samsung PC Studio 3\ uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly publisher: Samsung Electronics Co., Ltd. comments: Samsung PC Studio 3 Maintenance contact: Samsung Electronics Co., Ltd. help link: http://www.samsungmobile.co.kr help telephone: +82 2051 4151 Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) version: 16847074 version (major): 1 version (minor): 1 estimated size: 75259 install date: 20070711 uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} publisher: Microsoft readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm OTB 1.00.0000 ({D5ED6AD5-7A70-47EB-BF38-3A8BCDECA713}) version: 16777216 install date: 20070619 install location: C:\Program Files\Optimark\OTB install source: D:\OTB_AP_Mutip_v1.6.0.0_2006.12.07\Setup.exe uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5ED6AD5-7A70-47EB-BF38-3A8BCDECA713}\setup.exe" -l0x9 -removeonly publisher: Optimark TrayApp 70.0.170.000 ({DBC20735-34E6-4E97-A9E5-2066B66B243D}) version: 1174405290 version (major): 70 estimated size: 711 install date: 20070805 install source: D:\setup\TrayApp\ publisher: Hewlett-Packard Ad-Aware 2007 7.0.2.1 ({DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}) version: 117440514 version (major): 7 estimated size: 21005 install date: 20070919 install location: C:\Program Files\Lavasoft\Ad-Aware 2007\ install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\ uninstall cmd: MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} publisher: Lavasoft help link: http://www.lavasoftsupport.com HP Photosmart Essential 1.12.0.46 ({EB21A812-671B-4D08-B974-2A347F0D8F70}) version: 17563648 version (major): 1 version (minor): 12 estimated size: 11300 install date: 20070917 install location: C:\Program Files\HP\Photosmart Essential\ install source: C:\DOCUME~1\DEHFOS\LOCALS~1\Temp\IXP000.TMP\ uninstall cmd: MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70} publisher: HP help link: http://www.hp.com InstantShareDevicesMFC 70.0.170.000 ({F157460F-720E-482f-8625-AD7843891E5F}) version: 1174405290 version (major): 70 estimated size: 2572 install date: 20070805 install source: D:\setup\InstantShareDevicesMFC\ publisher: Hewlett-Packard --- System Services --- Service (registry key): .NET CLR Data Start: 0 Type: 0 Error Control: 0 Service (registry key): .NET CLR Networking Start: 0 Type: 0 Error Control: 0 Service (registry key): .NET Data Provider for Oracle Start: 0 Type: 0 Error Control: 0 Service (registry key): .NET Data Provider for SqlServer Start: 0 Type: 0 Error Control: 0 Service (registry key): .NETFramework Start: 0 Type: 0 Error Control: 0 Service (registry key): aawservice Display name: Ad-Aware 2007 Service Description: Protects your computer from spyware Object name: LocalSystem Image path: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" Image size: 566616 Image MD5: C7572C802FEC8F539253C2D52BC2972C Start: 2 Type: 272 Error Control: 0 Depends On services: RpcSS Service (registry key): Abiosdsk Start: 4 Type: 1 Error Control: 0 Service (registry key): abp480n5 Display name: abp480n5 Image path: \SystemRoot\system32\DRIVERS\ABP480N5.SYS Start: 4 Type: 1 Error Control: 1 Service (registry key): ACPI Display name: Pilote ACPI Microsoft Image path: system32\DRIVERS\ACPI.sys Image size: 188672 Image MD5: 0BD94FBFC14EA3606CD6CA4C0255BAA3 Start: 0 Type: 1 Error Control: 1 Service (registry key): ACPIEC Start: 4 Type: 1 Error Control: 1 Service (registry key): adpu160m Display name: adpu160m Image path: \SystemRoot\system32\DRIVERS\adpu160m.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): AdWatchDrv Display name: AW Realtime Driver Start: 3 Type: 1 Error Control: 1 Service (registry key): aec Display name: Suppresseur d'écho acoustique (Noyau Microsoft) Image path: system32\drivers\aec.sys Image size: 142464 Image MD5: 1EE7B434BA961EF845DE136224C30FEC Start: 3 Type: 1 Error Control: 1 Service (registry key): AFD Display name: AFD Description: Environnement de prise en charge de réseau AFD Image path: \SystemRoot\System32\drivers\afd.sys Start: 1 Type: 1 Error Control: 1 Service (registry key): agp440 Display name: Filtre de bus AGP Intel Image path: \SystemRoot\system32\DRIVERS\agp440.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): agpCPQ Display name: Filtre de bus AGP Compaq Image path: \SystemRoot\system32\DRIVERS\agpCPQ.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): Aha154x Display name: Aha154x Image path: \SystemRoot\system32\DRIVERS\aha154x.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): aic78u2 Display name: aic78u2 Image path: \SystemRoot\system32\DRIVERS\aic78u2.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): aic78xx Display name: aic78xx Image path: \SystemRoot\system32\DRIVERS\aic78xx.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): Alerter Display name: Avertissement Description: Informe les utilisateurs et les ordinateurs sélectionnés des alertes administratives. Si ce service est arrêté, les programmes qui utilisent les alertes administratives ne les recevront pas. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation Service (registry key): ALG Display name: Service de la passerelle de la couche Application Description: Offre la prise en charge des plug-ins de protocoles tiers pour le Partage de connexion Internet et le Pare-feu Windows. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\alg.exe Image size: 44544 Image MD5: B43CC0F07752D456038CD0268E4D84E9 Start: 3 Type: 16 Error Control: 1 Service (registry key): AliIde Display name: AliIde Image path: \SystemRoot\system32\DRIVERS\aliide.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): alim1541 Display name: Filtre de bus AGP ALI Image path: \SystemRoot\system32\DRIVERS\alim1541.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): amdagp Display name: Pilote de filtre du bus AMD AGP Image path: \SystemRoot\system32\DRIVERS\amdagp.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): AmdK8 Display name: Pilote de processeur AMD Image path: system32\DRIVERS\AmdK8.sys Image size: 43008 Image MD5: 62271FF14BAA810323AC816C5D355BA9 Start: 1 Type: 1 Error Control: 1 Service (registry key): amsint Display name: amsint Image path: \SystemRoot\system32\DRIVERS\amsint.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): AntiVirScheduler Display name: AntiVir PersonalEdition Classic Scheduler Description: Service to schedule AntiVir jobs and updates. Object name: LocalSystem Image path: "C:\Program Files\AntiVir PersonalEdition Classic\sched.exe" Image size: 63016 Image MD5: A6FA9C14E649B2F3DE15390A1840774D Start: 2 Type: 272 Error Control: 1 Service (registry key): AntiVirService Display name: AntiVir PersonalEdition Classic Guard Description: Offers permanent protection against viruses and malware with the AntiVir search engine. Object name: LocalSystem Image path: "C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe" Image size: 210984 Image MD5: 14ED05B96ACC620E4190E71FABFEAE44 Start: 2 Type: 272 Error Control: 1 Service (registry key): AppMgmt Display name: Gestion d'applications Description: Fournit des services d'installation de logiciels tels que Attribuer, Publier et Supprimer. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Service (registry key): asc Display name: asc Image path: \SystemRoot\system32\DRIVERS\asc.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): asc3350p Display name: asc3350p Image path: \SystemRoot\system32\DRIVERS\asc3350p.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): asc3550 Display name: asc3550 Image path: \SystemRoot\system32\DRIVERS\asc3550.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): ASP.NET Start: 0 Type: 0 Error Control: 0 Service (registry key): ASP.NET_1.1.4322 Start: 0 Type: 0 Error Control: 0 Service (registry key): ASP.NET_2.0.50727 Start: 0 Type: 0 Error Control: 0 Service (registry key): aspnet_state Display name: ASP.NET State Service Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe Image size: 33632 Image MD5: E1633440859F9A1B3CEAF73BA85225CA Start: 3 Type: 16 Error Control: 1 Service (registry key): AsyncMac Display name: Pilote de média asynchrone RAS Description: Pilote de média asynchrone RAS Image path: system32\DRIVERS\asyncmac.sys Image size: 14336 Image MD5: 02000ABF34AF4C218C35D257024807D6 Start: 3 Type: 1 Error Control: 1 Service (registry key): atapi Display name: Contrôleur de disque dur IDE/ESDI standard Image path: system32\DRIVERS\atapi.sys Image size: 95360 Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51 Start: 0 Type: 1 Error Control: 1 Service (registry key): Atdisk Start: 4 Type: 1 Error Control: 0 Service (registry key): Atmarpc Display name: Protocole client ATM ARP Description: Protocole client ATM ARP Image path: system32\DRIVERS\atmarpc.sys Image size: 59904 Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): AudioSrv Display name: Audio Windows Description: Gère les périphériques audio pour les programmes basés sur Windows. Si ce service est arrêté, les périphériques et les effets audio ne fonctionneront pas correctement. Si ce service est désactivé, les services en dépendant explicitement ne démarreront pas. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: PlugPlay,RpcSs Service (registry key): audstub Display name: Pilote audio Stub Image path: system32\DRIVERS\audstub.sys Image size: 3072 Image MD5: D9F724AA26C010A217C97606B160ED68 Start: 3 Type: 1 Error Control: 1 Service (registry key): avgio Display name: avgio Image path: \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys Image size: 11840 Image MD5: 53D688E5F619EDD01232B649A0C06008 Start: 1 Type: 1 Error Control: 1 Depends On services: FltMgr Service (registry key): avgntflt Display name: avgntflt Description: Avira AntiVir PersonalEdition Classic mini-filter used for on-access scan to provide real-time antivirus security. Image path: \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys Image size: 48960 Image MD5: AED7F7C5E2F7B894BA0BDC03CB704466 Start: 3 Type: 2 Error Control: 1 Depends On services: FltMgr Service (registry key): AvgTdi Display name: AVG Network redirector Image path: \SystemRoot\System32\Drivers\avgtdi.sys Start: 2 Type: 1 Error Control: 1 Service (registry key): avipbb Display name: avipbb Description: %avipbbServiceDesc% Image path: system32\DRIVERS\avipbb.sys Image size: 62016 Image MD5: 8B213DA82B559787DCEB41072A3D4C40 Start: 1 Type: 1 Error Control: 1 Service (registry key): BattC Start: 0 Type: 0 Error Control: 0 Service (registry key): Beep Start: 1 Type: 1 Error Control: 1 Service (registry key): BITS Display name: Service de transfert intelligent en arrière-plan Description: Transfère des données entre les clients et les serveurs en tâche de fond. Si le service BITS est désactivé, les fonctionnalités telles que Windows Update ne fonctionneront pas correctement. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): Browser Display name: Explorateur d'ordinateur Description: Tient à jour une liste des ordinateurs présents sur le réseau et fournit cette liste aux ordinateurs désignés comme navigateurs. Si ce service est arrêté, la liste ne sera pas mise ou tenue à jour. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation,LanmanServer Service (registry key): cbidf Display name: cbidf Image path: \SystemRoot\system32\DRIVERS\cbidf2k.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): cbidf2k Start: 4 Type: 1 Error Control: 1 Service (registry key): cd20xrnt Display name: cd20xrnt Image path: \SystemRoot\system32\DRIVERS\cd20xrnt.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): Cdaudio Start: 1 Type: 1 Error Control: 0 Service (registry key): Cdfs Start: 4 Type: 2 Error Control: 1 Depends On group: "SCSI CDROM Class" Service (registry key): Cdrom Display name: Pilote de CD-ROM Image path: system32\DRIVERS\cdrom.sys Image size: 49536 Image MD5: AF9C19B3100FE010496B1A27181FBF72 Start: 1 Type: 1 Error Control: 1 Depends On group: "SCSI miniport" Service (registry key): Changer Start: 1 Type: 1 Error Control: 0 Service (registry key): Cinemsup Display name: Cinemsup Start: 1 Type: 1 Error Control: 1 Service (registry key): CiSvc Display name: Service d'indexation Description: Construit un index des contenus et des propriétés des fichiers sur les ordinateurs locaux et distants ; fournit un accès rapide aux fichiers par le biais d'un langage d'interrogation flexible. Object name: LocalSystem Image path: %SystemRoot%\system32\cisvc.exe Image size: 5632 Image MD5: ABFAC5D58218C0A655DFCAE2D8A535F3 Start: 4 Type: 288 Error Control: 1 Depends On services: RPCSS Service (registry key): Class Start: 0 Type: 0 Error Control: 0 Service (registry key): ClipSrv Display name: Gestionnaire de l'Album Description: Active le Gestionnaire de l'Album afin de stocker les informations et les partager avec des ordinateurs à distance. Si le service est arrêté, le Gestionnaire de l'Album ne pourra pas partager les informations avec des ordinateurs à distance. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\system32\clipsrv.exe Image size: 33280 Image MD5: E42101918C50F754FC15367814FEC11C Start: 4 Type: 16 Error Control: 1 Depends On services: NetDDE Service (registry key): clr_optimization_v2.0.50727_32 Display name: .NET Runtime Optimization Service v2.0.50727_X86 Description: Microsoft .NET Framework NGEN Object name: LocalSystem Image path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe Image size: 68952 Image MD5: 3D560AF01BDC50B4A1E1BFB5CDC06D63 Start: 3 Type: 16 Error Control: 0 Service (registry key): CmdIde Display name: CmdIde Image path: \SystemRoot\system32\DRIVERS\cmdide.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): COMSysApp Display name: Application système COM+ Description: Gère la configuration et le suivi des composants de base COM+ (Component Object Model) . Si le service est arrêté, la plupart des composants de base COM+ ne fonctionneront pas correctement. Si ce service est désactivé, les services qui en dépendent de manière explicite ne pourront pas démarrer. Object name: LocalSystem Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Image size: 5120 Image MD5: 9B2CE161927038D4CABE0482A14FD052 Start: 3 Type: 16 Error Control: 1 Depends On services: rpcss Service (registry key): ContentFilter Start: 0 Type: 0 Error Control: 0 Service (registry key): ContentIndex Start: 0 Type: 0 Error Control: 0 Service (registry key): Cpqarray Display name: Cpqarray Image path: \SystemRoot\system32\DRIVERS\cpqarray.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): CryptSvc Display name: Services de cryptographie Description: Fournit trois services de gestion : le service de base de données de catalogue, qui confirme la signature des fichiers Windows; le service de racine protégée, qui ajoute et supprime des certificats d'autorité de certification de racine approuvés et le service Clé, qui fournit une aide dans l'inscription de cet ordinateur pour les certificats. Si ce service est arrêté, ces services de gestion ne fonctionneront pas correctement. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): dac2w2k Display name: dac2w2k Image path: \SystemRoot\system32\DRIVERS\dac2w2k.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): dac960nt Display name: dac960nt Image path: \SystemRoot\system32\DRIVERS\dac960nt.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): DcomLaunch Display name: Lanceur de processus serveur DCOM Description: Fournit la fonctionnalité de lancement des services DCOM. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost -k DcomLaunch Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Service (registry key): Dhcp Display name: Client DHCP Description: Gère la configuration réseau en inscrivant et en mettant à jour les adresses IP et les noms DNS. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: Tcpip,Afd,NetBT Service (registry key): Disk Display name: Pilote de disque Image path: system32\DRIVERS\disk.sys Image size: 36352 Image MD5: 00CA44E4534865F8A3B64F7C0984BFF0 Start: 0 Type: 1 Error Control: 1 Depends On group: "SCSI miniport" Service (registry key): dmadmin Display name: Service d'administration du Gestionnaire de disque logique Description: Configure les lecteurs de disque durs et les volumes. Le service ne s'exécute que pour les processus de configurations puis s'arrête. Object name: LocalSystem Image path: %SystemRoot%\System32\dmadmin.exe /com Image size: 225280 Image MD5: 647D03A59615FEE96D647D4426F1537E Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,PlugPlay,DmServer Service (registry key): dmboot Image path: System32\drivers\dmboot.sys Image size: 800256 Image MD5: E2D3B7620310FE56685F9B15A6B404B3 Start: 4 Type: 1 Error Control: 1 Service (registry key): dmio Image path: System32\drivers\dmio.sys Image size: 154496 Image MD5: C77F5C20AA70197A69AA84BAA9DE43C8 Start: 4 Type: 1 Error Control: 1 Service (registry key): dmload Image path: System32\drivers\dmload.sys Image size: 5888 Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F Start: 4 Type: 1 Error Control: 1 Service (registry key): dmserver Display name: Gestionnaire de disque logique Description: Détecte et analyse de nouveaux lecteurs de disque durs et envoie les informations de volume de disque au service gestionnaire administratif de disque logique pour la configuration. Si ce service est arrêté, l'état des disques dynamiques et les informations de configuration peuvent devenir obsolètes. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,PlugPlay Service (registry key): DMusic Display name: Synthétiseur DLS du noyau Microsoft Image path: system32\drivers\DMusic.sys Image size: 52864 Image MD5: A6F881284AC1150E37D9AE47FF601267 Start: 3 Type: 1 Error Control: 1 Service (registry key): Dnscache Display name: Client DNS Description: Résout et met en cache les noms DNS pour cet ordinateur. Si ce service est arrêté, l'ordinateur ne pourra pas résoudre les noms DNS et trouver les contrôleurs de domaine Active Directory. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer. Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\system32\svchost.exe -k NetworkService Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: Tcpip Service (registry key): dpti2o Display name: dpti2o Image path: \SystemRoot\system32\DRIVERS\dpti2o.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): drmkaud Display name: Filtre de décodeur DRM (Noyau Microsoft) Image path: system32\drivers\drmkaud.sys Image size: 2944 Image MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E Start: 3 Type: 1 Error Control: 1 Service (registry key): drvmcdb Image path: system32\DRIVERS\drvmcdb.sys Image size: 86320 Image MD5: 62F0C34AE62D619B1964ADFD1114CD1A Start: 0 Type: 1 Error Control: 1 Service (registry key): ERSvc Display name: Service de rapport d'erreurs Description: Active le rapport d'erreurs pour les services et les applications s'exécutant sur des environnements non standard. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 0 Depends On services: RpcSs Service (registry key): Eventlog Display name: Journal des événements Description: Active les messages d'événements émis par les programmes fonctionnant sous Windows et les composants devant être affichés dans l'observateur d'événements. Ce service ne peut être arrêté. Object name: LocalSystem Image path: %SystemRoot%\system32\services.exe Image size: 108544 Image MD5: 63DCDE1A0D86EEB8924D6738FF616EAD Start: 2 Type: 32 Error Control: 1 Service (registry key): EventSystem Display name: Système d'événements de COM+ Description: Prend en charge le service de notification d'événements système (SENS, System Event Notification Service), qui fournit une distribution automatique d'événements aux composants COM (Component Object Model) abonnés. Si le service est arrêté, SENS sera fermé et ne pourra fournir des informations d'ouverture et de fermeture de session. Si ce service est désactivé, le démarrage de tout service qui en dépend explicitement échouera. Object name: LocalSystem Image path: C:\WINDOWS\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): Fastfat Start: 4 Type: 2 Error Control: 1 Service (registry key): FastUserSwitchingCompatibility Display name: Compatibilité avec le Changement rapide d'utilisateur Description: Fournit un système de gestion à des applications qui nécessitent de l'Assistance dans un environnement d'utilisateurs multiples. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: TermService Service (registry key): FBAPI Display name: FBAPI Image path: \??\C:\WINDOWS\system32\drivers\FBAPI.sys Image size: 7412 Image MD5: 7F1CFDDDA3E6D0907AE8F447812169F7 Start: 2 Type: 1 Error Control: 1 Service (registry key): Fdc Display name: Pilote de contrôleur de lecteur de disquettes Image path: system32\DRIVERS\fdc.sys Image size: 27392 Image MD5: CED2E8396A8838E59D8FD529C680E02C Start: 3 Type: 1 Error Control: 1 Service (registry key): FETNDIS Display name: Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet Image path: system32\DRIVERS\fetnd5.sys Image size: 27165 Image MD5: E9648254056BCE81A85380C0C3647DC4 Start: 3 Type: 1 Error Control: 1 Service (registry key): FETNDISB Display name: VIA Rhine Family Fast Ethernet Adapter Driver Service Image path: system32\DRIVERS\fetnd5b.sys Image size: 42496 Image MD5: A583BC166495B07F704533754CE29CBD Start: 3 Type: 1 Error Control: 1 Service (registry key): Fips Start: 1 Type: 1 Error Control: 1 Service (registry key): Flpydisk Start: 1 Type: 1 Error Control: 0 Service (registry key): FltMgr Display name: FltMgr Description: Pilote du gestionnaire de filtre de système de fichiers Image path: system32\DRIVERS\fltMgr.sys Image size: 128896 Image MD5: 3D234FB6D6EE875EB009864A299BEA29 Start: 0 Type: 2 Error Control: 1 Service (registry key): Fs_Rec Start: 1 Type: 8 Error Control: 0 Service (registry key): Ftdisk Display name: Pilote du Gestionnaire de volume Image path: system32\DRIVERS\ftdisk.sys Image size: 126080 Image MD5: A86859B77B908C18C2657F284AA29FE3 Start: 0 Type: 1 Error Control: 1 Service (registry key): gagp30kx Display name: Filtre AGP version 3.0 générique Microsoft pour plates-formes à base de processeur K8 Image path: system32\DRIVERS\gagp30kx.sys Image size: 46464 Image MD5: 4216CD545E5C30807B560C5DCAA812E6 Start: 0 Type: 1 Error Control: 1 Service (registry key): gmer Image path: System32\DRIVERS\gmer.sys Image size: 69905 Image MD5: 0E4BB313310498015856F35473E119F7 Start: 3 Type: 1 Error Control: 1 Service (registry key): GMSIPCI Display name: GMSIPCI Image path: \??\D:\INSTALL\GMSIPCI.SYS Start: 3 Type: 1 Error Control: 1 Service (registry key): Gpc Display name: Classificateur de paquets générique Description: Classificateur de paquets générique Image path: system32\DRIVERS\msgpc.sys Image size: 35072 Image MD5: C0F1D4A21DE5A415DF8170616703DEBF Start: 3 Type: 1 Error Control: 1 Service (registry key): helpsvc Display name: Aide et support Description: Permet à l'application Aide et support de fonctionner sur cet ordinateur. Si ce service est arrêté, la fonctionnalité Aide et support ne sera pas disponible. S'il est désactivé, tous les services dépendant explicitement de ce service ne pourront pas démarrer. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): HidServ Display name: HID Input Service Description: Permet l'accès entrant générique aux périphériques d'interface utilisateur, qui activent et maintiennent l'utilisation des boutons actifs prédéfinis sur le clavier, les contrôles à distance, et d'autres périphériques multimédia. Si ce service est arrêté, les boutons actifs contrôlés par ce service ne fonctionneront pas. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): HidUsb Display name: Pilote de classe HID Microsoft Image path: system32\DRIVERS\hidusb.sys Image size: 9600 Image MD5: 1DE6783B918F540149AA69943BDFEBA8 Start: 3 Type: 1 Error Control: 0 Service (registry key): hpn Display name: hpn Image path: \SystemRoot\system32\DRIVERS\hpn.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): HPZid412 Display name: IEEE-1284.4 Driver HPZid412 Image path: system32\DRIVERS\HPZid412.sys Image size: 49664 Image MD5: 30CA91E657CEDE2F95359D6EF186F650 Start: 3 Type: 1 Error Control: 1 Service (registry key): HPZipr12 Display name: Print Class Driver for IEEE-1284.4 HPZipr12 Image path: system32\DRIVERS\HPZipr12.sys Image size: 16496 Image MD5: EFD31AFA752AA7C7BBB57BCBE2B01C78 Start: 3 Type: 1 Error Control: 1 Service (registry key): HPZius12 Display name: USB to IEEE-1284.4 Translation Driver HPZius12 Image path: system32\DRIVERS\HPZius12.sys Image size: 21568 Image MD5: 7AC43C38CA8FD7ED0B0A4466F753E06E Start: 3 Type: 1 Error Control: 1 Service (registry key): HTTP Display name: HTTP Description: Ce service implémente le protocole HTTP (HyperText Transfer Protocol). Si ce service est désactivé, tous les services qui en dépendent de manière explicite échoueront au démarrage. Image path: System32\Drivers\HTTP.sys Image size: 262784 Image MD5: CB77BB47E67E84DEB17BA29632501730 Start: 3 Type: 1 Error Control: 1 Service (registry key): HTTPFilter Display name: HTTP SSL Description: Ce service implémente le protocole sécurisé HTTPS (Secure HyperText Transfer Protocol) pour le service HTTP, en utilisant la couche SSL (Secure Socket Layer). Si ce service est désactivé, tous les services qui en dépendent de manière explicite échoueront au démarrage. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: HTTP Service (registry key): i2omgmt Start: 1 Type: 1 Error Control: 1 Service (registry key): i2omp Display name: i2omp Image path: \SystemRoot\system32\DRIVERS\i2omp.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): i8042prt Display name: Pilote pour clavier i8042 et souris sur port PS/2 Image path: system32\DRIVERS\i8042prt.sys Image size: 54400 Image MD5: D1EFCBD693B5BA21314D06368C471070 Start: 1 Type: 1 Error Control: 1 Service (registry key): IDriverT Display name: InstallDriver Table Manager Description: Provides support for the Running Object Table for InstallShield Drivers Object name: LocalSystem Image path: "C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe" Image size: 73728 Image MD5: 6F95324909B502E2651442C1548AB12F Start: 4 Type: 16 Error Control: 0 Service (registry key): Imapi Display name: Pilote de filtre de gravure CD Image path: system32\DRIVERS\imapi.sys Image size: 41856 Image MD5: F8AA320C6A0409C0380E5D8A99D76EC6 Start: 1 Type: 1 Error Control: 1 Service (registry key): ImapiService Display name: Service COM de gravage de CD IMAPI Description: Gère le gravage des CD via l'interface série IMAPI (Image Mastering Applications Programming Interface). Si ce service est arrêté, cet ordinateur ne pourra plus enregistrer de CD. Si ce service est désactivé, les services qui en dépendent ne vont pas pouvoir démarrer. Object name: LocalSystem Image path: C:\WINDOWS\system32\imapi.exe Image size: 150016 Image MD5: 17B7A4375868B8C38F2DFC98B3B420C6 Start: 3 Type: 16 Error Control: 1 Service (registry key): inetaccs Start: 0 Type: 0 Error Control: 0 Service (registry key): ini910u Display name: ini910u Image path: \SystemRoot\system32\DRIVERS\ini910u.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): Inport Start: 0 Type: 0 Error Control: 0 Service (registry key): IntelIde Display name: IntelIde Image path: \SystemRoot\system32\DRIVERS\intelide.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): Ip6Fw Display name: Pilote du pare-feu Windows IPv6 Description: Fournit un service de prévention d'intrusion pour un réseau domestique ou de petite entreprise. Image path: system32\DRIVERS\Ip6Fw.sys Image size: 29056 Image MD5: 4448006B6BC60E6C027932CFC38D6855 Start: 3 Type: 1 Error Control: 1 Service (registry key): IpFilterDriver Display name: Pilote de filtre de trafic IP Description: Pilote de filtre de trafic IP Image path: system32\DRIVERS\ipfltdrv.sys Image size: 32896 Image MD5: 731F22BA402EE4B62748ADAF6363C182 Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): IpInIp Display name: Pilote de tunnelage IP dans IP Description: Pilote de tunnelage IP dans IP Image path: system32\DRIVERS\ipinip.sys Image size: 20992 Image MD5: E1EC7F5DA720B640CD8FB8424F1B14BB Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): IpNat Display name: Traducteur d'adresses réseau IP Description: Traducteur d'adresses réseau IP Image path: system32\DRIVERS\ipnat.sys Image size: 134912 Image MD5: E2168CBC7098FFE963C6F23F472A3593 Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): IPSec Display name: Pilote IPSEC Description: Pilote IPSEC Image path: system32\DRIVERS\ipsec.sys Image size: 74752 Image MD5: 64537AA5C003A6AFEEE1DF819062D0D1 Start: 1 Type: 1 Error Control: 1 Service (registry key): IRENUM Display name: Service énumérateur IR Image path: system32\DRIVERS\irenum.sys Image size: 11264 Image MD5: 50708DAA1B1CBB7D6AC1CF8F56A24410 Start: 3 Type: 1 Error Control: 1 Service (registry key): ISAPISearch Start: 0 Type: 0 Error Control: 0 Service (registry key): isapnp Display name: Pilote de bus Plug-and-Play ISA/EISA Image path: system32\DRIVERS\isapnp.sys Image size: 36224 Image MD5: 54632F1A7DE61DC3615D756F2A90FA72 Start: 0 Type: 1 Error Control: 3 Service (registry key): Kbdclass Display name: Pilote de la classe Clavier Image path: system32\DRIVERS\kbdclass.sys Image size: 25216 Image MD5: E798705E8DC7FAB596EF6BFDF167E007 Start: 1 Type: 1 Error Control: 1 Service (registry key): kbdhid Display name: Pilote HID de clavier Image path: system32\DRIVERS\kbdhid.sys Image size: 14848 Image MD5: 62DD5EEFCEC4EF4163F1168D4262A9E4 Start: 1 Type: 1 Error Control: 0 Service (registry key): KLIF Display name: KLIF Image path: \??\C:\WINDOWS\system32\drivers\klif.sys Start: 3 Type: 1 Error Control: 1 Service (registry key): kmixer Display name: Mélangeur audio Wave de noyau Microsoft Image path: system32\drivers\kmixer.sys Image size: 172416 Image MD5: BA5DEDA4D934E6288C2F66CAF58D2562 Start: 3 Type: 1 Error Control: 1 Service (registry key): KSecDD Start: 0 Type: 1 Error Control: 1 Service (registry key): lanmanserver Display name: Serveur Description: Prend en charge le partage de fichiers, d'impression et des canaux nommés via le réseau pour cet ordinateur. Si ce service est arrêté, ces fonctions ne seront pas disponibles. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Service (registry key): lanmanworkstation Display name: Station de travail Description: Crée et maintient des connexions de réseau client à des serveurs distants. Si ce service est arrêté, ces connexions ne seront pas disponibles. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Service (registry key): lbrtfdc Start: 1 Type: 1 Error Control: 0 Service (registry key): ldap Start: 0 Type: 0 Error Control: 0 Service (registry key): LicenseService Start: 0 Type: 0 Error Control: 0 Service (registry key): LmHosts Display name: Assistance TCP/IP NetBIOS Description: Permet la prise en charge pour NetBIOS sur un service TCP/IP (NetBT) et la résolution des noms NetBIOS. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: NetBT,Afd Service (registry key): Machnm32 Display name: Machnm32 Driver Image path: \??\C:\WINDOWS\system32\Machnm32.sys Image size: 2304 Image MD5: FD65BEF5FF8275711D9A56F0B8BB43F1 Start: 2 Type: 1 Error Control: 1 Service (registry key): Messenger Display name: Affichage des messages Description: Envoie et reçoit les messages des services d'alertes entre les clients et les serveurs. Ce service n'est pas lié à Windows Messenger. Si ce service est arrêté, les messages d'alertes ne seront pas transmis. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 4 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS Service (registry key): mnmdd Start: 1 Type: 1 Error Control: 0 Service (registry key): mnmsrvc Display name: Partage de Bureau à distance NetMeeting Description: Permet à un utilisateur autorisé d'accéder à cet ordinateur à distance en utilisant NetMeeting sur un réseau intranet d'entreprise. Si ce service est arrêté, le partage du Bureau à distance ne sera pas disponible. Si ce service est désactivé, tous les services qui en dépendent explicitement ne pourront pas démarrer. Object name: LocalSystem Image path: C:\WINDOWS\system32\mnmsrvc.exe Image size: 32768 Image MD5: 5B219F99CF6D5BE05A6C6E86C38CB7CE Start: 3 Type: 272 Error Control: 1 Service (registry key): Modem Start: 3 Type: 1 Error Control: 0 Service (registry key): Mouclass Display name: Pilote de la classe Souris Image path: system32\DRIVERS\mouclass.sys Image size: 23680 Image MD5: 7D4F19411BD941E1D432A99E24230386 Start: 1 Type: 1 Error Control: 1 Service (registry key): mouhid Display name: Pilote HID de souris Image path: system32\DRIVERS\mouhid.sys Image size: 12288 Image MD5: 124D6846040C79B9C997F78EF4B2A4E5 Start: 3 Type: 1 Error Control: 0 Service (registry key): MountMgr Start: 0 Type: 1 Error Control: 1 Service (registry key): mraid35x Display name: mraid35x Image path: \SystemRoot\system32\DRIVERS\mraid35x.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): MRxDAV Display name: Redirecteur client WebDav Description: Redirecteur client WebDav Image path: system32\DRIVERS\mrxdav.sys Image size: 181248 Image MD5: 46EDCC8F2DB2F322C24F48785CB46366 Start: 3 Type: 2 Error Control: 1 Service (registry key): MRxSmb Display name: MRXSMB Description: MRXSMB Image path: system32\DRIVERS\mrxsmb.sys Image size: 453120 Image MD5: 025AF03CE51645C62F3B6907A7E2BE5E Start: 1 Type: 2 Error Control: 1 Service (registry key): MSDTC Display name: Distributed Transaction Coordinator Description: Coordonne les transactions qui comportent plusieurs gestionnaires de ressources, tels que des bases de données, des files d'attente de messages net des systèmes de fichiers. Si ce service est arrêté, ces transactions ne se produiront pas. S'il est désactivé, le démarrage de tout service qui en dépend explicitement échouera. Object name: NT AUTHORITY\NetworkService Image path: C:\WINDOWS\system32\msdtc.exe Image size: 6144 Image MD5: 11CA338B8765DB8E2D1B459F2CFAD147 Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS,SamSS Service (registry key): Msfs Start: 1 Type: 2 Error Control: 1 Service (registry key): MSIServer Display name: Windows Installer Description: Ajoute, modifie et supprime des applications fournies en tant que package Windows Installer (*.msi). Si ce service est désactivé, tous les services qui en dépendent explicitement ne vont pas démarrer. Object name: LocalSystem Image path: C:\WINDOWS\system32\msiexec.exe /V Image size: 78848 Image MD5: F5F0146580E7023ADB963879840777F8 Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): MSKSSRV Display name: Proxy de service de répartition Microsoft Image path: system32\drivers\MSKSSRV.sys Image size: 7552 Image MD5: AE431A8DD3C1D0D0610CDBAC16057AD0 Start: 3 Type: 1 Error Control: 1 Service (registry key): MSPCLOCK Display name: Proxy d'horloge de répartition Microsoft Image path: system32\drivers\MSPCLOCK.sys Image size: 5376 Image MD5: 13E75FEF9DFEB08EEDED9D0246E1F448 Start: 3 Type: 1 Error Control: 1 Service (registry key): MSPQM Display name: Proxy de gestion de qualité de répartition Microsoft Image path: system32\drivers\MSPQM.sys Image size: 4992 Image MD5: 1988A33FF19242576C3D0EF9CE785DA7 Start: 3 Type: 1 Error Control: 1 Service (registry key): mssmbios Display name: Pilote BIOS de gestion de systèmes Microsoft Image path: system32\DRIVERS\mssmbios.sys Image size: 15488 Image MD5: 469541F8BFD2B32659D5D463A6714BCE Start: 3 Type: 1 Error Control: 1 Service (registry key): Mup Display name: Mup Start: 0 Type: 2 Error Control: 1 Service (registry key): NDIS Display name: Pilote système NDIS Start: 0 Type: 1 Error Control: 1 Service (registry key): NdisTapi Display name: Pilote TAPI NDIS d'accès distant Description: Pilote TAPI NDIS d'accès distant Image path: system32\DRIVERS\ndistapi.sys Image size: 9600 Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C Start: 3 Type: 1 Error Control: 1 Service (registry key): Ndisuio Display name: NDIS mode utilisateur E/S Protocole Description: NDIS mode utilisateur E/S Protocole Image path: system32\DRIVERS\ndisuio.sys Image size: 12928 Image MD5: 34D6CD56409DA9A7ED573E1C90A308BF Start: 3 Type: 1 Error Control: 1 Service (registry key): NdisWan Display name: Pilote réseau étendu NDIS d'accès distant Description: Pilote réseau étendu NDIS d'accès distant Image path: system32\DRIVERS\ndiswan.sys Image size: 91776 Image MD5: 0B90E255A9490166AB368CD55A529893 Start: 3 Type: 1 Error Control: 1 Service (registry key): NDProxy Start: 3 Type: 1 Error Control: 1 Service (registry key): NetBIOS Display name: Interface NetBIOS Description: Interface NetBIOS Image path: system32\DRIVERS\netbios.sys Image size: 34560 Image MD5: 3A2ACA8FC1D7786902CA434998D7CEB4 Start: 1 Type: 2 Error Control: 1 Service (registry key): NetBT Display name: NetBIOS sur TCP/IP Description: NetBIOS sur TCP/IP Image path: system32\DRIVERS\netbt.sys Image size: 162816 Image MD5: 0C80E410CD2F47134407EE7DD19CC86B Start: 1 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): NetDDE Display name: DDE réseau Description: Fournit le transport en réseau et la sécurité pour l'échange dynamique de données pour les programmes exécutés sur un même ordinateur ou des ordinateurs différents. Si ce service est arrêté, le transport et la sécurité de l'échange dynamique de données seront indisponibles. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\system32\netdde.exe Image size: 114176 Image MD5: D40598FD7B7DCCBFB22D777E0DFB1CF0 Start: 4 Type: 32 Error Control: 1 Depends On services: NetDDEDSDM Service (registry key): NetDDEdsdm Display name: DSDM DDE réseau Description: Gère l'échange dynamique de données partagées de réseau. Si ce service est arrêté, l'échange dynamique de données partagées de réseau ne sera plus disponible. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\system32\netdde.exe Image size: 114176 Image MD5: D40598FD7B7DCCBFB22D777E0DFB1CF0 Start: 4 Type: 32 Error Control: 1 Service (registry key): Netlogon Display name: Ouverture de session réseau Description: Prend en charge l'authentification directe des événements d'ouverture de session du compte pour les ordinateurs dans un domaine. Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 13312 Image MD5: 259AF82A0932EEA4F316F92DB94707B6 Start: 3 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation Service (registry key): Netman Display name: Connexions réseau Description: Prend en charge les objets dans le dossier Connexions réseau et accès à distance, dans lequel vous pouvez afficher à la fois les connexions du réseau local et les connexions à distance. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 288 Error Control: 1 Depends On services: RpcSs Service (registry key): Nla Display name: NLA (Network Location Awareness) Description: Recueille et stocke les informations de configuration et d'emplacement réseau, et notifie les applications quand ces informations changent. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: Tcpip,Afd Service (registry key): Npfs Start: 1 Type: 2 Error Control: 1 Service (registry key): NTDS Start: 0 Type: 0 Error Control: 0 Service (registry key): Ntfs Start: 4 Type: 2 Error Control: 1 Service (registry key): NtLmSsp Display name: Fournisseur de la prise en charge de sécurité LM NT Description: Assure la sécurité des programmes RPC (appels de procédure distante) qui utilisent des transports autres que des canaux nommés. Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 13312 Image MD5: 259AF82A0932EEA4F316F92DB94707B6 Start: 3 Type: 32 Error Control: 1 Service (registry key): NtmsSvc Display name: Stockage amovible Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): Null Start: 1 Type: 1 Error Control: 1 Service (registry key): NwlnkFlt Display name: Pilote de filtre de trafic IPX Description: Pilote de filtre de trafic IPX Image path: system32\DRIVERS\nwlnkflt.sys Image size: 12416 Image MD5: B305F3FAD35083837EF46A0BBCE2FC57 Start: 3 Type: 1 Error Control: 1 Depends On services: NwlnkFwd Service (registry key): NwlnkFwd Display name: Pilote de transfert de trafic IPX Description: Pilote de transfert de trafic IPX Image path: system32\DRIVERS\nwlnkfwd.sys Image size: 32512 Image MD5: C99B3415198D1AAB7227F2C88FD664B9 Start: 3 Type: 1 Error Control: 1 Service (registry key): ose Display name: Office Source Engine Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports. Object name: LocalSystem Image path: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" Image size: 89136 Image MD5: 7A56CF3E3F12E8AF599963B16F50FB6A Start: 4 Type: 16 Error Control: 1 Service (registry key): Parport Display name: Pilote de port parallèle Image path: system32\DRIVERS\parport.sys Image size: 80384 Image MD5: 318696359AC7DF48D1E51974EC527DD2 Start: 3 Type: 1 Error Control: 1 Service (registry key): PartMgr Start: 0 Type: 1 Error Control: 1 Service (registry key): ParVdm Start: 4 Type: 1 Error Control: 0 Depends On services: Parport Depends On group: "Parallel arbitrator" Service (registry key): PCI Display name: Pilote de bus PCI Image path: system32\DRIVERS\pci.sys Image size: 68608 Image MD5: 7C5DA5C1ED801AD8B0309D5514F0B75E Start: 0 Type: 1 Error Control: 3 Service (registry key): PCIDump Start: 1 Type: 1 Error Control: 0 Service (registry key): PCIIde Display name: PCIIde Image path: \SystemRoot\system32\DRIVERS\pciide.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): Pcmcia Start: 4 Type: 1 Error Control: 1 Service (registry key): pcouffin Display name: VSO Software pcouffin Image path: System32\Drivers\pcouffin.sys Image size: 47360 Image MD5: 5B6C11DE7E839C05248CED8825470FEF Start: 3 Type: 1 Error Control: 1 Service (registry key): PDCOMP Start: 3 Type: 1 Error Control: 0 Service (registry key): PDFRAME Start: 3 Type: 1 Error Control: 0 Service (registry key): PDRELI Start: 3 Type: 1 Error Control: 0 Service (registry key): PDRFRAME Start: 3 Type: 1 Error Control: 0 Service (registry key): perc2 Display name: perc2 Image path: \SystemRoot\system32\DRIVERS\perc2.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): perc2hib Display name: perc2hib Image path: \SystemRoot\system32\DRIVERS\perc2hib.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): PerfDisk Start: 0 Type: 0 Error Control: 0 Service (registry key): PerfNet Start: 0 Type: 0 Error Control: 0 Service (registry key): PerfOS Start: 0 Type: 0 Error Control: 0 Service (registry key): PerfProc Start: 0 Type: 0 Error Control: 0 Service (registry key): PhnxVcd Display name: PhnxVcd Image path: System32\Drivers\PhnxVcd.sys Image size: 44544 Image MD5: EB095F7199AAB8D9778DBE26AC4AA255 Start: 3 Type: 1 Error Control: 1 Service (registry key): PhnxVCDService Display name: Phoenix VCD Service Object name: LocalSystem Image path: C:\WINDOWS\system32\PhnxCDSvr.exe Image size: 49152 Image MD5: 0B3DCBCF76005ABC186F0366946A3C82 Start: 4 Type: 16 Error Control: 1 Service (registry key): PlugPlay Display name: Plug-and-Play Description: Permet à l'ordinateur de reconnaître et d'adapter les modifications matérielles avec peu ou pas du tout d'intervention de l'utilisateur. Arrêter ou désactiver ce service provoque une instabilité du système. Object name: LocalSystem Image path: %SystemRoot%\system32\services.exe Image size: 108544 Image MD5: 63DCDE1A0D86EEB8924D6738FF616EAD Start: 2 Type: 32 Error Control: 1 Service (registry key): Pml Driver HPZ12 Display name: Pml Driver HPZ12 Object name: LocalSystem Image path: C:\WINDOWS\system32\HPZipm12.exe Image size: 69632 Image MD5: D31F88C5F19EEFA366A415D6BC5F2ABC Start: 4 Type: 16 Error Control: 1 Service (registry key): PolicyAgent Display name: Services IPSEC Description: Gère la stratégie de sécurité IP et démarre les pilotes de gestion de sécurité IP et ISAKMP/Oakley (IKE). Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 13312 Image MD5: 259AF82A0932EEA4F316F92DB94707B6 Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS,Tcpip,IPSec Service (registry key): PptpMiniport Display name: Miniport réseau étendu (PPTP) Description: Miniport réseau étendu (PPTP) Image path: system32\DRIVERS\raspptp.sys Image size: 48384 Image MD5: 1C5CC65AAC0783C344F16353E60B72AC Start: 3 Type: 1 Error Control: 1 Service (registry key): Processor Display name: Pilote processeur Image path: system32\DRIVERS\processr.sys Image size: 39552 Image MD5: F480712B761E538BC8E44EDE60F3A3C3 Start: 1 Type: 1 Error Control: 1 Service (registry key): ProtectedStorage Display name: Emplacement protégé Description: Fournit un stockage protégé pour les données sensibles, telles que les clés privées, afin d'empêcher l'accès par des services, des processus ou des utilisateurs non autorisés. Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 13312 Image MD5: 259AF82A0932EEA4F316F92DB94707B6 Start: 2 Type: 288 Error Control: 1 Depends On services: RpcSs Service (registry key): PSched Display name: Planificateur de paquets QoS Description: Planificateur de paquets QoS Image path: system32\DRIVERS\psched.sys Image size: 69120 Image MD5: 48671F327553DCF1D27F6197F622A668 Start: 3 Type: 1 Error Control: 1 Depends On services: Gpc Service (registry key): Ptilink Display name: Pilote de liaison parallèle directe Description: Pilote de liaison parallèle directe Image path: system32\DRIVERS\ptilink.sys Image size: 17792 Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD Start: 3 Type: 1 Error Control: 1 Service (registry key): ptpd Display name: Disk Filter Driver Image path: system32\drivers\ptpd.sys Image size: 7680 Image MD5: 6E172558DAA6CFC0502FE5297E90DC9C Start: 0 Type: 1 Error Control: 1 Service (registry key): PxHelp20 Display name: PxHelp20 Image path: System32\Drivers\PxHelp20.sys Image size: 20576 Image MD5: F3A3B00666A40C6914B7B2864F7DC1C0 Start: 0 Type: 1 Error Control: 1 Service (registry key): ql1080 Display name: ql1080 Image path: \SystemRoot\system32\DRIVERS\ql1080.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): Ql10wnt Display name: Ql10wnt Image path: \SystemRoot\system32\DRIVERS\ql10wnt.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): ql12160 Display name: ql12160 Image path: \SystemRoot\system32\DRIVERS\ql12160.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): ql1240 Display name: ql1240 Image path: \SystemRoot\system32\DRIVERS\ql1240.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): ql1280 Display name: ql1280 Image path: \SystemRoot\system32\DRIVERS\ql1280.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): RasAcd Display name: Pilote de connexion automatique d'accès distant Description: Pilote de connexion automatique d'accès distant Image path: system32\DRIVERS\rasacd.sys Image size: 8832 Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C Start: 1 Type: 1 Error Control: 1 Service (registry key): RasAuto Display name: Gestionnaire de connexion automatique d'accès distant Description: Crée une connexion vers un réseau distant à chaque fois qu'un programme référence un nom ou une adresse DNS ou NetBIOS distant. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: RasMan,Tapisrv Service (registry key): Rasl2tp Display name: Miniport réseau étendu (L2TP) Description: Miniport réseau étendu (L2TP) Image path: system32\DRIVERS\rasl2tp.sys Image size: 51328 Image MD5: 98FAEB4A4DCF812BA1C6FCA4AA3E115C Start: 3 Type: 1 Error Control: 1 Service (registry key): RasMan Display name: Gestionnaire de connexions d'accès distant Description: Crée une connexion réseau. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: Tapisrv Service (registry key): RasPppoe Display name: Pilote PPPOE d'accès à distance Description: Pilote PPPOE d'accès à distance Image path: system32\DRIVERS\raspppoe.sys Image size: 41472 Image MD5: 7306EEED8895454CBED4669BE9F79FAA Start: 3 Type: 1 Error Control: 1 Service (registry key): Raspti Display name: Parallèle direct Description: Parallèle direct Image path: system32\DRIVERS\raspti.sys Image size: 16512 Image MD5: FDBB1D60066FCFBB7452FD8F9829B242 Start: 3 Type: 1 Error Control: 1 Service (registry key): Rdbss Display name: Rdbss Description: Rdbss Image path: system32\DRIVERS\rdbss.sys Image size: 174592 Image MD5: 03B965B1CA47F6EF60EB5E51CB50E0AF Start: 1 Type: 2 Error Control: 1 Service (registry key): RDPCDD Image path: System32\DRIVERS\RDPCDD.sys Image size: 4224 Image MD5: 4912D5B403614CE99C28420F75353332 Start: 1 Type: 1 Error Control: 0 Service (registry key): RDPDD Start: 0 Type: 0 Error Control: 0 Service (registry key): rdpdr Display name: Pilote de redirecteur de périphérique Terminal Server Image path: system32\DRIVERS\rdpdr.sys Image size: 196864 Image MD5: A2CAE2C60BC37E0751EF9DDA7CEAF4AD Start: 3 Type: 1 Error Control: 1 Service (registry key): RDPNP Start: 0 Type: 0 Error Control: 0 Service (registry key): RDPWD Start: 3 Type: 1 Error Control: 0 Service (registry key): RDSessMgr Display name: Gestionnaire de session d'aide sur le Bureau à distance Description: Gère et contrôle l'assistance à distance. Si ce service est arrêté, l'assistance à distance n'est pas disponible. Consultez l'onglet Dépendances avant d'arrêter ce service. Object name: LocalSystem Image path: C:\WINDOWS\system32\sessmgr.exe Image size: 142336 Image MD5: F35A23E5B6413F93CCCA0D05D00183FB Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): redbook Display name: Pilote de filtre de lecture digitale de CD audio Image path: system32\DRIVERS\redbook.sys Image size: 58496 Image MD5: 2CC30B68DD62B73D444A41322CD7FC4C Start: 1 Type: 1 Error Control: 1 Service (registry key): RemoteAccess Display name: Routage et accès distant Description: Offre aux entreprises des services de routage dans les environnements de réseau local ou étendu. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 4 Type: 32 Error Control: 1 Depends On services: RpcSS Depends On group: NetBIOSGroup Service (registry key): RITCPT Start: 0 Type: 1 Error Control: 0 Service (registry key): RpcLocator Display name: Localisateur d'appels de procédure distante (RPC) Description: Gère la base de données du service de nom RPC. Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\system32\locator.exe Image size: 75264 Image MD5: DAB8E0B2F07DC4D44F8F72BF3994630B Start: 3 Type: 16 Error Control: 1 Depends On services: LanmanWorkstation Service (registry key): RpcSs Display name: Appel de procédure distante (RPC) Description: Fournit le mappeur du point de sortie et divers services RPC. Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\system32\svchost -k rpcss Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Service (registry key): RSVP Display name: QoS RSVP Description: Fournit la signalisation de réseau et la fonctionnalité d'installation du contrôle de trafic local pour les programmes reconnaissant QoS et les applets de contrôle. Object name: LocalSystem Image path: %SystemRoot%\system32\rsvp.exe Image size: 132608 Image MD5: 414964844F4793ACB868D057E8ED997E Start: 3 Type: 16 Error Control: 1 Depends On services: TcpIp,Afd,RpcSs Service (registry key): SamSs Display name: Gestionnaire de comptes de sécurité Description: Stocke les informations de sécurité pour les comptes d'utilisateurs locaux. Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 13312 Image MD5: 259AF82A0932EEA4F316F92DB94707B6 Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): SCardSvr Display name: Carte à puce Description: Gère l'accès aux cartes à puce lues par cet ordinateur. Si ce service est arrêté, cet ordinateur ne pourra plus lire de cartes à puces. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\SCardSvr.exe Image size: 100352 Image MD5: 8866078139C403A28CB4CB460CA6DC90 Start: 3 Type: 32 Error Control: 0 Depends On services: PlugPlay Service (registry key): Schedule Display name: Planificateur de tâches Description: Permet à un utilisateur de configurer et de planifier des tâches automatisées sur cet ordinateur. Si ce service est arrêté, ces tâches ne seront pas exécutées à l'heure prévue. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): Secdrv Display name: Secdrv Description: SafeDisc driver Image path: system32\DRIVERS\secdrv.sys Image size: 27440 Image MD5: D26E26EA516450AF9D072635C60387F4 Start: 3 Type: 1 Error Control: 1 Service (registry key): seclogon Display name: Connexion secondaire Description: Permet le démarrage des processus sous d'autres informations d'identification. Si ce service est arrêté, ce type d'ouverture de session sera indisponible. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 288 Error Control: 0 Service (registry key): SENS Display name: Notification d'événement système Description: Scrute les événements système tels que les ouvertures de session Windows et les événements concernant le réseau et l'alimentation. Avertit les abonnés du système d'événements COM+ de ces événements. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: EventSystem Service (registry key): serenum Display name: Pilote de filtre Serenum Image path: system32\DRIVERS\serenum.sys Image size: 15488 Image MD5: A2D868AEEFF612E70E213C451A70CAFB Start: 3 Type: 1 Error Control: 1 Service (registry key): Serial Display name: Pilote de port série Image path: system32\DRIVERS\serial.sys Image size: 66560 Image MD5: 653201755CA96AB4AAA4131DAF6DA356 Start: 1 Type: 1 Error Control: 0 Service (registry key): Sfloppy Start: 1 Type: 1 Error Control: 0 Depends On group: "SCSI miniport" Service (registry key): SharedAccess Display name: Pare-feu Windows / Partage de connexion Internet Description: Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: Netman,WinMgmt Service (registry key): ShellHWDetection Display name: Détection matériel noyau Description: Fournit des notifications à des événements matériel de lecture automatique. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 0 Depends On services: RpcSs Service (registry key): Simbad Start: 4 Type: 1 Error Control: 1 Service (registry key): sisagp Display name: Filtre de bus AGP SIS Image path: \SystemRoot\system32\DRIVERS\sisagp.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): Sparrow Display name: Sparrow Image path: \SystemRoot\system32\DRIVERS\sparrow.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): splitter Display name: Splitter audio du noyau Microsoft Image path: system32\drivers\splitter.sys Image size: 6400 Image MD5: 0CE218578FFF5F4F7E4201539C45C78F Start: 3 Type: 1 Error Control: 1 Service (registry key): Spooler Display name: Spouleur d'impression Description: Charge des fichiers en mémoire pour une impression ultérieure. Object name: LocalSystem Image path: %SystemRoot%\system32\spoolsv.exe Image size: 57856 Image MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F Start: 2 Type: 272 Error Control: 1 Depends On services: RPCSS Service (registry key): sptd Image path: System32\Drivers\sptd.sys Start: 0 Type: 1 Error Control: 1 Service (registry key): sr Display name: Pilote de filtre de restauration système Image path: \SystemRoot\system32\DRIVERS\sr.sys Start: 4 Type: 2 Error Control: 1 Service (registry key): srservice Display name: Service de restauration système Description: Effectue des opérations de restauration du système. Pour arrêter ce service, désactivez Restauration du système dans l'onglet Restauration du système des propriétés du Poste de travail. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): Srv Display name: Srv Description: Srv Image path: system32\DRIVERS\srv.sys Image size: 332928 Image MD5: EA554A3FFC3F536FE8320EB38F5E4843 Start: 3 Type: 2 Error Control: 1 Service (registry key): SSDPSRV Display name: Service de découvertes SSDP Description: Active la découverte de périphériques Plug and Play universels sur votre réseau domestique. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: HTTP Service (registry key): ssmdrv Display name: ssmdrv Description: Avira Snapshot Driver Image path: system32\DRIVERS\ssmdrv.sys Image size: 28352 Image MD5: 3D2829FDE1C52FC64DA5413889CE4DEE Start: 1 Type: 1 Error Control: 1 Service (registry key): ssm_bus Display name: SAMSUNG Mobile USB Device II 1.0 driver (WDM) Image path: system32\DRIVERS\ssm_bus.sys Image size: 58320 Image MD5: DF5C19F053EFF7F8BA25D73AEA899656 Start: 3 Type: 1 Error Control: 1 Service (registry key): ssm_mdfl Display name: SAMSUNG Mobile USB Modem II 1.0 Filter Description: SAMSUNG Mobile USB Modem II 1.0 Filter Image path: system32\DRIVERS\ssm_mdfl.sys Image size: 8336 Image MD5: 5347169FA449EABC4D0728AE39FAB926 Start: 3 Type: 1 Error Control: 1 Service (registry key): ssm_mdm Display name: SAMSUNG Mobile USB Modem II 1.0 Drivers Description: SAMSUNG Mobile USB Modem II 1.0 Drivers Image path: system32\DRIVERS\ssm_mdm.sys Image size: 94000 Image MD5: 7AAE23DD105EED15C4F45FC269FA42A9 Start: 3 Type: 1 Error Control: 1 Service (registry key): StarOpen Start: 1 Type: 2 Error Control: 1 Service (registry key): stisvc Display name: Acquisition d'image Windows (WIA) Description: Fournit des services d'acquisition d'images pour les scanneurs et les appareils photo. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k imgsvc Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): swenum Display name: Pilote de bus logiciel Image path: system32\DRIVERS\swenum.sys Image size: 4352 Image MD5: 03C1BAE4766E2450219D20B993D6E046 Start: 3 Type: 1 Error Control: 1 Service (registry key): swmidi Display name: Synthétiseur de table de sons GC noyau Microsoft Image path: system32\drivers\swmidi.sys Image size: 54272 Image MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D Start: 3 Type: 1 Error Control: 1 Service (registry key): SwPrv Display name: MS Software Shadow Copy Provider Description: Gère les copies logicielles de clichés instantanés de volumes créés par le service de cliché instantané de volumes. Si ce service est arrêté, les copies logicielles de clichés instantanés ne peuvent pas être gérées. Si le service est désactivé, les services qui en dépendent ne pourront pas démarrer. Object name: LocalSystem Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{27D524CB-A5A3-467C-A170-BE5A05D05B86} Image size: 5120 Image MD5: 9B2CE161927038D4CABE0482A14FD052 Start: 3 Type: 16 Error Control: 0 Depends On services: rpcss Service (registry key): symc810 Display name: symc810 Image path: \SystemRoot\system32\DRIVERS\symc810.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): symc8xx Display name: symc8xx Image path: \SystemRoot\system32\DRIVERS\symc8xx.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): sym_hi Display name: sym_hi Image path: \SystemRoot\system32\DRIVERS\sym_hi.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): sym_u3 Display name: sym_u3 Image path: \SystemRoot\system32\DRIVERS\sym_u3.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): sysaudio Display name: Périphérique audio système du noyau Microsoft Image path: system32\drivers\sysaudio.sys Image size: 60800 Image MD5: 650AD082D46BAC0E64C9C0E0928492FD Start: 3 Type: 1 Error Control: 1 Service (registry key): SysmonLog Display name: Journaux et alertes de performance Description: Collecte les données de performances des ordinateurs locaux ou distants basés sur des paramètres planifiés préconfigurés, puis écrit les données dans un journal ou déclenche une alerte. Si ce service est arrêté, les informations de performances ne seront pas collectées. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: NT Authority\NetworkService Image path: %SystemRoot%\system32\smlogsvc.exe Image size: 93184 Image MD5: 0FAAD412D36E668260A6D5699875D534 Start: 3 Type: 16 Error Control: 1 Service (registry key): TapiSrv Display name: Téléphonie Description: Fournit la prise en charge des API de téléphonie (TAPI) pour les programmes contrôlant les périphériques de téléphonie, les connexions vocales basées sur le protocole IP, sur l'ordinateur local, via le réseau local, sur le serveur où ce service fonctionne également. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: PlugPlay,RpcSs Service (registry key): Tcpip Display name: Pilote du protocole TCP/IP Description: Pilote du protocole TCP/IP Image path: system32\DRIVERS\tcpip.sys Image size: 359808 Image MD5: 1DBF125862891817F374F407626967F4 Start: 1 Type: 1 Error Control: 1 Depends On services: IPSec Service (registry key): TDPIPE Start: 3 Type: 1 Error Control: 0 Service (registry key): TDTCP Start: 3 Type: 1 Error Control: 0 Service (registry key): TermDD Display name: Pilote de périphérique terminal Image path: system32\DRIVERS\termdd.sys Image size: 40840 Image MD5: A540A99C281D933F3D69D55E48727F47 Start: 1 Type: 1 Error Control: 1 Service (registry key): TermService Display name: Services Terminal Server Description: Permet à plusieurs utilisateurs de se connecter en même temps à un ordinateur, tout en affichant les bureaux et les applications sur les ordinateurs distants. Contient les fonctions sous-jacentes de Bureau à distance (y compris le Bureau à distance pour les administrateurs), le Changement rapide d'utilisateur, l'Assistance à distance et le service Terminal Server. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost -k DComLaunch Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): Themes Display name: Thèmes Description: Fournit un système de gestion de thème de l'expérience utilisateur. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 4 Type: 32 Error Control: 1 Service (registry key): TosIde Display name: TosIde Image path: \SystemRoot\system32\DRIVERS\toside.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): TrkWks Display name: Client de suivi de lien distribué Description: Maintient les liens entre les fichiers NTFS au sein d'un ordinateur ou de plusieurs ordinateurs dans un domaine de réseau. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): TSDDD Start: 0 Type: 0 Error Control: 0 Service (registry key): Udfs Start: 4 Type: 2 Error Control: 1 Service (registry key): ultra Display name: ultra Image path: \SystemRoot\system32\DRIVERS\ultra.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): UMWdf Display name: Windows User Mode Driver Framework Description: Enables Windows user mode drivers. Object name: NT AUTHORITY\LocalService Image path: C:\WINDOWS\system32\wdfmgr.exe Image size: 38912 Image MD5: AB0A7CA90D9E3D6A193905DC1715DED0 Start: 4 Type: 16 Error Control: 1 Depends On services: RpcSs Service (registry key): Update Display name: Pilote de mise à jour microcode Image path: system32\DRIVERS\update.sys Image size: 209408 Image MD5: AFF2E5045961BBC0A602BB6F95EB1345 Start: 3 Type: 1 Error Control: 1 Service (registry key): upnphost Display name: Hôte de périphérique universel Plug-and-Play Description: Offre la prise en charge des périphériques hôtes universels Plug-and-Play. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: SSDPSRV,HTTP Service (registry key): UPS Display name: Onduleur Description: Gère un onduleur connecté à l'ordinateur. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\ups.exe Image size: 18432 Image MD5: 394C9B28C1A97E1AE0421BE88DDAC102 Start: 3 Type: 16 Error Control: 1 Service (registry key): usbccgp Display name: Pilote parent générique USB Microsoft Image path: system32\DRIVERS\usbccgp.sys Image size: 31616 Image MD5: BFFD9F120CC63BCBAA3D840F3EEF9F79 Start: 3 Type: 1 Error Control: 1 Service (registry key): usbehci Display name: Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0 Image path: system32\DRIVERS\usbehci.sys Image size: 26624 Image MD5: 15E993BA2F6946B2BFBBFCD30398621E Start: 3 Type: 1 Error Control: 1 Service (registry key): usbhub Display name: Concentrateur USB2 Image path: system32\DRIVERS\usbhub.sys Image size: 57600 Image MD5: C72F40947F92CEA56A8FB532EDF025F1 Start: 3 Type: 1 Error Control: 1 Service (registry key): usbprint Display name: Classe d'imprimantes USB Microsoft Image path: system32\DRIVERS\usbprint.sys Image size: 25856 Image MD5: A42369B7CD8886CD7C70F33DA6FCBCF5 Start: 3 Type: 1 Error Control: 1 Service (registry key): usbscan Display name: Pilote de scanneur USB Image path: system32\DRIVERS\usbscan.sys Image size: 15104 Image MD5: A6BC71402F4F7DD5B77FD7F4A8DDBA85 Start: 3 Type: 1 Error Control: 1 Service (registry key): USBSTOR Display name: Pilote de stockage de masse USB Image path: system32\DRIVERS\USBSTOR.SYS Image size: 26496 Image MD5: 6CD7B22193718F1D17A47A1CD6D37E75 Start: 3 Type: 1 Error Control: 1 Service (registry key): usbuhci Display name: Pilote miniport de contrôleur hôte universel USB Microsoft Image path: system32\DRIVERS\usbuhci.sys Image size: 20480 Image MD5: F8FD1400092E23C8F2F31406EF06167B Start: 3 Type: 1 Error Control: 1 Service (registry key): VgaSave Image path: \SystemRoot\System32\drivers\vga.sys Start: 1 Type: 1 Error Control: 0 Service (registry key): VIA Codec Default Start: 0 Type: 0 Error Control: 0 Service (registry key): viaagp Display name: Filtre de bus AGP VIA Image path: \SystemRoot\system32\DRIVERS\viaagp.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): viagfx Display name: viagfx Image path: system32\DRIVERS\vtmini.sys Image size: 174592 Image MD5: 8415D39E3F95E27F5247072C78812C24 Start: 3 Type: 1 Error Control: 0 Service (registry key): ViaIde Image path: system32\DRIVERS\viaide.sys Image size: 5376 Image MD5: 59CB1338AD3654417BEA49636457F65D Start: 0 Type: 1 Error Control: 1 Service (registry key): viamraid Image path: system32\DRIVERS\viamraid.sys Image size: 60672 Image MD5: 44056E9FEE477F512EE58BCFEE949621 Start: 0 Type: 1 Error Control: 1 Service (registry key): VIAudio Display name: Vinyl AC'97 Audio Controller (WDM) Image path: system32\drivers\vinyl97.sys Image size: 202112 Image MD5: 08C5FD340D290E8536413C863BA4F9A6 Start: 3 Type: 1 Error Control: 1 Service (registry key): VolSnap Start: 0 Type: 1 Error Control: 1 Service (registry key): VSS Display name: Cliché instantané de volume Description: Gère et implémente les clichés instantanés de volumes pour les sauvegardes et autres utilisations. Si ce service est arrêté, les clichés instantanés ne seront pas disponibles pour la sauvegarde et la sauvegarde échouera. Si ce service est désactivé, les services en dépendant explicitement ne démarreront pas. Object name: LocalSystem Image path: %SystemRoot%\System32\vssvc.exe Image size: 295424 Image MD5: CE38755FF8C161A66E45FC0C10CDEE87 Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): W32Time Display name: Horloge Windows Description: Conserve la synchronisation de la date et de l'heure sur tous les clients et serveurs sur le réseau. Si ce service est arrêté, la synchronisation de la date et de l'heure sera indisponible. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Service (registry key): W3SVC Start: 0 Type: 0 Error Control: 0 Service (registry key): Wanarp Display name: Pilote ARP IP d'accès distant Description: Pilote ARP IP d'accès distant Image path: system32\DRIVERS\wanarp.sys Image size: 34560 Image MD5: 984EF0B9788ABF89974CFED4BFBAACBC Start: 3 Type: 1 Error Control: 1 Service (registry key): WDICA Start: 3 Type: 1 Error Control: 0 Service (registry key): wdmaud Display name: Pilote WINMM de compatibilité audio WDM Microsoft Image path: system32\drivers\wdmaud.sys Image size: 82944 Image MD5: EFD235CA22B57C81118C1AEB4798F1C1 Start: 3 Type: 1 Error Control: 1 Service (registry key): WebClient Display name: WebClient Description: Permet à un programme fonctionnant sous Windows de créer, modifier et accéder à des fichiers Internet. Si ce service est arrêté, Ces fonctions ne seront pas disponibles. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: MRxDAV Service (registry key): winmgmt Display name: Infrastructure de gestion Windows Description: Fournit une interface commune et un modèle objet pour accéder aux informations de gestion du système d'exploitation, des périphériques, des applications et des services. Si ce service est arrêté, la plupart des logiciels sur base Windows ne fonctionneront pas correctement. Si ce service est désactivé, tout service qui en dépend explicitement ne démarrera pas. Object name: LocalSystem Image path: %systemroot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 0 Depends On services: RPCSS Service (registry key): Winsock Start: 3 Type: 4 Error Control: 1 Service (registry key): WinSock2 Start: 0 Type: 0 Error Control: 0 Service (registry key): WinTrust Start: 0 Type: 0 Error Control: 0 Service (registry key): WMConnectCDS Display name: Service Windows Media Connect Description: Partage les médias avec des périphériques pour les médias qui utilisent Plug-and-Play universel Object name: NT AUTHORITY\NetworkService Image path: C:\Program Files\Windows Media Connect 2\wmccds.exe Image size: 856064 Image MD5: EFD9476E039E833A4B55E87EC813B153 Start: 3 Type: 16 Error Control: 1 Depends On services: upnphost,http,HTTPFilter Service (registry key): WmdmPmSN Display name: Service de numéro de série du lecteur multimédia portable Description: Extrait le numéro de série d'un lecteur multimédia portable connecté à cet ordinateur. Si ce service est interrompu, le contenu protégé risque de ne pas être téléchargé sur le périphérique. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Service (registry key): WmiApRpl Start: 0 Type: 0 Error Control: 0 Service (registry key): WmiApSrv Display name: Carte de performance WMI Description: Fournit des informations concernant la bibliothèque de performance à partir des fournisseurs HiPerf WMI. Object name: LocalSystem Image path: C:\WINDOWS\system32\wbem\wmiapsrv.exe Image size: 126464 Image MD5: 93A3FC4CF42587A7AB54788F19B9259C Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): WS2IFSL Display name: Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0 Image path: \SystemRoot\System32\drivers\ws2ifsl.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): wscsvc Display name: Centre de sécurité Description: Analyse les paramètres de sécurité et les configurations du système. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs,winmgmt Service (registry key): wuauserv Display name: Mises à jour automatiques Description: Active le téléchargement et l'installation des mises à jour Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité des mises à jour automatiques ou le site Windows Update. Object name: LocalSystem Image path: %systemroot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Service (registry key): WZCSVC Display name: Configuration automatique sans fil Description: Fournit la configuration automatique des cartes 802.11 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs,Ndisuio Service (registry key): xmlprov Display name: Service d'approvisionnement réseau Description: Gère les fichiers de configuration XML en fonction du domaine pour l'approvisionnement réseau automatique. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): {88317C58-0B89-4AEE-ACA6-ED4AD09D4599} Start: 0 Type: 0 Error Control: 0

j'ai editer un rapport avec spybot SD --- Search result list --- Common Dialogs: History (4 files) (Clé du registre, nothing done) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU Log: Activity: SchedLgU.Txt (Sauver le fichier, nothing done) C:\WINDOWS\SchedLgU.Txt Log: Activity: ntbtlog.txt (Sauver le fichier, nothing done) C:\WINDOWS\ntbtlog.txt Log: Shutdown: System32\wbem\logs\wbemess.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wbemess.log Log: Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wmiprov.log Internet Explorer: Download directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Internet Explorer\Download Directory!= Internet Explorer: User agent (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32) MS Media Player: Anonymous ID (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0 MS DirectDraw: Most recent application (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!= MS Search Assistant: Typed search terms history (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Search Assistant\ACMru Windows Explorer: User Assistant history IE (7 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: User Assistant history files (74 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: Last visited history (3 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU Windows Explorer: Recent file global history (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Explorer: Last Copy/MoveTo folder (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder Windows Media SDK: Computer name (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName Windows Media SDK: Unique ID (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000} Windows Media SDK: Volume serial number (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-2205643762-3629876135-3384222523-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber Félicitations!: Aucun mouchard n'a été trouvé. () --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2007-06-03 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2007-05-23 advcheck.dll (1.5.3.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2007-07-31 Tools.dll (2.1.2.0) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2007-09-19 Includes\Cookies.sbi (*) 2007-07-25 Includes\Dialer.sbi (*) 2007-09-19 Includes\DialerC.sbi (*) 2007-08-29 Includes\Hijackers.sbi (*) 2007-09-19 Includes\HijackersC.sbi (*) 2007-07-25 Includes\Keyloggers.sbi (*) 2007-09-19 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2007-09-12 Includes\Malware.sbi (*) 2007-09-19 Includes\MalwareC.sbi (*) 2007-09-05 Includes\PUPS.sbi (*) 2007-09-19 Includes\PUPSC.sbi (*) 2007-09-19 Includes\Revision.sbi (*) 2007-05-30 Includes\Security.sbi (*) 2007-09-19 Includes\SecurityC.sbi (*) 2007-09-12 Includes\Spybots.sbi (*) 2007-09-19 Includes\SpybotsC.sbi (*) 2007-08-21 Includes\Tracks.uti (*) 2007-09-12 Includes\Trojans.sbi (*) 2007-09-19 Includes\TrojansC.sbi (*) 2007-06-06 Plugins\TCPIPAddress.dll --- System information --- Windows XP (Build: 2600) Service Pack 2 / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) / Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n For more information, visit http://support.microsoft.com/kb/928365 / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs / Windows / SP1: Microsoft National Language Support Downlevel APIs / Windows Media Player 10: Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) / Windows Media Player 10: Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782) / Windows Media Player 6.4: Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) / Windows XP: Mise à jour de sécurité pour Windows XP (KB923689) / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) / Windows XP / SP3: Correctif Windows XP - KB873339 / Windows XP / SP3: Correctif Windows XP - KB885250 / Windows XP / SP3: Correctif Windows XP - KB885835 / Windows XP / SP3: Correctif Windows XP - KB885836 / Windows XP / SP3: Correctif Windows XP - KB886185 / Windows XP / SP3: Correctif Windows XP - KB887472 / Windows XP / SP3: Correctif Windows XP - KB887742 / Windows XP / SP3: Correctif Windows XP - KB887797 / Windows XP / SP3: Correctif Windows XP - KB888113 / Windows XP / SP3: Correctif Windows XP - KB888302 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB890046) / Windows XP / SP3: Correctif Windows XP - KB890859 / Windows XP / SP3: Correctif Windows XP - KB891781 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB893066) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB893756) / Windows XP / SP3: Windows Installer 3.1 (KB893803) / Windows XP / SP3: Mise à jour pour Windows XP (KB894391) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896358) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896422) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896423) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896424) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896428) / Windows XP / SP3: Mise à jour pour Windows XP (KB898461) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899587) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899591) / Windows XP / SP3: Mise à jour pour Windows XP (KB900485) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB900725) / Windows XP / SP3: Mise à jour pour Windows XP (KB900930) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901017) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901214) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB902400) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB904706) / Windows XP / SP3: Mise à jour pour Windows XP (KB904942) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905414) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905749) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905915) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB908519) / Windows XP / SP3: Mise à jour pour Windows XP (KB908531) / Windows XP / SP3: Mise à jour pour Windows XP (KB910437) / Windows XP / SP3: Mise à jour pour Windows XP (KB911280) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911562) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911567) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911927) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB912919) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB913580) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB914388) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB914389) / Windows XP / SP3: Correctif pour Windows XP (KB914440) / Windows XP / SP3: Hotfix for Windows XP (KB915865) / Windows XP / SP3: Mise à jour pour Windows XP (KB916595) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917344) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917422) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917953) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB918118) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB918439) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB919007) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920213) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920214) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920670) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920683) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920685) / Windows XP / SP3: Mise à jour pour Windows XP (KB920872) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB921398) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB921503) / Windows XP / SP3: Mise à jour pour Windows XP (KB922582) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB922616) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB922760) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB922819) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB923191) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB923414) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB923980) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB924191) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB924270) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB924496) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB924667) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB925486) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB925902) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB926255) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB926436) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB927779) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB927802) / Windows XP / SP3: Mise à jour pour Windows XP (KB927891) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB928255) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB928843) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB929123) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB929969) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB930178) / Windows XP / SP3: Mise à jour pour Windows XP (KB930916) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB931261) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB931784) / Windows XP / SP3: Mise à jour pour Windows XP (KB931836) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB932168) / Windows XP / SP3: Mise à jour pour Windows XP (KB933360) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB933566) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB935839) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB935840) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB936021) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB937143) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB938127) / Windows XP / SP3: Mise à jour pour Windows XP (KB938828) / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB938829) --- Startup entries list --- Located: HK_LM:Run, AAWTray command: C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe file: C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe size: 88024 MD5: 4659f02259d1b628b360ef4b092ccf01 Located: HK_LM:Run, AudioDeck command: "C:\Program Files\VIAudioi\SBADeck\ADeck.exe" 1 file: C:\Program Files\VIAudioi\SBADeck\ADeck.exe size: 450560 MD5: accbea050864b65d208434e9539bd5c3 Located: HK_LM:Run, avgnt command: "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min file: C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe size: 249896 MD5: ba5e0a9b7ccde337b22ccc00971aae1c Located: HK_LM:Run, FileBackup command: "C:\Program Files\Optimark\OTB\OTB.exe" file: C:\Program Files\Optimark\OTB\OTB.exe size: 1048576 MD5: 2e80cc8d087b689d61be632f7125f785 Located: HK_LM:Run, HP Software Update command: "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe size: 49152 MD5: 926a397334fe426a6c7657096fe681db Located: HK_LM:Run, RestoreIT! command: "C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE" VBStart file: C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE size: 118784 MD5: e0b387eb1c7399c2593fef98a0aaac19 Located: HK_LM:Run, SunJavaUpdateSched command: "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" file: C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe size: 132496 MD5: 896e712a34d654a337c8cbb9deb07200 Located: HK_LM:Run, VTTrayp command: VTtrayp.exe file: C:\WINDOWS\system32\VTtrayp.exe size: 143360 MD5: b7401a1c424e0836d7846e42548946b4 Located: HK_LM:Run, Babylon Client (DISABLED) command: C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart file: Located: HK_CU:Run, ccleaner command: "C:\Program Files\CCleaner\ccleaner.exe" /AUTO file: C:\Program Files\CCleaner\ccleaner.exe size: 598656 MD5: 6c28cdf8261026d9f9fa876f362d7228 Located: HK_CU:Run, CTFMON.EXE command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 64e41e8fee655b03e3f19ded21ba5118 Located: Démarrage (désactivé), Lancement rapide d'Adobe Reader (DISABLED) command: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE file: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE size: 29696 MD5: 43362b96870ce8649f4f2ec893da93f0 Located: System.ini, crypt32chain command: crypt32.dll file: crypt32.dll Located: System.ini, cryptnet command: cryptnet.dll file: cryptnet.dll Located: System.ini, cscdll command: cscdll.dll file: cscdll.dll Located: System.ini, ScCertProp command: wlnotify.dll file: wlnotify.dll Located: System.ini, Schedule command: wlnotify.dll file: wlnotify.dll Located: System.ini, sclgntfy command: sclgntfy.dll file: sclgntfy.dll Located: System.ini, SensLogn command: WlNotify.dll file: WlNotify.dll Located: System.ini, termsrv command: wlnotify.dll file: wlnotify.dll Located: System.ini, WgaLogon command: WgaLogon.dll file: WgaLogon.dll Located: System.ini, wlballoon (DISABLED) command: wlnotify.dll file: wlnotify.dll --- Browser helper object list --- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) BHO name: CLSID name: Adobe PDF Reader Link Helper description: Adobe Acrobat reader classification: Legitimate known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll info link: http://www.adobe.com/products/acrobat/readstep2.html info source: TonyKlein Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\ Long name: AcroIEHelper.dll Short name: ACROIE~1.DLL Date (created): 18/12/2006 04:16:42 Date (last access): 19/09/2007 15:40:56 Date (last write): 18/12/2006 04:16:42 Filesize: 59032 Attributes: archive MD5: 4EA3A6CD9D20584FFAFDB1E47DBF0E20 CRC32: 7B0A854F Version: 7.0.9.50 {53707962-6F74-2D53-2644-206D7942484F} () BHO name: CLSID name: description: Spybot-S&D IE Browser plugin classification: Legitimate known filename: SDhelper.dll info link: http://spybot.eon.net.au/ info source: Patrick M. Kolla Path: C:\PROGRA~1\SPYBOT~1\ Long name: SDHelper.dll Short name: Date (created): 03/06/2007 22:14:16 Date (last access): 19/09/2007 16:58:56 Date (last write): 31/05/2005 01:04:00 Filesize: 853672 Attributes: archive MD5: 250D787A5712D7768DDC133B3E477759 CRC32: D4589A41 Version: 1.4.0.0 {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) BHO name: CLSID name: SSVHelper Class Path: C:\Program Files\Java\jre1.6.0_02\bin\ Long name: ssv.dll Short name: Date (created): 17/09/2007 23:07:58 Date (last access): 19/09/2007 15:40:56 Date (last write): 12/07/2007 04:00:36 Filesize: 501136 Attributes: archive MD5: D6137540BDF0F9F9B9055C60ADD8007A CRC32: 29E910AF Version: 6.0.20.6 --- ActiveX list --- {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) DPF name: CLSID name: Windows Genuine Advantage Validation Tool Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf Codebase: http://go.microsoft.com/fwlink/?linkid=39204 description: classification: Legitimate known filename: LegitCheckControl.DLL info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\system32\ Long name: LegitCheckControl.DLL Short name: LEGITC~1.DLL Date (created): 12/07/2005 18:04:22 Date (last access): 19/09/2007 16:09:22 Date (last write): 24/04/2007 11:32:06 Filesize: 1485696 Attributes: archive MD5: F41FA54CD85AF8AACF8C7E084F6742F4 CRC32: 6328586B Version: 1.7.36.0 {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) DPF name: CLSID name: Windows Live Safety Center Base Module Installer: C:\WINDOWS\Downloaded Program Files\wlscBase.inf Codebase: http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab description: classification: Legitimate known filename: wlscBase.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: wlscBase.dll Short name: Date (created): 27/03/2007 14:25:30 Date (last access): 19/09/2007 16:04:50 Date (last write): 27/03/2007 14:25:30 Filesize: 465816 Attributes: archive MD5: 85A9ED549078B78D6C0BE4565045F7BA CRC32: F69A3C13 Version: 1.4.8300.1 {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) DPF name: CLSID name: WScanCtl Class Installer: C:\WINDOWS\Downloaded Program Files\webscan.inf Codebase: http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab description: classification: Legitimate known filename: webscan.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: webscan.dll Short name: Date (created): 20/11/2006 12:02:34 Date (last access): 19/09/2007 16:04:50 Date (last write): 20/11/2006 12:02:34 Filesize: 180282 Attributes: archive MD5: 76EA3ABECE61FBA3C07F61E42BB0CA48 CRC32: AECD0E4D Version: 1.1.0.1049 {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_02 Installer: C:\WINDOWS\Downloaded Program Files\jinstall-6u2.inf Codebase: http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab description: Sun Java classification: Legitimate known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll info link: info source: Patrick M. Kolla Path: C:\Program Files\Java\jre1.6.0_02\bin\ Long name: npjpi160_02.dll Short name: NPJPI1~1.DLL Date (created): 12/07/2007 02:22:38 Date (last access): 19/09/2007 16:01:42 Date (last write): 12/07/2007 04:00:36 Filesize: 132496 Attributes: archive MD5: E3811F1A1C5063C941EC0E2766C3EA39 CRC32: AEFD3747 Version: 6.0.20.6 {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_02 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab description: classification: Legitimate known filename: npjpi160_02.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files\Java\jre1.6.0_02\bin\ Long name: npjpi160_02.dll Short name: NPJPI1~1.DLL Date (created): 12/07/2007 02:22:38 Date (last access): 19/09/2007 16:01:42 Date (last write): 12/07/2007 04:00:36 Filesize: 132496 Attributes: archive MD5: E3811F1A1C5063C941EC0E2766C3EA39 CRC32: AEFD3747 Version: 6.0.20.6 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_02 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab description: classification: Legitimate known filename: npjpi150_06.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files\Java\jre1.6.0_02\bin\ Long name: npjpi160_02.dll Short name: NPJPI1~1.DLL Date (created): 12/07/2007 02:22:38 Date (last access): 19/09/2007 16:01:42 Date (last write): 12/07/2007 04:00:36 Filesize: 132496 Attributes: archive MD5: E3811F1A1C5063C941EC0E2766C3EA39 CRC32: AEFD3747 Version: 6.0.20.6 --- Process list --- PID: 0 ( 0) [system] PID: 184 ( 4) \SystemRoot\System32\smss.exe PID: 240 ( 184) \??\C:\WINDOWS\system32\csrss.exe PID: 264 ( 184) \??\C:\WINDOWS\system32\winlogon.exe PID: 308 ( 264) C:\WINDOWS\system32\services.exe size: 108544 MD5: 63DCDE1A0D86EEB8924D6738FF616EAD PID: 320 ( 264) C:\WINDOWS\system32\lsass.exe size: 13312 MD5: 259AF82A0932EEA4F316F92DB94707B6 PID: 508 ( 308) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 2979B03D5382A602623C0535B16AB9C0 PID: 592 ( 308) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 2979B03D5382A602623C0535B16AB9C0 PID: 644 ( 308) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe size: 566616 MD5: C7572C802FEC8F539253C2D52BC2972C PID: 796 ( 768) C:\WINDOWS\Explorer.EXE size: 1037312 MD5: D0288319660EDCFED07C7E74C4EA38A5 PID: 820 ( 308) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 2979B03D5382A602623C0535B16AB9C0 PID: 1208 ( 796) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 4393096 MD5: 09CA174A605B480318731E691DC98539 PID: 4 ( 0) System --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 19/09/2007 17:00:20 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.google.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar http://www.google.com/ie HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page http://www.neufportail.fr/ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page %SystemRoot%\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://go.microsoft.com/fwlink/?LinkId=54896 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page http://go.microsoft.com/fwlink/?LinkId=69157 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://go.microsoft.com/fwlink/?LinkId=69157 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://go.microsoft.com/fwlink/?LinkId=54896 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://www.google.com/ie HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- Protocol 0: MSAFD Tcpip [TCP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 1: MSAFD Tcpip [uDP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 2: MSAFD Tcpip [RAW/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 3: RSVP UDP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\rsvpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 4: RSVP TCP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\rsvpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 5: MSAFD nwlnkipx [iPX] GUID: {11058240-BE47-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD nwlnkipx * Protocol 6: MSAFD nwlnkspx [sPX] GUID: {11058241-BE47-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD nwlnkspx * Protocol 7: MSAFD nwlnkspx [sPX] [Pseudo Stream] GUID: {11058241-BE47-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD nwlnkspx * Protocol 8: MSAFD nwlnkspx [sPX II] GUID: {11058241-BE47-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD nwlnkspx * Protocol 9: MSAFD nwlnkspx [sPX II] [Pseudo Stream] GUID: {11058241-BE47-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD nwlnkspx * Protocol 10: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 11: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3BBF674C-1113-41D3-B7DF-E12A5AB9EF53}] SEQPACKET 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3BBF674C-1113-41D3-B7DF-E12A5AB9EF53}] DATAGRAM 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB458613-4778-4C16-92F4-0450C437C848}] SEQPACKET 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB458613-4778-4C16-92F4-0450C437C848}] DATAGRAM 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{74046427-157B-460E-8CF1-35C9520B9896}] SEQPACKET 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{74046427-157B-460E-8CF1-35C9520B9896}] DATAGRAM 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Namespace Provider 0: Tcpip GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP TCP/IP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: TCP/IP Namespace Provider 1: NTDS GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC} Filename: %SystemRoot%\System32\winrnr.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\winrnr.dll DB protocol: NTDS Namespace Provider 2: Network Location Awareness (NLA) Namespace GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: NLA-Namespace Namespace Provider 3: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B} Filename: %SystemRoot%\System32\nwprovau.dll Description: Microsoft Windows NT/2k/XP Novell Netware name space provider DB filename: %SystemRoot%\system32\nwprovau.dll DB protocol: NWLink IPX/SPX/NetBIOS* --- Uninstall list --- (AddressBook) Avira AntiVir PersonalEdition Classic (AntiVir PersonalEdition Classic) uninstall cmd: C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE publisher: Avira GmbH help link: http://www.avira.com/classic-support Babylon (Babylon) uninstall cmd: C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe (Branding) CCleaner (remove only) (CCleaner) uninstall cmd: "C:\Program Files\CCleaner\uninst.exe" (Connection Manager) (DirectDrawEx) eMulev0.47c.-MorphXTv9.6 (eMule_is1) install date: 20070609 install location: C:\Program Files\eMule\ uninstall cmd: "C:\Program Files\eMule\unins000.exe" publisher: Morph team help link: http://forum.emule-project.net/index.php?showforum=28 HP Imaging Device Functions 7.0 7.0 (HP Imaging Device Functions) uninstall cmd: C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat publisher: HP help link: http://www.hp.com/support HP Solution Center 7.0 7.0 (HP Solution Center & Imaging Support Tools) uninstall cmd: C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat publisher: HP help link: http://www.hp.com/support HP Customer Participation Program 7.0 7.0 (HPExtendedCapabilities) uninstall cmd: C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat publisher: HP help link: http://www.hp.com/support Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs) install date: 20070907 uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" publisher: Microsoft Corporation (IE40) (IE4Data) Windows Internet Explorer 7 20061107.210142 (ie7) install date: 20070907 uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://www.microsoft.com/ie (IEData) (InstallShield Uninstall Information) VIA Platform Device Manager 1.13 (InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) version: 17629184 version (major): 1 version (minor): 13 install date: 20060125 install source: D:\VIA\ uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} publisher: VIA Technologies, Inc. comments: VIA Hyperion Pro Setup Program contact: http://forums.viaarena.com/ help link: http://www.viaarena.com/ help telephone: NULL readme: NULL Phoenix Core Managed Environment (cME) 1.0.2.20 (InstallShield_{9B365D9D-C47D-458D-A46F-491A4B33EEAB}) version: 16777218 version (major): 1 estimated size: 5971 install date: 20060125 install location: C:\Program Files\Phoenix Technologies\cME\ install source: d:\ uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{9B365D9D-C47D-458D-A46F-491A4B33EEAB} /l1036 publisher: Phoenix Technologies Ltd contact: Service support clientèle help link: http://support.phoenix.com (KB884016) (KB893803) Security Update pour Microsoft .NET Framework 2.0 (KB928365) 2 (KB928365.T1_1ToU569_1) uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} publisher: Microsoft Corporation help link: http://support.microsoft.com/kb/928365 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) 1 (KB937143-IE7) install date: 20070908 uninstall cmd: "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=937143 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) 1 (KB938127-IE7) install date: 20070908 uninstall cmd: "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=938127 Microsoft .NET Framework 1.1 Hotfix (KB928366) (M928366) uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033)) uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0) install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe publisher: Microsoft Corporation help link: http://go.microsoft.com/fwlink/?LinkId=45396 (MobileOptionPack) (MSI30-Beta1) (MSI30-Beta2) (MSI30-KB884016) (MSI30-RC1) (MSI30-RC2) (MSI30a-KB884016) (MSI31-Beta) (MSI31-RC1) Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping) install date: 20070907 uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" publisher: Microsoft Corporation (PCHealth) uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf (RecordNow.exe) uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} (RestoreIT!) uninstall cmd: C:\Program Files\Phoenix Technologies\cME\RPro\ XP\un_vback.exe UniChrome Pro IGP Display Driver and Utilities (S3) uninstall cmd: C:\PROGRA~1\S3Inc\S3\s3setvga.exe -s -fC:\PROGRA~1\S3Inc\S3\S3.uns SAMSUNG CDMA Modem Driver Set (SAMSUNG CDMA Modem) uninstall cmd: C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe Samsung Mobile phone USB driver Software (Samsung Mobile phone USB driver) uninstall cmd: C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem Software (SAMSUNG Mobile USB Modem) uninstall cmd: C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe SAMSUNG Mobile USB Modem 1.0 Software (SAMSUNG Mobile USB Modem 1.0) uninstall cmd: C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe (SchedulingAgent) µTorrent 1.6.1 (uTorrent) install location: C:\Program Files\uTorrent uninstall cmd: "C:\Program Files\uTorrent\uninstall.exe" VIA Vinyl Audio Codecs Driver Setup Program (VIA Vinyl Audio Codecs Driver Setup Program) uninstall cmd: RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu" VideoLAN VLC media player 0.8.5 0.8.5 (VLC media player) uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe publisher: VideoLAN Team S3 S3Display (VTDisplay) uninstall cmd: vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display' S3 S3Gamma2 (VTGamma2) uninstall cmd: vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2' S3 S3Info2 (VTInfo2) uninstall cmd: vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2' S3 S3Overlay (VTOverlay) uninstall cmd: vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay' (VTTimer) uninstall cmd: VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer' S3 S3TrayPlus (VTTrayPlus) uninstall cmd: vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3TrayPlus' Windows Genuine Advantage Validation Tool (KB892130) 1.5.0530.0 (WGA) install date: 20061208 publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=892130 Windows Genuine Advantage Notifications (KB905474) 1.7.0018.5 (WgaNotify) install date: 20070620 publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=905474 Windows Media Format Runtime (Windows Media Format Runtime) uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Lecteur Windows Media 10 (Windows Media Player) uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Xvid 1.1.2 final uninstall 1.1 (Xvid_is1) install location: C:\Program Files\Xvid\ uninstall cmd: "C:\Program Files\Xvid\unins000.exe" publisher: Xvid team (Koepi) help link: http://forum.doom9.org/forumdisplay.php?f=52 Platform 1.13 ({20D4A895-748C-4D88-871C-FDB1695B0169}) version: 17629184 version (major): 1 version (minor): 13 install date: 20060125 install source: D:\VIA\ publisher: VIA Technologies, Inc. comments: VIA Hyperion Pro Setup Program contact: http://forums.viaarena.com/ help link: http://www.viaarena.com/ help telephone: NULL readme: NULL Samsung PC Studio 3.0.0.61111 ({20F0F67B-CB0F-4C85-B6F2-133D9CB70614}) version: 50331648 version (major): 3 estimated size: 2589 install date: 20070903 install location: C:\Program Files\Samsung\Samsung PC Studio 3\ publisher: Samsung Electronics Co., Ltd. contact: Customer Support Department help link: http://www.samsungmobile.co.kr help telephone: 1-555-555-4505 HPPhotoSmartExpress 70.0.170.000 ({2376813B-2E5A-4641-B7B3-A0D5ADB55229}) version: 1174405290 version (major): 70 estimated size: 10146 install date: 20070805 install source: D:\setup\HPPhotoSmartExpress\ publisher: Hewlett-Packard Java 6 Update 2 1.6.0.20 ({3248F0A8-6813-11D6-A77B-00B0D0160020}) version: 17170432 version (major): 1 version (minor): 6 estimated size: 118662 install date: 20070917 install source: http://javadl.sun.com/webapps/download/Get...6/windows-i586/ uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} publisher: Sun Microsystems, Inc. contact: http://java.com help link: http://java.com readme: C:\Program Files\Java\jre1.6.0_02\README.txt WebFldrs XP 9.50.7523 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227}) version: 154279267 version (major): 9 version (minor): 50 estimated size: 2608 install date: 20060125 install source: C:\WINDOWS\system32\ publisher: Microsoft Corporation help link: http://www.microsoft.com/windows HPProductAssistant 70.0.170.000 ({4EA684E9-5C81-4033-A696-3019EC57AC3A}) version: 1174405290 version (major): 70 estimated size: 4539 install date: 20070805 install source: D:\setup\hpproductassistant\ publisher: Hewlett-Packard Sonic Simple Backup 5.1 ({60E971B7-51A0-48CA-8687-C6B8F094A409}) version: 83951616 version (major): 5 version (minor): 1 estimated size: 24559 install date: 20060125 install source: D:\SIMPLEBACKUP_51\ uninstall cmd: MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409} publisher: Sonic Solutions help link: http://support.sonic.com/ Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91}) version: 16974078 version (major): 1 version (minor): 3 estimated size: 519 install date: 20060125 uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} publisher: Microsoft comments: Your Comments contact: Customer Support Department help link: http://www.microsoft.com/genuine/downloads...idate.aspx/help help telephone: 1-425.882.8080 Babylon Toolbar 1.0 ({67A339E5-D8AA-4E88-9278-A571B397F798}) version: 16777216 version (major): 1 estimated size: 1113 install date: 20070919 install source: C:\Program Files\Babylon\Babylon-Pro\Utils\ uninstall cmd: MsiExec.exe /I{67A339E5-D8AA-4E88-9278-A571B397F798} publisher: Babylon Ltd. help link: http://www.babylon.com Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF}) version: 33605159 version (major): 2 estimated size: 209842 install date: 20070909 install source: C:\DOCUME~1\DEHFOS\LOCALS~1\Temp\IXP000.TMP\ publisher: Microsoft Corporation 3.0.7.009 ({8ADC27DB-E2C8-446C-A576-166C05C2DD24}) version: 50331655 version (major): 3 estimated size: 184 install date: 20070805 install source: D:\setup\HPSoftwareUpdate\ publisher: Hewlett-Packard Microsoft Office Excel Viewer 2003 11.0.6412.0 ({90840409-6000-11D3-8CFE-0150048383C9}) version: 184555788 version (major): 11 estimated size: 26721 install date: 20070817 install source: C:\MSOCache\All Users\90840409-6000-11D3-8CFE-0150048383C9\ uninstall cmd: MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9} publisher: Microsoft Corporation help link: http://www.microsoft.com/support Microsoft Office Word Viewer 2003 11.0.6506.0 ({9085040C-6000-11D3-8CFE-0150048383C9}) version: 184555882 version (major): 11 estimated size: 72533 install date: 20070815 install source: C:\MSOCache\All Users\9085040c-6000-11D3-8CFE-0150048383C9\ uninstall cmd: MsiExec.exe /I{9085040C-6000-11D3-8CFE-0150048383C9} publisher: Microsoft Corporation help link: http://www.microsoft.com/support Sonic RecordNow! Plus 7.3 ({9541FED0-327F-4DF0-8B96-EF57EF622F19}) version: 117637120 version (major): 7 version (minor): 3 estimated size: 39216 install date: 20060125 install source: D:\RECORDNOW_73\ uninstall cmd: MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} publisher: Sonic Solutions help link: http://support.sonic.com/ IZArc 3.81 3.81 Build 1550 ({97C82B44-D408-4F14-9252-47FC1636D23E}_is1) install date: 20070801 install location: C:\Program Files\IZArc\ uninstall cmd: "C:\Program Files\IZArc\unins000.exe" publisher: Ivan Zahariev help link: http://www.izarc.org Phoenix Core Managed Environment (cME) 1.0.2.20 ({9B365D9D-C47D-458D-A46F-491A4B33EEAB}) version: 16777218 version (major): 1 estimated size: 5971 install date: 20060125 install location: C:\Program Files\Phoenix Technologies\cME\ install source: d:\ publisher: Phoenix Technologies Ltd contact: Service support clientèle help link: http://support.phoenix.com Adobe Reader 7.0.9 - Français 7.0.9 ({AC76BA86-7AD7-1036-7B44-A70900000002}) version: 117440521 version (major): 7 estimated size: 78408 install date: 20070608 install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\FRA\ uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002} publisher: Adobe Systems Incorporated comments: contact: help link: http://www.adobe.fr/support/main.html help telephone: readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm ConvertXtoDVD 2.2.0.251 2.2.0.251 ({BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1) install date: 20070614 install location: C:\Program Files\VSO\ConvertXtoDVD\ uninstall cmd: "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe" publisher: VSO-Software SARL help link: http://www.vso-software.fr HP Software Update 3.0.7.014 ({BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}) version: 50331655 version (major): 3 estimated size: 3506 install date: 20070805 install source: D:\setup\HPSoftwareUpdate\ uninstall cmd: MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} publisher: Hewlett-Packard contact: http://www.hp.com/support HP Photosmart, Officejet and Deskjet 7.0.A ({BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}) uninstall cmd: C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat publisher: HP help link: http://www.hp.com/support Athlon 64 Processor Driver 1.2.2.2 ({C151CE54-E7EA-4804-854B-F515368B0798}) version: 16908290 install location: C:\Program Files\AMD\Athlon 64 Processor Driver uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c Samsung PC Studio 3.1.2.70602 ({C4A4722E-79F9-417C-BD72-8D359A090C97}) version: 50331648 install date: 20070903 install location: C:\Program Files\Samsung\Samsung PC Studio 3\ uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly publisher: Samsung Electronics Co., Ltd. comments: Samsung PC Studio 3 Maintenance contact: Samsung Electronics Co., Ltd. help link: http://www.samsungmobile.co.kr help telephone: +82 2051 4151 Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) version: 16847074 version (major): 1 version (minor): 1 estimated size: 75259 install date: 20070711 uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} publisher: Microsoft readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm OTB 1.00.0000 ({D5ED6AD5-7A70-47EB-BF38-3A8BCDECA713}) version: 16777216 install date: 20070619 install location: C:\Program Files\Optimark\OTB install source: D:\OTB_AP_Mutip_v1.6.0.0_2006.12.07\Setup.exe uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5ED6AD5-7A70-47EB-BF38-3A8BCDECA713}\setup.exe" -l0x9 -removeonly publisher: Optimark TrayApp 70.0.170.000 ({DBC20735-34E6-4E97-A9E5-2066B66B243D}) version: 1174405290 version (major): 70 estimated size: 711 install date: 20070805 install source: D:\setup\TrayApp\ publisher: Hewlett-Packard Ad-Aware 2007 7.0.2.1 ({DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}) version: 117440514 version (major): 7 estimated size: 21005 install date: 20070919 install location: C:\Program Files\Lavasoft\Ad-Aware 2007\ install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\ uninstall cmd: MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} publisher: Lavasoft help link: http://www.lavasoftsupport.com HP Photosmart Essential 1.12.0.46 ({EB21A812-671B-4D08-B974-2A347F0D8F70}) version: 17563648 version (major): 1 version (minor): 12 estimated size: 11300 install date: 20070917 install location: C:\Program Files\HP\Photosmart Essential\ install source: C:\DOCUME~1\DEHFOS\LOCALS~1\Temp\IXP000.TMP\ uninstall cmd: MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70} publisher: HP help link: http://www.hp.com InstantShareDevicesMFC 70.0.170.000 ({F157460F-720E-482f-8625-AD7843891E5F}) version: 1174405290 version (major): 70 estimated size: 2572 install date: 20070805 install source: D:\setup\InstantShareDevicesMFC\ publisher: Hewlett-Packard --- System Services --- Service (registry key): .NET CLR Data Start: 0 Type: 0 Error Control: 0 Service (registry key): .NET CLR Networking Start: 0 Type: 0 Error Control: 0 Service (registry key): .NET Data Provider for Oracle Start: 0 Type: 0 Error Control: 0 Service (registry key): .NET Data Provider for SqlServer Start: 0 Type: 0 Error Control: 0 Service (registry key): .NETFramework Start: 0 Type: 0 Error Control: 0 Service (registry key): aawservice Display name: Ad-Aware 2007 Service Description: Protects your computer from spyware Object name: LocalSystem Image path: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" Image size: 566616 Image MD5: C7572C802FEC8F539253C2D52BC2972C Start: 2 Type: 272 Error Control: 0 Depends On services: RpcSS Service (registry key): Abiosdsk Start: 4 Type: 1 Error Control: 0 Service (registry key): abp480n5 Display name: abp480n5 Image path: \SystemRoot\system32\DRIVERS\ABP480N5.SYS Start: 4 Type: 1 Error Control: 1 Service (registry key): ACPI Display name: Pilote ACPI Microsoft Image path: system32\DRIVERS\ACPI.sys Image size: 188672 Image MD5: 0BD94FBFC14EA3606CD6CA4C0255BAA3 Start: 0 Type: 1 Error Control: 1 Service (registry key): ACPIEC Start: 4 Type: 1 Error Control: 1 Service (registry key): adpu160m Display name: adpu160m Image path: \SystemRoot\system32\DRIVERS\adpu160m.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): AdWatchDrv Display name: AW Realtime Driver Start: 3 Type: 1 Error Control: 1 Service (registry key): aec Display name: Suppresseur d'écho acoustique (Noyau Microsoft) Image path: system32\drivers\aec.sys Image size: 142464 Image MD5: 1EE7B434BA961EF845DE136224C30FEC Start: 3 Type: 1 Error Control: 1 Service (registry key): AFD Display name: AFD Description: Environnement de prise en charge de réseau AFD Image path: \SystemRoot\System32\drivers\afd.sys Start: 1 Type: 1 Error Control: 1 Service (registry key): agp440 Display name: Filtre de bus AGP Intel Image path: \SystemRoot\system32\DRIVERS\agp440.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): agpCPQ Display name: Filtre de bus AGP Compaq Image path: \SystemRoot\system32\DRIVERS\agpCPQ.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): Aha154x Display name: Aha154x Image path: \SystemRoot\system32\DRIVERS\aha154x.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): aic78u2 Display name: aic78u2 Image path: \SystemRoot\system32\DRIVERS\aic78u2.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): aic78xx Display name: aic78xx Image path: \SystemRoot\system32\DRIVERS\aic78xx.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): Alerter Display name: Avertissement Description: Informe les utilisateurs et les ordinateurs sélectionnés des alertes administratives. Si ce service est arrêté, les programmes qui utilisent les alertes administratives ne les recevront pas. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation Service (registry key): ALG Display name: Service de la passerelle de la couche Application Description: Offre la prise en charge des plug-ins de protocoles tiers pour le Partage de connexion Internet et le Pare-feu Windows. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\alg.exe Image size: 44544 Image MD5: B43CC0F07752D456038CD0268E4D84E9 Start: 3 Type: 16 Error Control: 1 Service (registry key): AliIde Display name: AliIde Image path: \SystemRoot\system32\DRIVERS\aliide.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): alim1541 Display name: Filtre de bus AGP ALI Image path: \SystemRoot\system32\DRIVERS\alim1541.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): amdagp Display name: Pilote de filtre du bus AMD AGP Image path: \SystemRoot\system32\DRIVERS\amdagp.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): AmdK8 Display name: Pilote de processeur AMD Image path: system32\DRIVERS\AmdK8.sys Image size: 43008 Image MD5: 62271FF14BAA810323AC816C5D355BA9 Start: 1 Type: 1 Error Control: 1 Service (registry key): amsint Display name: amsint Image path: \SystemRoot\system32\DRIVERS\amsint.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): AntiVirScheduler Display name: AntiVir PersonalEdition Classic Scheduler Description: Service to schedule AntiVir jobs and updates. Object name: LocalSystem Image path: "C:\Program Files\AntiVir PersonalEdition Classic\sched.exe" Image size: 63016 Image MD5: A6FA9C14E649B2F3DE15390A1840774D Start: 2 Type: 272 Error Control: 1 Service (registry key): AntiVirService Display name: AntiVir PersonalEdition Classic Guard Description: Offers permanent protection against viruses and malware with the AntiVir search engine. Object name: LocalSystem Image path: "C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe" Image size: 210984 Image MD5: 14ED05B96ACC620E4190E71FABFEAE44 Start: 2 Type: 272 Error Control: 1 Service (registry key): AppMgmt Display name: Gestion d'applications Description: Fournit des services d'installation de logiciels tels que Attribuer, Publier et Supprimer. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Service (registry key): asc Display name: asc Image path: \SystemRoot\system32\DRIVERS\asc.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): asc3350p Display name: asc3350p Image path: \SystemRoot\system32\DRIVERS\asc3350p.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): asc3550 Display name: asc3550 Image path: \SystemRoot\system32\DRIVERS\asc3550.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): ASP.NET Start: 0 Type: 0 Error Control: 0 Service (registry key): ASP.NET_1.1.4322 Start: 0 Type: 0 Error Control: 0 Service (registry key): ASP.NET_2.0.50727 Start: 0 Type: 0 Error Control: 0 Service (registry key): aspnet_state Display name: ASP.NET State Service Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe Image size: 33632 Image MD5: E1633440859F9A1B3CEAF73BA85225CA Start: 3 Type: 16 Error Control: 1 Service (registry key): AsyncMac Display name: Pilote de média asynchrone RAS Description: Pilote de média asynchrone RAS Image path: system32\DRIVERS\asyncmac.sys Image size: 14336 Image MD5: 02000ABF34AF4C218C35D257024807D6 Start: 3 Type: 1 Error Control: 1 Service (registry key): atapi Display name: Contrôleur de disque dur IDE/ESDI standard Image path: system32\DRIVERS\atapi.sys Image size: 95360 Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51 Start: 0 Type: 1 Error Control: 1 Service (registry key): Atdisk Start: 4 Type: 1 Error Control: 0 Service (registry key): Atmarpc Display name: Protocole client ATM ARP Description: Protocole client ATM ARP Image path: system32\DRIVERS\atmarpc.sys Image size: 59904 Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): AudioSrv Display name: Audio Windows Description: Gère les périphériques audio pour les programmes basés sur Windows. Si ce service est arrêté, les périphériques et les effets audio ne fonctionneront pas correctement. Si ce service est désactivé, les services en dépendant explicitement ne démarreront pas. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: PlugPlay,RpcSs Service (registry key): audstub Display name: Pilote audio Stub Image path: system32\DRIVERS\audstub.sys Image size: 3072 Image MD5: D9F724AA26C010A217C97606B160ED68 Start: 3 Type: 1 Error Control: 1 Service (registry key): avgio Display name: avgio Image path: \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys Image size: 11840 Image MD5: 53D688E5F619EDD01232B649A0C06008 Start: 1 Type: 1 Error Control: 1 Depends On services: FltMgr Service (registry key): avgntflt Display name: avgntflt Description: Avira AntiVir PersonalEdition Classic mini-filter used for on-access scan to provide real-time antivirus security. Image path: \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys Image size: 48960 Image MD5: AED7F7C5E2F7B894BA0BDC03CB704466 Start: 3 Type: 2 Error Control: 1 Depends On services: FltMgr Service (registry key): AvgTdi Display name: AVG Network redirector Image path: \SystemRoot\System32\Drivers\avgtdi.sys Start: 2 Type: 1 Error Control: 1 Service (registry key): avipbb Display name: avipbb Description: %avipbbServiceDesc% Image path: system32\DRIVERS\avipbb.sys Image size: 62016 Image MD5: 8B213DA82B559787DCEB41072A3D4C40 Start: 1 Type: 1 Error Control: 1 Service (registry key): BattC Start: 0 Type: 0 Error Control: 0 Service (registry key): Beep Start: 1 Type: 1 Error Control: 1 Service (registry key): BITS Display name: Service de transfert intelligent en arrière-plan Description: Transfère des données entre les clients et les serveurs en tâche de fond. Si le service BITS est désactivé, les fonctionnalités telles que Windows Update ne fonctionneront pas correctement. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): Browser Display name: Explorateur d'ordinateur Description: Tient à jour une liste des ordinateurs présents sur le réseau et fournit cette liste aux ordinateurs désignés comme navigateurs. Si ce service est arrêté, la liste ne sera pas mise ou tenue à jour. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation,LanmanServer Service (registry key): cbidf Display name: cbidf Image path: \SystemRoot\system32\DRIVERS\cbidf2k.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): cbidf2k Start: 4 Type: 1 Error Control: 1 Service (registry key): cd20xrnt Display name: cd20xrnt Image path: \SystemRoot\system32\DRIVERS\cd20xrnt.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): Cdaudio Start: 1 Type: 1 Error Control: 0 Service (registry key): Cdfs Start: 4 Type: 2 Error Control: 1 Depends On group: "SCSI CDROM Class" Service (registry key): Cdrom Display name: Pilote de CD-ROM Image path: system32\DRIVERS\cdrom.sys Image size: 49536 Image MD5: AF9C19B3100FE010496B1A27181FBF72 Start: 1 Type: 1 Error Control: 1 Depends On group: "SCSI miniport" Service (registry key): Changer Start: 1 Type: 1 Error Control: 0 Service (registry key): Cinemsup Display name: Cinemsup Start: 1 Type: 1 Error Control: 1 Service (registry key): CiSvc Display name: Service d'indexation Description: Construit un index des contenus et des propriétés des fichiers sur les ordinateurs locaux et distants ; fournit un accès rapide aux fichiers par le biais d'un langage d'interrogation flexible. Object name: LocalSystem Image path: %SystemRoot%\system32\cisvc.exe Image size: 5632 Image MD5: ABFAC5D58218C0A655DFCAE2D8A535F3 Start: 4 Type: 288 Error Control: 1 Depends On services: RPCSS Service (registry key): Class Start: 0 Type: 0 Error Control: 0 Service (registry key): ClipSrv Display name: Gestionnaire de l'Album Description: Active le Gestionnaire de l'Album afin de stocker les informations et les partager avec des ordinateurs à distance. Si le service est arrêté, le Gestionnaire de l'Album ne pourra pas partager les informations avec des ordinateurs à distance. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\system32\clipsrv.exe Image size: 33280 Image MD5: E42101918C50F754FC15367814FEC11C Start: 4 Type: 16 Error Control: 1 Depends On services: NetDDE Service (registry key): clr_optimization_v2.0.50727_32 Display name: .NET Runtime Optimization Service v2.0.50727_X86 Description: Microsoft .NET Framework NGEN Object name: LocalSystem Image path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe Image size: 68952 Image MD5: 3D560AF01BDC50B4A1E1BFB5CDC06D63 Start: 3 Type: 16 Error Control: 0 Service (registry key): CmdIde Display name: CmdIde Image path: \SystemRoot\system32\DRIVERS\cmdide.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): COMSysApp Display name: Application système COM+ Description: Gère la configuration et le suivi des composants de base COM+ (Component Object Model) . Si le service est arrêté, la plupart des composants de base COM+ ne fonctionneront pas correctement. Si ce service est désactivé, les services qui en dépendent de manière explicite ne pourront pas démarrer. Object name: LocalSystem Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Image size: 5120 Image MD5: 9B2CE161927038D4CABE0482A14FD052 Start: 3 Type: 16 Error Control: 1 Depends On services: rpcss Service (registry key): ContentFilter Start: 0 Type: 0 Error Control: 0 Service (registry key): ContentIndex Start: 0 Type: 0 Error Control: 0 Service (registry key): Cpqarray Display name: Cpqarray Image path: \SystemRoot\system32\DRIVERS\cpqarray.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): CryptSvc Display name: Services de cryptographie Description: Fournit trois services de gestion : le service de base de données de catalogue, qui confirme la signature des fichiers Windows; le service de racine protégée, qui ajoute et supprime des certificats d'autorité de certification de racine approuvés et le service Clé, qui fournit une aide dans l'inscription de cet ordinateur pour les certificats. Si ce service est arrêté, ces services de gestion ne fonctionneront pas correctement. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): dac2w2k Display name: dac2w2k Image path: \SystemRoot\system32\DRIVERS\dac2w2k.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): dac960nt Display name: dac960nt Image path: \SystemRoot\system32\DRIVERS\dac960nt.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): DcomLaunch Display name: Lanceur de processus serveur DCOM Description: Fournit la fonctionnalité de lancement des services DCOM. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost -k DcomLaunch Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Service (registry key): Dhcp Display name: Client DHCP Description: Gère la configuration réseau en inscrivant et en mettant à jour les adresses IP et les noms DNS. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: Tcpip,Afd,NetBT Service (registry key): Disk Display name: Pilote de disque Image path: system32\DRIVERS\disk.sys Image size: 36352 Image MD5: 00CA44E4534865F8A3B64F7C0984BFF0 Start: 0 Type: 1 Error Control: 1 Depends On group: "SCSI miniport" Service (registry key): dmadmin Display name: Service d'administration du Gestionnaire de disque logique Description: Configure les lecteurs de disque durs et les volumes. Le service ne s'exécute que pour les processus de configurations puis s'arrête. Object name: LocalSystem Image path: %SystemRoot%\System32\dmadmin.exe /com Image size: 225280 Image MD5: 647D03A59615FEE96D647D4426F1537E Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,PlugPlay,DmServer Service (registry key): dmboot Image path: System32\drivers\dmboot.sys Image size: 800256 Image MD5: E2D3B7620310FE56685F9B15A6B404B3 Start: 4 Type: 1 Error Control: 1 Service (registry key): dmio Image path: System32\drivers\dmio.sys Image size: 154496 Image MD5: C77F5C20AA70197A69AA84BAA9DE43C8 Start: 4 Type: 1 Error Control: 1 Service (registry key): dmload Image path: System32\drivers\dmload.sys Image size: 5888 Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F Start: 4 Type: 1 Error Control: 1 Service (registry key): dmserver Display name: Gestionnaire de disque logique Description: Détecte et analyse de nouveaux lecteurs de disque durs et envoie les informations de volume de disque au service gestionnaire administratif de disque logique pour la configuration. Si ce service est arrêté, l'état des disques dynamiques et les informations de configuration peuvent devenir obsolètes. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,PlugPlay Service (registry key): DMusic Display name: Synthétiseur DLS du noyau Microsoft Image path: system32\drivers\DMusic.sys Image size: 52864 Image MD5: A6F881284AC1150E37D9AE47FF601267 Start: 3 Type: 1 Error Control: 1 Service (registry key): Dnscache Display name: Client DNS Description: Résout et met en cache les noms DNS pour cet ordinateur. Si ce service est arrêté, l'ordinateur ne pourra pas résoudre les noms DNS et trouver les contrôleurs de domaine Active Directory. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer. Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\system32\svchost.exe -k NetworkService Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: Tcpip Service (registry key): dpti2o Display name: dpti2o Image path: \SystemRoot\system32\DRIVERS\dpti2o.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): drmkaud Display name: Filtre de décodeur DRM (Noyau Microsoft) Image path: system32\drivers\drmkaud.sys Image size: 2944 Image MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E Start: 3 Type: 1 Error Control: 1 Service (registry key): drvmcdb Image path: system32\DRIVERS\drvmcdb.sys Image size: 86320 Image MD5: 62F0C34AE62D619B1964ADFD1114CD1A Start: 0 Type: 1 Error Control: 1 Service (registry key): ERSvc Display name: Service de rapport d'erreurs Description: Active le rapport d'erreurs pour les services et les applications s'exécutant sur des environnements non standard. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 0 Depends On services: RpcSs Service (registry key): Eventlog Display name: Journal des événements Description: Active les messages d'événements émis par les programmes fonctionnant sous Windows et les composants devant être affichés dans l'observateur d'événements. Ce service ne peut être arrêté. Object name: LocalSystem Image path: %SystemRoot%\system32\services.exe Image size: 108544 Image MD5: 63DCDE1A0D86EEB8924D6738FF616EAD Start: 2 Type: 32 Error Control: 1 Service (registry key): EventSystem Display name: Système d'événements de COM+ Description: Prend en charge le service de notification d'événements système (SENS, System Event Notification Service), qui fournit une distribution automatique d'événements aux composants COM (Component Object Model) abonnés. Si le service est arrêté, SENS sera fermé et ne pourra fournir des informations d'ouverture et de fermeture de session. Si ce service est désactivé, le démarrage de tout service qui en dépend explicitement échouera. Object name: LocalSystem Image path: C:\WINDOWS\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): Fastfat Start: 4 Type: 2 Error Control: 1 Service (registry key): FastUserSwitchingCompatibility Display name: Compatibilité avec le Changement rapide d'utilisateur Description: Fournit un système de gestion à des applications qui nécessitent de l'Assistance dans un environnement d'utilisateurs multiples. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: TermService Service (registry key): FBAPI Display name: FBAPI Image path: \??\C:\WINDOWS\system32\drivers\FBAPI.sys Image size: 7412 Image MD5: 7F1CFDDDA3E6D0907AE8F447812169F7 Start: 2 Type: 1 Error Control: 1 Service (registry key): Fdc Display name: Pilote de contrôleur de lecteur de disquettes Image path: system32\DRIVERS\fdc.sys Image size: 27392 Image MD5: CED2E8396A8838E59D8FD529C680E02C Start: 3 Type: 1 Error Control: 1 Service (registry key): FETNDIS Display name: Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet Image path: system32\DRIVERS\fetnd5.sys Image size: 27165 Image MD5: E9648254056BCE81A85380C0C3647DC4 Start: 3 Type: 1 Error Control: 1 Service (registry key): FETNDISB Display name: VIA Rhine Family Fast Ethernet Adapter Driver Service Image path: system32\DRIVERS\fetnd5b.sys Image size: 42496 Image MD5: A583BC166495B07F704533754CE29CBD Start: 3 Type: 1 Error Control: 1 Service (registry key): Fips Start: 1 Type: 1 Error Control: 1 Service (registry key): Flpydisk Start: 1 Type: 1 Error Control: 0 Service (registry key): FltMgr Display name: FltMgr Description: Pilote du gestionnaire de filtre de système de fichiers Image path: system32\DRIVERS\fltMgr.sys Image size: 128896 Image MD5: 3D234FB6D6EE875EB009864A299BEA29 Start: 0 Type: 2 Error Control: 1 Service (registry key): Fs_Rec Start: 1 Type: 8 Error Control: 0 Service (registry key): Ftdisk Display name: Pilote du Gestionnaire de volume Image path: system32\DRIVERS\ftdisk.sys Image size: 126080 Image MD5: A86859B77B908C18C2657F284AA29FE3 Start: 0 Type: 1 Error Control: 1 Service (registry key): gagp30kx Display name: Filtre AGP version 3.0 générique Microsoft pour plates-formes à base de processeur K8 Image path: system32\DRIVERS\gagp30kx.sys Image size: 46464 Image MD5: 4216CD545E5C30807B560C5DCAA812E6 Start: 0 Type: 1 Error Control: 1 Service (registry key): gmer Image path: System32\DRIVERS\gmer.sys Image size: 69905 Image MD5: 0E4BB313310498015856F35473E119F7 Start: 3 Type: 1 Error Control: 1 Service (registry key): GMSIPCI Display name: GMSIPCI Image path: \??\D:\INSTALL\GMSIPCI.SYS Start: 3 Type: 1 Error Control: 1 Service (registry key): Gpc Display name: Classificateur de paquets générique Description: Classificateur de paquets générique Image path: system32\DRIVERS\msgpc.sys Image size: 35072 Image MD5: C0F1D4A21DE5A415DF8170616703DEBF Start: 3 Type: 1 Error Control: 1 Service (registry key): helpsvc Display name: Aide et support Description: Permet à l'application Aide et support de fonctionner sur cet ordinateur. Si ce service est arrêté, la fonctionnalité Aide et support ne sera pas disponible. S'il est désactivé, tous les services dépendant explicitement de ce service ne pourront pas démarrer. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): HidServ Display name: HID Input Service Description: Permet l'accès entrant générique aux périphériques d'interface utilisateur, qui activent et maintiennent l'utilisation des boutons actifs prédéfinis sur le clavier, les contrôles à distance, et d'autres périphériques multimédia. Si ce service est arrêté, les boutons actifs contrôlés par ce service ne fonctionneront pas. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): HidUsb Display name: Pilote de classe HID Microsoft Image path: system32\DRIVERS\hidusb.sys Image size: 9600 Image MD5: 1DE6783B918F540149AA69943BDFEBA8 Start: 3 Type: 1 Error Control: 0 Service (registry key): hpn Display name: hpn Image path: \SystemRoot\system32\DRIVERS\hpn.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): HPZid412 Display name: IEEE-1284.4 Driver HPZid412 Image path: system32\DRIVERS\HPZid412.sys Image size: 49664 Image MD5: 30CA91E657CEDE2F95359D6EF186F650 Start: 3 Type: 1 Error Control: 1 Service (registry key): HPZipr12 Display name: Print Class Driver for IEEE-1284.4 HPZipr12 Image path: system32\DRIVERS\HPZipr12.sys Image size: 16496 Image MD5: EFD31AFA752AA7C7BBB57BCBE2B01C78 Start: 3 Type: 1 Error Control: 1 Service (registry key): HPZius12 Display name: USB to IEEE-1284.4 Translation Driver HPZius12 Image path: system32\DRIVERS\HPZius12.sys Image size: 21568 Image MD5: 7AC43C38CA8FD7ED0B0A4466F753E06E Start: 3 Type: 1 Error Control: 1 Service (registry key): HTTP Display name: HTTP Description: Ce service implémente le protocole HTTP (HyperText Transfer Protocol). Si ce service est désactivé, tous les services qui en dépendent de manière explicite échoueront au démarrage. Image path: System32\Drivers\HTTP.sys Image size: 262784 Image MD5: CB77BB47E67E84DEB17BA29632501730 Start: 3 Type: 1 Error Control: 1 Service (registry key): HTTPFilter Display name: HTTP SSL Description: Ce service implémente le protocole sécurisé HTTPS (Secure HyperText Transfer Protocol) pour le service HTTP, en utilisant la couche SSL (Secure Socket Layer). Si ce service est désactivé, tous les services qui en dépendent de manière explicite échoueront au démarrage. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: HTTP Service (registry key): i2omgmt Start: 1 Type: 1 Error Control: 1 Service (registry key): i2omp Display name: i2omp Image path: \SystemRoot\system32\DRIVERS\i2omp.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): i8042prt Display name: Pilote pour clavier i8042 et souris sur port PS/2 Image path: system32\DRIVERS\i8042prt.sys Image size: 54400 Image MD5: D1EFCBD693B5BA21314D06368C471070 Start: 1 Type: 1 Error Control: 1 Service (registry key): IDriverT Display name: InstallDriver Table Manager Description: Provides support for the Running Object Table for InstallShield Drivers Object name: LocalSystem Image path: "C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe" Image size: 73728 Image MD5: 6F95324909B502E2651442C1548AB12F Start: 4 Type: 16 Error Control: 0 Service (registry key): Imapi Display name: Pilote de filtre de gravure CD Image path: system32\DRIVERS\imapi.sys Image size: 41856 Image MD5: F8AA320C6A0409C0380E5D8A99D76EC6 Start: 1 Type: 1 Error Control: 1 Service (registry key): ImapiService Display name: Service COM de gravage de CD IMAPI Description: Gère le gravage des CD via l'interface série IMAPI (Image Mastering Applications Programming Interface). Si ce service est arrêté, cet ordinateur ne pourra plus enregistrer de CD. Si ce service est désactivé, les services qui en dépendent ne vont pas pouvoir démarrer. Object name: LocalSystem Image path: C:\WINDOWS\system32\imapi.exe Image size: 150016 Image MD5: 17B7A4375868B8C38F2DFC98B3B420C6 Start: 3 Type: 16 Error Control: 1 Service (registry key): inetaccs Start: 0 Type: 0 Error Control: 0 Service (registry key): ini910u Display name: ini910u Image path: \SystemRoot\system32\DRIVERS\ini910u.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): Inport Start: 0 Type: 0 Error Control: 0 Service (registry key): IntelIde Display name: IntelIde Image path: \SystemRoot\system32\DRIVERS\intelide.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): Ip6Fw Display name: Pilote du pare-feu Windows IPv6 Description: Fournit un service de prévention d'intrusion pour un réseau domestique ou de petite entreprise. Image path: system32\DRIVERS\Ip6Fw.sys Image size: 29056 Image MD5: 4448006B6BC60E6C027932CFC38D6855 Start: 3 Type: 1 Error Control: 1 Service (registry key): IpFilterDriver Display name: Pilote de filtre de trafic IP Description: Pilote de filtre de trafic IP Image path: system32\DRIVERS\ipfltdrv.sys Image size: 32896 Image MD5: 731F22BA402EE4B62748ADAF6363C182 Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): IpInIp Display name: Pilote de tunnelage IP dans IP Description: Pilote de tunnelage IP dans IP Image path: system32\DRIVERS\ipinip.sys Image size: 20992 Image MD5: E1EC7F5DA720B640CD8FB8424F1B14BB Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): IpNat Display name: Traducteur d'adresses réseau IP Description: Traducteur d'adresses réseau IP Image path: system32\DRIVERS\ipnat.sys Image size: 134912 Image MD5: E2168CBC7098FFE963C6F23F472A3593 Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): IPSec Display name: Pilote IPSEC Description: Pilote IPSEC Image path: system32\DRIVERS\ipsec.sys Image size: 74752 Image MD5: 64537AA5C003A6AFEEE1DF819062D0D1 Start: 1 Type: 1 Error Control: 1 Service (registry key): IRENUM Display name: Service énumérateur IR Image path: system32\DRIVERS\irenum.sys Image size: 11264 Image MD5: 50708DAA1B1CBB7D6AC1CF8F56A24410 Start: 3 Type: 1 Error Control: 1 Service (registry key): ISAPISearch Start: 0 Type: 0 Error Control: 0 Service (registry key): isapnp Display name: Pilote de bus Plug-and-Play ISA/EISA Image path: system32\DRIVERS\isapnp.sys Image size: 36224 Image MD5: 54632F1A7DE61DC3615D756F2A90FA72 Start: 0 Type: 1 Error Control: 3 Service (registry key): Kbdclass Display name: Pilote de la classe Clavier Image path: system32\DRIVERS\kbdclass.sys Image size: 25216 Image MD5: E798705E8DC7FAB596EF6BFDF167E007 Start: 1 Type: 1 Error Control: 1 Service (registry key): kbdhid Display name: Pilote HID de clavier Image path: system32\DRIVERS\kbdhid.sys Image size: 14848 Image MD5: 62DD5EEFCEC4EF4163F1168D4262A9E4 Start: 1 Type: 1 Error Control: 0 Service (registry key): KLIF Display name: KLIF Image path: \??\C:\WINDOWS\system32\drivers\klif.sys Start: 3 Type: 1 Error Control: 1 Service (registry key): kmixer Display name: Mélangeur audio Wave de noyau Microsoft Image path: system32\drivers\kmixer.sys Image size: 172416 Image MD5: BA5DEDA4D934E6288C2F66CAF58D2562 Start: 3 Type: 1 Error Control: 1 Service (registry key): KSecDD Start: 0 Type: 1 Error Control: 1 Service (registry key): lanmanserver Display name: Serveur Description: Prend en charge le partage de fichiers, d'impression et des canaux nommés via le réseau pour cet ordinateur. Si ce service est arrêté, ces fonctions ne seront pas disponibles. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Service (registry key): lanmanworkstation Display name: Station de travail Description: Crée et maintient des connexions de réseau client à des serveurs distants. Si ce service est arrêté, ces connexions ne seront pas disponibles. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Service (registry key): lbrtfdc Start: 1 Type: 1 Error Control: 0 Service (registry key): ldap Start: 0 Type: 0 Error Control: 0 Service (registry key): LicenseService Start: 0 Type: 0 Error Control: 0 Service (registry key): LmHosts Display name: Assistance TCP/IP NetBIOS Description: Permet la prise en charge pour NetBIOS sur un service TCP/IP (NetBT) et la résolution des noms NetBIOS. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: NetBT,Afd Service (registry key): Machnm32 Display name: Machnm32 Driver Image path: \??\C:\WINDOWS\system32\Machnm32.sys Image size: 2304 Image MD5: FD65BEF5FF8275711D9A56F0B8BB43F1 Start: 2 Type: 1 Error Control: 1 Service (registry key): Messenger Display name: Affichage des messages Description: Envoie et reçoit les messages des services d'alertes entre les clients et les serveurs. Ce service n'est pas lié à Windows Messenger. Si ce service est arrêté, les messages d'alertes ne seront pas transmis. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 4 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS Service (registry key): mnmdd Start: 1 Type: 1 Error Control: 0 Service (registry key): mnmsrvc Display name: Partage de Bureau à distance NetMeeting Description: Permet à un utilisateur autorisé d'accéder à cet ordinateur à distance en utilisant NetMeeting sur un réseau intranet d'entreprise. Si ce service est arrêté, le partage du Bureau à distance ne sera pas disponible. Si ce service est désactivé, tous les services qui en dépendent explicitement ne pourront pas démarrer. Object name: LocalSystem Image path: C:\WINDOWS\system32\mnmsrvc.exe Image size: 32768 Image MD5: 5B219F99CF6D5BE05A6C6E86C38CB7CE Start: 3 Type: 272 Error Control: 1 Service (registry key): Modem Start: 3 Type: 1 Error Control: 0 Service (registry key): Mouclass Display name: Pilote de la classe Souris Image path: system32\DRIVERS\mouclass.sys Image size: 23680 Image MD5: 7D4F19411BD941E1D432A99E24230386 Start: 1 Type: 1 Error Control: 1 Service (registry key): mouhid Display name: Pilote HID de souris Image path: system32\DRIVERS\mouhid.sys Image size: 12288 Image MD5: 124D6846040C79B9C997F78EF4B2A4E5 Start: 3 Type: 1 Error Control: 0 Service (registry key): MountMgr Start: 0 Type: 1 Error Control: 1 Service (registry key): mraid35x Display name: mraid35x Image path: \SystemRoot\system32\DRIVERS\mraid35x.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): MRxDAV Display name: Redirecteur client WebDav Description: Redirecteur client WebDav Image path: system32\DRIVERS\mrxdav.sys Image size: 181248 Image MD5: 46EDCC8F2DB2F322C24F48785CB46366 Start: 3 Type: 2 Error Control: 1 Service (registry key): MRxSmb Display name: MRXSMB Description: MRXSMB Image path: system32\DRIVERS\mrxsmb.sys Image size: 453120 Image MD5: 025AF03CE51645C62F3B6907A7E2BE5E Start: 1 Type: 2 Error Control: 1 Service (registry key): MSDTC Display name: Distributed Transaction Coordinator Description: Coordonne les transactions qui comportent plusieurs gestionnaires de ressources, tels que des bases de données, des files d'attente de messages net des systèmes de fichiers. Si ce service est arrêté, ces transactions ne se produiront pas. S'il est désactivé, le démarrage de tout service qui en dépend explicitement échouera. Object name: NT AUTHORITY\NetworkService Image path: C:\WINDOWS\system32\msdtc.exe Image size: 6144 Image MD5: 11CA338B8765DB8E2D1B459F2CFAD147 Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS,SamSS Service (registry key): Msfs Start: 1 Type: 2 Error Control: 1 Service (registry key): MSIServer Display name: Windows Installer Description: Ajoute, modifie et supprime des applications fournies en tant que package Windows Installer (*.msi). Si ce service est désactivé, tous les services qui en dépendent explicitement ne vont pas démarrer. Object name: LocalSystem Image path: C:\WINDOWS\system32\msiexec.exe /V Image size: 78848 Image MD5: F5F0146580E7023ADB963879840777F8 Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): MSKSSRV Display name: Proxy de service de répartition Microsoft Image path: system32\drivers\MSKSSRV.sys Image size: 7552 Image MD5: AE431A8DD3C1D0D0610CDBAC16057AD0 Start: 3 Type: 1 Error Control: 1 Service (registry key): MSPCLOCK Display name: Proxy d'horloge de répartition Microsoft Image path: system32\drivers\MSPCLOCK.sys Image size: 5376 Image MD5: 13E75FEF9DFEB08EEDED9D0246E1F448 Start: 3 Type: 1 Error Control: 1 Service (registry key): MSPQM Display name: Proxy de gestion de qualité de répartition Microsoft Image path: system32\drivers\MSPQM.sys Image size: 4992 Image MD5: 1988A33FF19242576C3D0EF9CE785DA7 Start: 3 Type: 1 Error Control: 1 Service (registry key): mssmbios Display name: Pilote BIOS de gestion de systèmes Microsoft Image path: system32\DRIVERS\mssmbios.sys Image size: 15488 Image MD5: 469541F8BFD2B32659D5D463A6714BCE Start: 3 Type: 1 Error Control: 1 Service (registry key): Mup Display name: Mup Start: 0 Type: 2 Error Control: 1 Service (registry key): NDIS Display name: Pilote système NDIS Start: 0 Type: 1 Error Control: 1 Service (registry key): NdisTapi Display name: Pilote TAPI NDIS d'accès distant Description: Pilote TAPI NDIS d'accès distant Image path: system32\DRIVERS\ndistapi.sys Image size: 9600 Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C Start: 3 Type: 1 Error Control: 1 Service (registry key): Ndisuio Display name: NDIS mode utilisateur E/S Protocole Description: NDIS mode utilisateur E/S Protocole Image path: system32\DRIVERS\ndisuio.sys Image size: 12928 Image MD5: 34D6CD56409DA9A7ED573E1C90A308BF Start: 3 Type: 1 Error Control: 1 Service (registry key): NdisWan Display name: Pilote réseau étendu NDIS d'accès distant Description: Pilote réseau étendu NDIS d'accès distant Image path: system32\DRIVERS\ndiswan.sys Image size: 91776 Image MD5: 0B90E255A9490166AB368CD55A529893 Start: 3 Type: 1 Error Control: 1 Service (registry key): NDProxy Start: 3 Type: 1 Error Control: 1 Service (registry key): NetBIOS Display name: Interface NetBIOS Description: Interface NetBIOS Image path: system32\DRIVERS\netbios.sys Image size: 34560 Image MD5: 3A2ACA8FC1D7786902CA434998D7CEB4 Start: 1 Type: 2 Error Control: 1 Service (registry key): NetBT Display name: NetBIOS sur TCP/IP Description: NetBIOS sur TCP/IP Image path: system32\DRIVERS\netbt.sys Image size: 162816 Image MD5: 0C80E410CD2F47134407EE7DD19CC86B Start: 1 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): NetDDE Display name: DDE réseau Description: Fournit le transport en réseau et la sécurité pour l'échange dynamique de données pour les programmes exécutés sur un même ordinateur ou des ordinateurs différents. Si ce service est arrêté, le transport et la sécurité de l'échange dynamique de données seront indisponibles. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\system32\netdde.exe Image size: 114176 Image MD5: D40598FD7B7DCCBFB22D777E0DFB1CF0 Start: 4 Type: 32 Error Control: 1 Depends On services: NetDDEDSDM Service (registry key): NetDDEdsdm Display name: DSDM DDE réseau Description: Gère l'échange dynamique de données partagées de réseau. Si ce service est arrêté, l'échange dynamique de données partagées de réseau ne sera plus disponible. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\system32\netdde.exe Image size: 114176 Image MD5: D40598FD7B7DCCBFB22D777E0DFB1CF0 Start: 4 Type: 32 Error Control: 1 Service (registry key): Netlogon Display name: Ouverture de session réseau Description: Prend en charge l'authentification directe des événements d'ouverture de session du compte pour les ordinateurs dans un domaine. Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 13312 Image MD5: 259AF82A0932EEA4F316F92DB94707B6 Start: 3 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation Service (registry key): Netman Display name: Connexions réseau Description: Prend en charge les objets dans le dossier Connexions réseau et accès à distance, dans lequel vous pouvez afficher à la fois les connexions du réseau local et les connexions à distance. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 288 Error Control: 1 Depends On services: RpcSs Service (registry key): Nla Display name: NLA (Network Location Awareness) Description: Recueille et stocke les informations de configuration et d'emplacement réseau, et notifie les applications quand ces informations changent. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: Tcpip,Afd Service (registry key): Npfs Start: 1 Type: 2 Error Control: 1 Service (registry key): NTDS Start: 0 Type: 0 Error Control: 0 Service (registry key): Ntfs Start: 4 Type: 2 Error Control: 1 Service (registry key): NtLmSsp Display name: Fournisseur de la prise en charge de sécurité LM NT Description: Assure la sécurité des programmes RPC (appels de procédure distante) qui utilisent des transports autres que des canaux nommés. Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 13312 Image MD5: 259AF82A0932EEA4F316F92DB94707B6 Start: 3 Type: 32 Error Control: 1 Service (registry key): NtmsSvc Display name: Stockage amovible Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): Null Start: 1 Type: 1 Error Control: 1 Service (registry key): NwlnkFlt Display name: Pilote de filtre de trafic IPX Description: Pilote de filtre de trafic IPX Image path: system32\DRIVERS\nwlnkflt.sys Image size: 12416 Image MD5: B305F3FAD35083837EF46A0BBCE2FC57 Start: 3 Type: 1 Error Control: 1 Depends On services: NwlnkFwd Service (registry key): NwlnkFwd Display name: Pilote de transfert de trafic IPX Description: Pilote de transfert de trafic IPX Image path: system32\DRIVERS\nwlnkfwd.sys Image size: 32512 Image MD5: C99B3415198D1AAB7227F2C88FD664B9 Start: 3 Type: 1 Error Control: 1 Service (registry key): ose Display name: Office Source Engine Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports. Object name: LocalSystem Image path: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" Image size: 89136 Image MD5: 7A56CF3E3F12E8AF599963B16F50FB6A Start: 4 Type: 16 Error Control: 1 Service (registry key): Parport Display name: Pilote de port parallèle Image path: system32\DRIVERS\parport.sys Image size: 80384 Image MD5: 318696359AC7DF48D1E51974EC527DD2 Start: 3 Type: 1 Error Control: 1 Service (registry key): PartMgr Start: 0 Type: 1 Error Control: 1 Service (registry key): ParVdm Start: 4 Type: 1 Error Control: 0 Depends On services: Parport Depends On group: "Parallel arbitrator" Service (registry key): PCI Display name: Pilote de bus PCI Image path: system32\DRIVERS\pci.sys Image size: 68608 Image MD5: 7C5DA5C1ED801AD8B0309D5514F0B75E Start: 0 Type: 1 Error Control: 3 Service (registry key): PCIDump Start: 1 Type: 1 Error Control: 0 Service (registry key): PCIIde Display name: PCIIde Image path: \SystemRoot\system32\DRIVERS\pciide.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): Pcmcia Start: 4 Type: 1 Error Control: 1 Service (registry key): pcouffin Display name: VSO Software pcouffin Image path: System32\Drivers\pcouffin.sys Image size: 47360 Image MD5: 5B6C11DE7E839C05248CED8825470FEF Start: 3 Type: 1 Error Control: 1 Service (registry key): PDCOMP Start: 3 Type: 1 Error Control: 0 Service (registry key): PDFRAME Start: 3 Type: 1 Error Control: 0 Service (registry key): PDRELI Start: 3 Type: 1 Error Control: 0 Service (registry key): PDRFRAME Start: 3 Type: 1 Error Control: 0 Service (registry key): perc2 Display name: perc2 Image path: \SystemRoot\system32\DRIVERS\perc2.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): perc2hib Display name: perc2hib Image path: \SystemRoot\system32\DRIVERS\perc2hib.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): PerfDisk Start: 0 Type: 0 Error Control: 0 Service (registry key): PerfNet Start: 0 Type: 0 Error Control: 0 Service (registry key): PerfOS Start: 0 Type: 0 Error Control: 0 Service (registry key): PerfProc Start: 0 Type: 0 Error Control: 0 Service (registry key): PhnxVcd Display name: PhnxVcd Image path: System32\Drivers\PhnxVcd.sys Image size: 44544 Image MD5: EB095F7199AAB8D9778DBE26AC4AA255 Start: 3 Type: 1 Error Control: 1 Service (registry key): PhnxVCDService Display name: Phoenix VCD Service Object name: LocalSystem Image path: C:\WINDOWS\system32\PhnxCDSvr.exe Image size: 49152 Image MD5: 0B3DCBCF76005ABC186F0366946A3C82 Start: 4 Type: 16 Error Control: 1 Service (registry key): PlugPlay Display name: Plug-and-Play Description: Permet à l'ordinateur de reconnaître et d'adapter les modifications matérielles avec peu ou pas du tout d'intervention de l'utilisateur. Arrêter ou désactiver ce service provoque une instabilité du système. Object name: LocalSystem Image path: %SystemRoot%\system32\services.exe Image size: 108544 Image MD5: 63DCDE1A0D86EEB8924D6738FF616EAD Start: 2 Type: 32 Error Control: 1 Service (registry key): Pml Driver HPZ12 Display name: Pml Driver HPZ12 Object name: LocalSystem Image path: C:\WINDOWS\system32\HPZipm12.exe Image size: 69632 Image MD5: D31F88C5F19EEFA366A415D6BC5F2ABC Start: 4 Type: 16 Error Control: 1 Service (registry key): PolicyAgent Display name: Services IPSEC Description: Gère la stratégie de sécurité IP et démarre les pilotes de gestion de sécurité IP et ISAKMP/Oakley (IKE). Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 13312 Image MD5: 259AF82A0932EEA4F316F92DB94707B6 Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS,Tcpip,IPSec Service (registry key): PptpMiniport Display name: Miniport réseau étendu (PPTP) Description: Miniport réseau étendu (PPTP) Image path: system32\DRIVERS\raspptp.sys Image size: 48384 Image MD5: 1C5CC65AAC0783C344F16353E60B72AC Start: 3 Type: 1 Error Control: 1 Service (registry key): Processor Display name: Pilote processeur Image path: system32\DRIVERS\processr.sys Image size: 39552 Image MD5: F480712B761E538BC8E44EDE60F3A3C3 Start: 1 Type: 1 Error Control: 1 Service (registry key): ProtectedStorage Display name: Emplacement protégé Description: Fournit un stockage protégé pour les données sensibles, telles que les clés privées, afin d'empêcher l'accès par des services, des processus ou des utilisateurs non autorisés. Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 13312 Image MD5: 259AF82A0932EEA4F316F92DB94707B6 Start: 2 Type: 288 Error Control: 1 Depends On services: RpcSs Service (registry key): PSched Display name: Planificateur de paquets QoS Description: Planificateur de paquets QoS Image path: system32\DRIVERS\psched.sys Image size: 69120 Image MD5: 48671F327553DCF1D27F6197F622A668 Start: 3 Type: 1 Error Control: 1 Depends On services: Gpc Service (registry key): Ptilink Display name: Pilote de liaison parallèle directe Description: Pilote de liaison parallèle directe Image path: system32\DRIVERS\ptilink.sys Image size: 17792 Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD Start: 3 Type: 1 Error Control: 1 Service (registry key): ptpd Display name: Disk Filter Driver Image path: system32\drivers\ptpd.sys Image size: 7680 Image MD5: 6E172558DAA6CFC0502FE5297E90DC9C Start: 0 Type: 1 Error Control: 1 Service (registry key): PxHelp20 Display name: PxHelp20 Image path: System32\Drivers\PxHelp20.sys Image size: 20576 Image MD5: F3A3B00666A40C6914B7B2864F7DC1C0 Start: 0 Type: 1 Error Control: 1 Service (registry key): ql1080 Display name: ql1080 Image path: \SystemRoot\system32\DRIVERS\ql1080.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): Ql10wnt Display name: Ql10wnt Image path: \SystemRoot\system32\DRIVERS\ql10wnt.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): ql12160 Display name: ql12160 Image path: \SystemRoot\system32\DRIVERS\ql12160.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): ql1240 Display name: ql1240 Image path: \SystemRoot\system32\DRIVERS\ql1240.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): ql1280 Display name: ql1280 Image path: \SystemRoot\system32\DRIVERS\ql1280.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): RasAcd Display name: Pilote de connexion automatique d'accès distant Description: Pilote de connexion automatique d'accès distant Image path: system32\DRIVERS\rasacd.sys Image size: 8832 Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C Start: 1 Type: 1 Error Control: 1 Service (registry key): RasAuto Display name: Gestionnaire de connexion automatique d'accès distant Description: Crée une connexion vers un réseau distant à chaque fois qu'un programme référence un nom ou une adresse DNS ou NetBIOS distant. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: RasMan,Tapisrv Service (registry key): Rasl2tp Display name: Miniport réseau étendu (L2TP) Description: Miniport réseau étendu (L2TP) Image path: system32\DRIVERS\rasl2tp.sys Image size: 51328 Image MD5: 98FAEB4A4DCF812BA1C6FCA4AA3E115C Start: 3 Type: 1 Error Control: 1 Service (registry key): RasMan Display name: Gestionnaire de connexions d'accès distant Description: Crée une connexion réseau. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: Tapisrv Service (registry key): RasPppoe Display name: Pilote PPPOE d'accès à distance Description: Pilote PPPOE d'accès à distance Image path: system32\DRIVERS\raspppoe.sys Image size: 41472 Image MD5: 7306EEED8895454CBED4669BE9F79FAA Start: 3 Type: 1 Error Control: 1 Service (registry key): Raspti Display name: Parallèle direct Description: Parallèle direct Image path: system32\DRIVERS\raspti.sys Image size: 16512 Image MD5: FDBB1D60066FCFBB7452FD8F9829B242 Start: 3 Type: 1 Error Control: 1 Service (registry key): Rdbss Display name: Rdbss Description: Rdbss Image path: system32\DRIVERS\rdbss.sys Image size: 174592 Image MD5: 03B965B1CA47F6EF60EB5E51CB50E0AF Start: 1 Type: 2 Error Control: 1 Service (registry key): RDPCDD Image path: System32\DRIVERS\RDPCDD.sys Image size: 4224 Image MD5: 4912D5B403614CE99C28420F75353332 Start: 1 Type: 1 Error Control: 0 Service (registry key): RDPDD Start: 0 Type: 0 Error Control: 0 Service (registry key): rdpdr Display name: Pilote de redirecteur de périphérique Terminal Server Image path: system32\DRIVERS\rdpdr.sys Image size: 196864 Image MD5: A2CAE2C60BC37E0751EF9DDA7CEAF4AD Start: 3 Type: 1 Error Control: 1 Service (registry key): RDPNP Start: 0 Type: 0 Error Control: 0 Service (registry key): RDPWD Start: 3 Type: 1 Error Control: 0 Service (registry key): RDSessMgr Display name: Gestionnaire de session d'aide sur le Bureau à distance Description: Gère et contrôle l'assistance à distance. Si ce service est arrêté, l'assistance à distance n'est pas disponible. Consultez l'onglet Dépendances avant d'arrêter ce service. Object name: LocalSystem Image path: C:\WINDOWS\system32\sessmgr.exe Image size: 142336 Image MD5: F35A23E5B6413F93CCCA0D05D00183FB Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): redbook Display name: Pilote de filtre de lecture digitale de CD audio Image path: system32\DRIVERS\redbook.sys Image size: 58496 Image MD5: 2CC30B68DD62B73D444A41322CD7FC4C Start: 1 Type: 1 Error Control: 1 Service (registry key): RemoteAccess Display name: Routage et accès distant Description: Offre aux entreprises des services de routage dans les environnements de réseau local ou étendu. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 4 Type: 32 Error Control: 1 Depends On services: RpcSS Depends On group: NetBIOSGroup Service (registry key): RITCPT Start: 0 Type: 1 Error Control: 0 Service (registry key): RpcLocator Display name: Localisateur d'appels de procédure distante (RPC) Description: Gère la base de données du service de nom RPC. Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\system32\locator.exe Image size: 75264 Image MD5: DAB8E0B2F07DC4D44F8F72BF3994630B Start: 3 Type: 16 Error Control: 1 Depends On services: LanmanWorkstation Service (registry key): RpcSs Display name: Appel de procédure distante (RPC) Description: Fournit le mappeur du point de sortie et divers services RPC. Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\system32\svchost -k rpcss Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Service (registry key): RSVP Display name: QoS RSVP Description: Fournit la signalisation de réseau et la fonctionnalité d'installation du contrôle de trafic local pour les programmes reconnaissant QoS et les applets de contrôle. Object name: LocalSystem Image path: %SystemRoot%\system32\rsvp.exe Image size: 132608 Image MD5: 414964844F4793ACB868D057E8ED997E Start: 3 Type: 16 Error Control: 1 Depends On services: TcpIp,Afd,RpcSs Service (registry key): SamSs Display name: Gestionnaire de comptes de sécurité Description: Stocke les informations de sécurité pour les comptes d'utilisateurs locaux. Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 13312 Image MD5: 259AF82A0932EEA4F316F92DB94707B6 Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): SCardSvr Display name: Carte à puce Description: Gère l'accès aux cartes à puce lues par cet ordinateur. Si ce service est arrêté, cet ordinateur ne pourra plus lire de cartes à puces. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\SCardSvr.exe Image size: 100352 Image MD5: 8866078139C403A28CB4CB460CA6DC90 Start: 3 Type: 32 Error Control: 0 Depends On services: PlugPlay Service (registry key): Schedule Display name: Planificateur de tâches Description: Permet à un utilisateur de configurer et de planifier des tâches automatisées sur cet ordinateur. Si ce service est arrêté, ces tâches ne seront pas exécutées à l'heure prévue. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): Secdrv Display name: Secdrv Description: SafeDisc driver Image path: system32\DRIVERS\secdrv.sys Image size: 27440 Image MD5: D26E26EA516450AF9D072635C60387F4 Start: 3 Type: 1 Error Control: 1 Service (registry key): seclogon Display name: Connexion secondaire Description: Permet le démarrage des processus sous d'autres informations d'identification. Si ce service est arrêté, ce type d'ouverture de session sera indisponible. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 288 Error Control: 0 Service (registry key): SENS Display name: Notification d'événement système Description: Scrute les événements système tels que les ouvertures de session Windows et les événements concernant le réseau et l'alimentation. Avertit les abonnés du système d'événements COM+ de ces événements. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: EventSystem Service (registry key): serenum Display name: Pilote de filtre Serenum Image path: system32\DRIVERS\serenum.sys Image size: 15488 Image MD5: A2D868AEEFF612E70E213C451A70CAFB Start: 3 Type: 1 Error Control: 1 Service (registry key): Serial Display name: Pilote de port série Image path: system32\DRIVERS\serial.sys Image size: 66560 Image MD5: 653201755CA96AB4AAA4131DAF6DA356 Start: 1 Type: 1 Error Control: 0 Service (registry key): Sfloppy Start: 1 Type: 1 Error Control: 0 Depends On group: "SCSI miniport" Service (registry key): SharedAccess Display name: Pare-feu Windows / Partage de connexion Internet Description: Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: Netman,WinMgmt Service (registry key): ShellHWDetection Display name: Détection matériel noyau Description: Fournit des notifications à des événements matériel de lecture automatique. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 0 Depends On services: RpcSs Service (registry key): Simbad Start: 4 Type: 1 Error Control: 1 Service (registry key): sisagp Display name: Filtre de bus AGP SIS Image path: \SystemRoot\system32\DRIVERS\sisagp.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): Sparrow Display name: Sparrow Image path: \SystemRoot\system32\DRIVERS\sparrow.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): splitter Display name: Splitter audio du noyau Microsoft Image path: system32\drivers\splitter.sys Image size: 6400 Image MD5: 0CE218578FFF5F4F7E4201539C45C78F Start: 3 Type: 1 Error Control: 1 Service (registry key): Spooler Display name: Spouleur d'impression Description: Charge des fichiers en mémoire pour une impression ultérieure. Object name: LocalSystem Image path: %SystemRoot%\system32\spoolsv.exe Image size: 57856 Image MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F Start: 2 Type: 272 Error Control: 1 Depends On services: RPCSS Service (registry key): sptd Image path: System32\Drivers\sptd.sys Start: 0 Type: 1 Error Control: 1 Service (registry key): sr Display name: Pilote de filtre de restauration système Image path: \SystemRoot\system32\DRIVERS\sr.sys Start: 4 Type: 2 Error Control: 1 Service (registry key): srservice Display name: Service de restauration système Description: Effectue des opérations de restauration du système. Pour arrêter ce service, désactivez Restauration du système dans l'onglet Restauration du système des propriétés du Poste de travail. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): Srv Display name: Srv Description: Srv Image path: system32\DRIVERS\srv.sys Image size: 332928 Image MD5: EA554A3FFC3F536FE8320EB38F5E4843 Start: 3 Type: 2 Error Control: 1 Service (registry key): SSDPSRV Display name: Service de découvertes SSDP Description: Active la découverte de périphériques Plug and Play universels sur votre réseau domestique. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: HTTP Service (registry key): ssmdrv Display name: ssmdrv Description: Avira Snapshot Driver Image path: system32\DRIVERS\ssmdrv.sys Image size: 28352 Image MD5: 3D2829FDE1C52FC64DA5413889CE4DEE Start: 1 Type: 1 Error Control: 1 Service (registry key): ssm_bus Display name: SAMSUNG Mobile USB Device II 1.0 driver (WDM) Image path: system32\DRIVERS\ssm_bus.sys Image size: 58320 Image MD5: DF5C19F053EFF7F8BA25D73AEA899656 Start: 3 Type: 1 Error Control: 1 Service (registry key): ssm_mdfl Display name: SAMSUNG Mobile USB Modem II 1.0 Filter Description: SAMSUNG Mobile USB Modem II 1.0 Filter Image path: system32\DRIVERS\ssm_mdfl.sys Image size: 8336 Image MD5: 5347169FA449EABC4D0728AE39FAB926 Start: 3 Type: 1 Error Control: 1 Service (registry key): ssm_mdm Display name: SAMSUNG Mobile USB Modem II 1.0 Drivers Description: SAMSUNG Mobile USB Modem II 1.0 Drivers Image path: system32\DRIVERS\ssm_mdm.sys Image size: 94000 Image MD5: 7AAE23DD105EED15C4F45FC269FA42A9 Start: 3 Type: 1 Error Control: 1 Service (registry key): StarOpen Start: 1 Type: 2 Error Control: 1 Service (registry key): stisvc Display name: Acquisition d'image Windows (WIA) Description: Fournit des services d'acquisition d'images pour les scanneurs et les appareils photo. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k imgsvc Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): swenum Display name: Pilote de bus logiciel Image path: system32\DRIVERS\swenum.sys Image size: 4352 Image MD5: 03C1BAE4766E2450219D20B993D6E046 Start: 3 Type: 1 Error Control: 1 Service (registry key): swmidi Display name: Synthétiseur de table de sons GC noyau Microsoft Image path: system32\drivers\swmidi.sys Image size: 54272 Image MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D Start: 3 Type: 1 Error Control: 1 Service (registry key): SwPrv Display name: MS Software Shadow Copy Provider Description: Gère les copies logicielles de clichés instantanés de volumes créés par le service de cliché instantané de volumes. Si ce service est arrêté, les copies logicielles de clichés instantanés ne peuvent pas être gérées. Si le service est désactivé, les services qui en dépendent ne pourront pas démarrer. Object name: LocalSystem Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{27D524CB-A5A3-467C-A170-BE5A05D05B86} Image size: 5120 Image MD5: 9B2CE161927038D4CABE0482A14FD052 Start: 3 Type: 16 Error Control: 0 Depends On services: rpcss Service (registry key): symc810 Display name: symc810 Image path: \SystemRoot\system32\DRIVERS\symc810.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): symc8xx Display name: symc8xx Image path: \SystemRoot\system32\DRIVERS\symc8xx.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): sym_hi Display name: sym_hi Image path: \SystemRoot\system32\DRIVERS\sym_hi.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): sym_u3 Display name: sym_u3 Image path: \SystemRoot\system32\DRIVERS\sym_u3.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): sysaudio Display name: Périphérique audio système du noyau Microsoft Image path: system32\drivers\sysaudio.sys Image size: 60800 Image MD5: 650AD082D46BAC0E64C9C0E0928492FD Start: 3 Type: 1 Error Control: 1 Service (registry key): SysmonLog Display name: Journaux et alertes de performance Description: Collecte les données de performances des ordinateurs locaux ou distants basés sur des paramètres planifiés préconfigurés, puis écrit les données dans un journal ou déclenche une alerte. Si ce service est arrêté, les informations de performances ne seront pas collectées. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: NT Authority\NetworkService Image path: %SystemRoot%\system32\smlogsvc.exe Image size: 93184 Image MD5: 0FAAD412D36E668260A6D5699875D534 Start: 3 Type: 16 Error Control: 1 Service (registry key): TapiSrv Display name: Téléphonie Description: Fournit la prise en charge des API de téléphonie (TAPI) pour les programmes contrôlant les périphériques de téléphonie, les connexions vocales basées sur le protocole IP, sur l'ordinateur local, via le réseau local, sur le serveur où ce service fonctionne également. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: PlugPlay,RpcSs Service (registry key): Tcpip Display name: Pilote du protocole TCP/IP Description: Pilote du protocole TCP/IP Image path: system32\DRIVERS\tcpip.sys Image size: 359808 Image MD5: 1DBF125862891817F374F407626967F4 Start: 1 Type: 1 Error Control: 1 Depends On services: IPSec Service (registry key): TDPIPE Start: 3 Type: 1 Error Control: 0 Service (registry key): TDTCP Start: 3 Type: 1 Error Control: 0 Service (registry key): TermDD Display name: Pilote de périphérique terminal Image path: system32\DRIVERS\termdd.sys Image size: 40840 Image MD5: A540A99C281D933F3D69D55E48727F47 Start: 1 Type: 1 Error Control: 1 Service (registry key): TermService Display name: Services Terminal Server Description: Permet à plusieurs utilisateurs de se connecter en même temps à un ordinateur, tout en affichant les bureaux et les applications sur les ordinateurs distants. Contient les fonctions sous-jacentes de Bureau à distance (y compris le Bureau à distance pour les administrateurs), le Changement rapide d'utilisateur, l'Assistance à distance et le service Terminal Server. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost -k DComLaunch Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): Themes Display name: Thèmes Description: Fournit un système de gestion de thème de l'expérience utilisateur. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 4 Type: 32 Error Control: 1 Service (registry key): TosIde Display name: TosIde Image path: \SystemRoot\system32\DRIVERS\toside.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): TrkWks Display name: Client de suivi de lien distribué Description: Maintient les liens entre les fichiers NTFS au sein d'un ordinateur ou de plusieurs ordinateurs dans un domaine de réseau. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): TSDDD Start: 0 Type: 0 Error Control: 0 Service (registry key): Udfs Start: 4 Type: 2 Error Control: 1 Service (registry key): ultra Display name: ultra Image path: \SystemRoot\system32\DRIVERS\ultra.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): UMWdf Display name: Windows User Mode Driver Framework Description: Enables Windows user mode drivers. Object name: NT AUTHORITY\LocalService Image path: C:\WINDOWS\system32\wdfmgr.exe Image size: 38912 Image MD5: AB0A7CA90D9E3D6A193905DC1715DED0 Start: 4 Type: 16 Error Control: 1 Depends On services: RpcSs Service (registry key): Update Display name: Pilote de mise à jour microcode Image path: system32\DRIVERS\update.sys Image size: 209408 Image MD5: AFF2E5045961BBC0A602BB6F95EB1345 Start: 3 Type: 1 Error Control: 1 Service (registry key): upnphost Display name: Hôte de périphérique universel Plug-and-Play Description: Offre la prise en charge des périphériques hôtes universels Plug-and-Play. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: SSDPSRV,HTTP Service (registry key): UPS Display name: Onduleur Description: Gère un onduleur connecté à l'ordinateur. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\ups.exe Image size: 18432 Image MD5: 394C9B28C1A97E1AE0421BE88DDAC102 Start: 3 Type: 16 Error Control: 1 Service (registry key): usbccgp Display name: Pilote parent générique USB Microsoft Image path: system32\DRIVERS\usbccgp.sys Image size: 31616 Image MD5: BFFD9F120CC63BCBAA3D840F3EEF9F79 Start: 3 Type: 1 Error Control: 1 Service (registry key): usbehci Display name: Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0 Image path: system32\DRIVERS\usbehci.sys Image size: 26624 Image MD5: 15E993BA2F6946B2BFBBFCD30398621E Start: 3 Type: 1 Error Control: 1 Service (registry key): usbhub Display name: Concentrateur USB2 Image path: system32\DRIVERS\usbhub.sys Image size: 57600 Image MD5: C72F40947F92CEA56A8FB532EDF025F1 Start: 3 Type: 1 Error Control: 1 Service (registry key): usbprint Display name: Classe d'imprimantes USB Microsoft Image path: system32\DRIVERS\usbprint.sys Image size: 25856 Image MD5: A42369B7CD8886CD7C70F33DA6FCBCF5 Start: 3 Type: 1 Error Control: 1 Service (registry key): usbscan Display name: Pilote de scanneur USB Image path: system32\DRIVERS\usbscan.sys Image size: 15104 Image MD5: A6BC71402F4F7DD5B77FD7F4A8DDBA85 Start: 3 Type: 1 Error Control: 1 Service (registry key): USBSTOR Display name: Pilote de stockage de masse USB Image path: system32\DRIVERS\USBSTOR.SYS Image size: 26496 Image MD5: 6CD7B22193718F1D17A47A1CD6D37E75 Start: 3 Type: 1 Error Control: 1 Service (registry key): usbuhci Display name: Pilote miniport de contrôleur hôte universel USB Microsoft Image path: system32\DRIVERS\usbuhci.sys Image size: 20480 Image MD5: F8FD1400092E23C8F2F31406EF06167B Start: 3 Type: 1 Error Control: 1 Service (registry key): VgaSave Image path: \SystemRoot\System32\drivers\vga.sys Start: 1 Type: 1 Error Control: 0 Service (registry key): VIA Codec Default Start: 0 Type: 0 Error Control: 0 Service (registry key): viaagp Display name: Filtre de bus AGP VIA Image path: \SystemRoot\system32\DRIVERS\viaagp.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): viagfx Display name: viagfx Image path: system32\DRIVERS\vtmini.sys Image size: 174592 Image MD5: 8415D39E3F95E27F5247072C78812C24 Start: 3 Type: 1 Error Control: 0 Service (registry key): ViaIde Image path: system32\DRIVERS\viaide.sys Image size: 5376 Image MD5: 59CB1338AD3654417BEA49636457F65D Start: 0 Type: 1 Error Control: 1 Service (registry key): viamraid Image path: system32\DRIVERS\viamraid.sys Image size: 60672 Image MD5: 44056E9FEE477F512EE58BCFEE949621 Start: 0 Type: 1 Error Control: 1 Service (registry key): VIAudio Display name: Vinyl AC'97 Audio Controller (WDM) Image path: system32\drivers\vinyl97.sys Image size: 202112 Image MD5: 08C5FD340D290E8536413C863BA4F9A6 Start: 3 Type: 1 Error Control: 1 Service (registry key): VolSnap Start: 0 Type: 1 Error Control: 1 Service (registry key): VSS Display name: Cliché instantané de volume Description: Gère et implémente les clichés instantanés de volumes pour les sauvegardes et autres utilisations. Si ce service est arrêté, les clichés instantanés ne seront pas disponibles pour la sauvegarde et la sauvegarde échouera. Si ce service est désactivé, les services en dépendant explicitement ne démarreront pas. Object name: LocalSystem Image path: %SystemRoot%\System32\vssvc.exe Image size: 295424 Image MD5: CE38755FF8C161A66E45FC0C10CDEE87 Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): W32Time Display name: Horloge Windows Description: Conserve la synchronisation de la date et de l'heure sur tous les clients et serveurs sur le réseau. Si ce service est arrêté, la synchronisation de la date et de l'heure sera indisponible. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Service (registry key): W3SVC Start: 0 Type: 0 Error Control: 0 Service (registry key): Wanarp Display name: Pilote ARP IP d'accès distant Description: Pilote ARP IP d'accès distant Image path: system32\DRIVERS\wanarp.sys Image size: 34560 Image MD5: 984EF0B9788ABF89974CFED4BFBAACBC Start: 3 Type: 1 Error Control: 1 Service (registry key): WDICA Start: 3 Type: 1 Error Control: 0 Service (registry key): wdmaud Display name: Pilote WINMM de compatibilité audio WDM Microsoft Image path: system32\drivers\wdmaud.sys Image size: 82944 Image MD5: EFD235CA22B57C81118C1AEB4798F1C1 Start: 3 Type: 1 Error Control: 1 Service (registry key): WebClient Display name: WebClient Description: Permet à un programme fonctionnant sous Windows de créer, modifier et accéder à des fichiers Internet. Si ce service est arrêté, Ces fonctions ne seront pas disponibles. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: MRxDAV Service (registry key): winmgmt Display name: Infrastructure de gestion Windows Description: Fournit une interface commune et un modèle objet pour accéder aux informations de gestion du système d'exploitation, des périphériques, des applications et des services. Si ce service est arrêté, la plupart des logiciels sur base Windows ne fonctionneront pas correctement. Si ce service est désactivé, tout service qui en dépend explicitement ne démarrera pas. Object name: LocalSystem Image path: %systemroot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 0 Depends On services: RPCSS Service (registry key): Winsock Start: 3 Type: 4 Error Control: 1 Service (registry key): WinSock2 Start: 0 Type: 0 Error Control: 0 Service (registry key): WinTrust Start: 0 Type: 0 Error Control: 0 Service (registry key): WMConnectCDS Display name: Service Windows Media Connect Description: Partage les médias avec des périphériques pour les médias qui utilisent Plug-and-Play universel Object name: NT AUTHORITY\NetworkService Image path: C:\Program Files\Windows Media Connect 2\wmccds.exe Image size: 856064 Image MD5: EFD9476E039E833A4B55E87EC813B153 Start: 3 Type: 16 Error Control: 1 Depends On services: upnphost,http,HTTPFilter Service (registry key): WmdmPmSN Display name: Service de numéro de série du lecteur multimédia portable Description: Extrait le numéro de série d'un lecteur multimédia portable connecté à cet ordinateur. Si ce service est interrompu, le contenu protégé risque de ne pas être téléchargé sur le périphérique. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Service (registry key): WmiApRpl Start: 0 Type: 0 Error Control: 0 Service (registry key): WmiApSrv Display name: Carte de performance WMI Description: Fournit des informations concernant la bibliothèque de performance à partir des fournisseurs HiPerf WMI. Object name: LocalSystem Image path: C:\WINDOWS\system32\wbem\wmiapsrv.exe Image size: 126464 Image MD5: 93A3FC4CF42587A7AB54788F19B9259C Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): WS2IFSL Display name: Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0 Image path: \SystemRoot\System32\drivers\ws2ifsl.sys Start: 4 Type: 1 Error Control: 1 Service (registry key): wscsvc Display name: Centre de sécurité Description: Analyse les paramètres de sécurité et les configurations du système. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs,winmgmt Service (registry key): wuauserv Display name: Mises à jour automatiques Description: Active le téléchargement et l'installation des mises à jour Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité des mises à jour automatiques ou le site Windows Update. Object name: LocalSystem Image path: %systemroot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Service (registry key): WZCSVC Display name: Configuration automatique sans fil Description: Fournit la configuration automatique des cartes 802.11 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs,Ndisuio Service (registry key): xmlprov Display name: Service d'approvisionnement réseau Description: Gère les fichiers de configuration XML en fonction du domaine pour l'approvisionnement réseau automatique. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 2979B03D5382A602623C0535B16AB9C0 Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): {88317C58-0B89-4AEE-ACA6-ED4AD09D4599} Start: 0 Type: 0 Error Control: 0

!!!! ATTENTION !!! Le programme va maintenant lancer scan catchme. une fois le scan termine (avec le nombre de files/processes/services hidden dete ctes).. Appuyez sur la touche ENTREE du clavier pour continuer l'analyse avec DiagHelp ! !!!! ATTENTION !!! catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/ /www.gmer.net Rootkit scan 2007-09-19 17:45:56 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwQueryDirectoryFile scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E36468 2FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:b3,48,ad,a3,bf,8f,e8,47,89,42,74,de,10,05,b7,2a,de,a7,c4,73,47,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4 BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:b3,48,ad,a3,bf,8f,e8,47,89,42,74,de,10,05,b7,2a,de,a7,c4,73,47,.. scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Ap proved\{28F9151B-ABDA-3820-0818-ABEE25D08BD3}] "dbcflollnpfipicpijelnbnibljgbjgeiagjloln"=hex:6a,61,67,6d,69,62,67,69,6c,62,6a, 61,69,6b,6b,6b,6a,65,69,6d,00,.. "cbafdhkeocioanfgdcmpifceoefacdmeohdgol"=hex:6a,61,67,6d,69,62,67,69,6c,62,6a,61 ,69,6b,6b,6b,6a,65,69,6d,00,.. "iacflollnpfipicpij"=hex:61,61,00,00 "haafdhkeocioanfg"=hex:61,61,00,00 "iagknodhoedlmmefbk"=hex:61,61,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Ap proved\{8601FE80-E8A0-CFFE-616C-C8E0162C36D9}] "dbmmfodjaokjmggpgnlodjliedljakdhmjkjlicj"=hex:6a,61,69,69,62,67,64,70,69,6e,6e, 6c,6a,67,6b,6e,6a,64,6f,66,00,.. "cboflbpjcnkihdijacmifpahkebdadlhahlboo"=hex:6a,61,69,69,62,67,64,70,69,6e,6e,6c ,6a,67,6b,6e,6a,64,6f,66,00,.. "iammfodjaokjmggpgn"=hex:61,61,00,00 "haoflbpjcnkihdij"=hex:61,61,00,00 "iaignaahcboelbacjp"=hex:61,61,00,00 scanning hidden files ... C:\WINDOWS\system32\kdcne.exe scan completed successfully hidden files: 1

Logfile of HijackThis v1.99.1 Scan saved at 13:15:37, on 19/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Optimark\OTB\OTB.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon-Pro\Babylon Toolbar\BabylonIEToolBar.dll O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [FileBackup] "C:\Program Files\Optimark\OTB\OTB.exe" O4 - HKLM\..\Run: [AudioDeck] "C:\Program Files\VIAudioi\SBADeck\ADeck.exe" 1 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe Voilà le log merci de le lire