chtilo

4soir Xeti, ZebRestore n'as rien changer pas mieux après. Sinon, j'ai formater le recour ultime pour que sa s'arrête, mais bon le formatage c'est pas trop bien passé donc je repars pour un autre sujet. Voilà les news, mais je remercie tout ceux qui m'ont apporter leur aide et de leur temps, merci. amicalement.

Bonsoir Charles , Je pensait pas te revoir et puis avec le temps que j'était là-dessus j'ai donc fait un formatage de C:, je le fait pas d'habitude mais là sa me faisait #@]|^¤ les problème s'arrêtait pas. Pour les Màj le rapport d'erreur indiquait un problème avec un fichier mais je l'ai plus en tête et avec le formatage il est effacer, de plus je lisait un peu partout que ZoneAlarme ne fait pas bon ménage avec les Màj.Avec la nouvelle install les Màj auto fonctionne mais quand je veux lancé les Màj moi_même sa marche pas, je veux dire, qu'il veut pas afficher les Màj dispo. En tout cas je te remercie de ton aide et merci à tout ceux qui mon aidé . amicalement. Bonsoir Charles , Je pensait pas te revoir et puis avec le temps que j'était là-dessus j'ai donc fait un formatage de C:, je le fait pas d'habitude mais là sa me faisait #@]|^¤ les problème s'arrêtait pas. Pour les Màj le rapport d'erreur indiquait un problème avec un fichier mais je l'ai plus en tête et avec le formatage il est effacer, de plus je lisait un peu partout que ZoneAlarme ne fait pas bon ménage avec les Màj.Avec la nouvelle install les Màj auto fonctionne mais quand je veux lancé les Màj moi_même sa marche pas, je veux dire, qu'il veut pas afficher les Màj dispo. En tout cas je te remercie de ton aide et merci à tout ceux qui mon aidé . amicalement.

Ok merci gordon pour les infos , eclypse vient a mon aide je vois ssi on peu rétablir le problème et si non alors je ferai la réinstalle Merci gordon pour m'avoir expliquer la chose la dernière fois j'aurai donc pu ne pas virer mes données, voilà maintenant je pense être au point sur cette manip, merci encore, amicalement

Oui il est légale ma dernière màj date de début aout voir dans le rapport Windpfind3u regarde l'erreur que j'ai eu :Failure Content Install Installation Failure: Windows failed to install the following update with error 0x8024d007: Mises à jour automatiques. j'ai regarder dans le dossier Software Distribution\selfupdate\registered et il est vide, c'est normal De plus j'ai suivi une solution de microsoft qui dit de renomer le dossier Software Distribution que j'ai fais ça na pas marcher alors j'ai voulu remettre le nom et voici la finalité C:windows\softwaredistribution\les dossier qui doit avoir\oldsd(quand renommer)\eventcache et log donc j'ai deux eventcache et log Est ce que c'est grave. merci de ton aide, amoicalement

Déjà je te remerci de m'expliquer car je ne connaissait que la methode du je supprime tout les partition. Donc là en faisant comme tu me dit , ce que j'ai sur les autres partition reste intact ? donc je peut laisser mes dossier d'install de logiciels sur ces partitions, ou il vaut mieux que je fasse une image avec mes setup ? Pour les pilote c'est OK, j'avais moter moi même le PC donc j'ai les pilote de chaque éléments. Si ça marche niquel une fois tout installer je vais faire tout suite après un ghost. amicalement

Bonjours à tous, Merci aux personnes qui pourront m'aider et met guider vers la bonne solution. Après une infection qui a été nettoyer il c'est avérer qu'elle m'avait causé beaucoup de dégât certain ont été réparer grâce aux helpeur de Zebulon et je les remercie. Voici les Problème persistant tout d'abord la restauration, je peu créer un point mais pas restaurer, j'ai utiliser ZebRestor mais rien de nouveaux. Windows Update, pour qui j'ai suivi une solution mais le problème sait que sa ma demander de renommer Software distribution mais je n'ai pas réussi a remettre le nom correctement c'est EVENT CACHE ET SON LOG qui veulent pas se remettre correctement, il sont dans le dossier Software mais il y a le sous dossier OldSD que j'ai dû créer et c'est dedans. Est ce que c'est grave ? je signale que j'ai fais des réinstalle mais après la console de récupération je maitrise pas vraiment. Donc en faite se que je voudrait savoir c'est , est ce que je peut remettre Windows ou juste le registre mais sans touché a mes autre partition ? merci de votre aide, amicalement.

D'après le topic que j'ai lu tu fais le ghost a 'install de Windows après pour mettre à jours ton ghost tu vérifie avant si il y a pas de virus ou autre. Sinon voyant que pour mon problème c'est vraiment le souc et sa fait déjà une bonne semaine que je suis dessus , je pense utilisé ta technique. En fait voilà se que je voudrait faire : analyse du Pc pour virus ou autre puis mettre mes setup de logiciels sur mes autre partitions (j'en ai 4) se qui est déja je met aucune donné sur C:, c'est que le système. Donc est ce que je peut effacé tout C: pour réinstall de Windows mais sans rien touché des autre partition car je veut pas perdre mes donnée. Merci, amicalement.

Non pas de souci mais j'entends quelque fois des gens dire qu'il formate tout les x temps, perso je le fait pas, mais je voulais comprendre le principe et le pendant et après la manip et là et bien se que je peu dire c'est que, tu ferai un ghost tu gagnerai du temps car en fait si j'ai bien compris a chaque fois tu ré-installe tout (étape chiante) si tu fais ton ghost en plus tu a après les sauvegarde différentielle, incrémentielles qui mette à jours les dossier . Et là quand tu formate et bien tu place ton ghost et c'est fini et de plus une fois maîtriser , tout dois se faire à une vitesse ! Sinon , je n'ai pas de souci de formatage mais je prévoyais de faire un ghost et avant même de préparer le PC pour ça j'ai choper une merde que j'ai réussi a enlever mais elle ma foutu le bordel dans le PC et donc je suis venu sur le forum pour qu'on m'aide. Résultat avec patience beaucoup de monde est venu m'aider ( je les remercie).Mais j'ai les Màj automatique qui veulent rien savoir donc je prévoit le pire et regarde les méthode , les compare pour voir si je garde l'idée du ghost (chose que je vais faire!) mais en attendant pour régler le problème des Màj si on, n'y vient pas a bout là je devrait formater mais je pense aussi a la console de récupération. En résumé je ne suis pas spécialement pour, car de ce que tu me dis c'est comme si tu venait de monter ton PC et que tu devait mettre ton OS, en plus si j'ai compris les donner que tu mes sur D: se sont quoi en fait ? photo , musique, film, rien qui est lié a ta configuration donc tu dois tout refaire à chaque fois, corrige moi si j'ai pas compris. En tout cas c'est bon a connaître sa peut servir a un moment ou a un autre, mais de là a répéter la manip tout les x temps .... je sais pas..... Se n'ai pas une critique ou un truc négatif je compare juste le formatage et le ghost avec mon avis personnel, je n'ai pas encore fais de ghost du coup(because mon problème), ça sera mon premier Donc, je vois un peu les différente méthode dont le fameux formatage que même un amis à moi, fait régulièrement. voilà mon avis , bon il est tard et tôt, bonne nuit et bonjours , amicalement.

Cette methode semble bien, par contre ilfaut être sur que ce que tu mets sur D: soit clean sinon tu vas ré-installé et quand tu remet tes donner sur C: tu remet l'infection, mais c'est une mméthode. Ayant un serieux problème de màj et autre dû a une infection j'ai fait l'acquisition de Acronis true Image et je pense faire un ghost une fois mon problème résolu mais je pense qu'avant je vais faire une de ces deux méthode : aidewindows.netmaintenant ilfaut que je trouve des personne l'ayant fait pour me certifier la non perte des données. Sinon pour en revenir a ce qui tes arriver je reste sur mes propos c'est à dire du a dû choper une vérole dômmage que tu n'est pus faire un scan AVG ou unscan online pour voir si il trouvait quelque chose. Je voulait savoir, quand tu remet sur C: tes données tu n'as aucun problème, tout se met bien en place ? C'est quoi qui fait 8 mois; le problème "étrange" ? amicalement

Mais tu as dû tout ré-installé les logiciels et refaire toute tes Màj, tu refais que C: ou tu as fais un raz de tout je veux dire toute les partition. Car si tu ré installe tout tu perd des fichier personnelle ! Je les fait trois fois mais ne connait pas la meilleur manip a faire et du coup pour ma part je perdait tout, comment procède tu.Si un jour je dois le refaire ça pourra me servir. Car ces la chose principal qui me rebute pour faire cette ré-installe , la dernière fois c'était a cause d'une vérole qui m'avait planté mon PC. amicalement

Bonsoir Etant toujours en quète de solution pour pouvoir faire mes Màj de Windows , voici l'info que j'ai pu lire : Avec Zone alarm les maj windows passent difficilement . Un avis ou une solution ? Amicalement

Bonsoir Gordon62 Tu aurai dû attendre ou si pas encore ré-installé relance ton sujet quelqu'un viendra, le temp d'attente est "normale", on n'ai vraiment plus nombreux a être infecté que les personnes qui savent désinfecté. Car comme j'ai pu le lire une fois sur un forum ou même celui ci la ré-installe de Windows doit être la dernière solution a appliquer. amicalement

Bonjours Charles, J'ai suivi tes instruction pour ce qui est des désinstalle le fix a marché , je n'aurai pas pensé que s'était cette clé qui génait car voilà d'où je la sort (car c'est moi qui l'ai mis volontairement): topic de Coolman sur zebulon : Comment résoudre mon problème de Windows Installer voilà pourquoi cette clé était dans mon registre. Mais c'est grace à ce topic que j'ai réussi à ré-installé Windows Installer. Voici le rapport après avoir fixé : [Registry - Additional Scans - Non-Microsoft Only] Registry value HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\DisableMSI deleted successfully. < End of log > Created on 09-07-2007 17:58:00 Pour les Màj pas de changement toujours le même message d'erreur (plus haut dans le sujet), et le services était déjà sur automatique et il était déjà démarrer. Pour le moment je peux toujours pas désactiver des application en locurence SDFix, car a chaque fois que j'allume ou redémarre le PC il fait la dernière étape, je veux dire, quand il nettoie les fichier et service.(j'utilise JV16 2007 pour le faire) et je ne peux supprimer également.Le message d'erreur est plus haut dans le sujet et la ligne entouré en rouge. L'autre soucis qui n'en ai pas forcément un, c'est que personnellement je suis seul sur le PC donc je ne crée n'y compte n'y groupe et voici celui que je rencontre et pour qui je ne me rappel pas l'avoir vu, c'est : CREATEUR PROPRIETAIRE Dis moi Charles a quoi correspond YN dans ton script car parfois on le voit inversé ? Je suis pas juste curieux,mais tu m'aide donc je vais pas te regarder bosser en me glandant donc j'en profite pour ressortir de ce problème avec des connaissanece et comme tu là vus sur d'autre infection j'ai pris gout a la sécurité et j'apprend les lod hijack et le reste, pour pouvoir aidé aussi, voilà pourquoi cette question.Merci Une autre question mais là c'est pour protéger mon nouveau fichier Hosts, puis-je le crypté pour le protéger car lecture seul n'ai pas vraiment utile j'ai remarqué.Je veux dire une fois crypté sera t-il fonctionnelle. Merci de m'aider Charles, Amicalement

Bonsoir voici le rapport Winpfind3u.exe

Bonsoir Charles , et les lecteur, Pour les Màj il veut pas, pour DSA désinstalle impossible le message dit que l'administrateur a mis une restriction mais je vois pas je peut la trouvé dans le registre. En attendant de nouvelles instruction je repost un log de Winpfind3u.exe WinPFind3 logfile created on: 2007-09-07 00:42:01 WinPFind3U by OldTimer - Version 1.0.42 Folder = U:\Télécharger\WinPFind3u\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 7.0.5730.11) 1023.48 Mb Total Physical Memory | 378.32 Mb Available Physical Memory | 36.96% Memory free 2.40 Gb Paging File | 1.73 Gb Available in Paging File | 72.06% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 58.59 Gb Total Space | 49.12 Gb Free Space | 83.82% Space Free D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: LO-516AA449945E Current User Name: Loickos Logged in as Administrator. Current Boot Mode: Normal [Processes - Non-Microsoft Only] a2service.exe -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 2007-08-19 21:30:02 | Attr = ] ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 2005-08-04 05:02:58 | Attr = ] ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 2005-08-04 05:02:58 | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 11:25:42 | Attr = ] cledx.exe -> %ProgramFiles%\SyncroSoft\POS\H2O\cledx.exe -> Team H2O [Ver = v0.3.1412 | Size = 307200 bytes | Modified Date = 2007-12-11 04:59:40 | Attr = ] cports.exe -> U:\Télécharger\cports\cports.exe -> NirSoft [Ver = 1.20 | Size = 39936 bytes | Modified Date = 2007-05-05 07:44:32 | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.6: 2007072518 | Size = 7644520 bytes | Modified Date = 2007-07-31 07:35:16 | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 14:31:10 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 39 | Size = 552064 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ] nod32kui.exe -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 39 | Size = 949376 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ] ooccag.exe -> %ProgramFiles%\OO Software\CleverCache\ooccag.exe -> O&O Software GmbH [Ver = 6.0.1.2851 | Size = 391952 bytes | Modified Date = 2007-01-28 15:08:26 | Attr = ] ooccctrl.exe -> %ProgramFiles%\OO Software\CleverCache\ooccctrl.exe -> O&O Software GmbH [Ver = 6.0.1.4036 | Size = 1911568 bytes | Modified Date = 2007-01-28 15:08:36 | Attr = ] oodag.exe -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 10.0.1670 | Size = 1049856 bytes | Modified Date = 2007-06-28 23:02:08 | Attr = ] procexp.exe -> U:\Sécurité\Utilitaires Sécurité\Process Explorer\procexp.exe -> Sysinternals [Ver = 10.21 | Size = 3623736 bytes | Modified Date = 2006-11-01 13:07:34 | Attr = ] ptdirect.exe -> %ProgramFiles%\linguatec\Personal Translator 2008\PTDirect.exe -> Linguatec GmbH [Ver = 2.0.0.0 | Size = 643072 bytes | Modified Date = 2007-07-02 18:10:46 | Attr = ] pwrisovm.exe -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 7, 0, 0 | Size = 200704 bytes | Modified Date = 2007-04-09 14:23:12 | Attr = ] regprot.exe -> %SystemDrive%\RegProt\regprot.exe -> [Ver = | Size = 19614 bytes | Modified Date = 2001-09-13 06:54:22 | Attr = ] robotaskbaricon.exe -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe -> Siber Systems [Ver = 6-9-5 | Size = 160568 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ] soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.38 | Size = 77824 bytes | Modified Date = 2005-04-15 05:01:46 | Attr = ] supercopier2.exe -> %ProgramFiles%\SuperCopier2\SuperCopier2.exe -> SFX TEAM [Ver = 2.0.0.579 | Size = 1052672 bytes | Modified Date = 2006-07-07 18:45:00 | Attr = ] totalcmd.exe -> %SystemDrive%\totalcmd\TOTALCMD.EXE -> C. Ghisler & Co. [Ver = 7.01 | Size = 1071560 bytes | Modified Date = 2007-06-24 17:18:04 | Attr = ] trayit!.exe -> U:\Optimisation & Diagnostic\Tray It\TrayIt!.exe -> Igor Nys [Ver = 4, 6, 5, 5 | Size = 204800 bytes | Modified Date = 2007-07-18 15:57:00 | Attr = ] utorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe -> [Ver = | Size = 218624 bytes | Modified Date = 2007-08-06 00:50:30 | Attr = ] vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 2007-03-09 00:01:58 | Attr = ] washersvc.exe -> %ProgramFiles%\Webroot\Washer\WasherSvc.exe -> Webroot Software, Inc. [Ver = 6,5,0,1093 | Size = 388936 bytes | Modified Date = 2007-08-09 13:56:26 | Attr = ] winpfind3u.exe -> U:\Télécharger\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 2007-09-04 10:47:26 | Attr = ] wtsserver.exe -> %ProgramFiles%\linguatec\Personal Translator 2008\WtsServer.exe -> [Ver = 1.0.0.0 | Size = 16384 bytes | Modified Date = 2007-07-02 18:09:46 | Attr = ] zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 2007-03-09 00:02:00 | Attr = ] [Win32 Services - Non-Microsoft Only] (a2free) a-squared Free Service [Win32_Own | Auto | Running] -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 2007-08-19 21:30:02 | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 2005-08-04 05:02:58 | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0024 | Size = 516096 bytes | Modified Date = 2005-08-05 21:05:00 | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 14:31:10 | Attr = ] (dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 2004-08-19 23:09:52 | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2007-07-23 23:33:14 | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 10, 3, 2 | Size = 800040 bytes | Modified Date = 2007-06-29 19:16:56 | Attr = ] (NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 2,0,16,0 | Size = 279848 bytes | Modified Date = 2007-06-27 19:04:00 | Attr = ] (NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 39 | Size = 552064 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ] (O&O Defrag) O&O Defrag [Win32_Own | Auto | Running] -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 10.0.1670 | Size = 1049856 bytes | Modified Date = 2007-06-28 23:02:08 | Attr = ] (OOCleverCacheAgent) O&O CleverCache Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\OO Software\CleverCache\ooccag.exe -> O&O Software GmbH [Ver = 6.0.1.2851 | Size = 391952 bytes | Modified Date = 2007-01-28 15:08:26 | Attr = ] (PFNet) Privacyware network service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Privacyware\Dynamic Security Agent\pfsvc.exe -> PWI, Inc. [Ver = 5, 0, 8, 8 | Size = 319488 bytes | Modified Date = 2006-08-08 17:23:26 | Attr = ] (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 2007-03-09 00:01:58 | Attr = ] (wwEngineSvc) Window Washer Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Washer\WasherSvc.exe -> Webroot Software, Inc. [Ver = 6,5,0,1093 | Size = 388936 bytes | Modified Date = 2007-08-09 13:56:26 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 11:25:42 | Attr = ] ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.2.2044.224 | Size = 61440 bytes | Modified Date = 2005-08-06 01:07:30 | Attr = ] DSA -> %ProgramFiles%\Privacyware\Dynamic Security Agent\DSA.exe -> Privacyware [Ver = 1, 0, 8, 8 | Size = 2347008 bytes | Modified Date = 2006-08-08 19:01:24 | Attr = ] H2O -> %ProgramFiles%\SyncroSoft\POS\H2O\cledx.exe -> Team H2O [Ver = v0.3.1412 | Size = 307200 bytes | Modified Date = 2007-12-11 04:59:40 | Attr = ] NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 2007-03-01 15:57:24 | Attr = ] nod32kui -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 39 | Size = 949376 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ] ooccctrl.exe -> %ProgramFiles%\OO Software\CleverCache\ooccctrl.exe -> O&O Software GmbH [Ver = 6.0.1.4036 | Size = 1911568 bytes | Modified Date = 2007-01-28 15:08:36 | Attr = ] OSSelectorReinstall -> %CommonProgramFiles%\Acronis\Partition Suite\oss_reinstall.exe -> [Ver = | Size = 1281425 bytes | Modified Date = 2006-05-31 11:20:56 | Attr = ] PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 7, 0, 0 | Size = 200704 bytes | Modified Date = 2007-04-09 14:23:12 | Attr = ] RegProt -> %SystemDrive%\RegProt\regprot.exe -> [Ver = | Size = 19614 bytes | Modified Date = 2001-09-13 06:54:22 | Attr = ] SDFix -> %SystemDrive%\SDFix\RunThis.bat -> [Ver = | Size = 287207 bytes | Modified Date = 2007-09-02 00:18:46 | Attr = ] SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.38 | Size = 77824 bytes | Modified Date = 2005-04-15 05:01:46 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 2007-03-09 00:02:00 | Attr = ] < RunOnce [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> MRUBlaster -> %ProgramFiles%\MRU-Blaster\indexcleaner.exe -> [Ver = 1.00.0002 | Size = 32768 bytes | Modified Date = 2003-01-05 13:20:20 | Attr = ] SDFix -> %SystemDrive%\SDFix\RunThis.bat -> [Ver = | Size = 287207 bytes | Modified Date = 2007-09-02 00:18:46 | Attr = ] < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> RoboForm -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe -> Siber Systems [Ver = 6-9-5 | Size = 160568 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ] SuperCopier2.exe -> %ProgramFiles%\SuperCopier2\SuperCopier2.exe -> SFX TEAM [Ver = 2.0.0.579 | Size = 1052672 bytes | Modified Date = 2006-07-07 18:45:00 | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 2007-07-27 12:54:44 | Attr = ] < Common Startup > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage -> %AllUsersStartup%\Barre d'état système d'ATI CATALYST.lnk -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.2.2044.224 | Size = 61440 bytes | Modified Date = 2005-08-06 01:07:30 | Attr = ] < User Startup > -> C:\Documents and Settings\Loickos\Menu Démarrer\Programmes\Démarrage -> %UserStartup%\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [Ver = | Size = 36864 bytes | Modified Date = 2005-03-06 15:26:48 | Attr = ] %UserStartup%\MRU-Blaster Silent Clean.lnk -> %ProgramFiles%\MRU-Blaster\mrublaster.exe -> [Ver = 1.05.0009 | Size = 1216512 bytes | Modified Date = 2004-03-28 15:07:48 | Attr = ] %UserStartup%\TrayIt!.lnk -> U:\Optimisation & Diagnostic\Tray It\TrayIt!.exe -> Igor Nys [Ver = 4, 6, 5, 5 | Size = 204800 bytes | Modified Date = 2007-07-18 15:57:00 | Attr = ] < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 2007-05-30 14:29:58 | Attr = ] {81559C35-8464-49F7-BB0E-07A383BEF910} [HKLM] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [spywareGuard] -> [Ver = 2.02 | Size = 126976 bytes | Modified Date = 2003-08-02 23:20:58 | Attr = R ] < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 46080 bytes | Modified Date = 2005-08-04 05:04:18 | Attr = ] < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsMenu -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoFavoritesMenu -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMMyDocs -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMMyPictures -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoStartMenuMyMusic -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsHistory -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsNetHood -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMHelp -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoInstrumentation -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSimpleStartMenu -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoFileSharing -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoPrintSharing -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\UNINSTALL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\ -> -> < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\DisableWindowsUpdate -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsMenu -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoFavoritesMenu -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMMyDocs -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMMyPictures -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoStartMenuMyMusic -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsHistory -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\ClearRecentDocsOnExit -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsNetHood -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMHelp -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoUserNameInStartMenu -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoInstrumentation -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoStartMenuPinnedList -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\ForceStartMenuLogoff -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSharedDocuments -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\DISALLOWCPL\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RESTRICTCPL\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RESTRICTRUN\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoFileSharing -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoFileSharingControl -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoPrintSharing -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\UNINSTALL\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\\DisableWindowsUpdateAccess -> 0 -> < HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost -> -> < Internet Explorer Settings > -> -> HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome -> HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: Local Page -> C:\windows\system32\blank.htm -> HKLM: Search Bar -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home -> HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKCU: Local Page -> C:\windows\system32\blank.htm -> HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome -> HKCU: ProxyEnable -> 0 -> < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> msn.com [ - ] -> -> < Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> *.update_microsoft.com [http] -> -> *.update_microsoft.com [https] -> -> www.update_microsoft.com [http] -> -> download_windowsupdate.com [http] -> -> < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {2E03C0FD-4C48-43A7-9A54-00240C70FF16} [HKLM] -> %System32%\BhoECart.dll [ECarteBleueBrowserHelper Class] -> Orbiscom Ltd. All rights reserved. [Ver = 2, 2, 1, 3, 94 | Size = 69632 bytes | Modified Date = 2003-05-14 14:41:30 | Attr = ] {4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [spywareGuardDLBLOCK.CBrowserHelper] -> [Ver = 2.02 | Size = 192512 bytes | Modified Date = 2003-08-02 23:24:02 | Attr = R ] {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 2005-05-31 01:04:00 | Attr = ] {724d43a9-0d85-11d4-9908-00400523e39a} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [Reg Data - Value does not exist] -> Siber Systems [Ver = 6-9-5 | Size = 5645104 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [sSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-07-23 23:33:12 | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 2007-07-27 12:54:44 | Attr = ] < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-07-23 23:33:12 | Attr = R ] {724d43a0-0d85-11d4-9908-00400523e39a} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-5 | Size = 5645104 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ] < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-07-23 23:33:12 | Attr = R ] WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-5 | Size = 5645104 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ] < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] {320AF880-6646-11D3-ABEE-C5DBF3571F46} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComFillForms.htm [buttonText: Remplir] -> File not found {320AF880-6646-11D3-ABEE-C5DBF3571F49} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComSavePass.htm [buttonText: Enregistrer] -> File not found {724d43aa-0d85-11d4-9908-00400523e39a} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htm [buttonText: Barre RoboForm] -> File not found {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [buttonText: Recherche] -> File not found < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Barre RoboForm -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htm -> File not found E&xporter vers Microsoft Excel -> -> File not found Enregistrer le formulaire -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComSavePass.htm -> File not found Personnaliser le menu -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htm -> File not found Remplir le formulaire -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComFillForms.htm -> File not found < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> sv1 -> -> < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {022C77D4-E660-4630-8947-94654E82A62B} -> () -> < Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> Protocol_Catalog9\Catalog_Entries�0000000001 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] Protocol_Catalog9\Catalog_Entries�0000000002 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] Protocol_Catalog9\Catalog_Entries�0000000003 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] Protocol_Catalog9\Catalog_Entries�0000000004 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] Protocol_Catalog9\Catalog_Entries�0000000005 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] Protocol_Catalog9\Catalog_Entries�0000000017 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] < Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> about -> 4 = Restricted sites (Not a Default Protocol) -> about: -> 4 = Restricted sites (Not a Default Protocol) -> mhtml -> 4 = Restricted sites (Not a Default Protocol) -> < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp -> Reg Data - Key not found -> File not found msdaipp -> Reg Data - Key not found -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://webscanner.kaspersky.fr/kavwebscan_unicode.cab -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> - CodeBase = http://www.update.microsoft.com/windowsupd...b?1185227167531 -> {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -> [Registry - Additional Scans - Non-Microsoft Only] < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Service de transfert intelligent en arrière-plan -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfère des données entre les clients et les serveurs en tâche de fond. Si le service BITS est désactivé, les fonctionnalités telles que Windows Update ne fonctionneront pas correctement. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> Root\LEGACY_BITS�00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 200 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\135:TCP -> 135:TCP:*:Enabled:DCOM(135) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> Root\LEGACY_SHAREDACCESS�00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Autorise le téléchargement et l'installation des mises à jour de Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité Mises à jour automatiques, ni accéder au site Web Windows Update. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> Root\LEGACY_WUAUSERV�00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> < Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\\NoUpdateCheck -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventRun -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\Disabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventBackgroundDownload -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoUpdate -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\\DontReportInfectionInformation -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\\DWNeverUpload -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\\DWNoExternalURL -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\\DWNoFileCollection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\\DWNoSecondLevelCollection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\Common\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\Common\\DWNoExternalURL -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\Common\\DWNoFileCollection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\Common\\DWNoSecondLevelCollection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\\DWNeverUpload -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\\DWNoExternalURL -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\\DWNoFileCollection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\\DWNoSecondLevelCollection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\PCHealth\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\PCHealth\ErrorReporting\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\PCHealth\ErrorReporting\DW\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\PCHealth\ErrorReporting\DW\\DWNeverUpload -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\DisableMSI -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AlwaysInstallElevated -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Psched\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Psched\\NonBestEffortLimit -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^«0O•zI‰j HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> g°Ô‹4:?Ó¼éÜdgó” -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xÜþøÈ“ÜŠ°Ý„} -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> –; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> ½š*ÛBëØV%Mø/g -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_„ìöiÓk•j"À€ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Windows Update\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\\DisableAutoUpdate -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\\PreventCodecDownload -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\\DisableMRU -> 1 -> < Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\\PreventRun -> 0 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNeverUpload -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNoExternalURL -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNoFileCollection -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNoSecondLevelCollection -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Outlook\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Outlook\InstantMessaging\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Outlook\InstantMessaging\\ForceDisableIM -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\\DWNeverUpload -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\\DWNoExternalURL -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\\DWNoFileCollection -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\\DWNoSecondLevelCollection -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\\DWNeverUpload -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\\DWNoExternalURL -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\\DWNoFileCollection -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\\DWNoSecondLevelCollection -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ErrorReporting\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW\\DWNeverUpload -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windows Update\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\\PreventCodecDownload -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\\NoCodecDownload -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\\PreventMusicFileMetadataRetrieval -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\\PreventCDDVDMetadataRetrieval -> 1 -> < Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {083F79E4-6FE9-46FB-A6C6-4F8862742947} -> ATI HYDRAVISION -> {15095BF3-A3D7-4DDF-B193-3A496881E003} -> Microsoft .NET Framework 3.0 -> {2300EE96-0A41-4FAB-BD03-989EC44577A0} -> Partition Suite -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer -> {3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java SE Runtime Environment 6 Update 1 -> {3248F0A8-6813-11D6-A77B-00B0D0160020} -> Java 6 Update 2 -> {350C940c-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP -> {491DD792-AD81-429C-9EB4-86DD3D22E333} -> Windows Communication Foundation -> {4D3B509A-82E2-4E8B-9D90-C880A2131C73} -> Dynamic Security Agent 1.0 -> {534802E0-761E-47F4-BD27-061BC8F976AE} -> O&O SafeErase -> {53480330-E1D1-41CA-B8F8-7F78644F7F50} -> O&O Defrag Professional Edition -> {53480390-0EC4-429E-BBEE-78E19EEB03BD} -> O&O CleverCache -> {56C049BE-79E9-4502-BEA7-9754A3E60F9B} -> neroxml -> {5A710547-B58E-488B-828D-CA9A25A0533C} -> MSXML 6.0 Parser (KB927977) -> {620797B0-A022-4B57-A95E-DD7DD0321028} -> ProxyWay Extra -> {6901DD22-527A-41EF-9059-E81FEDE9E494} -> Windows Presentation Foundation Language Pack (FRA) -> {69B9A8B6-75C7-4B0C-A530-129C3C0768C8} -> Personal Translator 2008 Professional English French -> {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0 -> {7D1B85BD-AA07-48B8-808D-67A4067FC6BD} -> Windows Workflow Foundation -> {86EC42B5-346E-4BAB-948D-58E021EA4BD1} -> ATI Catalyst Control Center -> {9011040C-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003 -> {B168C59D-5FCF-4EEC-B464-BFA7A8266150} -> Windows Communication Foundation Language Pack - FRA -> {B84C141C-9A13-44BE-9A69-301D7B11D836} -> Windows Workflow Foundation FR Language Pack -> {BAF78226-3200-4DB4-BE33-4D922A799840} -> Windows Presentation Foundation -> {C151CE54-E7EA-4804-854B-F515368B0798} -> Athlon 64 Processor Driver -> {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 -> {CF097717-F174-4144-954A-FBC4BF301036} -> Nero 7 Premium -> {DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1 -> NOD32 FiX -> {DBEA1034-5882-4A88-8033-81C4EF0CFA29} -> Google Toolbar for Internet Explorer -> {E3C080B0-23F5-49AF-89F8-8E8DBC89E659} -> Microsoft .NET Framework 3.0 French Language Pack -> {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} -> Microsoft .NET Framework 2.0 Language Pack - FRA -> {F7338FA3-DAB5-49B2-900D-0AFB5760C166} -> PC Probe II -> {FB08F381-6533-4108-B7DD-039E11FBC27E} -> Realtek AC'97 Audio -> 97149975-b4b1-4d2b-b9fe-7ba413d0efeb_is1 -> SummerProperties 1.2 -> Adobe Flash Player Plugin -> Adobe Flash Player Plugin -> Adobe® Photoshop® Album Edition Découverte 3.2 -> Adobe® Photoshop® Album Edition Découverte 3.2 -> AI RoboForm -> AI RoboForm (All Users) -> All ATI Software -> ATI - Utilitaire de désinstallation du logiciel -> a-squared Free_is1 -> a-squared Free 3.0 -> AsusUpdate -> AsusUpdate -> ATI Display Driver -> ATI Display Driver -> AVGantiRootkit -> AVG Anti-Rootkit Free -> AVGAntiSpyware75 -> AVG Anti-Spyware 7.5 -> AxCrypt -> AxCrypt (Désinstaller uniquement) -> CCleaner -> CCleaner (remove only) -> dBpoweramp [Arrange Audio] Codec -> dBpoweramp [Arrange Audio] Codec -> dBpoweramp [Multi Encoder] Codec -> dBpoweramp [Multi Encoder] Codec -> dBpoweramp [ReplayGain] Codec -> dBpoweramp [ReplayGain] Codec -> dBpoweramp AAC Encoder -> dBpoweramp AAC Encoder -> dBpowerAMP CD Writer -> dBpowerAMP CD Writer -> dBPowerAMP Dalet codec R2 -> dBPowerAMP Dalet codec R2 -> dBpoweramp DirectShow Decoder -> dBpoweramp DirectShow Decoder -> dBpoweramp DSP Effects -> dBpoweramp DSP Effects -> dBpoweramp FLAC Codec -> dBpoweramp FLAC Codec -> dBpoweramp m4a Codec -> dBpoweramp m4a Codec -> dBpoweramp m4a Utilities -> dBpoweramp m4a Utilities -> dBpoweramp Midi Decoder -> dBpoweramp Midi Decoder -> dBpoweramp Monkeys Audio Codec -> dBpoweramp Monkeys Audio Codec -> dBpoweramp Musepack Codec -> dBpoweramp Musepack Codec -> dBpoweramp Music Converter -> dBpoweramp Music Converter -> dBpoweramp Ogg Vorbis Codec -> dBpoweramp Ogg Vorbis Codec -> dBpowerAMP Rename Extension -> dBpowerAMP Rename Extension -> dBpowerAMP Tag From Filename -> dBpowerAMP Tag From Filename -> dBpowerAMP Update ID Tag -> dBpowerAMP Update ID Tag -> dBpoweramp WavPack Codec -> dBpoweramp WavPack Codec -> dBpoweramp Windows Media Audio 10 Codec -> dBpoweramp Windows Media Audio 10 Codec -> DFX for Winamp -> DFX 8 for Winamp -> e-Carte Bleue Banque Populaire -> e-Carte Bleue Banque Populaire -> ERUNT_is1 -> ERUNT 1.1h -> EVEREST Ultimate Edition_is1 -> EVEREST Ultimate Edition v4.00 -> Foxit Reader -> Foxit Reader -> HijackThis -> HijackThis 1.99.1 -> Hijackthis Version Française_is1 -> Hijackthis Version Française -> IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs -> ie7 -> Windows Internet Explorer 7 -> InstallShield_{69B9A8B6-75C7-4B0C-A530-129C3C0768C8} -> Personal Translator 2008 Professional English French -> iZotope Ozone 1.0 for Winamp2 and Winamp3_is1 -> iZotope Ozone 1.0 for Winamp2 and Winamp3 -> jv16 PowerTools_is1 -> jv16 PowerTools 2007 -> Kaspersky Online Scanner -> Kaspersky Online Scanner -> KB892130 -> Windows Genuine Advantage Validation Tool (KB892130) -> KB920342 -> Mise à jour pour Windows XP (KB920342) -> KB921503 -> Mise à jour de sécurité pour Windows XP (KB921503) -> KB923789 -> Mise à jour de sécurité pour Windows XP (KB923789) -> KB929969 -> Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) -> KB933566-IE7 -> Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) -> KB936021 -> Mise à jour de sécurité pour Windows XP (KB936021) -> KB936782_WMP9 -> Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782) -> KB937143-IE7 -> Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) -> KB938127-IE7 -> Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) -> KB938828 -> Mise à jour pour Windows XP (KB938828) -> KB938829 -> Mise à jour de sécurité pour Windows XP (KB938829) -> L'Assistant DartyBox -> L'Assistant DartyBox -> Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 Language Pack - FRA -> Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA -> Microsoft .NET Framework 3.0 -> Microsoft .NET Framework 3.0 -> Microsoft .NET Framework 3.0 French Language Pack -> Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0 -> MRU-Blaster_is1 -> MRU-Blaster v1.5 (Database 3/28/2004) -> NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs -> NOD32 -> NOD32 Antivirus System -> NTREGOPT_is1 -> NTREGOPT 1.1h -> NVIDIA Drivers -> NVIDIA Drivers -> PowerISO -> PowerISO -> Privoxy -> Privoxy 3.0.6 -> Random Password Generator-PRO -> Random Password Generator-PRO -> RegScanner -> RegScanner -> Revo Uninstaller -> Revo Uninstaller 1.34 -> ShockwaveFlash -> Adobe Flash Player 9 ActiveX -> SpeedFan -> SpeedFan (remove only) -> Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.4 -> SpywareBlaster_is1 -> SpywareBlaster v3.5.1 -> SpywareGuard_is1 -> SpywareGuard v2.2 -> Steinberg Nuendo v3.2.0.1128 -> Steinberg Nuendo v3.2.0.1128 -> SuperCopier2 -> SuperCopier2 -> SyncroSoft Emu -> SyncroSoft Emu (Remove only) -> Syncrosoft's License Control -> Le Centre de Contrôle de Licences de Syncrosoft -> The KMPlayer FR_is1 -> The KMPlayer v2.9.3.1340 FR -> Tor -> Tor 0.1.2.16 -> Totalcmd -> Total Commander (Remove or Repair) -> Uninstall -> Uninstall -> Vidalia -> Vidalia 0.0.13 -> WGA -> Windows Genuine Advantage Validation Tool (KB892130) -> WIC -> Windows Imaging Component -> Winamp -> Winamp (remove only) -> Window Washer -> Window Washer -> Windows Media Format Runtime -> Windows Media Format 11 runtime -> WinRAR archiver -> Archiveur WinRAR -> WMFDist11 -> Windows Media Format 11 runtime -> xp-AntiSpy -> xp-AntiSpy 3.96-5 -> XpsEPSC -> XML Paper Specification Shared Components Pack 1.0 -> XPSEPSCLP -> XML Paper Specification Shared Components Language Pack 1.0 -> ZoneAlarm Pro -> ZoneAlarm Pro -> [Files/Folders - Created Within 30 days] Bases -> %SystemDrive%\Bases -> [Folder | Created Date = 2007-09-01 17:43:59 | Attr = ] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2007-09-05 00:41:15 | Attr = ] CWShredder -> %SystemDrive%\CWShredder -> [Folder | Created Date = 2007-08-20 20:58:05 | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Created Date = 2007-09-01 17:43:59 | Attr = ] Kaspersky -> %SystemDrive%\Kaspersky -> [Folder | Created Date = 2007-09-01 17:42:46 | Attr = ] qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 2007-09-05 00:41:59 | Attr = ] RegProt -> %SystemDrive%\RegProt -> [Folder | Created Date = 2007-08-30 08:11:48 | Attr = ] Rustbfix -> %SystemDrive%\Rustbfix -> [Folder | Created Date = 2007-08-23 15:17:03 | Attr = ] SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 2007-09-05 01:09:46 | Attr = ] Smitfraudfix -> %SystemDrive%\Smitfraudfix -> [Folder | Created Date = 2007-08-20 18:05:18 | Attr = ] totalcmd -> %SystemDrive%\totalcmd -> [Folder | Created Date = 2007-08-18 09:50:23 | Attr = ] treeinfo.wc -> %SystemDrive%\treeinfo.wc -> [Ver = | Size = 196893 bytes | Created Date = 2007-08-19 20:15:51 | Attr = H ] $NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Created Date = 2007-08-20 13:18:29 | Attr = H ] $NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 2007-08-20 13:25:25 | Attr = H ] $NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 2007-08-20 13:26:16 | Attr = H ] $NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Created Date = 2007-08-20 13:26:06 | Attr = H ] $NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 2007-08-20 13:24:32 | Attr = H ] $NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 2007-08-20 13:25:31 | Attr = H ] $NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Created Date = 2007-08-20 13:18:41 | Attr = H ] $NtUninstallXPSEPSCLP$ -> %SystemRoot%\$NtUninstallXPSEPSCLP$ -> [Folder | Created Date = 2007-08-20 13:24:14 | Attr = H ] ARJ.PIF -> %SystemRoot%\ARJ.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Created Date = 2007-09-05 00:41:26 | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2007-09-05 00:42:28 | Attr = ] ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 2007-09-06 16:37:24 | Attr = ] gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 13, 12551 | Size = 585791 bytes | Created Date = 2007-08-23 20:29:25 | Attr = ] gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 13, 12551 | Size = 581632 bytes | Created Date = 2007-08-23 20:29:25 | Attr = ] gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 297 bytes | Created Date = 2007-08-23 20:29:26 | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 2007-08-23 20:29:25 | Attr = ] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Created Date = 2007-08-28 07:30:34 | Attr = ] LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 2007-09-06 19:09:28 | Attr = ] LHA.PIF -> %SystemRoot%\LHA.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Created Date = 2007-08-29 06:44:19 | Attr = ] nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2007-09-05 00:41:26 | Attr = ] NOCLOSE.PIF -> %SystemRoot%\NOCLOSE.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 2007-08-14 22:47:46 | Attr = H ] PKUNZIP.PIF -> %SystemRoot%\PKUNZIP.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] PKZIP.PIF -> %SystemRoot%\PKZIP.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] RAR.PIF -> %SystemRoot%\RAR.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] UC.PIF -> %SystemRoot%\UC.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 964 bytes | Created Date = 2007-08-21 15:08:50 | Attr = ] Unwash6.exe -> %SystemRoot%\Unwash6.exe -> Webroot Software, Inc. [Ver = 6.5.0.100 | Size = 69960 bytes | Created Date = 2007-08-28 06:26:21 | Attr = ] wcx_ftp.ini -> %SystemRoot%\wcx_ftp.ini -> [Ver = | Size = 135 bytes | Created Date = 2007-08-18 10:03:52 | Attr = ] wincmd.ini -> %SystemRoot%\wincmd.ini -> [Ver = | Size = 4669 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] zipinst.exe -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Created Date = 2007-09-04 18:07:47 | Attr = ] en-us -> %System32%\en-us -> [Folder | Created Date = 2007-08-20 13:19:46 | Attr = ] imon.dll -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Created Date = 2007-08-18 09:31:14 | Attr = ] imon1.dat -> %System32%\imon1.dat -> [Ver = | Size = 142 bytes | Created Date = 2007-08-21 22:14:43 | Attr = ] libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796312 bytes | Created Date = 2007-08-28 07:32:02 | Attr = ] moveex.exe -> %System32%\moveex.exe -> [Ver = | Size = 38400 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ] oodbs.lor -> %System32%\oodbs.lor -> [Ver = | Size = 20432 bytes | Created Date = 2007-09-03 15:47:20 | Attr = ] poweroff.exe -> %System32%\poweroff.exe -> Jorgen Bosman [Ver = 3, 0, 1, 3 | Size = 172032 bytes | Created Date = 2007-09-01 07:31:40 | Attr = ] Sblist.ocx -> %System32%\Sblist.ocx -> Global Components (GlobalCom@pobox.com) [Ver = 2, 0, 0, 17 | Size = 65536 bytes | Created Date = 2007-08-26 00:30:45 | Attr = ] swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ] swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ] swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2302 bytes | Created Date = 2007-08-20 18:09:27 | Attr = ] vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ] vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 52662 bytes | Created Date = 2007-08-28 07:31:55 | Attr = ] vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 83696 bytes | Created Date = 2007-08-28 07:30:33 | Attr = ] vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 394192 bytes | Created Date = 2007-08-28 07:31:55 | Attr = ] vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 157424 bytes | Created Date = 2007-08-28 07:30:33 | Attr = ] vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 104176 bytes | Created Date = 2007-08-28 07:31:55 | Attr = ] vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 276208 bytes | Created Date = 2007-08-28 07:31:55 | Attr = ] vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 71408 bytes | Created Date = 2007-08-28 07:32:02 | Attr = ] vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 472816 bytes | Created Date = 2007-08-28 07:30:30 | Attr = ] vsutil_loc040c.dll -> %System32%\vsutil_loc040c.dll -> Zone Labs Inc. [Ver = 5.3.017.000 | Size = 54936 bytes | Created Date = 2007-08-28 07:32:05 | Attr = ] vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 46832 bytes | Created Date = 2007-08-28 07:31:56 | Attr = ] vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 100080 bytes | Created Date = 2007-08-28 07:31:56 | Attr = ] XPSViewer -> %System32%\XPSViewer -> [Folder | Created Date = 2007-08-20 13:19:48 | Attr = ] zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 83696 bytes | Created Date = 2007-08-28 07:32:01 | Attr = ] zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 71408 bytes | Created Date = 2007-08-28 07:32:01 | Attr = ] zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Created Date = 2007-08-28 07:32:08 | Attr = H ] ZoneLabs -> %System32%\ZoneLabs -> [Folder | Created Date = 2007-08-28 07:31:55 | Attr = ] zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1087216 bytes | Created Date = 2007-08-28 07:31:56 | Attr = ] amon.sys -> %System32%\drivers\amon.sys -> Eset [Ver = 2, 70, 39 | Size = 512096 bytes | Created Date = 2007-08-18 09:31:14 | Attr = ] AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 2007-08-28 07:24:47 | Attr = ] gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3911 | Size = 70001 bytes | Created Date = 2007-08-23 20:29:25 | Attr = ] nod32drv.sys -> %System32%\drivers\nod32drv.sys -> [Ver = | Size = 15424 bytes | Created Date = 2007-08-18 09:31:14 | Attr = ] snapman.sys -> %System32%\drivers\snapman.sys -> Acronis [Ver = 2.1 build 222 | Size = 99776 bytes | Created Date = 2007-08-28 05:19:08 | Attr = ] Ahead -> %AllUsersAppData%\Ahead -> [Folder | Created Date = 2007-08-28 05:47:14 | Attr = ] Nero -> %AllUsersAppData%\Nero -> [Folder | Created Date = 2007-08-28 05:45:29 | Attr = ] PT2008 -> %AllUsersAppData%\PT2008 -> [Folder | Created Date = 2007-08-28 06:05:09 | Attr = ] RoboForm -> %AllUsersAppData%\RoboForm -> [Folder | Created Date = 2007-08-30 08:50:22 | Attr = ] TEMP -> %AllUsersAppData%\TEMP -> [Folder | Created Date = 2007-08-28 17:40:54 | Attr = ] @Alternate Data Stream - 122 bytes -> %AllUsersAppData%\TEMP:5E1F4E0B -> Ahead -> %UserAppData%\Ahead -> [Folder | Created Date = 2007-08-28 05:47:34 | Attr = ] Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 2007-08-28 07:24:57 | Attr = ] tor -> %UserAppData%\tor -> [Folder | Created Date = 2007-08-25 11:56:55 | Attr = ] Vidalia -> %UserAppData%\Vidalia -> [Folder | Created Date = 2007-08-25 11:55:48 | Attr = ] VSRevoGroup -> %UserAppData%\VSRevoGroup -> [Folder | Created Date = 2007-09-03 16:10:28 | Attr = ] Ahead -> %LocalAppData%\Ahead -> [Folder | Created Date = 2007-08-28 05:53:42 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 23040 bytes | Created Date = 2007-08-12 21:09:17 | Attr = ] GHISLER -> %LocalAppData%\GHISLER -> [Folder | Created Date = 2007-08-18 10:03:12 | Attr = ] AlwaysUnloadDll.reg -> %UserDocuments%\AlwaysUnloadDll.reg -> [Ver = | Size = 125 bytes | Created Date = 2007-08-16 21:48:44 | Attr = ] cache_dns.reg -> %UserDocuments%\cache_dns.reg -> [Ver = | Size = 289 bytes | Created Date = 2007-08-16 21:39:26 | Attr = ] cc Clean avant scan complet_20070816_1527.reg -> %UserDocuments%\cc Clean avant scan complet_20070816_1527.reg -> [Ver = | Size = 2928 bytes | Created Date = 2007-08-16 14:28:05 | Attr = ] cc_20070831_0721.reg -> %UserDocuments%\cc_20070831_0721.reg -> [Ver = | Size = 20117 bytes | Created Date = 2007-08-31 06:22:06 | Attr = ] Conf.PT 2008 Pro -> %UserDocuments%\Conf.PT 2008 Pro -> [Folder | Created Date = 2007-08-28 06:16:06 | Attr = ] CoolWebSearch_homesearch.php.htm -> %UserDocuments%\CoolWebSearch_homesearch.php.htm -> [Ver = | Size = 41398 bytes | Created Date = 2007-08-30 05:16:26 | Attr = ] frames2.php.htm -> %UserDocuments%\frames2.php.htm -> [Ver = | Size = 16697 bytes | Created Date = 2007-08-22 16:39:07 | Attr = ] Mon nom.doc -> %UserDocuments%\Mon nom.doc -> [Ver = | Size = 42496 bytes | Created Date = 2007-08-20 13:46:10 | Attr = ] My RoboForm Data -> %UserDocuments%\My RoboForm Data -> [Folder | Created Date = 2007-08-30 08:50:03 | Attr = ] Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP.htm -> %UserDocuments%\Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP.htm -> [Ver = | Size = 15570 bytes | Created Date = 2007-08-29 04:45:23 | Attr = ] Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP_fichiers -> %UserDocuments%\Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP_fichiers -> [Folder | Created Date = 2007-08-29 04:45:23 | Attr = ] O&O -> %UserDocuments%\O&O -> [Folder | Created Date = 2007-08-18 10:39:38 | Attr = ] Personal Translator 2008 Professional -> %UserDocuments%\Personal Translator 2008 Professional -> [Folder | Created Date = 2007-08-28 06:09:27 | Attr = ] Proxy Lists. Sorted by type. List #1.htm -> %UserDocuments%\Proxy Lists. Sorted by type. List #1.htm -> [Ver = | Size = 13905 bytes | Created Date = 2007-08-26 18:29:44 | Attr = ] proxy.php.htm -> %UserDocuments%\proxy.php.htm -> [Ver = | Size = 700 bytes | Created Date = 2007-08-26 19:17:36 | Attr = ] Personal Translator 2008.lnk -> %AllUsersDesktop%\Personal Translator 2008.lnk -> [Ver = | Size = 962 bytes | Created Date = 2007-08-28 06:05:46 | Attr = ] EVEREST Ultimate Edition.lnk -> %UserDesktop%\EVEREST Ultimate Edition.lnk -> [Ver = | Size = 787 bytes | Created Date = 2007-08-14 22:27:26 | Attr = ] Revo Uninstaller.lnk -> %UserDesktop%\Revo Uninstaller.lnk -> [Ver = | Size = 917 bytes | Created Date = 2007-09-03 16:09:43 | Attr = ] Window Washer.lnk -> %UserDesktop%\Window Washer.lnk -> [Ver = | Size = 1596 bytes | Created Date = 2007-08-28 06:26:48 | Attr = ] Acronis -> %CommonProgramFiles%\Acronis -> [Folder | Created Date = 2007-08-28 05:19:03 | Attr = ] Ahead -> %CommonProgramFiles%\Ahead -> [Folder | Created Date = 2007-08-28 05:45:29 | Attr = ] Webroot Shared -> %CommonProgramFiles%\Webroot Shared -> [Folder | Created Date = 2007-08-28 06:26:36 | Attr = ] [Files/Folders - Modified Within 30 days] Bases -> %SystemDrive%\Bases -> [Folder | Modified Date = 2007-09-01 18:45:56 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 212 bytes | Modified Date = 2007-08-31 07:45:08 | Attr = HS] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2007-09-05 01:46:52 | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2007-09-02 14:40:12 | Attr = ] CWShredder -> %SystemDrive%\CWShredder -> [Folder | Modified Date = 2007-09-01 07:24:38 | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 2007-09-01 18:45:52 | Attr = ] Kaspersky -> %SystemDrive%\Kaspersky -> [Folder | Modified Date = 2007-09-01 18:42:54 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2007-09-04 19:07:48 | Attr = R ] qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 2007-09-05 01:42:32 | Attr = ] RegProt -> %SystemDrive%\RegProt -> [Folder | Modified Date = 2007-09-06 17:41:58 | Attr = ] Rustbfix -> %SystemDrive%\Rustbfix -> [Folder | Modified Date = 2007-08-30 07:58:08 | Attr = ] SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 2007-09-06 17:43:16 | Attr = ] Smitfraudfix -> %SystemDrive%\Smitfraudfix -> [Folder | Modified Date = 2007-08-21 15:38:14 | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2007-08-31 07:43:18 | Attr = HS] totalcmd -> %SystemDrive%\totalcmd -> [Folder | Modified Date = 2007-09-02 14:21:32 | Attr = ] treeinfo.wc -> %SystemDrive%\treeinfo.wc -> [Ver = | Size = 196893 bytes | Modified Date = 2007-08-26 01:47:38 | Attr = H ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-09-06 20:09:30 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-08-20 14:13:34 | Attr = H ] $NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Modified Date = 2007-08-20 14:18:32 | Attr = H ] $NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 2007-08-20 14:25:26 | Attr = H ] $NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 2007-08-20 14:26:18 | Attr = H ] $NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Modified Date = 2007-08-20 14:26:08 | Attr = H ] $NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Modified Date = 2007-08-20 14:24:34 | Attr = H ] $NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 2007-08-20 14:25:32 | Attr = H ] $NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Modified Date = 2007-08-20 14:18:42 | Attr = H ] $NtUninstallXPSEPSCLP$ -> %SystemRoot%\$NtUninstallXPSEPSCLP$ -> [Folder | Modified Date = 2007-08-20 14:24:16 | Attr = H ] ALCFDRTM.VER -> %SystemRoot%\ALCFDRTM.VER -> Realtek Semiconductor Corp. [Ver = 1.01 | Size = 60416 bytes | Modified Date = 2007-08-29 07:54:36 | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2007-08-20 18:26:48 | Attr = R S] BissHM.ini -> %SystemRoot%\BissHM.ini -> [Ver = | Size = 251 bytes | Modified Date = 2007-08-21 15:58:44 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-09-06 17:40:06 | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2007-09-04 07:34:44 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2007-08-20 22:33:06 | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 2007-09-05 01:59:42 | Attr = ] ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 2007-09-06 17:37:26 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2007-08-21 15:59:38 | Attr = R S] gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 13, 12551 | Size = 585791 bytes | Modified Date = 2007-08-23 21:29:26 | Attr = ] gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 297 bytes | Modified Date = 2007-09-05 22:52:04 | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 2007-08-23 21:29:26 | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2007-09-05 22:23:42 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-09-05 22:23:42 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-09-02 14:40:12 | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 2007-09-07 00:36:52 | Attr = ] LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 2007-09-06 20:09:30 | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 2007-08-20 18:22:00 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 2007-09-02 02:06:56 | Attr = ] PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 2007-08-14 23:47:48 | Attr = H ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2007-09-06 08:12:10 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2007-09-06 17:41:04 | Attr = ] RtlRack.ini -> %SystemRoot%\RtlRack.ini -> [Ver = | Size = 169 bytes | Modified Date = 2007-08-26 19:23:10 | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 2007-09-05 01:46:00 | Attr = ] SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 2007-08-14 00:38:50 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2007-08-31 07:45:08 | Attr = ] system32 -> %System32% -> [Folder | Modified Date = 2007-09-07 00:10:14 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2007-09-03 21:40:32 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2007-09-07 00:35:40 | Attr = ] unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 964 bytes | Modified Date = 2007-08-21 16:08:52 | Attr = ] Unwash6.exe -> %SystemRoot%\Unwash6.exe -> Webroot Software, Inc. [Ver = 6.5.0.100 | Size = 69960 bytes | Modified Date = 2007-08-09 13:56:20 | Attr = ] wcx_ftp.ini -> %SystemRoot%\wcx_ftp.ini -> [Ver = | Size = 135 bytes | Modified Date = 2007-08-25 20:46:12 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 477 bytes | Modified Date = 2007-08-31 07:45:08 | Attr = ] wincmd.ini -> %SystemRoot%\wincmd.ini -> [Ver = | Size = 4669 bytes | Modified Date = 2007-09-06 17:49:22 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2007-08-28 07:05:00 | Attr = ] zipinst.exe -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Modified Date = 2007-09-04 19:07:48 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-09-03 22:13:38 | Attr = H ] BASSMOD.dll -> %System32%\BASSMOD.dll -> [Ver = | Size = 10752 bytes | Modified Date = 2007-08-26 18:57:34 | Attr = ] CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 2007-09-03 21:38:54 | Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-09-06 19:32:26 | Attr = ] config -> %System32%\config -> [Folder | Modified Date = 2007-09-05 01:45:26 | Attr = ] decdnet.dll -> %System32%\decdnet.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 61952 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] DirectX -> %System32%\DirectX -> [Folder | Modified Date = 2007-08-28 06:45:02 | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-09-07 00:10:20 | Attr = ] drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-09-06 19:32:24 | Attr = ] en-us -> %System32%\en-us -> [Folder | Modified Date = 2007-08-20 14:19:48 | Attr = ] encdnet.dll -> %System32%\encdnet.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 85504 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 196160 bytes | Modified Date = 2007-08-22 13:32:24 | Attr = ] fr-fr -> %System32%\fr-fr -> [Folder | Modified Date = 2007-08-20 14:24:00 | Attr = ] imon.dll -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] imon1.dat -> %System32%\imon1.dat -> [Ver = | Size = 142 bytes | Modified Date = 2007-09-05 01:45:58 | Attr = ] oodbs.lor -> %System32%\oodbs.lor -> [Ver = | Size = 20432 bytes | Modified Date = 2007-09-06 17:40:00 | Attr = ] perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 73790 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ] perfc00C.dat -> %System32%\perfc00C.dat -> [Ver = | Size = 87470 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ] perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 444648 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ] perfh00C.dat -> %System32%\perfh00C.dat -> [Ver = | Size = 513842 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 1129320 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ] pnc3250.dll -> %System32%\pnc3250.dll -> RealNetworks, Inc. [Ver = 5.0.0.113 | Size = 130560 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] pncrt.dll -> %System32%\pncrt.dll -> RealNetworks, Inc. [Ver = 4.20.0000 | Size = 273408 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] pneng50.dll -> %System32%\pneng50.dll -> RealNetworks, Inc. [Ver = 5.0.0.113 | Size = 131072 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] pngu3263.dll -> %System32%\pngu3263.dll -> RealNetworks, Inc. [Ver = 6.3.0.226 | Size = 352768 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] poweroff.exe -> %System32%\poweroff.exe -> Jorgen Bosman [Ver = 3, 0, 1, 3 | Size = 172032 bytes | Modified Date = 2007-09-01 08:00:24 | Attr = ] ra3214_4.dll -> %System32%\ra3214_4.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 81920 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] ra3228_8.dll -> %System32%\ra3228_8.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 72704 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] ra32dnet.dll -> %System32%\ra32dnet.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 21504 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] ra32sipr.dll -> %System32%\ra32sipr.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 87040 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] Restore -> %System32%\Restore -> [Folder | Modified Date = 2007-08-31 07:43:18 | Attr = ] rmbe3260.dll -> %System32%\rmbe3260.dll -> RealNetworks, Inc. [Ver = 6.0.7.26 | Size = 487936 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2302 bytes | Modified Date = 2007-08-31 20:58:48 | Attr = ] vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 52662 bytes | Modified Date = 2007-09-06 17:40:26 | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2007-09-03 16:47:32 | Attr = ] XPSViewer -> %System32%\XPSViewer -> [Folder | Modified Date = 2007-08-20 14:19:50 | Attr = ] zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 2007-09-06 22:43:40 | Attr = H ] ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 2007-09-06 21:58:38 | Attr = ] amon.sys -> %System32%\drivers\amon.sys -> Eset [Ver = 2, 70, 39 | Size = 512096 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ] etc -> %System32%\drivers\etc -> [Folder | Modified Date = 2007-09-06 17:38:14 | Attr = ] gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3911 | Size = 70001 bytes | Modified Date = 2007-08-23 21:29:26 | Attr = ] nod32drv.sys -> %System32%\drivers\nod32drv.sys -> [Ver = | Size = 15424 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ] snapman.sys -> %System32%\drivers\snapman.sys -> Acronis [Ver = 2.1 build 222 | Size = 99776 bytes | Modified Date = 2007-08-28 06:19:10 | Attr = ] Adobe -> %AllUsersAppData%\Adobe -> [Folder | Modified Date = 2007-08-14 00:14:32 | Attr = ] Ahead -> %AllUsersAppData%\Ahead -> [Folder | Modified Date = 2007-08-28 06:47:16 | Attr = ] Nero -> %AllUsersAppData%\Nero -> [Folder | Modified Date = 2007-08-28 06:45:30 | Attr = ] PT2008 -> %AllUsersAppData%\PT2008 -> [Folder | Modified Date = 2007-08-28 07:05:10 | Attr = ] RoboForm -> %AllUsersAppData%\RoboForm -> [Folder | Modified Date = 2007-08-30 09:50:24 | Attr = ] Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 2007-09-04 07:28:54 | Attr = ] TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 2007-08-30 05:16:36 | Attr = ] @Alternate Data Stream - 122 bytes -> %AllUsersAppData%\TEMP:5E1F4E0B -> Webroot -> %AllUsersAppData%\Webroot -> [Folder | Modified Date = 2007-09-03 21:08:58 | Attr = ] Ahead -> %UserAppData%\Ahead -> [Folder | Modified Date = 2007-08-29 07:47:04 | Attr = ] Babylon -> %UserAppData%\Babylon -> [Folder | Modified Date = 2007-08-13 10:47:52 | Attr = ] Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 2007-08-28 08:24:58 | Attr = ] Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 2007-09-02 14:39:26 | Attr = S] tor -> %UserAppData%\tor -> [Folder | Modified Date = 2007-08-28 20:08:24 | Attr = ] uTorrent -> %UserAppData%\uTorrent -> [Folder | Modified Date = 2007-09-07 00:41:56 | Attr = ] Vidalia -> %UserAppData%\Vidalia -> [Folder | Modified Date = 2007-08-30 12:52:46 | Attr = ] VSRevoGroup -> %UserAppData%\VSRevoGroup -> [Folder | Modified Date = 2007-09-03 17:10:30 | Attr = ] Webroot -> %UserAppData%\Webroot -> [Folder | Modified Date = 2007-09-03 21:08:58 | Attr = ] Adobe -> %LocalAppData%\Adobe -> [Folder | Modified Date = 2007-08-14 00:14:20 | Attr = ] Ahead -> %LocalAppData%\Ahead -> [Folder | Modified Date = 2007-08-28 06:55:28 | Attr = ] ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 2007-09-06 17:42:04 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 23040 bytes | Modified Date = 2007-08-19 21:37:16 | Attr = ] GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 43640 bytes | Modified Date = 2007-08-23 00:02:08 | Attr = ] GHISLER -> %LocalAppData%\GHISLER -> [Folder | Modified Date = 2007-08-18 11:03:14 | Attr = ] IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 1578010 bytes | Modified Date = 2007-08-28 07:53:36 | Attr = H ] Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 2007-09-02 00:55:14 | Attr = ] a-squared -> %UserDocuments%\a-squared -> [Folder | Modified Date = 2007-08-16 16:58:04 | Attr = ] AlwaysUnloadDll.reg -> %UserDocuments%\AlwaysUnloadDll.reg -> [Ver = | Size = 125 bytes | Modified Date = 2007-08-16 22:48:48 | Attr = ] cache_dns.reg -> %UserDocuments%\cache_dns.reg -> [Ver = | Size = 289 bytes | Modified Date = 2007-08-16 22:39:32 | Attr = ] cc Clean avant scan complet_20070816_1527.reg -> %UserDocuments%\cc Clean avant scan complet_20070816_1527.reg -> [Ver = | Size = 2928 bytes | Modified Date = 2007-08-16 15:28:10 | Attr = ] cc_20070831_0721.reg -> %UserDocuments%\cc_20070831_0721.reg -> [Ver = | Size = 20117 bytes | Modified Date = 2007-08-31 07:22:14 | Attr = ] Conf.PT 2008 Pro -> %UserDocuments%\Conf.PT 2008 Pro -> [Folder | Modified Date = 2007-08-28 07:16:46 | Attr = ] CoolWebSearch_homesearch.php.htm -> %UserDocuments%\CoolWebSearch_homesearch.php.htm -> [Ver = | Size = 41398 bytes | Modified Date = 2007-08-30 06:16:34 | Attr = ] frames2.php.htm -> %UserDocuments%\frames2.php.htm -> [Ver = | Size = 16697 bytes | Modified Date = 2007-08-22 17:39:12 | Attr = ] Mon nom.doc -> %UserDocuments%\Mon nom.doc -> [Ver = | Size = 42496 bytes | Modified Date = 2007-08-20 14:46:12 | Attr = ] Mes images -> %UserDocuments%\Mes images -> [Folder | Modified Date = 2007-09-06 17:32:56 | Attr = R ] My RoboForm Data -> %UserDocuments%\My RoboForm Data -> [Folder | Modified Date = 2007-08-30 11:03:50 | Attr = ] Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP.htm -> %UserDocuments%\Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP.htm -> [Ver = | Size = 15570 bytes | Modified Date = 2007-08-29 05:45:30 | Attr = ] Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP_fichiers -> %UserDocuments%\Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP_fichiers -> [Folder | Modified Date = 2007-08-29 05:45:26 | Attr = ] O&O -> %UserDocuments%\O&O -> [Folder | Modified Date = 2007-08-18 11:39:40 | Attr = ] Personal Translator 2008 Professional -> %UserDocuments%\Personal Translator 2008 Professional -> [Folder | Modified Date = 2007-08-28 07:24:12 | Attr = ] Proxy Lists. Sorted by type. List #1.htm -> %UserDocuments%\Proxy Lists. Sorted by type. List #1.htm -> [Ver = | Size = 13905 bytes | Modified Date = 2007-08-26 19:29:46 | Attr = ] proxy.php.htm -> %UserDocuments%\proxy.php.htm -> [Ver = | Size = 700 bytes | Modified Date = 2007-08-26 20:17:38 | Attr = ] Personal Translator 2008.lnk -> %AllUsersDesktop%\Personal Translator 2008.lnk -> [Ver = | Size = 962 bytes | Modified Date = 2007-08-28 07:05:48 | Attr = ] ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2007-08-25 15:48:52 | Attr = ] EVEREST Ultimate Edition.lnk -> %UserDesktop%\EVEREST Ultimate Edition.lnk -> [Ver = | Size = 787 bytes | Modified Date = 2007-08-14 23:27:28 | Attr = ] Revo Uninstaller.lnk -> %UserDesktop%\Revo Uninstaller.lnk -> [Ver = | Size = 917 bytes | Modified Date = 2007-09-03 17:09:44 | Attr = ] Window Washer.lnk -> %UserDesktop%\Window Washer.lnk -> [Ver = | Size = 1596 bytes | Modified Date = 2007-08-28 07:26:50 | Attr = ] Barre d'état système d'ATI CATALYST.lnk -> %AllUsersStartup%\Barre d'état système d'ATI CATALYST.lnk -> [Ver = | Size = 1851 bytes | Modified Date = 2007-08-21 14:55:26 | Attr = ] TrayIt!.lnk -> %UserStartup%\TrayIt!.lnk -> [Ver = | Size = 604 bytes | Modified Date = 2007-08-24 13:41:14 | Attr = ] Acronis -> %CommonProgramFiles%\Acronis -> [Folder | Modified Date = 2007-08-28 06:19:08 | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 2007-08-14 00:14:34 | Attr = ] Ahead -> %CommonProgramFiles%\Ahead -> [Folder | Modified Date = 2007-08-28 06:46:44 | Attr = ] Webroot Shared -> %CommonProgramFiles%\Webroot Shared -> [Folder | Modified Date = 2007-08-28 07:26:46 | Attr = ] [File String Scan - Non-Microsoft Only] PTech , ad-beh , abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %SystemDrive%\rapport Nettoyage SmitFraudFix.txt -> [Ver = | Size = 9516565 bytes | Modified Date = 2007-08-22 22:33:20 | Attr = ] PTech , ad-beh , abetterinternet.com , ad-w-a-r-e.com , -> %SystemDrive%\rapport SmitFraudFix 31.08 .txt -> [Ver = | Size = 8431185 bytes | Modified Date = 2007-08-31 18:46:10 | Attr = ] UPX! , UPX0 , -> %SystemRoot%\Unwash6.exe -> Webroot Software, Inc. [Ver = 6.5.0.100 | Size = 69960 bytes | Modified Date = 2007-08-09 13:56:20 | Attr = ] UPX! , UPX0 , -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Modified Date = 2007-09-04 19:07:48 | Attr = ] WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.43 | Size = 18706432 bytes | Modified Date = 2005-04-18 13:57:58 | Attr = ] PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 2002-09-07 03:00:00 | Attr = ] USERTRUST , -> %System32%\SpoonUninstall.exe -> [Ver = | Size = 4131192 bytes | Modified Date = 2007-07-02 19:09:04 | Attr = ] UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 2007-07-22 18:39:28 | Attr = ] winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2002-09-07 03:00:00 | Attr = ] @Alternate Data Stream - 88 bytes -> %System32%\drivers\etc\tesgaz:SummaryInformation -> @Alternate Data Stream - 0 bytes -> %System32%\drivers\etc\tesgaz:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} -> PTech , ad-beh , abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\tesgaz -> [Ver = | Size = 9518036 bytes | Modified Date = 2007-08-21 22:35:06 | Attr = R ] @Alternate Data Stream - 122 bytes -> %AllUsersAppData%\TEMP:5E1F4E0B -> Call (RPC) Help , -> %UserDocuments%\CoolWebSearch_homesearch.php.htm -> [Ver = | Size = 41398 bytes | Modified Date = 2007-08-30 06:16:34 | Attr = ] Call (RPC) Help , -> %UserDocuments%\emove instruction.txt -> [Ver = | Size = 23675 bytes | Modified Date = 2007-08-30 06:45:56 | Attr = ] UPX! , UPX0 , -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2007-08-25 15:48:52 | Attr = ] < End of report > merci de m'aider , amicalement

Charles peut tu débloquer mes restriction ou me dire ou trouvé les petit texte. Merci, amicalement

Un pas vient d'être franchie, le raccourcie pour les Màj Windows marche, mais pas les Màj.Peut être dût au restriction présentent (voir log Hijack)sinon pour mes droit admin rien de changé et pour le registre je suis toujours bloquer , je peut toujours pas désactiver des application au démarrage voir l'image (JV16 PowerTools). Sinon je peut trouvé où ces texte qu'il faut mettre dans Winpfind3u ? Car à par celui pour ton topic où tu désinfectait quelqu'un auquel le texte servait pour le problème de droit admin avec ré activation de panneau de config, j'en ai trouvé que 1 seul, et il y avait écrit JUSTE POUR CET UTILISATEUR. Amicalement.

Le fichier fait 116 Ko (taille sur le disque). SInon au début tu me demandait si je voulait que tu enlève la restriction du registre, et bien en faite je veux bien, car j'ai voulu désactivé deux apps au démarrage DSA et Regprot, d'ailleur DSA block un processus qui n'a aucun nom.Donc je désactive les application et il me dit : Et pourtnt après il met NON pour dire ne redémarrera pas mais en fait elle démarre quand même. Voici le rapport de l'analyse que tu m'as demandé : SDFix: Version 1.101 Run by Loickos on 2007-09-06 at 17:37 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files: --------------- Files with Hidden Attributes: C:\WINDOWS\system32\fddccfebcf_r.dll C:\Documents and Settings\Loickos\NTUSER.tmp.LOG C:\WINDOWS\system32\config\SAM.tmp.LOG C:\WINDOWS\system32\config\SECURITY.tmp.LOG Finished Je te met aussi un rapport Hijackthis car j'ai vu une ligne avec restriction Internet explorer.Pour les processus au début il y en quelques un qui serve a rien mais je sais que j'avais remis des service en pensant que sa allait débloquer le problème pour mes Màj et je ne les ai pas re arrèter.Mais je sais plus lesquel exactement. Logfile of HijackThis v1.99.1 Scan saved at 18:14, on 2007-09-06 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\OO Software\CleverCache\ooccag.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\locator.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Privacyware\Dynamic Security Agent\DSA.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\OO Software\CleverCache\ooccctrl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\regprot\regprot.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe U:\Optimisation & Diagnostic\Tray It\TrayIt!.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\totalcmd\TOTALCMD.EXE C:\HijackThis-fr\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DSA] "C:\Program Files\Privacyware\Dynamic Security Agent\DSA.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE" O4 - HKLM\..\Run: [H2O] "C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" O4 - HKLM\..\Run: [ooccctrl.exe] "C:\Program Files\OO Software\CleverCache\ooccctrl.exe" /tasktray O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Fichiers communs\Acronis\Partition Suite\oss_reinstall.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [RegProt] c:\regprot\regprot.exe /start O4 - HKLM\..\Run: [sDFix] C:\SDFix\RunThis.bat /second O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Program Files\MRU-Blaster\indexcleaner.exe -COOKIES O4 - HKLM\..\RunOnce: [sDFix] C:\SDFix\RunThis.bat /second O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe O4 - Startup: TrayIt!.lnk = U:\Optimisation & Diagnostic\Tray It\TrayIt!.exe O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [iNTERNATIONAL] International* O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/windowsupd...b?1185227167531 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe O23 - Service: Privacyware network service (PFNet) - PWI, Inc. - C:\Program Files\Privacyware\Dynamic Security Agent\pfsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe Merci Charles, J'attend tes instruction. Amicalement

Merci Charles la manip a réussi mais j'ai toujours le message quand je veux mettre à jour. Charles est il possible de retirer les restriction pour mes droit administrateur car je voudrai désinstaller DSA car il bloque des truc y a pas de nom et je ne peu pas le supprimer : le message dit qu'il y a des restriction je n'ai pas les droit administrateur. Merci de l'aide que tu m'apporte, je dois partir au boulot, en attendant je te souhaite une bonne journée. PS : j'ai oublier de dire : le racourci pour les Màj windows ne marche pas et sinon le problème peut peut être venir des clés que j'ai suppr. pour me désinfecter.c'est dans le message sous le forum software si je ne me trompe pas, lien pour mon 2émé topic (software)je te met le lien car tout les souci ne sont pas que sur ce topic mais étaler sur les deux, en tout cas je ne sais pas le nom de la merde que j'avais choper mais elle ma foutu le bordel dans mon PC . Si besoin de rapport particulier ou autre je suis a ta disposition. Encore merci, bonne journée, amicalement.

Est il possible de reprendre demain ? Amicalement

Je sais pas si sa peut aider , mais les clé n'existe pas dans mon registre, c'est normal. ? Si elle s'y sont j'ai mal fait ma recherche.par contre les valeur pour windows update (les clés de ton texte )sont sur (0)

Je voulai savoir pour les droit administrateur est ce qu'il est possible de les remettre ? je veux dire tel qu'il devrait être quand on a rien configurer. Et j'ai une autre question mais là c'est plus une question de protection Puis-je crypter mon fichier hosts pour le protéger ou cela empècherai son bon fonctionnement ? Car lecture seul ne sert pas à grand chose. amicalement

Autant pour moi , pareil chez CastleCops, Et oui hors Màj je le désactive donc je le vois pas quand je vérifie mon PC J'ai lu trop vite , mais cette ligne m'avais sauter au yeux Bon j'ai encore un peu travail . je me suis laisser prendre, amicalement

J'ai mis le texte puis run tout c'est bien passer voici le rapport [Registry - Non-Microsoft Only] Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\DisableWindowsUpdate deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoWindowsUpdate deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\\DisableWindowsUpdateAccess deleted successfully. < End of log > Created on 09-05-2007 22:21:37 j'ai enlever les restriction que je met avec mes apps , j'ai kick Regprot, pas DSA d'habitude il ne gène pas il faudrait que j'essaie peut être . Pas de changement pour les Màj toujours le même message d'erreur. En plus voici ce que je découvre en voulant mettre a jours Spyware guard , je le démarre quand je fais mes Màj Pour DSA je l'ai eu sur le site de Malekal , mais depuis que j'avais eu l'infection il merde un peu mais je peut pas le désinstaller , problème de droit administrateur et je le laissse de coté pour pouvoir essayer quand j'aurais a nouveaux mes droit .Je vais l'enlever du démarrage avec windows. amicalement

Suis ces instructions: * Télécharge AVG anti spyware - Mets le à jour. Ferme AVG AS. Ne pas le lancer tout de suite. Un tuto si tu n'y arrives pas => http://www.malekal.com/tutorial_AVG_AntiSpyware.php * TéléchargeATF Cleaner par Atribune. * Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. * Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Re démarre en mode sans echec si probleme: Aide sur malekal.com * Double-clique ATF-Cleaner.exe afin de lancer le programme. Pour internet explorer Sous l'onglet Main, choisis : Select All Clique sur le bouton Empty Selected Pour Firefox Sous l'onglet Firefox, choisis : Select All Clique le bouton Empty Selected NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite. Clique Exit, du menu prinicipal, afin de fermer le programme. * Lance AVG AS et clique sur Analyse * Puis sur l'onglets Puis l'onglet Paramètres, pour Comment réagir ? sélectionne Actions recommandées puis Quarantaine * Reviens a l'onglet Analyse et clique sur Analyse complète du système, le scan démarre * Si un fichier infecté a été détecté, en fin d'analyse clique sur Appliquer toutes les actions * Clique sur Enregistrer le rapport et pour finir Enregistrer le rapport sous, enregistre sur le Bureau * Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script. * Appuie sur Y pour commencer le processus de nettoyage. * Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. * Appuie sur une touche pour redémarrer le PC. * Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. * Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. * Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. * Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. * Redémarre en mode normal. * Télécharge BlackLight (de F-Secure); clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau. Double-clique fsbl.exe et accepte la licence; clique Scan puis Next Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres). Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe Poste : * le rapport AVG AS * le rapport Blacklight * le rapport SDFIX * un nouveau log hijackthis A plus tard. Prends le temps de bien lire tout ça, suis pas à pas les instructions. amicalement.