Aller au contenu

chtilo

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    215

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par chtilo

  1. chtilo
    Je peux installer mes pas désinstaller certaine il me dit que je n'ai pas les droit administrateur mais je suis administrateur Pour Windows Installer j'ai réussi a le remettre met avant une installe je dois aller démarrer le service manuellement alors qu'il est en automatique. Sinon après il marche normalement. Et pour Erunt pareil il ne démarre plus comme il devrait le faire et je dois donc faire les sauvegarde manuellement, normalement il est en autobackup.Et démarrage en même temps que windows. Et par contre pour les Màj windows plus possible je veux dire une fois les option de SafeXP et XP antispy remit pour les faire et bien sa veut pas les faire pourtant je fais comme je faisait d'habitude mais pour la désinfection j'ai effacé des clés Tout les message d'erreur que j'ai eu sont sur les deux topic , celui-ci et là si besoin d'autre infos .... Pour les restriction (regedit et Màj automatique) oui c'est moi qui les mets XPSafe et XP Antispy permette de protéger un peu plus donc je les mets et retire suivant mes besoin.En tout cas l'accès au registre je l'ai encore. Je sais pas si c'est réalisable mais je voudrai pouvoir récupérer les droit administrateur habituels car pour ma part je touche jamais au restriction et autres pour une simple raison ; j'y comprend rien donc a l'origine je n'ai rien mis a la place j'utilise XPSafe et XP Antispy qui me semble suffisant, qu'en pense tu ? Mais si pour facilité les chose tu préfère tout remettre d'un coup registre et tout , fais le , je pourrai toujours re cocher les option après. Encore merci Charles de m'aider , amicalement
  2. chtilo
    Bonsoir voilà ton infection serait Troj/Banker-FZ or Troj/Banker-GD T dû à C:\WINDOWS\system32\wscntfy.exe je recherche des Info et revien amicalement.
  3. chtilo
    Bonsoir Charles , Et surtout merci du temps que tu m'accorde . Pour restriction du registre et windows Update cela vient de XP AntiSpy donc si il le faut je pourrai te remettre un rapport sans.Par contre comme tu pourra l'observé pour l'infection j'ai supprimer des clé (infos sur sophos)Windows update donc même en enlevant l'option dans XP Anti Spy je ne peu les faire. Pour les clé Windows Installer les clés vienne d'un topic du forum pour les message d'erreur mais sur pour DisableMSI je savait pas quel valeur mettre , mais en tout cas il ne se lance pas tout seul , pourtant il est en automatique. Voici les seul info que je peu te donner car après en tout cas c'est pas moi qui ai touché ou changé quelque chose. Encore merci, amicalement.
  4. chtilo

    O&O defrag

    chtilo a répondu à un(e) sujet de Barban dans Software

    Ok , a mon avis il faudra remettre un services ou deux mais je sais plus lesquels. Oui vien mettre la solution sa servira a quelqu'un qui serai dans ton cas. amicalement.
  5. chtilo
    Voici le scan fais avec Winpfind3u.exe après avoir lu le topic qui traite d'un problème presque similaire si quelqu'un peut me le traduire je le remercie et aussi toute les personne qui m'aide depuis le début de mon topic et ceux a venir. WinPFind3 logfile created on: 2007-09-05 19:12:40 WinPFind3U by OldTimer - Version 1.0.42 Folder = U:\Télécharger\WinPFind3u\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 7.0.5730.11) 1023.48 Mb Total Physical Memory | 549.73 Mb Available Physical Memory | 53.71% Memory free 2.40 Gb Paging File | 2.01 Gb Available in Paging File | 83.77% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 58.59 Gb Total Space | 49.46 Gb Free Space | 84.40% Space Free D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: LO-516AA449945E Current User Name: Loickos Logged in as Administrator. Current Boot Mode: Normal [Processes - Non-Microsoft Only] a2service.exe -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 2007-08-19 21:30:02 | Attr = ] ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 2005-08-04 05:02:58 | Attr = ] ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 2005-08-04 05:02:58 | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 11:25:42 | Attr = ] cledx.exe -> %ProgramFiles%\SyncroSoft\POS\H2O\cledx.exe -> Team H2O [Ver = v0.3.1412 | Size = 307200 bytes | Modified Date = 2007-12-11 04:59:40 | Attr = ] dsa.exe -> %ProgramFiles%\Privacyware\Dynamic Security Agent\DSA.exe -> Privacyware [Ver = 1, 0, 8, 8 | Size = 2347008 bytes | Modified Date = 2006-08-08 19:01:24 | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.6: 2007072518 | Size = 7644520 bytes | Modified Date = 2007-07-31 07:35:16 | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 14:31:10 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 39 | Size = 552064 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ] nod32kui.exe -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 39 | Size = 949376 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ] ooccag.exe -> %ProgramFiles%\OO Software\CleverCache\ooccag.exe -> O&O Software GmbH [Ver = 6.0.1.2851 | Size = 391952 bytes | Modified Date = 2007-01-28 15:08:26 | Attr = ] ooccctrl.exe -> %ProgramFiles%\OO Software\CleverCache\ooccctrl.exe -> O&O Software GmbH [Ver = 6.0.1.4036 | Size = 1911568 bytes | Modified Date = 2007-01-28 15:08:36 | Attr = ] oodag.exe -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 10.0.1670 | Size = 1049856 bytes | Modified Date = 2007-06-28 23:02:08 | Attr = ] pwrisovm.exe -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 7, 0, 0 | Size = 200704 bytes | Modified Date = 2007-04-09 14:23:12 | Attr = ] regprot.exe -> %SystemDrive%\RegProt\regprot.exe -> [Ver = | Size = 19614 bytes | Modified Date = 2001-09-13 06:54:22 | Attr = ] robotaskbaricon.exe -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe -> Siber Systems [Ver = 6-9-5 | Size = 160568 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ] soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.38 | Size = 77824 bytes | Modified Date = 2005-04-15 05:01:46 | Attr = ] supercopier2.exe -> %ProgramFiles%\SuperCopier2\SuperCopier2.exe -> SFX TEAM [Ver = 2.0.0.579 | Size = 1052672 bytes | Modified Date = 2006-07-07 18:45:00 | Attr = ] totalcmd.exe -> %SystemDrive%\totalcmd\TOTALCMD.EXE -> C. Ghisler & Co. [Ver = 7.01 | Size = 1071560 bytes | Modified Date = 2007-06-24 17:18:04 | Attr = ] trayit!.exe -> U:\Optimisation & Diagnostic\Tray It\TrayIt!.exe -> Igor Nys [Ver = 4, 6, 5, 5 | Size = 204800 bytes | Modified Date = 2007-07-18 15:57:00 | Attr = ] vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 2007-03-09 00:01:58 | Attr = ] washersvc.exe -> %ProgramFiles%\Webroot\Washer\WasherSvc.exe -> Webroot Software, Inc. [Ver = 6,5,0,1093 | Size = 388936 bytes | Modified Date = 2007-08-09 13:56:26 | Attr = ] winpfind3u.exe -> U:\Télécharger\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 2007-09-04 10:47:26 | Attr = ] zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 2007-03-09 00:02:00 | Attr = ] [Win32 Services - Non-Microsoft Only] (a2free) a-squared Free Service [Win32_Own | Auto | Running] -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 2007-08-19 21:30:02 | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 2005-08-04 05:02:58 | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0024 | Size = 516096 bytes | Modified Date = 2005-08-05 21:05:00 | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 14:31:10 | Attr = ] (dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 2004-08-19 23:09:52 | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2007-07-23 23:33:14 | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 10, 3, 2 | Size = 800040 bytes | Modified Date = 2007-06-29 19:16:56 | Attr = ] (NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 2,0,16,0 | Size = 279848 bytes | Modified Date = 2007-06-27 19:04:00 | Attr = ] (NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 39 | Size = 552064 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ] (O&O Defrag) O&O Defrag [Win32_Own | Auto | Running] -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 10.0.1670 | Size = 1049856 bytes | Modified Date = 2007-06-28 23:02:08 | Attr = ] (OOCleverCacheAgent) O&O CleverCache Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\OO Software\CleverCache\ooccag.exe -> O&O Software GmbH [Ver = 6.0.1.2851 | Size = 391952 bytes | Modified Date = 2007-01-28 15:08:26 | Attr = ] (PFNet) Privacyware network service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Privacyware\Dynamic Security Agent\pfsvc.exe -> PWI, Inc. [Ver = 5, 0, 8, 8 | Size = 319488 bytes | Modified Date = 2006-08-08 17:23:26 | Attr = ] (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 2007-03-09 00:01:58 | Attr = ] (wwEngineSvc) Window Washer Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Washer\WasherSvc.exe -> Webroot Software, Inc. [Ver = 6,5,0,1093 | Size = 388936 bytes | Modified Date = 2007-08-09 13:56:26 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 11:25:42 | Attr = ] ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.2.2044.224 | Size = 61440 bytes | Modified Date = 2005-08-06 01:07:30 | Attr = ] DSA -> %ProgramFiles%\Privacyware\Dynamic Security Agent\DSA.exe -> Privacyware [Ver = 1, 0, 8, 8 | Size = 2347008 bytes | Modified Date = 2006-08-08 19:01:24 | Attr = ] H2O -> %ProgramFiles%\SyncroSoft\POS\H2O\cledx.exe -> Team H2O [Ver = v0.3.1412 | Size = 307200 bytes | Modified Date = 2007-12-11 04:59:40 | Attr = ] NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 2007-03-01 15:57:24 | Attr = ] nod32kui -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 39 | Size = 949376 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ] ooccctrl.exe -> %ProgramFiles%\OO Software\CleverCache\ooccctrl.exe -> O&O Software GmbH [Ver = 6.0.1.4036 | Size = 1911568 bytes | Modified Date = 2007-01-28 15:08:36 | Attr = ] OSSelectorReinstall -> %CommonProgramFiles%\Acronis\Partition Suite\oss_reinstall.exe -> [Ver = | Size = 1281425 bytes | Modified Date = 2006-05-31 11:20:56 | Attr = ] PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 7, 0, 0 | Size = 200704 bytes | Modified Date = 2007-04-09 14:23:12 | Attr = ] RegProt -> %SystemDrive%\RegProt\regprot.exe -> [Ver = | Size = 19614 bytes | Modified Date = 2001-09-13 06:54:22 | Attr = ] SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.38 | Size = 77824 bytes | Modified Date = 2005-04-15 05:01:46 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 2007-03-09 00:02:00 | Attr = ] < RunOnce [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> MRUBlaster -> %ProgramFiles%\MRU-Blaster\indexcleaner.exe -> [Ver = 1.00.0002 | Size = 32768 bytes | Modified Date = 2003-01-05 13:20:20 | Attr = ] < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> RoboForm -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe -> Siber Systems [Ver = 6-9-5 | Size = 160568 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ] SuperCopier2.exe -> %ProgramFiles%\SuperCopier2\SuperCopier2.exe -> SFX TEAM [Ver = 2.0.0.579 | Size = 1052672 bytes | Modified Date = 2006-07-07 18:45:00 | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 2007-07-27 12:54:44 | Attr = ] < Common Startup > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage -> %AllUsersStartup%\Barre d'état système d'ATI CATALYST.lnk -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.2.2044.224 | Size = 61440 bytes | Modified Date = 2005-08-06 01:07:30 | Attr = ] < User Startup > -> C:\Documents and Settings\Loickos\Menu Démarrer\Programmes\Démarrage -> %UserStartup%\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [Ver = | Size = 36864 bytes | Modified Date = 2005-03-06 15:26:48 | Attr = ] %UserStartup%\MRU-Blaster Silent Clean.lnk -> %ProgramFiles%\MRU-Blaster\mrublaster.exe -> [Ver = 1.05.0009 | Size = 1216512 bytes | Modified Date = 2004-03-28 15:07:48 | Attr = ] %UserStartup%\TrayIt!.lnk -> U:\Optimisation & Diagnostic\Tray It\TrayIt!.exe -> Igor Nys [Ver = 4, 6, 5, 5 | Size = 204800 bytes | Modified Date = 2007-07-18 15:57:00 | Attr = ] < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 2007-05-30 14:29:58 | Attr = ] {81559C35-8464-49F7-BB0E-07A383BEF910} [HKLM] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [spywareGuard] -> [Ver = 2.02 | Size = 126976 bytes | Modified Date = 2003-08-02 23:20:58 | Attr = R ] < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 46080 bytes | Modified Date = 2005-08-04 05:04:18 | Attr = ] < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsMenu -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoFavoritesMenu -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMMyDocs -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMMyPictures -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoStartMenuMyMusic -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsHistory -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsNetHood -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMHelp -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRun -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoInstrumentation -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSimpleStartMenu -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RUN\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoFileSharing -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoPrintSharing -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\UNINSTALL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\ -> -> < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\DisableWindowsUpdate -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoWindowsUpdate -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsMenu -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoFavoritesMenu -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMMyDocs -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMMyPictures -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoStartMenuMyMusic -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsHistory -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\ClearRecentDocsOnExit -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsNetHood -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMHelp -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRun -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoUserNameInStartMenu -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoInstrumentation -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoStartMenuPinnedList -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\ForceStartMenuLogoff -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSharedDocuments -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\DISALLOWCPL\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\DISALLOWRUN\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RESTRICTCPL\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RESTRICTRUN\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RUN\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoFileSharing -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoFileSharingControl -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoPrintSharing -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\UNINSTALL\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\\DisableWindowsUpdateAccess -> 1 -> < HOSTS File > (8430625 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings > -> -> HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome -> HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: Local Page -> C:\windows\system32\blank.htm -> HKLM: Search Bar -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home -> HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKCU: Local Page -> C:\windows\system32\blank.htm -> HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome -> HKCU: ProxyEnable -> 0 -> < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> msn.com [ - ] -> -> < Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> *.update_microsoft.com [http] -> -> *.update_microsoft.com [https] -> -> www.update_microsoft.com [http] -> -> download_windowsupdate.com [http] -> -> < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {2E03C0FD-4C48-43A7-9A54-00240C70FF16} [HKLM] -> %System32%\BhoECart.dll [ECarteBleueBrowserHelper Class] -> Orbiscom Ltd. All rights reserved. [Ver = 2, 2, 1, 3, 94 | Size = 69632 bytes | Modified Date = 2003-05-14 14:41:30 | Attr = ] {4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [spywareGuardDLBLOCK.CBrowserHelper] -> [Ver = 2.02 | Size = 192512 bytes | Modified Date = 2003-08-02 23:24:02 | Attr = R ] {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 2005-05-31 01:04:00 | Attr = ] {724d43a9-0d85-11d4-9908-00400523e39a} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [Reg Data - Value does not exist] -> Siber Systems [Ver = 6-9-5 | Size = 5645104 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [sSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-07-23 23:33:12 | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 2007-07-27 12:54:44 | Attr = ] < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-07-23 23:33:12 | Attr = R ] {724d43a0-0d85-11d4-9908-00400523e39a} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-5 | Size = 5645104 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ] < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-07-23 23:33:12 | Attr = R ] WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-5 | Size = 5645104 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ] < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] {320AF880-6646-11D3-ABEE-C5DBF3571F46} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComFillForms.htm [buttonText: Remplir] -> File not found {320AF880-6646-11D3-ABEE-C5DBF3571F49} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComSavePass.htm [buttonText: Enregistrer] -> File not found {724d43aa-0d85-11d4-9908-00400523e39a} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htm [buttonText: Barre RoboForm] -> File not found {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [buttonText: Recherche] -> File not found < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Barre RoboForm -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htm -> File not found E&xporter vers Microsoft Excel -> -> File not found Enregistrer le formulaire -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComSavePass.htm -> File not found Personnaliser le menu -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htm -> File not found Remplir le formulaire -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComFillForms.htm -> File not found < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> sv1 -> -> < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {022C77D4-E660-4630-8947-94654E82A62B} -> () -> < Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> Protocol_Catalog9\Catalog_Entries0000000001 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] Protocol_Catalog9\Catalog_Entries0000000002 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] Protocol_Catalog9\Catalog_Entries0000000003 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] Protocol_Catalog9\Catalog_Entries0000000004 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] Protocol_Catalog9\Catalog_Entries0000000005 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] Protocol_Catalog9\Catalog_Entries0000000017 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] < Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> about -> 4 = Restricted sites (Not a Default Protocol) -> about: -> 4 = Restricted sites (Not a Default Protocol) -> mhtml -> 4 = Restricted sites (Not a Default Protocol) -> < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp -> Reg Data - Key not found -> File not found msdaipp -> Reg Data - Key not found -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://webscanner.kaspersky.fr/kavwebscan_unicode.cab -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> - CodeBase = http://www.update.microsoft.com/windowsupd...b?1185227167531 -> {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -> [Registry - Additional Scans - Non-Microsoft Only] < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Service de transfert intelligent en arrière-plan -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfère des données entre les clients et les serveurs en tâche de fond. Si le service BITS est désactivé, les fonctionnalités telles que Windows Update ne fonctionneront pas correctement. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> Root\LEGACY_BITS00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 197 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\135:TCP -> 135:TCP:*:Enabled:DCOM(135) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> Root\LEGACY_SHAREDACCESS00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Autorise le téléchargement et l'installation des mises à jour de Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité Mises à jour automatiques, ni accéder au site Web Windows Update. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> Root\LEGACY_WUAUSERV00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> < Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\\NoUpdateCheck -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventRun -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\Disabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventBackgroundDownload -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoUpdate -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\\DontReportInfectionInformation -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\\DWNeverUpload -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\\DWNoExternalURL -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\\DWNoFileCollection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\\DWNoSecondLevelCollection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\Common\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\Common\\DWNoExternalURL -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\Common\\DWNoFileCollection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\Common\\DWNoSecondLevelCollection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\\DWNeverUpload -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\\DWNoExternalURL -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\\DWNoFileCollection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\\DWNoSecondLevelCollection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\PCHealth\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\PCHealth\ErrorReporting\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\PCHealth\ErrorReporting\DW\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\PCHealth\ErrorReporting\DW\\DWNeverUpload -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\DisableMSI -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AlwaysInstallElevated -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Psched\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Psched\\NonBestEffortLimit -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^«0O•zI‰j HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> g°Ô‹4:?Ó¼éÜdgó” -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xÜþøÈ“ÜŠ°Ý„} -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> –; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> ½š*ÛBëØV%Mø/g -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_„ìöiÓk•j"À€ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\\ElevateNonAdmins -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\\AUOptions -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\\AutoInstallMinorUpdates -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoUpdate -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\\DisableAutoUpdate -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\\PreventCodecDownload -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\\DisableMRU -> 1 -> < Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserOptions -> 0 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\\PreventRun -> 0 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNeverUpload -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNoExternalURL -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNoFileCollection -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNoSecondLevelCollection -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Outlook\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Outlook\InstantMessaging\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Outlook\InstantMessaging\\ForceDisableIM -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\\DWNeverUpload -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\\DWNoExternalURL -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\\DWNoFileCollection -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\\DWNoSecondLevelCollection -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\\DWNeverUpload -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\\DWNoExternalURL -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\\DWNoFileCollection -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\\DWNoSecondLevelCollection -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ErrorReporting\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW\\DWNeverUpload -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\\PreventCodecDownload -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\\NoCodecDownload -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\\PreventMusicFileMetadataRetrieval -> 0 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\\PreventCDDVDMetadataRetrieval -> 0 -> < Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {083F79E4-6FE9-46FB-A6C6-4F8862742947} -> ATI HYDRAVISION -> {15095BF3-A3D7-4DDF-B193-3A496881E003} -> Microsoft .NET Framework 3.0 -> {2300EE96-0A41-4FAB-BD03-989EC44577A0} -> Partition Suite -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer -> {3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java SE Runtime Environment 6 Update 1 -> {3248F0A8-6813-11D6-A77B-00B0D0160020} -> Java 6 Update 2 -> {350C940c-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP -> {491DD792-AD81-429C-9EB4-86DD3D22E333} -> Windows Communication Foundation -> {4D3B509A-82E2-4E8B-9D90-C880A2131C73} -> Dynamic Security Agent 1.0 -> {534802E0-761E-47F4-BD27-061BC8F976AE} -> O&O SafeErase -> {53480330-E1D1-41CA-B8F8-7F78644F7F50} -> O&O Defrag Professional Edition -> {53480390-0EC4-429E-BBEE-78E19EEB03BD} -> O&O CleverCache -> {56C049BE-79E9-4502-BEA7-9754A3E60F9B} -> neroxml -> {5A710547-B58E-488B-828D-CA9A25A0533C} -> MSXML 6.0 Parser (KB927977) -> {620797B0-A022-4B57-A95E-DD7DD0321028} -> ProxyWay Extra -> {6901DD22-527A-41EF-9059-E81FEDE9E494} -> Windows Presentation Foundation Language Pack (FRA) -> {69B9A8B6-75C7-4B0C-A530-129C3C0768C8} -> Personal Translator 2008 Professional English French -> {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0 -> {7D1B85BD-AA07-48B8-808D-67A4067FC6BD} -> Windows Workflow Foundation -> {86EC42B5-346E-4BAB-948D-58E021EA4BD1} -> ATI Catalyst Control Center -> {9011040C-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003 -> {B168C59D-5FCF-4EEC-B464-BFA7A8266150} -> Windows Communication Foundation Language Pack - FRA -> {B84C141C-9A13-44BE-9A69-301D7B11D836} -> Windows Workflow Foundation FR Language Pack -> {BAF78226-3200-4DB4-BE33-4D922A799840} -> Windows Presentation Foundation -> {C151CE54-E7EA-4804-854B-F515368B0798} -> Athlon 64 Processor Driver -> {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 -> {CF097717-F174-4144-954A-FBC4BF301036} -> Nero 7 Premium -> {DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1 -> NOD32 FiX -> {DBEA1034-5882-4A88-8033-81C4EF0CFA29} -> Google Toolbar for Internet Explorer -> {E3C080B0-23F5-49AF-89F8-8E8DBC89E659} -> Microsoft .NET Framework 3.0 French Language Pack -> {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} -> Microsoft .NET Framework 2.0 Language Pack - FRA -> {F7338FA3-DAB5-49B2-900D-0AFB5760C166} -> PC Probe II -> {FB08F381-6533-4108-B7DD-039E11FBC27E} -> Realtek AC'97 Audio -> 97149975-b4b1-4d2b-b9fe-7ba413d0efeb_is1 -> SummerProperties 1.2 -> Adobe Flash Player Plugin -> Adobe Flash Player Plugin -> Adobe® Photoshop® Album Edition Découverte 3.2 -> Adobe® Photoshop® Album Edition Découverte 3.2 -> AI RoboForm -> AI RoboForm (All Users) -> All ATI Software -> ATI - Utilitaire de désinstallation du logiciel -> a-squared Free_is1 -> a-squared Free 3.0 -> AsusUpdate -> AsusUpdate -> ATI Display Driver -> ATI Display Driver -> AVGantiRootkit -> AVG Anti-Rootkit Free -> AVGAntiSpyware75 -> AVG Anti-Spyware 7.5 -> AxCrypt -> AxCrypt (Désinstaller uniquement) -> CCleaner -> CCleaner (remove only) -> dBpoweramp [Arrange Audio] Codec -> dBpoweramp [Arrange Audio] Codec -> dBpoweramp [Multi Encoder] Codec -> dBpoweramp [Multi Encoder] Codec -> dBpoweramp [ReplayGain] Codec -> dBpoweramp [ReplayGain] Codec -> dBpoweramp AAC Encoder -> dBpoweramp AAC Encoder -> dBpowerAMP CD Writer -> dBpowerAMP CD Writer -> dBPowerAMP Dalet codec R2 -> dBPowerAMP Dalet codec R2 -> dBpoweramp DirectShow Decoder -> dBpoweramp DirectShow Decoder -> dBpoweramp DSP Effects -> dBpoweramp DSP Effects -> dBpoweramp FLAC Codec -> dBpoweramp FLAC Codec -> dBpoweramp m4a Codec -> dBpoweramp m4a Codec -> dBpoweramp m4a Utilities -> dBpoweramp m4a Utilities -> dBpoweramp Midi Decoder -> dBpoweramp Midi Decoder -> dBpoweramp Monkeys Audio Codec -> dBpoweramp Monkeys Audio Codec -> dBpoweramp Musepack Codec -> dBpoweramp Musepack Codec -> dBpoweramp Music Converter -> dBpoweramp Music Converter -> dBpoweramp Ogg Vorbis Codec -> dBpoweramp Ogg Vorbis Codec -> dBpowerAMP Rename Extension -> dBpowerAMP Rename Extension -> dBpowerAMP Tag From Filename -> dBpowerAMP Tag From Filename -> dBpowerAMP Update ID Tag -> dBpowerAMP Update ID Tag -> dBpoweramp WavPack Codec -> dBpoweramp WavPack Codec -> dBpoweramp Windows Media Audio 10 Codec -> dBpoweramp Windows Media Audio 10 Codec -> DFX for Winamp -> DFX 8 for Winamp -> e-Carte Bleue Banque Populaire -> e-Carte Bleue Banque Populaire -> ERUNT_is1 -> ERUNT 1.1h -> EVEREST Ultimate Edition_is1 -> EVEREST Ultimate Edition v4.00 -> Foxit Reader -> Foxit Reader -> HijackThis -> HijackThis 1.99.1 -> Hijackthis Version Française_is1 -> Hijackthis Version Française -> IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs -> ie7 -> Windows Internet Explorer 7 -> InstallShield_{69B9A8B6-75C7-4B0C-A530-129C3C0768C8} -> Personal Translator 2008 Professional English French -> iZotope Ozone 1.0 for Winamp2 and Winamp3_is1 -> iZotope Ozone 1.0 for Winamp2 and Winamp3 -> jv16 PowerTools_is1 -> jv16 PowerTools 2007 -> Kaspersky Online Scanner -> Kaspersky Online Scanner -> KB892130 -> Windows Genuine Advantage Validation Tool (KB892130) -> KB920342 -> Mise à jour pour Windows XP (KB920342) -> KB921503 -> Mise à jour de sécurité pour Windows XP (KB921503) -> KB923789 -> Mise à jour de sécurité pour Windows XP (KB923789) -> KB929969 -> Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) -> KB933566-IE7 -> Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) -> KB936021 -> Mise à jour de sécurité pour Windows XP (KB936021) -> KB936782_WMP9 -> Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782) -> KB937143-IE7 -> Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) -> KB938127-IE7 -> Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) -> KB938828 -> Mise à jour pour Windows XP (KB938828) -> KB938829 -> Mise à jour de sécurité pour Windows XP (KB938829) -> L'Assistant DartyBox -> L'Assistant DartyBox -> Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 Language Pack - FRA -> Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA -> Microsoft .NET Framework 3.0 -> Microsoft .NET Framework 3.0 -> Microsoft .NET Framework 3.0 French Language Pack -> Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0 -> MRU-Blaster_is1 -> MRU-Blaster v1.5 (Database 3/28/2004) -> NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs -> NOD32 -> NOD32 Antivirus System -> NTREGOPT_is1 -> NTREGOPT 1.1h -> NVIDIA Drivers -> NVIDIA Drivers -> PowerISO -> PowerISO -> Privoxy -> Privoxy 3.0.6 -> Random Password Generator-PRO -> Random Password Generator-PRO -> RegScanner -> RegScanner -> Revo Uninstaller -> Revo Uninstaller 1.34 -> ShockwaveFlash -> Adobe Flash Player 9 ActiveX -> SpeedFan -> SpeedFan (remove only) -> Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.4 -> SpywareBlaster_is1 -> SpywareBlaster v3.5.1 -> SpywareGuard_is1 -> SpywareGuard v2.2 -> Steinberg Nuendo v3.2.0.1128 -> Steinberg Nuendo v3.2.0.1128 -> SuperCopier2 -> SuperCopier2 -> SyncroSoft Emu -> SyncroSoft Emu (Remove only) -> Syncrosoft's License Control -> Le Centre de Contrôle de Licences de Syncrosoft -> The KMPlayer FR_is1 -> The KMPlayer v2.9.3.1340 FR -> Tor -> Tor 0.1.2.16 -> Totalcmd -> Total Commander (Remove or Repair) -> Uninstall -> Uninstall -> Vidalia -> Vidalia 0.0.13 -> WGA -> Windows Genuine Advantage Validation Tool (KB892130) -> WIC -> Windows Imaging Component -> Winamp -> Winamp (remove only) -> Window Washer -> Window Washer -> Windows Media Format Runtime -> Windows Media Format 11 runtime -> WinRAR archiver -> Archiveur WinRAR -> WMFDist11 -> Windows Media Format 11 runtime -> xp-AntiSpy -> xp-AntiSpy 3.96-5 -> XpsEPSC -> XML Paper Specification Shared Components Pack 1.0 -> XPSEPSCLP -> XML Paper Specification Shared Components Language Pack 1.0 -> ZoneAlarm Pro -> ZoneAlarm Pro -> [Files/Folders - Created Within 60 days] AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Created Date = 2007-07-23 21:06:30 | Attr = ] Bases -> %SystemDrive%\Bases -> [Folder | Created Date = 2007-09-01 17:43:59 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 212 bytes | Created Date = 2007-07-23 22:51:41 | Attr = HS] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2007-09-05 00:41:15 | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 2007-08-05 17:30:24 | Attr = ] CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Created Date = 2007-07-23 21:06:30 | Attr = ] CWShredder -> %SystemDrive%\CWShredder -> [Folder | Created Date = 2007-08-20 20:58:05 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 2007-07-23 22:52:26 | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Created Date = 2007-09-01 17:43:59 | Attr = ] HijackThis-fr -> %SystemDrive%\HijackThis-fr -> [Folder | Created Date = 2007-08-03 06:06:39 | Attr = ] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 2007-07-23 21:06:30 | Attr = RHS] Kaspersky -> %SystemDrive%\Kaspersky -> [Folder | Created Date = 2007-09-01 17:42:46 | Attr = ] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 2007-07-23 21:06:30 | Attr = RHS] Program Files -> %ProgramFiles% -> [Folder | Created Date = 2007-07-23 22:53:16 | Attr = R ] qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 2007-09-05 00:41:59 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 2007-07-23 22:08:27 | Attr = HS] RegProt -> %SystemDrive%\RegProt -> [Folder | Created Date = 2007-08-30 08:11:48 | Attr = ] Rustbfix -> %SystemDrive%\Rustbfix -> [Folder | Created Date = 2007-08-23 15:17:03 | Attr = ] SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 2007-09-05 01:09:46 | Attr = ] Smitfraudfix -> %SystemDrive%\Smitfraudfix -> [Folder | Created Date = 2007-08-20 18:05:18 | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 1782-11-30 03:04:26 | Attr = HS] totalcmd -> %SystemDrive%\totalcmd -> [Folder | Created Date = 2007-08-18 09:50:23 | Attr = ] treeinfo.wc -> %SystemDrive%\treeinfo.wc -> [Ver = | Size = 196893 bytes | Created Date = 2007-08-19 20:15:51 | Attr = H ] WINDOWS -> %SystemRoot% -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Created Date = 2007-07-23 22:47:32 | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 2007-07-23 23:10:12 | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 2007-07-23 23:10:02 | Attr = H ] $NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Created Date = 2007-08-20 13:18:29 | Attr = H ] $NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 2007-08-20 13:25:25 | Attr = H ] $NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 2007-08-20 13:26:16 | Attr = H ] $NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Created Date = 2007-08-20 13:26:06 | Attr = H ] $NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 2007-08-20 13:24:32 | Attr = H ] $NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 2007-08-20 13:25:31 | Attr = H ] $NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Created Date = 2007-08-20 13:18:41 | Attr = H ] $NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Created Date = 2007-08-07 00:20:39 | Attr = H ] $NtUninstallXPSEPSCLP$ -> %SystemRoot%\$NtUninstallXPSEPSCLP$ -> [Folder | Created Date = 2007-08-20 13:24:14 | Attr = H ] addins -> %SystemRoot%\addins -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] ALCFDRTM.EXE -> %SystemRoot%\ALCFDRTM.EXE -> Realtek Semiconductor Corp. [Ver = 1.01 | Size = 60416 bytes | Created Date = 2007-07-26 15:19:39 | Attr = ] ALCFDRTM.VER -> %SystemRoot%\ALCFDRTM.VER -> Realtek Semiconductor Corp. [Ver = 1.01 | Size = 60416 bytes | Created Date = 2007-07-26 15:19:39 | Attr = ] alcrmv.exe -> %SystemRoot%\alcrmv.exe -> Realtek Semiconductor Corp. [Ver = 1, 9, 0, 1 | Size = 200704 bytes | Created Date = 2007-07-23 21:35:43 | Attr = ] alcupd.exe -> %SystemRoot%\alcupd.exe -> Realtek Semiconductor Corp. [Ver = 2, 0, 0, 1 | Size = 294912 bytes | Created Date = 2007-07-23 21:35:43 | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] ARJ.PIF -> %SystemRoot%\ARJ.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] Ascd_tmp.ini -> %SystemRoot%\Ascd_tmp.ini -> [Ver = | Size = 5733 bytes | Created Date = 2007-07-23 21:28:23 | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Created Date = 2007-07-23 21:44:24 | Attr = R S] avrack.ini -> %SystemRoot%\avrack.ini -> [Ver = | Size = 164 bytes | Created Date = 2007-07-23 21:35:55 | Attr = ] BissHM.ini -> %SystemRoot%\BissHM.ini -> [Ver = | Size = 251 bytes | Created Date = 2007-07-26 18:28:24 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Created Date = 2007-07-23 21:08:16 | Attr = S] Bulles de savon.bmp -> %SystemRoot%\Bulles de savon.bmp -> [Ver = | Size = 65978 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Created Date = 2007-09-05 00:41:26 | Attr = ] CMDLIC.DLL -> %SystemRoot%\CMDLIC.DLL -> COMODO [Ver = 1.0.1.2 | Size = 208896 bytes | Created Date = 2007-08-03 06:34:25 | Attr = ] Config -> %SystemRoot%\Config -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Created Date = 2007-07-23 21:06:30 | Attr = ] Cursors -> %SystemRoot%\Cursors -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] desktop.ini -> %SystemRoot%\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 2007-07-23 21:04:55 | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 2007-07-23 21:30:52 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 2007-07-23 21:05:33 | Attr = S] Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] ehome -> %SystemRoot%\ehome -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2007-09-05 00:42:28 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = R S] gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 13, 12551 | Size = 585791 bytes | Created Date = 2007-08-23 20:29:25 | Attr = ] gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 13, 12551 | Size = 581632 bytes | Created Date = 2007-08-23 20:29:25 | Attr = ] gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 297 bytes | Created Date = 2007-08-23 20:29:26 | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 2007-08-23 20:29:25 | Attr = ] Granit vert.bmp -> %SystemRoot%\Granit vert.bmp -> [Ver = | Size = 26582 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 2007-07-23 23:10:20 | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 2007-07-25 12:24:40 | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Created Date = 2007-07-23 22:53:19 | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Created Date = 2007-08-28 07:30:34 | Attr = ] IsUninst.exe -> %SystemRoot%\IsUninst.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Created Date = 2007-07-23 21:38:25 | Attr = ] java -> %SystemRoot%\java -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] Jour de pêche.bmp -> %SystemRoot%\Jour de pêche.bmp -> [Ver = | Size = 17336 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] LHA.PIF -> %SystemRoot%\LHA.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Created Date = 2007-07-23 21:44:24 | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1595 bytes | Created Date = 2007-07-24 22:47:08 | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] msapps -> %SystemRoot%\msapps -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] mui -> %SystemRoot%\mui -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] Mur de Santa Fe.bmp -> %SystemRoot%\Mur de Santa Fe.bmp -> [Ver = | Size = 65832 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Created Date = 2007-08-29 06:44:19 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 2007-07-23 23:09:17 | Attr = ] nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2007-09-05 00:41:26 | Attr = ] NOCLOSE.PIF -> %SystemRoot%\NOCLOSE.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 385 bytes | Created Date = 2007-08-05 20:11:26 | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4205 bytes | Created Date = 2007-07-23 22:53:18 | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Created Date = 2007-07-23 21:05:33 | Attr = R ] pchealth -> %SystemRoot%\pchealth -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] PeerNet -> %SystemRoot%\PeerNet -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] pestpatrol5.INI -> %SystemRoot%\pestpatrol5.INI -> [Ver = | Size = 0 bytes | Created Date = 2007-07-28 12:25:33 | Attr = ] PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 2007-08-14 22:47:46 | Attr = H ] PKUNZIP.PIF -> %SystemRoot%\PKUNZIP.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] PKZIP.PIF -> %SystemRoot%\PKZIP.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] Plume.bmp -> %SystemRoot%\Plume.bmp -> [Ver = | Size = 16730 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 2007-07-23 21:09:14 | Attr = ] Provisioning -> %SystemRoot%\Provisioning -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 2007-08-01 16:55:31 | Attr = ] RAR.PIF -> %SystemRoot%\RAR.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Created Date = 2007-07-31 09:56:21 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Created Date = 2007-07-23 21:03:54 | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] Resources -> %SystemRoot%\Resources -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp -> [Ver = | Size = 17362 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] Rivière Sumida.bmp -> %SystemRoot%\Rivière Sumida.bmp -> [Ver = | Size = 26680 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] Rosace bleue 16.bmp -> %SystemRoot%\Rosace bleue 16.bmp -> [Ver = | Size = 1272 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] RtlExUpd.dll -> %SystemRoot%\RtlExUpd.dll -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 1 | Size = 192512 bytes | Created Date = 2007-07-23 21:35:37 | Attr = ] RtlRack.ini -> %SystemRoot%\RtlRack.ini -> [Ver = | Size = 169 bytes | Created Date = 2007-07-27 23:52:54 | Attr = ] security -> %SystemRoot%\security -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Created Date = 2007-08-05 13:32:43 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 2007-07-23 21:09:15 | Attr = ] SOUNDMAN.EXE -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.38 | Size = 77824 bytes | Created Date = 2007-07-23 21:35:53 | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Created Date = 2007-07-23 21:04:45 | Attr = ] SummerProperties.dll -> %SystemRoot%\SummerProperties.dll -> frozenlogic.org [Ver = 1, 2, 0, 0 | Size = 86016 bytes | Created Date = 2007-07-25 09:21:17 | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 2007-07-23 22:42:19 | Attr = ] SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Created Date = 2007-08-08 12:08:29 | Attr = ] system -> %SystemRoot%\system -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] system32 -> %System32% -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Created Date = 2007-07-23 21:04:48 | Attr = S] Tasse à café.bmp -> %SystemRoot%\Tasse à café.bmp -> [Ver = | Size = 17062 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] UC.PIF -> %SystemRoot%\UC.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] UNBOC.EXE -> %SystemRoot%\UNBOC.EXE -> COMODO [Ver = 4.24.001 | Size = 241904 bytes | Created Date = 2007-08-03 06:34:26 | Attr = ] unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 964 bytes | Created Date = 2007-08-21 15:08:50 | Attr = ] uninst.exe -> %SystemRoot%\uninst.exe -> InstallShield Corporation, Inc. [Ver = 2.20.924.0 | Size = 299520 bytes | Created Date = 2007-08-07 22:47:40 | Attr = ] Unwash6.exe -> %SystemRoot%\Unwash6.exe -> Webroot Software, Inc. [Ver = 6.5.0.100 | Size = 69960 bytes | Created Date = 2007-08-28 06:26:21 | Attr = ] vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Created Date = 2007-07-23 21:03:58 | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Created Date = 2007-07-23 21:03:58 | Attr = ] Vent de prairie.bmp -> %SystemRoot%\Vent de prairie.bmp -> [Ver = | Size = 65954 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 2007-07-23 23:10:30 | Attr = ] wcx_ftp.ini -> %SystemRoot%\wcx_ftp.ini -> [Ver = | Size = 135 bytes | Created Date = 2007-08-18 10:03:52 | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = R ] wincmd.ini -> %SystemRoot%\wincmd.ini -> [Ver = | Size = 4618 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Created Date = 2007-07-23 21:05:28 | Attr = RH ] winnt.bmp -> %SystemRoot%\winnt.bmp -> [Ver = | Size = 49102 bytes | Created Date = 2007-07-23 21:04:55 | Attr = HS] winnt256.bmp -> %SystemRoot%\winnt256.bmp -> [Ver = | Size = 49102 bytes | Created Date = 2007-07-23 21:04:55 | Attr = HS] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Created Date = 2007-07-23 21:06:21 | Attr = ] WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [Ver = | Size = 754 bytes | Created Date = 2007-07-25 15:21:41 | Attr = ] Zapotec.bmp -> %SystemRoot%\Zapotec.bmp -> [Ver = | Size = 9522 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] zipinst.exe -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Created Date = 2007-09-04 18:07:47 | Attr = ] desktop.ini -> %SystemRoot%\tasks\desktop.ini -> [Ver = | Size = 65 bytes | Created Date = 2007-07-23 21:04:48 | Attr = RH ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Created Date = 2007-07-23 21:09:14 | Attr = H ] $winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 261 bytes | Created Date = 2007-07-23 22:51:38 | Attr = ] 1025 -> %System32%\1025 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 1028 -> %System32%\1028 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 1031 -> %System32%\1031 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 1033 -> %System32%\1033 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 1036 -> %System32%\1036 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 1037 -> %System32%\1037 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 1041 -> %System32%\1041 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 1042 -> %System32%\1042 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 1054 -> %System32%\1054 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 2052 -> %System32%\2052 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 3076 -> %System32%\3076 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 3com_dmi -> %System32%\3com_dmi -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] acaebfcdf2_r.ocx -> %System32%\acaebfcdf2_r.ocx -> [Ver = | Size = 23 bytes | Created Date = 2007-07-23 22:06:19 | Attr = ] ALSNDMGR.CPL -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.43 | Size = 18706432 bytes | Created Date = 2007-07-23 21:35:43 | Attr = ] ALSNDMGR.WAV -> %System32%\ALSNDMGR.WAV -> [Ver = | Size = 141016 bytes | Created Date = 2007-07-23 21:35:49 | Attr = ] amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Created Date = 2007-07-23 21:06:22 | Attr = ] appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 2007-08-08 12:08:29 | Attr = ] AsIO.dll -> %System32%\AsIO.dll -> [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Created Date = 2007-08-07 23:27:31 | Attr = R ] ati2sgag.exe -> %System32%\ati2sgag.exe -> [Ver = 5.13.0024 | Size = 516096 bytes | Created Date = 2007-07-23 21:44:00 | Attr = ] atifglpf.xml -> %System32%\atifglpf.xml -> [Ver = | Size = 5496 bytes | Created Date = 2007-07-23 21:43:56 | Attr = R ] atiicdxx.dat -> %System32%\atiicdxx.dat -> [Ver = | Size = 95617 bytes | Created Date = 2007-07-23 21:43:56 | Attr = R ] atiiiexx.dll -> %System32%\atiiiexx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4004 | Size = 307200 bytes | Created Date = 2007-07-23 21:43:58 | Attr = R ] AUTOEXEC.NT -> %System32%\AUTOEXEC.NT -> [Ver = | Size = 1896 bytes | Created Date = 2007-07-23 22:53:05 | Attr = ] BASSMOD.dll -> %System32%\BASSMOD.dll -> [Ver = | Size = 10752 bytes | Created Date = 2007-07-31 09:37:06 | Attr = ] bdco1.dll -> %System32%\bdco1.dll -> NVIDIA Corporation [Ver = 1.0 | Size = 9728 bytes | Created Date = 2007-07-23 21:29:36 | Attr = R ] bdco1ins.dll -> %System32%\bdco1ins.dll -> NVIDIA Corporation [Ver = 1.0 | Size = 9728 bytes | Created Date = 2007-07-23 21:29:36 | Attr = R ] bopomofo.uce -> %System32%\bopomofo.uce -> [Ver = | Size = 22984 bytes | Created Date = 2007-07-23 21:03:31 | Attr = ] BuzzingBee.wav -> %System32%\BuzzingBee.wav -> [Ver = | Size = 146650 bytes | Created Date = 2007-07-26 15:19:41 | Attr = ] CapabilityTable.exe -> %System32%\CapabilityTable.exe -> NVIDIA Corporation [Ver = 2, 2, 1, 464 | Size = 454656 bytes | Created Date = 2007-07-23 21:30:27 | Attr = ] CatRoot -> %System32%\CatRoot -> [Folder | Created Date = 2007-07-23 22:52:46 | Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Created Date = 2007-07-23 22:52:46 | Attr = ] cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Created Date = 2007-07-23 21:05:28 | Attr = RH ] CDWriterXP.ocx -> %System32%\CDWriterXP.ocx -> NUGROOVZ [Ver = 2, 0, 0, 1 | Size = 647168 bytes | Created Date = 2007-08-07 00:26:34 | Attr = ] ChCfg.exe -> %System32%\ChCfg.exe -> [Ver = | Size = 40960 bytes | Created Date = 2007-07-23 21:35:53 | Attr = ] Com -> %System32%\Com -> [Folder | Created Date = 2007-07-23 21:03:15 | Attr = ] config -> %System32%\config -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 3072 bytes | Created Date = 2007-07-23 21:06:30 | Attr = ] c_10006.nls -> %System32%\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:11 | Attr = ] c_10007.nls -> %System32%\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:12 | Attr = ] c_10010.nls -> %System32%\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:08 | Attr = ] c_10017.nls -> %System32%\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:12 | Attr = ] c_10029.nls -> %System32%\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:08 | Attr = ] c_10081.nls -> %System32%\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:13 | Attr = ] c_10082.nls -> %System32%\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:08 | Attr = ] c_20127.nls -> %System32%\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:07 | Attr = ] C_28594.NLS -> %System32%\C_28594.NLS -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:10 | Attr = ] C_28595.NLS -> %System32%\C_28595.NLS -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:12 | Attr = ] C_28597.NLS -> %System32%\C_28597.NLS -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:11 | Attr = ] c_28599.nls -> %System32%\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:13 | Attr = ] c_28603.nls -> %System32%\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:14 | Attr = ] c_737.nls -> %System32%\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 2007-07-23 22:53:11 | Attr = ] c_852.nls -> %System32%\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 2007-07-23 22:53:08 | Attr = ] c_855.nls -> %System32%\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 2007-07-23 22:53:10 | Attr = ] c_857.nls -> %System32%\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 2007-07-23 22:53:13 | Attr = ] c_866.nls -> %System32%\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 2007-07-23 22:53:10 | Attr = ] c_869.nls -> %System32%\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 2007-07-23 22:53:11 | Attr = ] c_875.nls -> %System32%\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:11 | Attr = ] decdnet.dll -> %System32%\decdnet.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 61952 bytes | Created Date = 2007-07-31 09:56:13 | Attr = ] desktop.ini -> %System32%\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 2007-07-23 21:04:55 | Attr = ] dgrpsetu.dll -> %System32%\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 2007-07-23 22:53:07 | Attr = ] dgsetup.dll -> %System32%\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 86044 bytes | Created Date = 2007-07-23 22:53:07 | Attr = ] dhcp -> %System32%\dhcp -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] DirectX -> %System32%\DirectX -> [Folder | Created Date = 2007-07-23 21:05:10 | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] drivers -> %System32%\drivers -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 21892 bytes | Created Date = 2007-07-23 21:04:07 | Attr = ] en-us -> %System32%\en-us -> [Folder | Created Date = 2007-08-20 13:19:46 | Attr = ] encdnet.dll -> %System32%\encdnet.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 85504 bytes | Created Date = 2007-07-31 09:56:13 | Attr = ] EqnClass.Dll -> %System32%\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 2007-07-23 22:53:06 | Attr = ] export -> %System32%\export -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] fdco1.dll -> %System32%\fdco1.dll -> NVIDIA Corporation [Ver = 1.0 | Size = 201728 bytes | Created Date = 2007-07-23 21:29:37 | Attr = R ] fdco1ins.dll -> %System32%\fdco1ins.dll -> NVIDIA Corporation [Ver = 1.0 | Size = 201728 bytes | Created Date = 2007-07-23 21:29:37 | Attr = R ] fddccfebcf_r.dll -> %System32%\fddccfebcf_r.dll -> [Ver = | Size = 23 bytes | Created Date = 2007-07-23 22:06:19 | Attr = HS] FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 196160 bytes | Created Date = 2007-07-23 22:52:25 | Attr = ] fr-fr -> %System32%\fr-fr -> [Folder | Created Date = 2007-07-23 23:10:30 | Attr = ] gb2312.uce -> %System32%\gb2312.uce -> [Ver = | Size = 24006 bytes | Created Date = 2007-07-23 21:03:31 | Attr = ] GroupPolicy -> %System32%\GroupPolicy -> [Folder | Created Date = 2007-07-28 21:20:11 | Attr = H ] hticons.dll -> %System32%\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 2007-07-23 21:03:36 | Attr = ] hypertrm.dll -> %System32%\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2563 | Size = 354304 bytes | Created Date = 2007-07-23 21:03:18 | Attr = ] ias -> %System32%\ias -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] icsxml -> %System32%\icsxml -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] idecoi.dll -> %System32%\idecoi.dll -> NVIDIA Corporation [Ver = 1, 0, 0, 1 | Size = 300032 bytes | Created Date = 2007-07-23 21:30:18 | Attr = R ] ideograf.uce -> %System32%\ideograf.uce -> [Ver = | Size = 60458 bytes | Created Date = 2007-07-23 21:03:31 | Attr = ] IME -> %System32%\IME -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] imon.dll -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Created Date = 2007-08-18 09:31:14 | Attr = ] imon1.dat -> %System32%\imon1.dat -> [Ver = | Size = 142 bytes | Created Date = 2007-08-21 22:14:43 | Attr = ] inetsrv -> %System32%\inetsrv -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] initdebug.nfo -> %System32%\initdebug.nfo -> [Ver = | Size = 45 bytes | Created Date = 2007-08-07 20:09:09 | Attr = ] isrdbg32.dll -> %System32%\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 2007-07-23 21:04:34 | Attr = ] java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 2007-07-23 22:44:44 | Attr = ] javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Created Date = 2007-07-23 22:30:39 | Attr = ] javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 2007-07-23 22:44:44 | Attr = ] javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Created Date = 2007-07-23 22:44:44 | Attr = ] kanji_1.uce -> %System32%\kanji_1.uce -> [Ver = | Size = 6948 bytes | Created Date = 2007-07-23 21:03:31 | Attr = ] kanji_2.uce -> %System32%\kanji_2.uce -> [Ver = | Size = 8484 bytes | Created Date = 2007-07-23 21:03:31 | Attr = ] Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 2007-07-29 20:37:34 | Attr = ] korean.uce -> %System32%\korean.uce -> [Ver = | Size = 12876 bytes | Created Date = 2007-07-23 21:03:31 | Attr = ] Lang -> %System32%\Lang -> [Folder | Created Date = 2007-07-26 15:19:37 | Attr = ] libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796312 bytes | Created Date = 2007-08-28 07:32:02 | Attr = ] logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Created Date = 2007-07-23 21:05:33 | Attr = RH ] LoopyMusic.wav -> %System32%\LoopyMusic.wav -> [Ver = | Size = 940794 bytes | Created Date = 2007-07-26 15:19:41 | Attr = ] Macromed -> %System32%\Macromed -> [Folder | Created Date = 2007-07-23 21:04:45 | Attr = ] Microsoft -> %System32%\Microsoft -> [Folder | Created Date = 2007-07-23 21:09:14 | Attr = S] moveex.exe -> %System32%\moveex.exe -> [Ver = | Size = 38400 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ] MsDtc -> %System32%\MsDtc -> [Folder | Created Date = 2007-07-23 21:03:16 | Attr = ] msdtcprf.h -> %System32%\msdtcprf.h -> [Ver = | Size = 768 bytes | Created Date = 2007-07-23 21:03:29 | Attr = ] msdtcprf.ini -> %System32%\msdtcprf.ini -> [Ver = | Size = 3914 bytes | Created Date = 2007-07-23 21:03:29 | Attr = ] MSWAY.dll -> %System32%\MSWAY.dll -> Canal+ Active [Ver = 4.4.0.0 | Size = 105272 bytes | Created Date = 2007-07-23 22:25:00 | Attr = ] mui -> %System32%\mui -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 2007-07-23 21:05:28 | Attr = RH ] npp -> %System32%\npp -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Created Date = 2007-07-23 21:06:22 | Attr = ] nvconrm.dll -> %System32%\nvconrm.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 17 | Size = 32256 bytes | Created Date = 2007-07-23 21:29:36 | Attr = R ] nvnrm.nvu -> %System32%\nvnrm.nvu -> [Ver = | Size = 3596 bytes | Created Date = 2007-07-23 21:29:36 | Attr = ] nvsmb.nvu -> %System32%\nvsmb.nvu -> [Ver = | Size = 1231 bytes | Created Date = 2007-07-23 21:29:35 | Attr = R ] NVUNINST.EXE -> %System32%\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 37 | Size = 176128 bytes | Created Date = 2007-07-23 21:29:35 | Attr = ] nvunrm.exe -> %System32%\nvunrm.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 37 | Size = 176128 bytes | Created Date = 2007-07-23 21:29:36 | Attr = ] nvusmb.exe -> %System32%\nvusmb.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 37 | Size = 176128 bytes | Created Date = 2007-07-23 21:29:35 | Attr = R ] nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 2007-07-23 21:05:28 | Attr = RH ] oobe -> %System32%\oobe -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] oodbs.lor -> %System32%\oodbs.lor -> [Ver = | Size = 14047 bytes | Created Date = 2007-09-03 15:47:20 | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 1129320 bytes | Created Date = 2007-07-23 22:53:19 | Attr = ] pnc3250.dll -> %System32%\pnc3250.dll -> RealNetworks, Inc. [Ver = 5.0.0.113 | Size = 130560 bytes | Created Date = 2007-07-31 09:56:13 | Attr = ] pncrt.dll -> %System32%\pncrt.dll -> RealNetworks, Inc. [Ver = 4.20.0000 | Size = 273408 bytes | Created Date = 2007-07-31 09:56:13 | Attr = ] pneng50.dll -> %System32%\pneng50.dll -> RealNetworks, Inc. [Ver = 5.0.0.113 | Size = 131072 bytes | Created Date = 2007-07-31 09:56:13 | Attr = ] pngu3263.dll -> %System32%\pngu3263.dll -> RealNetworks, Inc. [Ver = 6.3.0.226 | Size = 352768 bytes | Created Date = 2007-07-31 09:56:13 | Attr = ] poweroff.exe -> %System32%\poweroff.exe -> Jorgen Bosman [Ver = 3, 0, 1, 3 | Size = 172032 bytes | Created Date = 2007-09-01 07:31:40 | Attr = ] PreInstall -> %System32%\PreInstall -> [Folder | Created Date = 2007-07-23 22:47:34 | Attr = ] px.dll -> %System32%\px.dll -> Sonic Solutions [Ver = 3.6.36.500 | Size = 547576 bytes | Created Date = 2007-08-07 00:08:41 | Attr = ] pxafs.dll -> %System32%\pxafs.dll -> Sonic Solutions [Ver = 3.6.36.500 | Size = 129784 bytes | Created Date = 2007-08-07 00:08:41 | Attr = ] pxcpya64.exe -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.40a | Size = 64760 bytes | Created Date = 2007-08-07 00:08:42 | Attr = ] pxdrv.dll -> %System32%\pxdrv.dll -> Sonic Solutions [Ver = 1.02.05a | Size = 510712 bytes | Created Date = 2007-08-07 00:08:41 | Attr = ] pxhpinst.exe -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.56a | Size = 72440 bytes | Created Date = 2007-08-07 00:08:42 | Attr = ] pxinsa64.exe -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.56a | Size = 64760 bytes | Created Date = 2007-08-07 00:08:42 | Attr = ] pxmas.dll -> %System32%\pxmas.dll -> Sonic Solutions [Ver = 3.6.36.500 | Size = 187128 bytes | Created Date = 2007-08-07 00:08:41 | Attr = ] pxsfs.dll -> %System32%\pxsfs.dll -> Sonic Solutions [Ver = 3.6.36.500 | Size = 1628920 bytes | Created Date = 2007-08-07 00:08:41 | Attr = ] pxwave.dll -> %System32%\pxwave.dll -> Sonic Solutions [Ver = 3.6.36.500 | Size = 379640 bytes | Created Date = 2007-08-07 00:08:41 | Attr = ] ra3214_4.dll -> %System32%\ra3214_4.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 81920 bytes | Created Date = 2007-07-31 09:56:14 | Attr = ] ra3228_8.dll -> %System32%\ra3228_8.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 72704 bytes | Created Date = 2007-07-31 09:56:14 | Attr = ] ra32dnet.dll -> %System32%\ra32dnet.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 21504 bytes | Created Date = 2007-07-31 09:56:14 | Attr = ] ra32sipr.dll -> %System32%\ra32sipr.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 87040 bytes | Created Date = 2007-07-31 09:56:14 | Attr = ] raidmgmt.ini -> %System32%\raidmgmt.ini -> [Ver = | Size = 266 bytes | Created Date = 2007-07-23 21:28:52 | Attr = R ] ras -> %System32%\ras -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Created Date = 2007-07-23 21:29:28 | Attr = ] Restore -> %System32%\Restore -> [Folder | Created Date = 2007-07-23 21:04:35 | Attr = ] rmbe3260.dll -> %System32%\rmbe3260.dll -> RealNetworks, Inc. [Ver = 6.0.7.26 | Size = 487936 bytes | Created Date = 2007-07-31 09:56:14 | Attr = ] RTLCPAPI.dll -> %System32%\RTLCPAPI.dll -> [Ver = 1, 0, 0, 4 | Size = 156672 bytes | Created Date = 2007-07-23 21:35:53 | Attr = ] RTLCPL.EXE -> %System32%\RTLCPL.EXE -> Realtek Semiconductor Corp. [Ver = 1.0.1.45 | Size = 9324032 bytes | Created Date = 2007-07-23 21:35:49 | Attr = ] sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 2007-07-23 21:05:28 | Attr = RH ] SATA.bmp -> %System32%\SATA.bmp -> [Ver = | Size = 810056 bytes | Created Date = 2007-07-23 21:28:52 | Attr = R ] Sblist.ocx -> %System32%\Sblist.ocx -> Global Components (GlobalCom@pobox.com) [Ver = 2, 0, 0, 17 | Size = 65536 bytes | Created Date = 2007-08-26 00:30:45 | Attr = ] Setup -> %System32%\Setup -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] ShellExt -> %System32%\ShellExt -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] shiftjis.uce -> %System32%\shiftjis.uce -> [Ver = | Size = 16740 bytes | Created Date = 2007-07-23 21:03:31 | Attr = ] SoftwareDistribution -> %System32%\SoftwareDistribution -> [Folder | Created Date = 2007-07-23 22:35:44 | Attr = ] spool -> %System32%\spool -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] SpoonUninstall-dBpoweramp AAC Encoder.bmp -> %System32%\SpoonUninstall-dBpoweramp AAC Encoder.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:15:30 | Attr = ] SpoonUninstall-dBpoweramp AAC Encoder.dat -> %System32%\SpoonUninstall-dBpoweramp AAC Encoder.dat -> [Ver = | Size = 3229 bytes | Created Date = 2007-08-05 13:15:30 | Attr = ] SpoonUninstall-dBpowerAMP CD Writer.bmp -> %System32%\SpoonUninstall-dBpowerAMP CD Writer.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-07 00:26:35 | Attr = ] SpoonUninstall-dBpowerAMP CD Writer.dat -> %System32%\SpoonUninstall-dBpowerAMP CD Writer.dat -> [Ver = | Size = 13767 bytes | Created Date = 2007-08-07 00:26:35 | Attr = ] SpoonUninstall-dBpoweramp CLI Encoder.bmp -> %System32%\SpoonUninstall-dBpoweramp CLI Encoder.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:17:02 | Attr = ] SpoonUninstall-dBpoweramp CLI Encoder.dat -> %System32%\SpoonUninstall-dBpoweramp CLI Encoder.dat -> [Ver = | Size = 2983 bytes | Created Date = 2007-08-05 13:17:02 | Attr = ] SpoonUninstall-dBPowerAMP Dalet codec R2.bmp -> %System32%\SpoonUninstall-dBPowerAMP Dalet codec R2.bmp -> [Ver = | Size = 28898 bytes | Created Date = 2007-08-05 13:18:23 | Attr = ] SpoonUninstall-dBPowerAMP Dalet codec R2.dat -> %System32%\SpoonUninstall-dBPowerAMP Dalet codec R2.dat -> [Ver = | Size = 705 bytes | Created Date = 2007-08-05 13:18:23 | Attr = ] SpoonUninstall-dBpoweramp DirectShow Decoder.bmp -> %System32%\SpoonUninstall-dBpoweramp DirectShow Decoder.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:15:45 | Attr = ] SpoonUninstall-dBpoweramp DirectShow Decoder.dat -> %System32%\SpoonUninstall-dBpoweramp DirectShow Decoder.dat -> [Ver = | Size = 2703 bytes | Created Date = 2007-08-05 13:15:45 | Attr = ] SpoonUninstall-dBpoweramp DSP Effects.bmp -> %System32%\SpoonUninstall-dBpoweramp DSP Effects.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:14:32 | Attr = ] SpoonUninstall-dBpoweramp DSP Effects.dat -> %System32%\SpoonUninstall-dBpoweramp DSP Effects.dat -> [Ver = | Size = 4511 bytes | Created Date = 2007-08-05 13:14:32 | Attr = ] SpoonUninstall-dBpoweramp FLAC Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp FLAC Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:17:15 | Attr = ] SpoonUninstall-dBpoweramp FLAC Codec.dat -> %System32%\SpoonUninstall-dBpoweramp FLAC Codec.dat -> [Ver = | Size = 2951 bytes | Created Date = 2007-08-05 13:17:15 | Attr = ] SpoonUninstall-dBpoweramp m4a Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp m4a Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:18:47 | Attr = ] SpoonUninstall-dBpoweramp m4a Codec.dat -> %System32%\SpoonUninstall-dBpoweramp m4a Codec.dat -> [Ver = | Size = 3552 bytes | Created Date = 2007-08-05 13:18:47 | Attr = ] SpoonUninstall-dBpoweramp m4a Utilities.bmp -> %System32%\SpoonUninstall-dBpoweramp m4a Utilities.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:14:58 | Attr = ] SpoonUninstall-dBpoweramp m4a Utilities.dat -> %System32%\SpoonUninstall-dBpoweramp m4a Utilities.dat -> [Ver = | Size = 3175 bytes | Created Date = 2007-08-05 13:14:58 | Attr = ] SpoonUninstall-dBpoweramp Midi Decoder.bmp -> %System32%\SpoonUninstall-dBpoweramp Midi Decoder.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:18:33 | Attr = ] SpoonUninstall-dBpoweramp Midi Decoder.dat -> %System32%\SpoonUninstall-dBpoweramp Midi Decoder.dat -> [Ver = | Size = 2649 bytes | Created Date = 2007-08-05 13:18:33 | Attr = ] SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:15:59 | Attr = ] SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat -> %System32%\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat -> [Ver = | Size = 3107 bytes | Created Date = 2007-08-05 13:15:59 | Attr = ] SpoonUninstall-dBpoweramp Musepack Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp Musepack Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:17:33 | Attr = ] SpoonUninstall-dBpoweramp Musepack Codec.dat -> %System32%\SpoonUninstall-dBpoweramp Musepack Codec.dat -> [Ver = | Size = 3283 bytes | Created Date = 2007-08-05 13:17:33 | Attr = ] SpoonUninstall-dBpoweramp Music Converter.bmp -> %System32%\SpoonUninstall-dBpoweramp Music Converter.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-07 00:28:16 | Attr = ] SpoonUninstall-dBpoweramp Music Converter.dat -> %System32%\SpoonUninstall-dBpoweramp Music Converter.dat -> [Ver = | Size = 13083 bytes | Created Date = 2007-08-07 00:28:16 | Attr = ] SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:19:21 | Attr = ] SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat -> %System32%\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat -> [Ver = | Size = 3030 bytes | Created Date = 2007-08-05 13:19:21 | Attr = ] SpoonUninstall-dBpowerAMP Rename Extension.bmp -> %System32%\SpoonUninstall-dBpowerAMP Rename Extension.bmp -> [Ver = | Size = 28898 bytes | Created Date = 2007-08-07 00:24:07 | Attr = ] SpoonUninstall-dBpowerAMP Rename Extension.dat -> %System32%\SpoonUninstall-dBpowerAMP Rename Extension.dat -> [Ver = | Size = 349 bytes | Created Date = 2007-08-07 00:24:07 | Attr = ] SpoonUninstall-dBpowerAMP Tag From Filename.bmp -> %System32%\SpoonUninstall-dBpowerAMP Tag From Filename.bmp -> [Ver = | Size = 28898 bytes | Created Date = 2007-08-05 13:21:12 | Attr = ] SpoonUninstall-dBpowerAMP Tag From Filename.dat -> %System32%\SpoonUninstall-dBpowerAMP Tag From Filename.dat -> [Ver = | Size = 2077 bytes | Created Date = 2007-08-05 13:21:12 | Attr = ] SpoonUninstall-dBPowerAMP tooLame MP2 codec.bmp -> %System32%\SpoonUninstall-dBPowerAMP tooLame MP2 codec.bmp -> [Ver = | Size = 34358 bytes | Created Date = 2007-08-05 13:16:36 | Attr = ] SpoonUninstall-dBPowerAMP tooLame MP2 codec.dat -> %System32%\SpoonUninstall-dBPowerAMP tooLame MP2 codec.dat -> [Ver = | Size = 1856 bytes | Created Date = 2007-08-05 13:16:36 | Attr = ] SpoonUninstall-dBpowerAMP Update ID Tag.bmp -> %System32%\SpoonUninstall-dBpowerAMP Update ID Tag.bmp -> [Ver = | Size = 28898 bytes | Created Date = 2007-08-05 13:20:53 | Attr = ] SpoonUninstall-dBpowerAMP Update ID Tag.dat -> %System32%\SpoonUninstall-dBpowerAMP Update ID Tag.dat -> [Ver = | Size = 1863 bytes | Created Date = 2007-08-05 13:20:53 | Attr = ] SpoonUninstall-dBpoweramp WavPack Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp WavPack Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:17:48 | Attr = ] SpoonUninstall-dBpoweramp WavPack Codec.dat -> %System32%\SpoonUninstall-dBpoweramp WavPack Codec.dat -> [Ver = | Size = 3007 bytes | Created Date = 2007-08-05 13:17:48 | Attr = ] SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:16:49 | Attr = ] SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat -> %System32%\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat -> [Ver = | Size = 3365 bytes | Created Date = 2007-08-05 13:16:49 | Attr = ] SpoonUninstall-dBpoweramp [Arrange Audio] Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:15:08 | Attr = ] SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat -> %System32%\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat -> [Ver = | Size = 2765 bytes | Created Date = 2007-08-05 13:15:08 | Attr = ] SpoonUninstall-dBpoweramp [Multi Encoder] Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:16:10 | Attr = ] SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat -> %System32%\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat -> [Ver = | Size = 2961 bytes | Created Date = 2007-08-05 13:16:10 | Attr = ] SpoonUninstall-dBpoweramp [ReplayGain] Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp [ReplayGain] Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:14:43 | Attr = ] SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat -> %System32%\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat -> [Ver = | Size = 2793 bytes | Created Date = 2007-08-05 13:14:43 | Attr = ] SpoonUninstall.exe -> %System32%\SpoonUninstall.exe -> [Ver = | Size = 4131192 bytes | Created Date = 2007-08-07 00:14:30 | Attr = ] spxcoins.dll -> %System32%\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 2007-07-23 22:53:06 | Attr = ] subrange.uce -> %System32%\subrange.uce -> [Ver = | Size = 93702 bytes | Created Date = 2007-07-23 21:03:31 | Attr = ] swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ] swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ] swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ] SYNSOACC-Aide.chm -> %System32%\SYNSOACC-Aide.chm -> [Ver = | Size = 147425 bytes | Created Date = 2007-07-31 09:53:09 | Attr = ] SYNSOACC-Help.chm -> %System32%\SYNSOACC-Help.chm -> [Ver = | Size = 114279 bytes | Created Date = 2007-07-31 09:53:09 | Attr = ] SYNSOACC-Hilfe.chm -> %System32%\SYNSOACC-Hilfe.chm -> [Ver = | Size = 120468 bytes | Created Date = 2007-07-31 09:53:09 | Attr = ] SYNSOACC.dll -> %System32%\SYNSOACC.dll -> SIA Syncrosoft [Ver = 1, 7, 3, 0 | Size = 708608 bytes | Created Date = 2007-07-31 09:53:05 | Attr = ] SynsoLChk.dll -> %System32%\SynsoLChk.dll -> SIA Syncrosoft [Ver = 1, 0, 0, 1 | Size = 147456 bytes | Created Date = 2007-07-31 09:53:05 | Attr = ] Synsopos.exe -> %System32%\Synsopos.exe -> SIA Syncrosoft [Ver = 9, 9, 0, 0 | Size = 45056 bytes | Created Date = 2007-07-31 09:53:07 | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2302 bytes | Created Date = 2007-08-20 18:09:27 | Attr = ] tslabels.h -> %System32%\tslabels.h -> [Ver = | Size = 3286 bytes | Created Date = 2007-07-23 21:03:30 | Attr = ] tslabels.ini -> %System32%\tslabels.ini -> [Ver = | Size = 27768 bytes | Created Date = 2007-07-23 21:03:30 | Attr = ] unacev2.dll -> %System32%\unacev2.dll -> [Ver = | Size = 75264 bytes | Created Date = 2007-07-25 14:59:55 | Attr = ] UNRAR3.dll -> %System32%\UNRAR3.dll -> [Ver = | Size = 153088 bytes | Created Date = 2007-07-25 14:59:55 | Attr = ] URTTemp -> %System32%\URTTemp -> [Folder | Created Date = 2007-07-23 21:44:24 | Attr = ] usmt -> %System32%\usmt -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] usrlogon.cmd -> %System32%\usrlogon.cmd -> [Ver = | Size = 1263 bytes | Created Date = 2007-07-23 21:03:30 | Attr = ] vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ] vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 52662 bytes | Created Date = 2007-08-28 07:31:55 | Attr = ] vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 83696 bytes | Created Date = 2007-08-28 07:30:33 | Attr = ] vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 394192 bytes | Created Date = 2007-08-28 07:31:55 | Attr = ] vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 157424 bytes | Created Date = 2007-08-28 07:30:33 | Attr = ] vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 104176 bytes | Created Date = 2007-08-28 07:31:55 | Attr = ] vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 276208 bytes | Created Date = 2007-08-28 07:31:55 | Attr = ] vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 71408 bytes | Created Date = 2007-08-28 07:32:02 | Attr = ] vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 472816 bytes | Created Date = 2007-08-28 07:30:30 | Attr = ] vsutil_loc040c.dll -> %System32%\vsutil_loc040c.dll -> Zone Labs Inc. [Ver = 5.3.017.000 | Size = 54936 bytes | Created Date = 2007-08-28 07:32:05 | Attr = ] vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 46832 bytes | Created Date = 2007-08-28 07:31:56 | Attr = ] vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 100080 bytes | Created Date = 2007-08-28 07:31:56 | Attr = ] vxblock.dll -> %System32%\vxblock.dll -> Sonic Solutions [Ver = 1.00.74a | Size = 39672 bytes | Created Date = 2007-08-07 00:08:41 | Attr = ] wbem -> %System32%\wbem -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] WindowsLogon.manifest -> %System32%\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Created Date = 2007-07-23 21:05:33 | Attr = RH ] wins -> %System32%\wins -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] wmimgmt.msc -> %System32%\wmimgmt.msc -> [Ver = | Size = 63488 bytes | Created Date = 2007-07-23 21:03:25 | Attr = ] wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 2007-07-23 21:05:28 | Attr = RH ] xircom -> %System32%\xircom -> [Folder | Created Date = 2007-07-23 21:06:45 | Attr = ] XPSViewer -> %System32%\XPSViewer -> [Folder | Created Date = 2007-08-20 13:19:48 | Attr = ] zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 83696 bytes | Created Date = 2007-08-28 07:32:01 | Attr = ] zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 71408 bytes | Created Date = 2007-08-28 07:32:01 | Attr = ] zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Created Date = 2007-08-28 07:32:08 | Attr = H ] ZoneLabs -> %System32%\ZoneLabs -> [Folder | Created Date = 2007-08-28 07:31:55 | Attr = ] zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1087216 bytes | Created Date = 2007-08-28 07:31:56 | Attr = ] ALCXWDM.SYS -> %System32%\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5830 built by: WinDDK | Size = 2317504 bytes | Created Date = 2007-07-23 21:35:53 | Attr = ] AmdK8.sys -> %System32%\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.2.2 (dnsrv(wmbla).050120-1444) | Size = 43008 bytes | Created Date = 2007-07-23 21:36:51 | Attr = ] amon.sys -> %System32%\drivers\amon.sys -> Eset [Ver = 2, 70, 39 | Size = 512096 bytes | Created Date = 2007-08-18 09:31:14 | Attr = ] ASACPI.sys -> %System32%\drivers\ASACPI.sys -> [Ver = 1043, 2, 15, 37 | Size = 5810 bytes | Created Date = 2007-07-23 21:28:25 | Attr = R ] AsInsHelp32.sys -> %System32%\drivers\AsInsHelp32.sys -> [Ver = | Size = 3328 bytes | Created Date = 2007-08-07 23:27:28 | Attr = ] AsInsHelp64.sys -> %System32%\drivers\AsInsHelp64.sys -> [Ver = | Size = 5120 bytes | Created Date = 2007-08-07 23:27:28 | Attr = ] AsIO.sys -> %System32%\drivers\AsIO.sys -> [Ver = | Size = 4962 bytes | Created Date = 2007-08-07 23:27:31 | Attr = R ] ASLM75.SYS -> %System32%\drivers\ASLM75.SYS -> [Ver = | Size = 6272 bytes | Created Date = 2007-08-07 22:47:50 | Attr = ] ASUSHWIO.SYS -> %System32%\drivers\ASUSHWIO.SYS -> [Ver = | Size = 5824 bytes | Created Date = 2007-07-23 21:28:22 | Attr = ] ativcaxx.cpa -> %System32%\drivers\ativcaxx.cpa -> [Ver = | Size = 524850 bytes | Created Date = 2007-07-23 21:43:55 | Attr = R ] ativcaxx.vp -> %System32%\drivers\ativcaxx.vp -> [Ver = | Size = 929 bytes | Created Date = 2007-07-23 21:43:55 | Attr = R ] ativckxx.vp -> %System32%\drivers\ativckxx.vp -> [Ver = | Size = 58560 bytes | Created Date = 2007-07-23 21:43:55 | Attr = ] ativvpxx.vp -> %System32%\drivers\ativvpxx.vp -> [Ver = | Size = 21712 bytes | Created Date = 2007-07-23 21:43:55 | Attr = R ] AvgArCln.sys -> %System32%\drivers\AvgArCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 2007-07-26 23:25:07 | Attr = ] AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 2007-08-28 07:24:47 | Attr = ] cdr4_xp.sys -> %System32%\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 9336 bytes | Created Date = 2007-08-07 00:08:42 | Attr = ] cdralw2k.sys -> %System32%\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 9464 bytes | Created Date = 2007-08-07 00:08:42 | Attr = ] cledx.sys -> %System32%\drivers\cledx.sys -> Team H2O [Ver = v0.3.1411 | Size = 33792 bytes | Created Date = 2007-07-31 09:53:18 | Attr = ] disdn -> %System32%\drivers\disdn -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] etc -> %System32%\drivers\etc -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3911 | Size = 70001 bytes | Created Date = 2007-08-23 20:29:25 | Attr = ] nod32drv.sys -> %System32%\drivers\nod32drv.sys -> [Ver = | Size = 15424 bytes | Created Date = 2007-08-18 09:31:14 | Attr = ] nvata.sys -> %System32%\drivers\nvata.sys -> NVIDIA Corporation [Ver = 5.10.2600.0534 built by: WinDDK | Size = 92800 bytes | Created Date = 2007-07-23 21:30:18 | Attr = R ] NVENETFD.sys -> %System32%\drivers\NVENETFD.sys -> NVIDIA Corporation [Ver = 1.00.00.0482 | Size = 33536 bytes | Created Date = 2007-07-23 21:29:37 | Attr = R ] nvnetbus.sys -> %System32%\drivers\nvnetbus.sys -> NVIDIA Corporation [Ver = 1.00.00.0482 | Size = 12928 bytes | Created Date = 2007-07-23 21:29:36 | Attr = R ] nvnrm.sys -> %System32%\drivers\nvnrm.sys -> NVIDIA Corporation [Ver = 1.00.00.0482 | Size = 261888 bytes | Created Date = 2007-07-23 21:29:36 | Attr = R ] nvsnpu.sys -> %System32%\drivers\nvsnpu.sys -> NVIDIA Corporation [Ver = 1.00.00.0482 | Size = 208256 bytes | Created Date = 2007-07-23 21:29:36 | Attr = R ] PxHelp20.sys -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Created Date = 2007-08-07 00:08:42 | Attr = ] snapman.sys -> %System32%\drivers\snapman.sys -> Acronis [Ver = 2.1 build 222 | Size = 99776 bytes | Created Date = 2007-08-28 05:19:08 | Attr = ] synasUSB.sys -> %System32%\drivers\synasUSB.sys -> SIA Syncrosoft [Ver = 3.5.1.2 | Size = 16896 bytes | Created Date = 2007-07-31 09:53:08 | Attr = ] umdf -> %System32%\drivers\umdf -> [Folder | Created Date = 2007-08-07 00:20:47 | Attr = ] Adobe -> %AllUsersAppData%\Adobe -> [Folder | Created Date = 2007-07-28 16:34:27 | Attr = ] Ahead -> %AllUsersAppData%\Ahead -> [Folder | Created Date = 2007-08-28 05:47:14 | Attr = ] Babylon(2) -> %AllUsersAppData%\Babylon(2) -> [Folder | Created Date = 2007-08-05 13:29:06 | Attr = ] desktop.ini -> %AllUsersAppData%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 2007-07-23 22:52:58 | Attr = HS] Google -> %AllUsersAppData%\Google -> [Folder | Created Date = 2007-07-23 22:30:51 | Attr = ] Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 2007-07-25 14:31:28 | Attr = ] logs -> %AllUsersAppData%\logs -> [Folder | Created Date = 2007-07-25 15:47:47 | Attr = ] McAfee -> %AllUsersAppData%\McAfee -> [Folder | Created Date = 2007-07-26 16:56:39 | Attr = ] Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Created Date = 2007-07-23 22:52:41 | Attr = S] Nero -> %AllUsersAppData%\Nero -> [Folder | Created Date = 2007-08-28 05:45:29 | Attr = ] PT2008 -> %AllUsersAppData%\PT2008 -> [Folder | Created Date = 2007-08-28 06:05:09 | Attr = ] RoboForm -> %AllUsersAppData%\RoboForm -> [Folder | Created Date = 2007-08-30 08:50:22 | Attr = ] SiteAdvisor -> %AllUsersAppData%\SiteAdvisor -> [Folder | Created Date = 2007-07-26 16:56:39 | Attr = ] Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 2007-07-24 13:05:45 | Attr = ] TEMP -> %AllUsersAppData%\TEMP -> [Folder | Created Date = 2007-08-28 17:40:54 | Attr = ] @Alternate Data Stream - 122 bytes -> %AllUsersAppData%\TEMP:5E1F4E0B -> Webroot -> %AllUsersAppData%\Webroot -> [Folder | Created Date = 2007-07-26 14:07:18 | Attr = ] Windows Genuine Advantage -> %AllUsersAppData%\Windows Genuine Advantage -> [Folder | Created Date = 2007-07-23 22:51:54 | Attr = ] Ahead -> %UserAppData%\Ahead -> [Folder | Created Date = 2007-08-28 05:47:34 | Attr = ] ATI -> %UserAppData%\ATI -> [Folder | Created Date = 2007-07-23 21:56:31 | Attr = ] Babylon -> %UserAppData%\Babylon -> [Folder | Created Date = 2007-08-05 17:44:42 | Attr = ] desktop.ini -> %UserAppData%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 2007-07-23 21:11:55 | Attr = HS] Google -> %UserAppData%\Google -> [Folder | Created Date = 2007-07-23 22:32:58 | Attr = ] Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 2007-08-28 07:24:57 | Attr = ] gtopala -> %UserAppData%\gtopala -> [Folder | Created Date = 2007-08-06 21:07:14 | Attr = ] Help -> %UserAppData%\Help -> [Folder | Created Date = 2007-07-30 16:00:34 | Attr = ] Identities -> %UserAppData%\Identities -> [Folder | Created Date = 2007-07-23 21:12:01 | Attr = ] Jetico Personal Firewall -> %UserAppData%\Jetico Personal Firewall -> [Folder | Created Date = 2007-07-23 22:37:49 | Attr = ] Leadertech -> %UserAppData%\Leadertech -> [Folder | Created Date = 2007-08-08 00:50:04 | Attr = ] Macromedia -> %UserAppData%\Macromedia -> [Folder | Created Date = 2007-07-24 22:56:44 | Attr = ] Microsoft -> %UserAppData%\Microsoft -> [Folder | Created Date = 2007-07-23 21:11:54 | Attr = S] Mozilla -> %UserAppData%\Mozilla -> [Folder | Created Date = 2007-07-24 21:36:49 | Attr = ] SiteAdvisor -> %UserAppData%\SiteAdvisor -> [Folder | Created Date = 2007-07-26 16:56:39 | Attr = ] Steinberg -> %UserAppData%\Steinberg -> [Folder | Created Date = 2007-07-31 10:06:09 | Attr = ] Sun -> %UserAppData%\Sun -> [Folder | Created Date = 2007-07-23 22:30:06 | Attr = ] Thunderbird -> %UserAppData%\Thunderbird -> [Folder | Created Date = 2007-07-25 16:34:41 | Attr = ] tor -> %UserAppData%\tor -> [Folder | Created Date = 2007-08-25 11:56:55 | Attr = ] uTorrent -> %UserAppData%\uTorrent -> [Folder | Created Date = 2007-08-04 01:15:17 | Attr = ] Vidalia -> %UserAppData%\Vidalia -> [Folder | Created Date = 2007-08-25 11:55:48 | Attr = ] VSRevoGroup -> %UserAppData%\VSRevoGroup -> [Folder | Created Date = 2007-09-03 16:10:28 | Attr = ] Webroot -> %UserAppData%\Webroot -> [Folder | Created Date = 2007-07-26 14:06:05 | Attr = ] WinRAR -> %UserAppData%\WinRAR -> [Folder | Created Date = 2007-07-23 22:03:05 | Attr = ] Adobe -> %LocalAppData%\Adobe -> [Folder | Created Date = 2007-07-28 16:39:24 | Attr = ] Ahead -> %LocalAppData%\Ahead -> [Folder | Created Date = 2007-08-28 05:53:42 | Attr = ] ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Created Date = 2007-07-23 21:56:29 | Attr = ] ATI -> %LocalAppData%\ATI -> [Folder | Created Date = 2007-07-23 21:56:31 | Attr = ] Babylon -> %LocalAppData%\Babylon -> [Folder | Created Date = 2007-08-05 18:08:55 | Attr = ] Babylon(2) -> %LocalAppData%\Babylon(2) -> [Folder | Created Date = 2007-08-05 17:33:34 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 23040 bytes | Created Date = 2007-08-12 21:09:17 | Attr = ] fusioncache.dat -> %LocalAppData%\fusioncache.dat -> [Ver = | Size = 130 bytes | Created Date = 2007-07-23 21:56:29 | Attr = ] GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 43640 bytes | Created Date = 2007-07-23 21:12:15 | Attr = ] GHISLER -> %LocalAppData%\GHISLER -> [Folder | Created Date = 2007-08-18 10:03:12 | Attr = ] Google -> %LocalAppData%\Google -> [Folder | Created Date = 2007-07-23 22:32:58 | Attr = ] Help -> %LocalAppData%\Help -> [Folder | Created Date = 2007-07-30 16:00:34 | Attr = ] IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 1578010 bytes | Created Date = 2007-07-23 21:32:53 | Attr = H ] Microsoft -> %LocalAppData%\Microsoft -> [Folder | Created Date = 2007-07-23 21:11:54 | Attr = ] Mozilla -> %LocalAppData%\Mozilla -> [Folder | Created Date = 2007-07-24 21:36:49 | Attr = ] Thunderbird -> %LocalAppData%\Thunderbird -> [Folder | Created Date = 2007-07-25 16:34:41 | Attr = ] desktop.ini -> %AllUsersDocuments%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 2007-07-23 22:52:58 | Attr = HS] Ma musique -> %AllUsersDocuments%\Ma musique -> [Folder | Created Date = 2007-07-23 21:03:49 | Attr = R ] Mes images -> %AllUsersDocuments%\Mes images -> [Folder | Created Date = 2007-07-23 21:04:25 | Attr = R ] Mes vidéos -> %AllUsersDocuments%\Mes vidéos -> [Folder | Created Date = 2007-07-23 21:03:07 | Attr = R ] a-squared -> %UserDocuments%\a-squared -> [Folder | Created Date = 2007-07-31 09:25:52 | Attr = ] AlwaysUnloadDll.reg -> %UserDocuments%\AlwaysUnloadDll.reg -> [Ver = | Size = 125 bytes | Created Date = 2007-08-16 21:48:44 | Attr = ] cache_dns.reg -> %UserDocuments%\cache_dns.reg -> [Ver = | Size = 289 bytes | Created Date = 2007-08-16 21:39:26 | Attr = ] cc Clean avant scan complet_20070816_1527.reg -> %UserDocuments%\cc Clean avant scan complet_20070816_1527.reg -> [Ver = | Size = 2928 bytes | Created Date = 2007-08-16 14:28:05 | Attr = ] cc_20070725_0012Repar CClean.reg -> %UserDocuments%\cc_20070725_0012Repar CClean.reg -> [Ver = | Size = 64660 bytes | Created Date = 2007-07-24 23:13:03 | Attr = ] cc_20070725_1908Sup Thunder.reg -> %UserDocuments%\cc_20070725_1908Sup Thunder.reg -> [Ver = | Size = 150213 bytes | Created Date = 2007-07-25 18:08:47 | Attr = ] cc_20070831_0721.reg -> %UserDocuments%\cc_20070831_0721.reg -> [Ver = | Size = 20117 bytes | Created Date = 2007-08-31 06:22:06 | Attr = ] Conf.PT 2008 Pro -> %UserDocuments%\Conf.PT 2008 Pro -> [Folder | Created Date = 2007-08-28 06:16:06 | Attr = ] CoolWebSearch_homesearch.php.htm -> %UserDocuments%\CoolWebSearch_homesearch.php.htm -> [Ver = | Size = 41398 bytes | Created Date = 2007-08-30 05:16:26 | Attr = ] desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 79 bytes | Created Date = 2007-07-23 21:11:58 | Attr = HS] frames2.php.htm -> %UserDocuments%\frames2.php.htm -> [Ver = | Size = 16697 bytes | Created Date = 2007-08-22 16:39:07 | Attr = ] Ma musique -> %UserDocuments%\Ma musique -> [Folder | Created Date = 2007-07-23 21:11:58 | Attr = R ] Mon nom.doc -> %UserDocuments%\Mon nom.doc -> [Ver = | Size = 42496 bytes | Created Date = 2007-08-20 13:46:10 | Attr = ] Mes images -> %UserDocuments%\Mes images -> [Folder | Created Date = 2007-07-23 21:11:58 | Attr = R ] My RoboForm Data -> %UserDocuments%\My RoboForm Data -> [Folder | Created Date = 2007-08-30 08:50:03 | Attr = ] Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP.htm -> %UserDocuments%\Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP.htm -> [Ver = | Size = 15570 bytes | Created Date = 2007-08-29 04:45:23 | Attr = ] Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP_fichiers -> %UserDocuments%\Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP_fichiers -> [Folder | Created Date = 2007-08-29 04:45:23 | Attr = ] Nouveau fichier de paramètres.OPS -> %UserDocuments%\Nouveau fichier de paramètres.OPS -> [Ver = | Size = 24046 bytes | Created Date = 2007-08-05 14:39:06 | Attr = ] O&O -> %UserDocuments%\O&O -> [Folder | Created Date = 2007-08-18 10:39:38 | Attr = ] Personal Translator 2008 Professional -> %UserDocuments%\Personal Translator 2008 Professional -> [Folder | Created Date = 2007-08-28 06:09:27 | Attr = ] Proxy Lists. Sorted by type. List #1.htm -> %UserDocuments%\Proxy Lists. Sorted by type. List #1.htm -> [Ver = | Size = 13905 bytes | Created Date = 2007-08-26 18:29:44 | Attr = ] proxy.php.htm -> %UserDocuments%\proxy.php.htm -> [Ver = | Size = 700 bytes | Created Date = 2007-08-26 19:17:36 | Attr = ] sup.easy cleanReg.htm -> %UserDocuments%\sup.easy cleanReg.htm -> [Ver = | Size = 11448 bytes | Created Date = 2007-08-01 09:29:14 | Attr = ] AvRack.lnk -> %AllUsersDesktop%\AvRack.lnk -> [Ver = | Size = 1519 bytes | Created Date = 2007-07-23 21:35:57 | Attr = ] Configuration.lnk -> %AllUsersDesktop%\Configuration.lnk -> [Ver = | Size = 1535 bytes | Created Date = 2007-08-05 17:14:14 | Attr = ] Personal Translator 2008.lnk -> %AllUsersDesktop%\Personal Translator 2008.lnk -> [Ver = | Size = 962 bytes | Created Date = 2007-08-28 06:05:46 | Attr = ] The KMPlayer FR.lnk -> %AllUsersDesktop%\The KMPlayer FR.lnk -> [Ver = | Size = 665 bytes | Created Date = 2007-08-07 00:31:45 | Attr = ] Winamp.lnk -> %AllUsersDesktop%\Winamp.lnk -> [Ver = | Size = 654 bytes | Created Date = 2007-08-07 00:08:49 | Attr = ] ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 2007-07-24 16:10:15 | Attr = ] EVEREST Ultimate Edition.lnk -> %UserDesktop%\EVEREST Ultimate Edition.lnk -> [Ver = | Size = 787 bytes | Created Date = 2007-08-14 22:27:26 | Attr = ] L'Assistant Dartybox.lnk -> %UserDesktop%\L'Assistant Dartybox.lnk -> [Ver = | Size = 1698 bytes | Created Date = 2007-08-08 12:14:33 | Attr = ] Nuendo 3.lnk -> %UserDesktop%\Nuendo 3.lnk -> [Ver = | Size = 731 bytes | Created Date = 2007-07-31 10:05:50 | Attr = ] Poste de travail.lnk -> %UserDesktop%\Poste de travail.lnk -> [Ver = | Size = 104 bytes | Created Date = 2007-07-24 14:19:38 | Attr = ] Raccourci vers jv16PT.exe.lnk -> %UserDesktop%\Raccourci vers jv16PT.exe.lnk -> [Ver = | Size = 670 bytes | Created Date = 2007-08-01 11:30:42 | Attr = ] Raccourci vers NoTrace.exe.lnk -> %UserDesktop%\Raccourci vers NoTrace.exe.lnk -> [Ver = | Size = 587 bytes | Created Date = 2007-08-01 18:50:59 | Attr = ] Raccourci vers RegSeeker.exe.lnk -> %UserDesktop%\Raccourci vers RegSeeker.exe.lnk -> [Ver = | Size = 572 bytes | Created Date = 2007-08-01 10:36:29 | Attr = ] Revo Uninstaller.lnk -> %UserDesktop%\Revo Uninstaller.lnk -> [Ver = | Size = 917 bytes | Created Date = 2007-09-03 16:09:43 | Attr = ] Window Washer.lnk -> %UserDesktop%\Window Washer.lnk -> [Ver = | Size = 1596 bytes | Created Date = 2007-08-28 06:26:48 | Attr = ] µpdater.lnk -> %UserDesktop%\µpdater.lnk -> [Ver = | Size = 1001 bytes | Created Date = 2007-08-06 10:01:59 | Attr = ] Barre d'état système d'ATI CATALYST.lnk -> %AllUsersStartup%\Barre d'état système d'ATI CATALYST.lnk -> [Ver = | Size = 1851 bytes | Created Date = 2007-07-23 21:45:40 | Attr = ] desktop.ini -> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 2007-07-23 22:52:58 | Attr = HS] desktop.ini -> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 2007-07-23 21:11:54 | Attr = HS] ERUNT AutoBackup.lnk -> %UserStartup%\ERUNT AutoBackup.lnk -> [Ver = | Size = 767 bytes | Created Date = 2007-08-01 10:10:49 | Attr = ] MRU-Blaster Silent Clean.lnk -> %UserStartup%\MRU-Blaster Silent Clean.lnk -> [Ver = | Size = 683 bytes | Created Date = 2007-07-24 15:28:35 | Attr = ] TrayIt!.lnk -> %UserStartup%\TrayIt!.lnk -> [Ver = | Size = 604 bytes | Created Date = 2007-07-25 22:02:41 | Attr = ] Acronis -> %CommonProgramFiles%\Acronis -> [Folder | Created Date = 2007-08-28 05:19:03 | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Created Date = 2007-07-28 16:34:27 | Attr = ] Ahead -> %CommonProgramFiles%\Ahead -> [Folder | Created Date = 2007-08-28 05:45:29 | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Created Date = 2007-08-05 20:09:13 | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Created Date = 2007-07-23 21:28:54 | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 2007-07-23 22:30:28 | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Created Date = 2007-07-23 22:53:16 | Attr = ] MSSoap -> %CommonProgramFiles%\MSSoap -> [Folder | Created Date = 2007-07-23 21:04:47 | Attr = ] ODBC -> %CommonProgramFiles%\ODBC -> [Folder | Created Date = 2007-07-23 22:53:18 | Attr = ] Services -> %CommonProgramFiles%\Services -> [Folder | Created Date = 2007-07-23 21:04:49 | Attr = ] SpeechEngines -> %CommonProgramFiles%\SpeechEngines -> [Folder | Created Date = 2007-07-23 22:53:16 | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Created Date = 2007-07-23 21:04:26 | Attr = ] Webroot Shared -> %CommonProgramFiles%\Webroot Shared -> [Folder | Created Date = 2007-08-28 06:26:36 | Attr = ] [Files/Folders - Modified Within 60 days] AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Modified Date = 2007-07-23 22:06:32 | Attr = ] Bases -> %SystemDrive%\Bases -> [Folder | Modified Date = 2007-09-01 18:45:56 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 212 bytes | Modified Date = 2007-08-31 07:45:08 | Attr = HS] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2007-09-05 01:46:52 | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2007-09-02 14:40:12 | Attr = ] CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Modified Date = 2007-07-23 22:06:32 | Attr = ] CWShredder -> %SystemDrive%\CWShredder -> [Folder | Modified Date = 2007-09-01 07:24:38 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 2007-08-01 12:58:26 | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 2007-09-01 18:45:52 | Attr = ] HijackThis-fr -> %SystemDrive%\HijackThis-fr -> [Folder | Modified Date = 2007-08-03 07:08:46 | Attr = ] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Modified Date = 2007-07-23 22:06:32 | Attr = RHS] Kaspersky -> %SystemDrive%\Kaspersky -> [Folder | Modified Date = 2007-09-01 18:42:54 | Attr = ] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Modified Date = 2007-07-23 22:06:32 | Attr = RHS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2007-09-04 19:07:48 | Attr = R ] qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 2007-09-05 01:42:32 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 2007-07-29 16:52:38 | Attr = HS] RegProt -> %SystemDrive%\RegProt -> [Folder | Modified Date = 2007-09-05 16:56:46 | Attr = ] Rustbfix -> %SystemDrive%\Rustbfix -> [Folder | Modified Date = 2007-08-30 07:58:08 | Attr = ] SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 2007-09-02 00:20:24 | Attr = ] Smitfraudfix -> %SystemDrive%\Smitfraudfix -> [Folder | Modified Date = 2007-08-21 15:38:14 | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2007-08-31 07:43:18 | Attr = HS] totalcmd -> %SystemDrive%\totalcmd -> [Folder | Modified Date = 2007-09-02 14:21:32 | Attr = ] treeinfo.wc -> %SystemDrive%\treeinfo.wc -> [Ver = | Size = 196893 bytes | Modified Date = 2007-08-26 01:47:38 | Attr = H ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-09-05 17:43:48 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-08-20 14:13:34 | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 2007-07-24 00:10:14 | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 2007-07-24 00:10:04 | Attr = H ] $NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Modified Date = 2007-08-20 14:18:32 | Attr = H ] $NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 2007-08-20 14:25:26 | Attr = H ] $NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 2007-08-20 14:26:18 | Attr = H ] $NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Modified Date = 2007-08-20 14:26:08 | Attr = H ] $NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Modified Date = 2007-08-20 14:24:34 | Attr = H ] $NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 2007-08-20 14:25:32 | Attr = H ] $NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Modified Date = 2007-08-20 14:18:42 | Attr = H ] $NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Modified Date = 2007-08-07 01:20:42 | Attr = H ] $NtUninstallXPSEPSCLP$ -> %SystemRoot%\$NtUninstallXPSEPSCLP$ -> [Folder | Modified Date = 2007-08-20 14:24:16 | Attr = H ] addins -> %SystemRoot%\addins -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] ALCFDRTM.EXE -> %SystemRoot%\ALCFDRTM.EXE -> Realtek Semiconductor Corp. [Ver = 1.01 | Size = 60416 bytes | Modified Date = 2007-07-26 16:19:40 | Attr = ] ALCFDRTM.VER -> %SystemRoot%\ALCFDRTM.VER -> Realtek Semiconductor Corp. [Ver = 1.01 | Size = 60416 bytes | Modified Date = 2007-08-29 07:54:36 | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2007-07-23 23:51:26 | Attr = ] Ascd_tmp.ini -> %SystemRoot%\Ascd_tmp.ini -> [Ver = | Size = 5733 bytes | Modified Date = 2007-07-23 22:34:58 | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2007-08-20 18:26:48 | Attr = R S] BissHM.ini -> %SystemRoot%\BissHM.ini -> [Ver = | Size = 251 bytes | Modified Date = 2007-08-21 15:58:44 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-09-05 16:53:38 | Attr = S] catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Modified Date = 2007-07-20 00:47:24 | Attr = ] Config -> %SystemRoot%\Config -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Modified Date = 2007-07-23 22:06:32 | Attr = ] Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 2007-07-23 22:03:42 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2007-09-04 07:34:44 | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 2007-07-23 22:30:54 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2007-08-20 22:33:06 | Attr = S] Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 2007-07-23 23:51:24 | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 2007-09-05 01:59:42 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2007-08-21 15:59:38 | Attr = R S] gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 13, 12551 | Size = 585791 bytes | Modified Date = 2007-08-23 21:29:26 | Attr = ] gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 297 bytes | Modified Date = 2007-09-04 07:42:42 | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 2007-08-23 21:29:26 | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2007-09-03 18:05:24 | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 2007-07-24 00:10:26 | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 2007-07-25 13:24:42 | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 2007-07-23 22:06:46 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-09-03 18:05:24 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-09-02 14:40:12 | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 2007-09-05 19:12:02 | Attr = ] java -> %SystemRoot%\java -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 2007-07-24 00:10:30 | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 2007-08-20 18:22:00 | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1595 bytes | Modified Date = 2007-07-28 17:31:52 | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 2007-07-24 00:14:26 | Attr = ] msapps -> %SystemRoot%\msapps -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] mui -> %SystemRoot%\mui -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 2007-09-02 02:06:56 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 2007-07-24 00:09:18 | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 385 bytes | Modified Date = 2007-08-05 21:11:28 | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4205 bytes | Modified Date = 2007-07-23 22:06:16 | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Modified Date = 2007-07-23 22:05:34 | Attr = R ] pchealth -> %SystemRoot%\pchealth -> [Folder | Modified Date = 2007-08-05 21:08:48 | Attr = ] PeerNet -> %SystemRoot%\PeerNet -> [Folder | Modified Date = 2007-07-23 23:51:18 | Attr = ] pestpatrol5.INI -> %SystemRoot%\pestpatrol5.INI -> [Ver = | Size = 0 bytes | Modified Date = 2007-07-28 13:25:34 | Attr = ] PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 2007-08-14 23:47:48 | Attr = H ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2007-09-05 02:50:00 | Attr = ] Provisioning -> %SystemRoot%\Provisioning -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 2007-08-01 17:56:12 | Attr = ] RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Modified Date = 2007-07-31 10:56:38 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2007-09-05 16:54:08 | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Modified Date = 2007-07-23 22:06:46 | Attr = ] Resources -> %SystemRoot%\Resources -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] RtlRack.ini -> %SystemRoot%\RtlRack.ini -> [Ver = | Size = 169 bytes | Modified Date = 2007-08-26 19:23:10 | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 2007-09-05 01:46:00 | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 2007-08-05 21:08:48 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 2007-07-23 23:46:14 | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 2007-07-23 22:05:16 | Attr = ] SummerProperties.dll -> %SystemRoot%\SummerProperties.dll -> frozenlogic.org [Ver = 1, 2, 0, 0 | Size = 86016 bytes | Modified Date = 2007-07-25 10:21:18 | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 2007-07-23 23:42:20 | Attr = ] SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 2007-08-14 00:38:50 | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 2007-08-07 23:59:08 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2007-08-31 07:45:08 | Attr = ] system32 -> %System32% -> [Folder | Modified Date = 2007-09-05 01:45:06 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2007-09-03 21:40:32 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2007-09-05 19:10:40 | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 2007-07-23 23:50:00 | Attr = ] unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 964 bytes | Modified Date = 2007-08-21 16:08:52 | Attr = ] Unwash6.exe -> %SystemRoot%\Unwash6.exe -> Webroot Software, Inc. [Ver = 6.5.0.100 | Size = 69960 bytes | Modified Date = 2007-08-09 13:56:20 | Attr = ] vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Modified Date = 2007-07-23 22:04:00 | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Modified Date = 2007-07-23 22:04:00 | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 2007-07-24 00:10:32 | Attr = ] wcx_ftp.ini -> %SystemRoot%\wcx_ftp.ini -> [Ver = | Size = 135 bytes | Modified Date = 2007-08-25 20:46:12 | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Modified Date = 2007-08-03 14:47:32 | Attr = R ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 477 bytes | Modified Date = 2007-08-31 07:45:08 | Attr = ] wincmd.ini -> %SystemRoot%\wincmd.ini -> [Ver = | Size = 4618 bytes | Modified Date = 2007-09-05 17:45:30 | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 2007-07-23 22:05:30 | Attr = RH ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2007-08-28 07:05:00 | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 2007-07-31 10:56:34 | Attr = ] WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [Ver = | Size = 754 bytes | Modified Date = 2007-07-25 16:56:34 | Attr = ] zipinst.exe -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Modified Date = 2007-09-04 19:07:48 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-09-03 22:13:38 | Attr = H ] $winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 261 bytes | Modified Date = 2007-07-23 22:08:18 | Attr = ] 1025 -> %System32%\1025 -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] 1028 -> %System32%\1028 -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] 1031 -> %System32%\1031 -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] 1033 -> %System32%\1033 -> [Folder | Modified Date = 2007-07-23 23:49:40 | Attr = ] 1036 -> %System32%\1036 -> [Folder | Modified Date = 2007-07-23 23:50:02 | Attr = ] 1037 -> %System32%\1037 -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] 1041 -> %System32%\1041 -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] 1042 -> %System32%\1042 -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] 1054 -> %System32%\1054 -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] 2052 -> %System32%\2052 -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] 3076 -> %System32%\3076 -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] 3com_dmi -> %System32%\3com_dmi -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] acaebfcdf2_r.ocx -> %System32%\acaebfcdf2_r.ocx -> [Ver = | Size = 23 bytes | Modified Date = 2007-07-23 23:06:20 | Attr = ] amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 2007-07-23 22:06:24 | Attr = ] appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 2007-08-08 13:08:30 | Attr = ] BASSMOD.dll -> %System32%\BASSMOD.dll -> [Ver = | Size = 10752 bytes | Modified Date = 2007-08-26 18:57:34 | Attr = ] BuzzingBee.wav -> %System32%\BuzzingBee.wav -> [Ver = | Size = 146650 bytes | Modified Date = 2007-07-26 16:19:42 | Attr = ] CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 2007-09-03 21:38:54 | Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-09-05 18:05:00 | Attr = ] cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Modified Date = 2007-07-23 22:05:30 | Attr = RH ] CDWriterXP.ocx -> %System32%\CDWriterXP.ocx -> NUGROOVZ [Ver = 2, 0, 0, 1 | Size = 647168 bytes | Modified Date = 2007-08-07 01:26:36 | Attr = ] Com -> %System32%\Com -> [Folder | Modified Date = 2007-07-24 00:04:30 | Attr = ] config -> %System32%\config -> [Folder | Modified Date = 2007-09-05 01:45:26 | Attr = ] CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 3072 bytes | Modified Date = 2007-07-23 22:06:32 | Attr = ] decdnet.dll -> %System32%\decdnet.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 61952 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] dhcp -> %System32%\dhcp -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] DirectX -> %System32%\DirectX -> [Folder | Modified Date = 2007-08-28 06:45:02 | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-09-04 19:24:36 | Attr = ] drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-09-05 18:27:28 | Attr = ] emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 21892 bytes | Modified Date = 2007-07-23 22:04:08 | Attr = ] en-us -> %System32%\en-us -> [Folder | Modified Date = 2007-08-20 14:19:48 | Attr = ] encdnet.dll -> %System32%\encdnet.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 85504 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] export -> %System32%\export -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] fddccfebcf_r.dll -> %System32%\fddccfebcf_r.dll -> [Ver = | Size = 23 bytes | Modified Date = 2007-07-23 23:06:20 | Attr = HS] FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 196160 bytes | Modified Date = 2007-08-22 13:32:24 | Attr = ] fr-fr -> %System32%\fr-fr -> [Folder | Modified Date = 2007-08-20 14:24:00 | Attr = ] GroupPolicy -> %System32%\GroupPolicy -> [Folder | Modified Date = 2007-07-29 12:16:56 | Attr = H ] ias -> %System32%\ias -> [Folder | Modified Date = 2007-07-23 22:06:04 | Attr = ] icsxml -> %System32%\icsxml -> [Folder | Modified Date = 2007-07-23 23:49:54 | Attr = ] IME -> %System32%\IME -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] imon.dll -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] imon1.dat -> %System32%\imon1.dat -> [Ver = | Size = 142 bytes | Modified Date = 2007-09-05 01:45:58 | Attr = ] inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] initdebug.nfo -> %System32%\initdebug.nfo -> [Ver = | Size = 45 bytes | Modified Date = 2007-08-07 21:09:12 | Attr = ] java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Modified Date = 2007-07-12 01:22:00 | Attr = ] javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Modified Date = 2007-07-12 02:22:36 | Attr = ] javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Modified Date = 2007-07-12 01:22:04 | Attr = ] javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Modified Date = 2007-07-12 02:22:38 | Attr = ] Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 2007-07-29 21:37:36 | Attr = ] Lang -> %System32%\Lang -> [Folder | Modified Date = 2007-07-26 16:19:38 | Attr = ] logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Modified Date = 2007-07-23 22:05:34 | Attr = RH ] LoopyMusic.wav -> %System32%\LoopyMusic.wav -> [Ver = | Size = 940794 bytes | Modified Date = 2007-07-26 16:19:42 | Attr = ] Macromed -> %System32%\Macromed -> [Folder | Modified Date = 2007-07-23 22:04:46 | Attr = ] Microsoft -> %System32%\Microsoft -> [Folder | Modified Date = 2007-07-23 22:09:16 | Attr = S] MsDtc -> %System32%\MsDtc -> [Folder | Modified Date = 2007-07-23 22:03:54 | Attr = ] mui -> %System32%\mui -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 2007-07-23 22:05:30 | Attr = RH ] npp -> %System32%\npp -> [Folder | Modified Date = 2007-07-23 23:51:12 | Attr = ] nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 2007-07-23 22:06:24 | Attr = ] nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 2007-07-23 22:05:30 | Attr = RH ] oobe -> %System32%\oobe -> [Folder | Modified Date = 2007-07-23 22:05:06 | Attr = ] oodbs.lor -> %System32%\oodbs.lor -> [Ver = | Size = 14047 bytes | Modified Date = 2007-09-05 16:53:32 | Attr = ] perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 73790 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ] perfc00C.dat -> %System32%\perfc00C.dat -> [Ver = | Size = 87470 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ] perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 444648 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ] perfh00C.dat -> %System32%\perfh00C.dat -> [Ver = | Size = 513842 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 1129320 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ] pnc3250.dll -> %System32%\pnc3250.dll -> RealNetworks, Inc. [Ver = 5.0.0.113 | Size = 130560 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] pncrt.dll -> %System32%\pncrt.dll -> RealNetworks, Inc. [Ver = 4.20.0000 | Size = 273408 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] pneng50.dll -> %System32%\pneng50.dll -> RealNetworks, Inc. [Ver = 5.0.0.113 | Size = 131072 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] pngu3263.dll -> %System32%\pngu3263.dll -> RealNetworks, Inc. [Ver = 6.3.0.226 | Size = 352768 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] poweroff.exe -> %System32%\poweroff.exe -> Jorgen Bosman [Ver = 3, 0, 1, 3 | Size = 172032 bytes | Modified Date = 2007-09-01 08:00:24 | Attr = ] PreInstall -> %System32%\PreInstall -> [Folder | Modified Date = 2007-07-23 23:47:36 | Attr = ] ra3214_4.dll -> %System32%\ra3214_4.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 81920 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] ra3228_8.dll -> %System32%\ra3228_8.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 72704 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] ra32dnet.dll -> %System32%\ra32dnet.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 21504 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] ra32sipr.dll -> %System32%\ra32sipr.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 87040 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] ras -> %System32%\ras -> [Folder | Modified Date = 2007-07-23 23:49:56 | Attr = ] ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 2007-07-23 22:29:30 | Attr = ] Restore -> %System32%\Restore -> [Folder | Modified Date = 2007-08-31 07:43:18 | Attr = ] rmbe3260.dll -> %System32%\rmbe3260.dll -> RealNetworks, Inc. [Ver = 6.0.7.26 | Size = 487936 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 2007-07-23 22:05:30 | Attr = RH ] Setup -> %System32%\Setup -> [Folder | Modified Date = 2007-07-23 23:51:34 | Attr = ] ShellExt -> %System32%\ShellExt -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] SoftwareDistribution -> %System32%\SoftwareDistribution -> [Folder | Modified Date = 2007-07-23 23:35:46 | Attr = ] spool -> %System32%\spool -> [Folder | Modified Date = 2007-07-23 22:02:48 | Attr = ] SpoonUninstall-dBpoweramp AAC Encoder.bmp -> %System32%\SpoonUninstall-dBpoweramp AAC Encoder.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:16:42 | Attr = ] SpoonUninstall-dBpoweramp AAC Encoder.dat -> %System32%\SpoonUninstall-dBpoweramp AAC Encoder.dat -> [Ver = | Size = 3229 bytes | Modified Date = 2007-08-07 01:17:00 | Attr = ] SpoonUninstall-dBpowerAMP CD Writer.bmp -> %System32%\SpoonUninstall-dBpowerAMP CD Writer.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:25:54 | Attr = ] SpoonUninstall-dBpowerAMP CD Writer.dat -> %System32%\SpoonUninstall-dBpowerAMP CD Writer.dat -> [Ver = | Size = 13767 bytes | Modified Date = 2007-08-07 01:26:36 | Attr = ] SpoonUninstall-dBpoweramp CLI Encoder.bmp -> %System32%\SpoonUninstall-dBpoweramp CLI Encoder.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-05 14:16:58 | Attr = ] SpoonUninstall-dBpoweramp CLI Encoder.dat -> %System32%\SpoonUninstall-dBpoweramp CLI Encoder.dat -> [Ver = | Size = 2983 bytes | Modified Date = 2007-08-05 14:17:04 | Attr = ] SpoonUninstall-dBPowerAMP Dalet codec R2.bmp -> %System32%\SpoonUninstall-dBPowerAMP Dalet codec R2.bmp -> [Ver = | Size = 28898 bytes | Modified Date = 2007-08-07 01:21:34 | Attr = ] SpoonUninstall-dBPowerAMP Dalet codec R2.dat -> %System32%\SpoonUninstall-dBPowerAMP Dalet codec R2.dat -> [Ver = | Size = 705 bytes | Modified Date = 2007-08-07 01:22:14 | Attr = ] SpoonUninstall-dBpoweramp DirectShow Decoder.bmp -> %System32%\SpoonUninstall-dBpoweramp DirectShow Decoder.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:17:04 | Attr = ] SpoonUninstall-dBpoweramp DirectShow Decoder.dat -> %System32%\SpoonUninstall-dBpoweramp DirectShow Decoder.dat -> [Ver = | Size = 2703 bytes | Modified Date = 2007-08-07 01:17:24 | Attr = ] SpoonUninstall-dBpoweramp DSP Effects.bmp -> %System32%\SpoonUninstall-dBpoweramp DSP Effects.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:16:20 | Attr = ] SpoonUninstall-dBpoweramp DSP Effects.dat -> %System32%\SpoonUninstall-dBpoweramp DSP Effects.dat -> [Ver = | Size = 4511 bytes | Modified Date = 2007-08-07 01:16:38 | Attr = ] SpoonUninstall-dBpoweramp FLAC Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp FLAC Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:18:16 | Attr = ] SpoonUninstall-dBpoweramp FLAC Codec.dat -> %System32%\SpoonUninstall-dBpoweramp FLAC Codec.dat -> [Ver = | Size = 2951 bytes | Modified Date = 2007-08-07 01:18:36 | Attr = ] SpoonUninstall-dBpoweramp m4a Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp m4a Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:22:42 | Attr = ] SpoonUninstall-dBpoweramp m4a Codec.dat -> %System32%\SpoonUninstall-dBpoweramp m4a Codec.dat -> [Ver = | Size = 3552 bytes | Modified Date = 2007-08-07 01:23:02 | Attr = ] SpoonUninstall-dBpoweramp m4a Utilities.bmp -> %System32%\SpoonUninstall-dBpoweramp m4a Utilities.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:15:32 | Attr = ] SpoonUninstall-dBpoweramp m4a Utilities.dat -> %System32%\SpoonUninstall-dBpoweramp m4a Utilities.dat -> [Ver = | Size = 3175 bytes | Modified Date = 2007-08-07 01:15:54 | Attr = ] SpoonUninstall-dBpoweramp Midi Decoder.bmp -> %System32%\SpoonUninstall-dBpoweramp Midi Decoder.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:22:16 | Attr = ] SpoonUninstall-dBpoweramp Midi Decoder.dat -> %System32%\SpoonUninstall-dBpoweramp Midi Decoder.dat -> [Ver = | Size = 2649 bytes | Modified Date = 2007-08-07 01:22:36 | Attr = ] SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:17:30 | Attr = ] SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat -> %System32%\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat -> [Ver = | Size = 3107 bytes | Modified Date = 2007-08-07 01:17:48 | Attr = ] SpoonUninstall-dBpoweramp Musepack Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp Musepack Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:18:40 | Attr = ] SpoonUninstall-dBpoweramp Musepack Codec.dat -> %System32%\SpoonUninstall-dBpoweramp Musepack Codec.dat -> [Ver = | Size = 3283 bytes | Modified Date = 2007-08-07 01:19:00 | Attr = ] SpoonUninstall-dBpoweramp Music Converter.bmp -> %System32%\SpoonUninstall-dBpoweramp Music Converter.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:27:44 | Attr = ] SpoonUninstall-dBpoweramp Music Converter.dat -> %System32%\SpoonUninstall-dBpoweramp Music Converter.dat -> [Ver = | Size = 13083 bytes | Modified Date = 2007-08-07 01:28:18 | Attr = ] SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:23:08 | Attr = ] SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat -> %System32%\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat -> [Ver = | Size = 3030 bytes | Modified Date = 2007-08-07 01:23:26 | Attr = ] SpoonUninstall-dBpowerAMP Rename Extension.bmp -> %System32%\SpoonUninstall-dBpowerAMP Rename Extension.bmp -> [Ver = | Size = 28898 bytes | Modified Date = 2007-08-07 01:24:00 | Attr = ] SpoonUninstall-dBpowerAMP Rename Extension.dat -> %System32%\SpoonUninstall-dBpowerAMP Rename Extension.dat -> [Ver = | Size = 349 bytes | Modified Date = 2007-08-07 01:24:08 | Attr = ] SpoonUninstall-dBpowerAMP Tag From Filename.bmp -> %System32%\SpoonUninstall-dBpowerAMP Tag From Filename.bmp -> [Ver = | Size = 28898 bytes | Modified Date = 2007-08-07 01:24:20 | Attr = ] SpoonUninstall-dBpowerAMP Tag From Filename.dat -> %System32%\SpoonUninstall-dBpowerAMP Tag From Filename.dat -> [Ver = | Size = 2077 bytes | Modified Date = 2007-08-07 01:24:38 | Attr = ] SpoonUninstall-dBPowerAMP tooLame MP2 codec.bmp -> %System32%\SpoonUninstall-dBPowerAMP tooLame MP2 codec.bmp -> [Ver = | Size = 34358 bytes | Modified Date = 2007-08-05 14:16:16 | Attr = ] SpoonUninstall-dBPowerAMP tooLame MP2 codec.dat -> %System32%\SpoonUninstall-dBPowerAMP tooLame MP2 codec.dat -> [Ver = | Size = 1856 bytes | Modified Date = 2007-08-05 14:16:38 | Attr = ] SpoonUninstall-dBpowerAMP Update ID Tag.bmp -> %System32%\SpoonUninstall-dBpowerAMP Update ID Tag.bmp -> [Ver = | Size = 28898 bytes | Modified Date = 2007-08-07 01:25:20 | Attr = ] SpoonUninstall-dBpowerAMP Update ID Tag.dat -> %System32%\SpoonUninstall-dBpowerAMP Update ID Tag.dat -> [Ver = | Size = 1863 bytes | Modified Date = 2007-08-07 01:25:36 | Attr = ] SpoonUninstall-dBpoweramp WavPack Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp WavPack Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:19:04 | Attr = ] SpoonUninstall-dBpoweramp WavPack Codec.dat -> %System32%\SpoonUninstall-dBpoweramp WavPack Codec.dat -> [Ver = | Size = 3007 bytes | Modified Date = 2007-08-07 01:19:20 | Attr = ] SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:19:28 | Attr = ] SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat -> %System32%\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat -> [Ver = | Size = 3365 bytes | Modified Date = 2007-08-07 01:19:44 | Attr = ] SpoonUninstall-dBpoweramp [Arrange Audio] Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:15:58 | Attr = ] SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat -> %System32%\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat -> [Ver = | Size = 2765 bytes | Modified Date = 2007-08-07 01:16:10 | Attr = ] SpoonUninstall-dBpoweramp [Multi Encoder] Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:17:54 | Attr = ] SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat -> %System32%\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat -> [Ver = | Size = 2961 bytes | Modified Date = 2007-08-07 01:18:04 | Attr = ] SpoonUninstall-dBpoweramp [ReplayGain] Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp [ReplayGain] Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:15:12 | Attr = ] SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat -> %System32%\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat -> [Ver = | Size = 2793 bytes | Modified Date = 2007-08-07 01:15:28 | Attr = ] swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 2007-07-22 18:39:28 | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2302 bytes | Modified Date = 2007-08-31 20:58:48 | Attr = ] URTTemp -> %System32%\URTTemp -> [Folder | Modified Date = 2007-08-03 08:04:38 | Attr = ] usmt -> %System32%\usmt -> [Folder | Modified Date = 2007-07-23 23:51:30 | Attr = ] vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 52662 bytes | Modified Date = 2007-09-05 16:53:54 | Attr = ] wbem -> %System32%\wbem -> [Folder | Modified Date = 2007-08-08 12:07:24 | Attr = ] WindowsLogon.manifest -> %System32%\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Modified Date = 2007-07-23 22:05:34 | Attr = RH ] wins -> %System32%\wins -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2007-09-03 16:47:32 | Attr = ] wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 2007-07-23 22:05:30 | Attr = RH ] xircom -> %System32%\xircom -> [Folder | Modified Date = 2007-07-23 22:06:46 | Attr = ] XPSViewer -> %System32%\XPSViewer -> [Folder | Modified Date = 2007-08-20 14:19:50 | Attr = ] zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 2007-09-05 16:53:56 | Attr = H ] ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 2007-08-28 19:31:42 | Attr = ] amon.sys -> %System32%\drivers\amon.sys -> Eset [Ver = 2, 70, 39 | Size = 512096 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ] disdn -> %System32%\drivers\disdn -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] etc -> %System32%\drivers\etc -> [Folder | Modified Date = 2007-08-31 07:28:04 | Attr = ] gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3911 | Size = 70001 bytes | Modified Date = 2007-08-23 21:29:26 | Attr = ] nod32drv.sys -> %System32%\drivers\nod32drv.sys -> [Ver = | Size = 15424 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ] snapman.sys -> %System32%\drivers\snapman.sys -> Acronis [Ver = 2.1 build 222 | Size = 99776 bytes | Modified Date = 2007-08-28 06:19:10 | Attr = ] umdf -> %System32%\drivers\umdf -> [Folder | Modified Date = 2007-08-07 01:20:48 | Attr = ] Adobe -> %AllUsersAppData%\Adobe -> [Folder | Modified Date = 2007-08-14 00:14:32 | Attr = ] Ahead -> %AllUsersAppData%\Ahead -> [Folder | Modified Date = 2007-08-28 06:47:16 | Attr = ] Babylon(2) -> %AllUsersAppData%\Babylon(2) -> [Folder | Modified Date = 2007-08-05 18:44:42 | Attr = ] desktop.ini -> %AllUsersAppData%\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 2007-07-23 23:53:00 | Attr = HS] Google -> %AllUsersAppData%\Google -> [Folder | Modified Date = 2007-07-23 23:30:54 | Attr = ] Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 2007-07-25 15:31:30 | Attr = ] logs -> %AllUsersAppData%\logs -> [Folder | Modified Date = 2007-07-25 16:47:48 | Attr = ] McAfee -> %AllUsersAppData%\McAfee -> [Folder | Modified Date = 2007-07-26 17:56:40 | Attr = ] Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 2007-07-24 16:01:18 | Attr = S] Nero -> %AllUsersAppData%\Nero -> [Folder | Modified Date = 2007-08-28 06:45:30 | Attr = ] PT2008 -> %AllUsersAppData%\PT2008 -> [Folder | Modified Date = 2007-08-28 07:05:10 | Attr = ] RoboForm -> %AllUsersAppData%\RoboForm -> [Folder | Modified Date = 2007-08-30 09:50:24 | Attr = ] SiteAdvisor -> %AllUsersAppData%\SiteAdvisor -> [Folder | Modified Date = 2007-07-26 17:56:40 | Attr = ] Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 2007-09-04 07:28:54 | Attr = ] TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 2007-08-30 05:16:36 | Attr = ] @Alternate Data Stream - 122 bytes -> %AllUsersAppData%\TEMP:5E1F4E0B -> Webroot -> %AllUsersAppData%\Webroot -> [Folder | Modified Date = 2007-09-03 21:08:58 | Attr = ] Windows Genuine Advantage -> %AllUsersAppData%\Windows Genuine Advantage -> [Folder | Modified Date = 2007-07-23 23:51:56 | Attr = ] Ahead -> %UserAppData%\Ahead -> [Folder | Modified Date = 2007-08-29 07:47:04 | Attr = ] ATI -> %UserAppData%\ATI -> [Folder | Modified Date = 2007-07-23 22:56:32 | Attr = ] Babylon -> %UserAppData%\Babylon -> [Folder | Modified Date = 2007-08-13 10:47:52 | Attr = ] desktop.ini -> %UserAppData%\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 2007-07-23 23:53:00 | Attr = HS] Google -> %UserAppData%\Google -> [Folder | Modified Date = 2007-07-23 23:33:00 | Attr = ] Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 2007-08-28 08:24:58 | Attr = ] gtopala -> %UserAppData%\gtopala -> [Folder | Modified Date = 2007-08-06 22:07:16 | Attr = ] Help -> %UserAppData%\Help -> [Folder | Modified Date = 2007-07-30 17:00:36 | Attr = ] Identities -> %UserAppData%\Identities -> [Folder | Modified Date = 2007-07-23 22:12:02 | Attr = ] Jetico Personal Firewall -> %UserAppData%\Jetico Personal Firewall -> [Folder | Modified Date = 2007-07-23 23:37:50 | Attr = ] Leadertech -> %UserAppData%\Leadertech -> [Folder | Modified Date = 2007-08-08 01:50:06 | Attr = ] Macromedia -> %UserAppData%\Macromedia -> [Folder | Modified Date = 2007-07-24 23:56:46 | Attr = ] Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 2007-09-02 14:39:26 | Attr = S] Mozilla -> %UserAppData%\Mozilla -> [Folder | Modified Date = 2007-07-25 17:34:52 | Attr = ] SiteAdvisor -> %UserAppData%\SiteAdvisor -> [Folder | Modified Date = 2007-07-26 17:56:40 | Attr = ] Steinberg -> %UserAppData%\Steinberg -> [Folder | Modified Date = 2007-07-31 11:09:40 | Attr = ] Sun -> %UserAppData%\Sun -> [Folder | Modified Date = 2007-07-23 23:30:08 | Attr = ] Thunderbird -> %UserAppData%\Thunderbird -> [Folder | Modified Date = 2007-07-25 17:34:52 | Attr = ] tor -> %UserAppData%\tor -> [Folder | Modified Date = 2007-08-28 20:08:24 | Attr = ] uTorrent -> %UserAppData%\uTorrent -> [Folder | Modified Date = 2007-09-02 00:50:32 | Attr = ] Vidalia -> %UserAppData%\Vidalia -> [Folder | Modified Date = 2007-08-30 12:52:46 | Attr = ] VSRevoGroup -> %UserAppData%\VSRevoGroup -> [Folder | Modified Date = 2007-09-03 17:10:30 | Attr = ] Webroot -> %UserAppData%\Webroot -> [Folder | Modified Date = 2007-09-03 21:08:58 | Attr = ] WinRAR -> %UserAppData%\WinRAR -> [Folder | Modified Date = 2007-07-23 23:03:06 | Attr = ] Adobe -> %LocalAppData%\Adobe -> [Folder | Modified Date = 2007-08-14 00:14:20 | Attr = ] Ahead -> %LocalAppData%\Ahead -> [Folder | Modified Date = 2007-08-28 06:55:28 | Attr = ] ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 2007-09-05 17:00:04 | Attr = ] ATI -> %LocalAppData%\ATI -> [Folder | Modified Date = 2007-07-23 22:56:32 | Attr = ] Babylon -> %LocalAppData%\Babylon -> [Folder | Modified Date = 2007-08-05 19:08:56 | Attr = ] Babylon(2) -> %LocalAppData%\Babylon(2) -> [Folder | Modified Date = 2007-08-05 18:43:04 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 23040 bytes | Modified Date = 2007-08-19 21:37:16 | Attr = ] fusioncache.dat -> %LocalAppData%\fusioncache.dat -> [Ver = | Size = 130 bytes | Modified Date = 2007-07-23 22:56:30 | Attr = ] GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 43640 bytes | Modified Date = 2007-08-23 00:02:08 | Attr = ] GHISLER -> %LocalAppData%\GHISLER -> [Folder | Modified Date = 2007-08-18 11:03:14 | Attr = ] Google -> %LocalAppData%\Google -> [Folder | Modified Date = 2007-07-23 23:33:00 | Attr = ] Help -> %LocalAppData%\Help -> [Folder | Modified Date = 2007-07-30 17:00:36 | Attr = ] IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 1578010 bytes | Modified Date = 2007-08-28 07:53:36 | Attr = H ] Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 2007-09-02 00:55:14 | Attr = ] Mozilla -> %LocalAppData%\Mozilla -> [Folder | Modified Date = 2007-07-24 22:36:50 | Attr = ] Thunderbird -> %LocalAppData%\Thunderbird -> [Folder | Modified Date = 2007-07-25 17:34:58 | Attr = ] desktop.ini -> %AllUsersDocuments%\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 2007-07-23 23:53:00 | Attr = HS] Ma musique -> %AllUsersDocuments%\Ma musique -> [Folder | Modified Date = 2007-07-23 22:04:58 | Attr = R ] Mes images -> %AllUsersDocuments%\Mes images -> [Folder | Modified Date = 2007-07-23 22:04:56 | Attr = R ] Mes vidéos -> %AllUsersDocuments%\Mes vidéos -> [Folder | Modified Date = 2007-07-23 22:03:08 | Attr = R ] a-squared -> %UserDocuments%\a-squared -> [Folder | Modified Date = 2007-08-16 16:58:04 | Attr = ] AlwaysUnloadDll.reg -> %UserDocuments%\AlwaysUnloadDll.reg -> [Ver = | Size = 125 bytes | Modified Date = 2007-08-16 22:48:48 | Attr = ] cache_dns.reg -> %UserDocuments%\cache_dns.reg -> [Ver = | Size = 289 bytes | Modified Date = 2007-08-16 22:39:32 | Attr = ] cc Clean avant scan complet_20070816_1527.reg -> %UserDocuments%\cc Clean avant scan complet_20070816_1527.reg -> [Ver = | Size = 2928 bytes | Modified Date = 2007-08-16 15:28:10 | Attr = ] cc_20070725_0012Repar CClean.reg -> %UserDocuments%\cc_20070725_0012Repar CClean.reg -> [Ver = | Size = 64660 bytes | Modified Date = 2007-07-25 00:13:10 | Attr = ] cc_20070725_1908Sup Thunder.reg -> %UserDocuments%\cc_20070725_1908Sup Thunder.reg -> [Ver = | Size = 150213 bytes | Modified Date = 2007-07-25 19:08:52 | Attr = ] cc_20070831_0721.reg -> %UserDocuments%\cc_20070831_0721.reg -> [Ver = | Size = 20117 bytes | Modified Date = 2007-08-31 07:22:14 | Attr = ] Conf.PT 2008 Pro -> %UserDocuments%\Conf.PT 2008 Pro -> [Folder | Modified Date = 2007-08-28 07:16:46 | Attr = ] CoolWebSearch_homesearch.php.htm -> %UserDocuments%\CoolWebSearch_homesearch.php.htm -> [Ver = | Size = 41398 bytes | Modified Date = 2007-08-30 06:16:34 | Attr = ] desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 79 bytes | Modified Date = 2007-07-24 00:14:38 | Attr = HS] frames2.php.htm -> %UserDocuments%\frames2.php.htm -> [Ver = | Size = 16697 bytes | Modified Date = 2007-08-22 17:39:12 | Attr = ] Ma musique -> %UserDocuments%\Ma musique -> [Folder | Modified Date = 2007-07-24 00:14:38 | Attr = R ] Mon nom.doc -> %UserDocuments%\Mon nom.doc -> [Ver = | Size = 42496 bytes | Modified Date = 2007-08-20 14:46:12 | Attr = ] Mes images -> %UserDocuments%\Mes images -> [Folder | Modified Date = 2007-09-05 19:05:56 | Attr = R ] My RoboForm Data -> %UserDocuments%\My RoboForm Data -> [Folder | Modified Date = 2007-08-30 11:03:50 | Attr = ] Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP.htm -> %UserDocuments%\Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP.htm -> [Ver = | Size = 15570 bytes | Modified Date = 2007-08-29 05:45:30 | Attr = ] Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP_fichiers -> %UserDocuments%\Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP_fichiers -> [Folder | Modified Date = 2007-08-29 05:45:26 | Attr = ] Nouveau fichier de paramètres.OPS -> %UserDocuments%\Nouveau fichier de paramètres.OPS -> [Ver = | Size = 24046 bytes | Modified Date = 2007-08-05 15:39:10 | Attr = ] O&O -> %UserDocuments%\O&O -> [Folder | Modified Date = 2007-08-18 11:39:40 | Attr = ] Personal Translator 2008 Professional -> %UserDocuments%\Personal Translator 2008 Professional -> [Folder | Modified Date = 2007-08-28 07:24:12 | Attr = ] Proxy Lists. Sorted by type. List #1.htm -> %UserDocuments%\Proxy Lists. Sorted by type. List #1.htm -> [Ver = | Size = 13905 bytes | Modified Date = 2007-08-26 19:29:46 | Attr = ] proxy.php.htm -> %UserDocuments%\proxy.php.htm -> [Ver = | Size = 700 bytes | Modified Date = 2007-08-26 20:17:38 | Attr = ] sup.easy cleanReg.htm -> %UserDocuments%\sup.easy cleanReg.htm -> [Ver = | Size = 11448 bytes | Modified Date = 2007-08-01 10:29:16 | Attr = ] AvRack.lnk -> %AllUsersDesktop%\AvRack.lnk -> [Ver = | Size = 1519 bytes | Modified Date = 2007-07-23 22:35:58 | Attr = ] Configuration.lnk -> %AllUsersDesktop%\Configuration.lnk -> [Ver = | Size = 1535 bytes | Modified Date = 2007-07-23 23:23:40 | Attr = ] Personal Translator 2008.lnk -> %AllUsersDesktop%\Personal Translator 2008.lnk -> [Ver = | Size = 962 bytes | Modified Date = 2007-08-28 07:05:48 | Attr = ] The KMPlayer FR.lnk -> %AllUsersDesktop%\The KMPlayer FR.lnk -> [Ver = | Size = 665 bytes | Modified Date = 2007-08-07 01:31:46 | Attr = ] Winamp.lnk -> %AllUsersDesktop%\Winamp.lnk -> [Ver = | Size = 654 bytes | Modified Date = 2007-08-07 01:08:50 | Attr = ] ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2007-08-25 15:48:52 | Attr = ] EVEREST Ultimate Edition.lnk -> %UserDesktop%\EVEREST Ultimate Edition.lnk -> [Ver = | Size = 787 bytes | Modified Date = 2007-08-14 23:27:28 | Attr = ] L'Assistant Dartybox.lnk -> %UserDesktop%\L'Assistant Dartybox.lnk -> [Ver = | Size = 1698 bytes | Modified Date = 2007-08-08 13:14:34 | Attr = ] Nuendo 3.lnk -> %UserDesktop%\Nuendo 3.lnk -> [Ver = | Size = 731 bytes | Modified Date = 2007-07-31 10:56:38 | Attr = ] Poste de travail.lnk -> %UserDesktop%\Poste de travail.lnk -> [Ver = | Size = 104 bytes | Modified Date = 2007-07-24 15:19:40 | Attr = ] Raccourci vers jv16PT.exe.lnk -> %UserDesktop%\Raccourci vers jv16PT.exe.lnk -> [Ver = | Size = 670 bytes | Modified Date = 2007-08-01 12:30:44 | Attr = ] Raccourci vers NoTrace.exe.lnk -> %UserDesktop%\Raccourci vers NoTrace.exe.lnk -> [Ver = | Size = 587 bytes | Modified Date = 2007-08-01 19:50:56 | Attr = ] Raccourci vers RegSeeker.exe.lnk -> %UserDesktop%\Raccourci vers RegSeeker.exe.lnk -> [Ver = | Size = 572 bytes | Modified Date = 2007-08-01 11:44:18 | Attr = ] Revo Uninstaller.lnk -> %UserDesktop%\Revo Uninstaller.lnk -> [Ver = | Size = 917 bytes | Modified Date = 2007-09-03 17:09:44 | Attr = ] Window Washer.lnk -> %UserDesktop%\Window Washer.lnk -> [Ver = | Size = 1596 bytes | Modified Date = 2007-08-28 07:26:50 | Attr = ] µpdater.lnk -> %UserDesktop%\µpdater.lnk -> [Ver = | Size = 1001 bytes | Modified Date = 2007-08-06 11:02:00 | Attr = ] Barre d'état système d'ATI CATALYST.lnk -> %AllUsersStartup%\Barre d'état système d'ATI CATALYST.lnk -> [Ver = | Size = 1851 bytes | Modified Date = 2007-08-21 14:55:26 | Attr = ] desktop.ini -> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 2007-07-23 22:06:36 | Attr = HS] desktop.ini -> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 2007-07-23 22:06:36 | Attr = HS] ERUNT AutoBackup.lnk -> %UserStartup%\ERUNT AutoBackup.lnk -> [Ver = | Size = 767 bytes | Modified Date = 2007-08-01 11:10:50 | Attr = ] MRU-Blaster Silent Clean.lnk -> %UserStartup%\MRU-Blaster Silent Clean.lnk -> [Ver = | Size = 683 bytes | Modified Date = 2007-07-24 16:28:36 | Attr = ] TrayIt!.lnk -> %UserStartup%\TrayIt!.lnk -> [Ver = | Size = 604 bytes | Modified Date = 2007-08-24 13:41:14 | Attr = ] Acronis -> %CommonProgramFiles%\Acronis -> [Folder | Modified Date = 2007-08-28 06:19:08 | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 2007-08-14 00:14:34 | Attr = ] Ahead -> %CommonProgramFiles%\Ahead -> [Folder | Modified Date = 2007-08-28 06:46:44 | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Modified Date = 2007-08-05 21:09:14 | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 2007-08-05 18:20:04 | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 2007-07-23 23:30:30 | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 2007-08-05 21:10:20 | Attr = ] MSSoap -> %CommonProgramFiles%\MSSoap -> [Folder | Modified Date = 2007-07-23 22:04:48 | Attr = ] ODBC -> %CommonProgramFiles%\ODBC -> [Folder | Modified Date = 2007-07-23 23:53:20 | Attr = ] Services -> %CommonProgramFiles%\Services -> [Folder | Modified Date = 2007-07-23 22:04:52 | Attr = ] SpeechEngines -> %CommonProgramFiles%\SpeechEngines -> [Folder | Modified Date = 2007-07-23 23:53:18 | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 2007-08-05 14:32:48 | Attr = ] Webroot Shared -> %CommonProgramFiles%\Webroot Shared -> [Folder | Modified Date = 2007-08-28 07:26:46 | Attr = ] [File String Scan - Non-Microsoft Only] PTech , ad-beh , abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %SystemDrive%\rapport Nettoyage SmitFraudFix.txt -> [Ver = | Size = 9516565 bytes | Modified Date = 2007-08-22 22:33:20 | Attr = ] PTech , ad-beh , abetterinternet.com , ad-w-a-r-e.com , -> %SystemDrive%\rapport SmitFraudFix 31.08 .txt -> [Ver = | Size = 8431185 bytes | Modified Date = 2007-08-31 18:46:10 | Attr = ] UPX! , UPX0 , -> %SystemRoot%\Unwash6.exe -> Webroot Software, Inc. [Ver = 6.5.0.100 | Size = 69960 bytes | Modified Date = 2007-08-09 13:56:20 | Attr = ] UPX! , UPX0 , -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Modified Date = 2007-09-04 19:07:48 | Attr = ] WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.43 | Size = 18706432 bytes | Modified Date = 2005-04-18 13:57:58 | Attr = ] PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 2002-09-07 03:00:00 | Attr = ] USERTRUST , -> %System32%\SpoonUninstall.exe -> [Ver = | Size = 4131192 bytes | Modified Date = 2007-07-02 19:09:04 | Attr = ] UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 2007-07-22 18:39:28 | Attr = ] winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2002-09-07 03:00:00 | Attr = ] @Alternate Data Stream - 88 bytes -> %System32%\drivers\etc\tesgaz:SummaryInformation -> @Alternate Data Stream - 0 bytes -> %System32%\drivers\etc\tesgaz:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} -> PTech , ad-beh , abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\tesgaz -> [Ver = | Size = 9518036 bytes | Modified Date = 2007-08-21 22:35:06 | Attr = R ] @Alternate Data Stream - 122 bytes -> %AllUsersAppData%\TEMP:5E1F4E0B -> Call (RPC) Help , -> %UserDocuments%\CoolWebSearch_homesearch.php.htm -> [Ver = | Size = 41398 bytes | Modified Date = 2007-08-30 06:16:34 | Attr = ] Call (RPC) Help , -> %UserDocuments%\emove instruction.txt -> [Ver = | Size = 23675 bytes | Modified Date = 2007-08-30 06:45:56 | Attr = ] UPX! , UPX0 , -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2007-08-25 15:48:52 | Attr = ] < End of report > Merci par avance je signale que j'ai SafeXP et XP AntiSpy . amicalement
  6. chtilo
    Voici le scan fais avec Winpfind3u.exe après avoir lu le topic qui traite d'un problème presque similaire si quelqu'un peut me le traduire je le remercie et aussi toute les personne qui m'aide depuis le début de mon topic et ceux a venir. WinPFind3 logfile created on: 2007-09-05 19:12:40 WinPFind3U by OldTimer - Version 1.0.42 Folder = U:\Télécharger\WinPFind3u\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 7.0.5730.11) 1023.48 Mb Total Physical Memory | 549.73 Mb Available Physical Memory | 53.71% Memory free 2.40 Gb Paging File | 2.01 Gb Available in Paging File | 83.77% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 58.59 Gb Total Space | 49.46 Gb Free Space | 84.40% Space Free D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: LO-516AA449945E Current User Name: Loickos Logged in as Administrator. Current Boot Mode: Normal [Processes - Non-Microsoft Only] a2service.exe -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 2007-08-19 21:30:02 | Attr = ] ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 2005-08-04 05:02:58 | Attr = ] ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 2005-08-04 05:02:58 | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 11:25:42 | Attr = ] cledx.exe -> %ProgramFiles%\SyncroSoft\POS\H2O\cledx.exe -> Team H2O [Ver = v0.3.1412 | Size = 307200 bytes | Modified Date = 2007-12-11 04:59:40 | Attr = ] dsa.exe -> %ProgramFiles%\Privacyware\Dynamic Security Agent\DSA.exe -> Privacyware [Ver = 1, 0, 8, 8 | Size = 2347008 bytes | Modified Date = 2006-08-08 19:01:24 | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.6: 2007072518 | Size = 7644520 bytes | Modified Date = 2007-07-31 07:35:16 | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 14:31:10 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 39 | Size = 552064 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ] nod32kui.exe -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 39 | Size = 949376 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ] ooccag.exe -> %ProgramFiles%\OO Software\CleverCache\ooccag.exe -> O&O Software GmbH [Ver = 6.0.1.2851 | Size = 391952 bytes | Modified Date = 2007-01-28 15:08:26 | Attr = ] ooccctrl.exe -> %ProgramFiles%\OO Software\CleverCache\ooccctrl.exe -> O&O Software GmbH [Ver = 6.0.1.4036 | Size = 1911568 bytes | Modified Date = 2007-01-28 15:08:36 | Attr = ] oodag.exe -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 10.0.1670 | Size = 1049856 bytes | Modified Date = 2007-06-28 23:02:08 | Attr = ] pwrisovm.exe -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 7, 0, 0 | Size = 200704 bytes | Modified Date = 2007-04-09 14:23:12 | Attr = ] regprot.exe -> %SystemDrive%\RegProt\regprot.exe -> [Ver = | Size = 19614 bytes | Modified Date = 2001-09-13 06:54:22 | Attr = ] robotaskbaricon.exe -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe -> Siber Systems [Ver = 6-9-5 | Size = 160568 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ] soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.38 | Size = 77824 bytes | Modified Date = 2005-04-15 05:01:46 | Attr = ] supercopier2.exe -> %ProgramFiles%\SuperCopier2\SuperCopier2.exe -> SFX TEAM [Ver = 2.0.0.579 | Size = 1052672 bytes | Modified Date = 2006-07-07 18:45:00 | Attr = ] totalcmd.exe -> %SystemDrive%\totalcmd\TOTALCMD.EXE -> C. Ghisler & Co. [Ver = 7.01 | Size = 1071560 bytes | Modified Date = 2007-06-24 17:18:04 | Attr = ] trayit!.exe -> U:\Optimisation & Diagnostic\Tray It\TrayIt!.exe -> Igor Nys [Ver = 4, 6, 5, 5 | Size = 204800 bytes | Modified Date = 2007-07-18 15:57:00 | Attr = ] vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 2007-03-09 00:01:58 | Attr = ] washersvc.exe -> %ProgramFiles%\Webroot\Washer\WasherSvc.exe -> Webroot Software, Inc. [Ver = 6,5,0,1093 | Size = 388936 bytes | Modified Date = 2007-08-09 13:56:26 | Attr = ] winpfind3u.exe -> U:\Télécharger\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 2007-09-04 10:47:26 | Attr = ] zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 2007-03-09 00:02:00 | Attr = ] [Win32 Services - Non-Microsoft Only] (a2free) a-squared Free Service [Win32_Own | Auto | Running] -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 2007-08-19 21:30:02 | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 2005-08-04 05:02:58 | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0024 | Size = 516096 bytes | Modified Date = 2005-08-05 21:05:00 | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 14:31:10 | Attr = ] (dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 2004-08-19 23:09:52 | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2007-07-23 23:33:14 | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 10, 3, 2 | Size = 800040 bytes | Modified Date = 2007-06-29 19:16:56 | Attr = ] (NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 2,0,16,0 | Size = 279848 bytes | Modified Date = 2007-06-27 19:04:00 | Attr = ] (NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 39 | Size = 552064 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ] (O&O Defrag) O&O Defrag [Win32_Own | Auto | Running] -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 10.0.1670 | Size = 1049856 bytes | Modified Date = 2007-06-28 23:02:08 | Attr = ] (OOCleverCacheAgent) O&O CleverCache Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\OO Software\CleverCache\ooccag.exe -> O&O Software GmbH [Ver = 6.0.1.2851 | Size = 391952 bytes | Modified Date = 2007-01-28 15:08:26 | Attr = ] (PFNet) Privacyware network service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Privacyware\Dynamic Security Agent\pfsvc.exe -> PWI, Inc. [Ver = 5, 0, 8, 8 | Size = 319488 bytes | Modified Date = 2006-08-08 17:23:26 | Attr = ] (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 2007-03-09 00:01:58 | Attr = ] (wwEngineSvc) Window Washer Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Washer\WasherSvc.exe -> Webroot Software, Inc. [Ver = 6,5,0,1093 | Size = 388936 bytes | Modified Date = 2007-08-09 13:56:26 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 11:25:42 | Attr = ] ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.2.2044.224 | Size = 61440 bytes | Modified Date = 2005-08-06 01:07:30 | Attr = ] DSA -> %ProgramFiles%\Privacyware\Dynamic Security Agent\DSA.exe -> Privacyware [Ver = 1, 0, 8, 8 | Size = 2347008 bytes | Modified Date = 2006-08-08 19:01:24 | Attr = ] H2O -> %ProgramFiles%\SyncroSoft\POS\H2O\cledx.exe -> Team H2O [Ver = v0.3.1412 | Size = 307200 bytes | Modified Date = 2007-12-11 04:59:40 | Attr = ] NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 2007-03-01 15:57:24 | Attr = ] nod32kui -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 39 | Size = 949376 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ] ooccctrl.exe -> %ProgramFiles%\OO Software\CleverCache\ooccctrl.exe -> O&O Software GmbH [Ver = 6.0.1.4036 | Size = 1911568 bytes | Modified Date = 2007-01-28 15:08:36 | Attr = ] OSSelectorReinstall -> %CommonProgramFiles%\Acronis\Partition Suite\oss_reinstall.exe -> [Ver = | Size = 1281425 bytes | Modified Date = 2006-05-31 11:20:56 | Attr = ] PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 7, 0, 0 | Size = 200704 bytes | Modified Date = 2007-04-09 14:23:12 | Attr = ] RegProt -> %SystemDrive%\RegProt\regprot.exe -> [Ver = | Size = 19614 bytes | Modified Date = 2001-09-13 06:54:22 | Attr = ] SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.38 | Size = 77824 bytes | Modified Date = 2005-04-15 05:01:46 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 2007-03-09 00:02:00 | Attr = ] < RunOnce [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> MRUBlaster -> %ProgramFiles%\MRU-Blaster\indexcleaner.exe -> [Ver = 1.00.0002 | Size = 32768 bytes | Modified Date = 2003-01-05 13:20:20 | Attr = ] < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> RoboForm -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe -> Siber Systems [Ver = 6-9-5 | Size = 160568 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ] SuperCopier2.exe -> %ProgramFiles%\SuperCopier2\SuperCopier2.exe -> SFX TEAM [Ver = 2.0.0.579 | Size = 1052672 bytes | Modified Date = 2006-07-07 18:45:00 | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 2007-07-27 12:54:44 | Attr = ] < Common Startup > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage -> %AllUsersStartup%\Barre d'état système d'ATI CATALYST.lnk -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.2.2044.224 | Size = 61440 bytes | Modified Date = 2005-08-06 01:07:30 | Attr = ] < User Startup > -> C:\Documents and Settings\Loickos\Menu Démarrer\Programmes\Démarrage -> %UserStartup%\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [Ver = | Size = 36864 bytes | Modified Date = 2005-03-06 15:26:48 | Attr = ] %UserStartup%\MRU-Blaster Silent Clean.lnk -> %ProgramFiles%\MRU-Blaster\mrublaster.exe -> [Ver = 1.05.0009 | Size = 1216512 bytes | Modified Date = 2004-03-28 15:07:48 | Attr = ] %UserStartup%\TrayIt!.lnk -> U:\Optimisation & Diagnostic\Tray It\TrayIt!.exe -> Igor Nys [Ver = 4, 6, 5, 5 | Size = 204800 bytes | Modified Date = 2007-07-18 15:57:00 | Attr = ] < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 2007-05-30 14:29:58 | Attr = ] {81559C35-8464-49F7-BB0E-07A383BEF910} [HKLM] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [spywareGuard] -> [Ver = 2.02 | Size = 126976 bytes | Modified Date = 2003-08-02 23:20:58 | Attr = R ] < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 46080 bytes | Modified Date = 2005-08-04 05:04:18 | Attr = ] < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsMenu -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoFavoritesMenu -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMMyDocs -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMMyPictures -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoStartMenuMyMusic -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsHistory -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsNetHood -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMHelp -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRun -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoInstrumentation -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSimpleStartMenu -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RUN\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoFileSharing -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoPrintSharing -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\UNINSTALL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\ -> -> < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\DisableWindowsUpdate -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoWindowsUpdate -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsMenu -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoFavoritesMenu -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMMyDocs -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMMyPictures -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoStartMenuMyMusic -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsHistory -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\ClearRecentDocsOnExit -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsNetHood -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMHelp -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRun -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoUserNameInStartMenu -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoInstrumentation -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoStartMenuPinnedList -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\ForceStartMenuLogoff -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSharedDocuments -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\DISALLOWCPL\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\DISALLOWRUN\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RESTRICTCPL\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RESTRICTRUN\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RUN\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoFileSharing -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoFileSharingControl -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoPrintSharing -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\UNINSTALL\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\\DisableWindowsUpdateAccess -> 1 -> < HOSTS File > (8430625 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings > -> -> HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome -> HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: Local Page -> C:\windows\system32\blank.htm -> HKLM: Search Bar -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home -> HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKCU: Local Page -> C:\windows\system32\blank.htm -> HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome -> HKCU: ProxyEnable -> 0 -> < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> msn.com [ - ] -> -> < Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> *.update_microsoft.com [http] -> -> *.update_microsoft.com [https] -> -> www.update_microsoft.com [http] -> -> download_windowsupdate.com [http] -> -> < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {2E03C0FD-4C48-43A7-9A54-00240C70FF16} [HKLM] -> %System32%\BhoECart.dll [ECarteBleueBrowserHelper Class] -> Orbiscom Ltd. All rights reserved. [Ver = 2, 2, 1, 3, 94 | Size = 69632 bytes | Modified Date = 2003-05-14 14:41:30 | Attr = ] {4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [spywareGuardDLBLOCK.CBrowserHelper] -> [Ver = 2.02 | Size = 192512 bytes | Modified Date = 2003-08-02 23:24:02 | Attr = R ] {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 2005-05-31 01:04:00 | Attr = ] {724d43a9-0d85-11d4-9908-00400523e39a} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [Reg Data - Value does not exist] -> Siber Systems [Ver = 6-9-5 | Size = 5645104 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [sSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-07-23 23:33:12 | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 2007-07-27 12:54:44 | Attr = ] < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-07-23 23:33:12 | Attr = R ] {724d43a0-0d85-11d4-9908-00400523e39a} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-5 | Size = 5645104 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ] < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-07-23 23:33:12 | Attr = R ] WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-5 | Size = 5645104 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ] < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] {320AF880-6646-11D3-ABEE-C5DBF3571F46} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComFillForms.htm [buttonText: Remplir] -> File not found {320AF880-6646-11D3-ABEE-C5DBF3571F49} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComSavePass.htm [buttonText: Enregistrer] -> File not found {724d43aa-0d85-11d4-9908-00400523e39a} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htm [buttonText: Barre RoboForm] -> File not found {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [buttonText: Recherche] -> File not found < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Barre RoboForm -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htm -> File not found E&xporter vers Microsoft Excel -> -> File not found Enregistrer le formulaire -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComSavePass.htm -> File not found Personnaliser le menu -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htm -> File not found Remplir le formulaire -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComFillForms.htm -> File not found < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> sv1 -> -> < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {022C77D4-E660-4630-8947-94654E82A62B} -> () -> < Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> Protocol_Catalog9\Catalog_Entries0000000001 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] Protocol_Catalog9\Catalog_Entries0000000002 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] Protocol_Catalog9\Catalog_Entries0000000003 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] Protocol_Catalog9\Catalog_Entries0000000004 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] Protocol_Catalog9\Catalog_Entries0000000005 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] Protocol_Catalog9\Catalog_Entries0000000017 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] < Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> about -> 4 = Restricted sites (Not a Default Protocol) -> about: -> 4 = Restricted sites (Not a Default Protocol) -> mhtml -> 4 = Restricted sites (Not a Default Protocol) -> < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp -> Reg Data - Key not found -> File not found msdaipp -> Reg Data - Key not found -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://webscanner.kaspersky.fr/kavwebscan_unicode.cab -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> - CodeBase = http://www.update.microsoft.com/windowsupd...b?1185227167531 -> {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -> [Registry - Additional Scans - Non-Microsoft Only] < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Service de transfert intelligent en arrière-plan -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfère des données entre les clients et les serveurs en tâche de fond. Si le service BITS est désactivé, les fonctionnalités telles que Windows Update ne fonctionneront pas correctement. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> Root\LEGACY_BITS00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 197 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\135:TCP -> 135:TCP:*:Enabled:DCOM(135) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> Root\LEGACY_SHAREDACCESS00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Autorise le téléchargement et l'installation des mises à jour de Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité Mises à jour automatiques, ni accéder au site Web Windows Update. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> Root\LEGACY_WUAUSERV00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> < Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\\NoUpdateCheck -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventRun -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\Disabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventBackgroundDownload -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoUpdate -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\\DontReportInfectionInformation -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\\DWNeverUpload -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\\DWNoExternalURL -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\\DWNoFileCollection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\\DWNoSecondLevelCollection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\Common\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\Common\\DWNoExternalURL -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\Common\\DWNoFileCollection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\Common\\DWNoSecondLevelCollection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\\DWNeverUpload -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\\DWNoExternalURL -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\\DWNoFileCollection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\\DWNoSecondLevelCollection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\PCHealth\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\PCHealth\ErrorReporting\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\PCHealth\ErrorReporting\DW\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\PCHealth\ErrorReporting\DW\\DWNeverUpload -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\DisableMSI -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AlwaysInstallElevated -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Psched\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Psched\\NonBestEffortLimit -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^«0O•zI‰j HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> g°Ô‹4:?Ó¼éÜdgó” -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xÜþøÈ“ÜŠ°Ý„} -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> –; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> ½š*ÛBëØV%Mø/g -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_„ìöiÓk•j"À€ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\\ElevateNonAdmins -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\\AUOptions -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\\AutoInstallMinorUpdates -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoUpdate -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\\DisableAutoUpdate -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\\PreventCodecDownload -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\\DisableMRU -> 1 -> < Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserOptions -> 0 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\\PreventRun -> 0 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNeverUpload -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNoExternalURL -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNoFileCollection -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNoSecondLevelCollection -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Outlook\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Outlook\InstantMessaging\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Outlook\InstantMessaging\\ForceDisableIM -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\\DWNeverUpload -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\\DWNoExternalURL -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\\DWNoFileCollection -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\\DWNoSecondLevelCollection -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\\DWNeverUpload -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\\DWNoExternalURL -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\\DWNoFileCollection -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\\DWNoSecondLevelCollection -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ErrorReporting\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW\\DWNeverUpload -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\\PreventCodecDownload -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\\NoCodecDownload -> 1 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\\PreventMusicFileMetadataRetrieval -> 0 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\\PreventCDDVDMetadataRetrieval -> 0 -> < Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {083F79E4-6FE9-46FB-A6C6-4F8862742947} -> ATI HYDRAVISION -> {15095BF3-A3D7-4DDF-B193-3A496881E003} -> Microsoft .NET Framework 3.0 -> {2300EE96-0A41-4FAB-BD03-989EC44577A0} -> Partition Suite -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer -> {3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java SE Runtime Environment 6 Update 1 -> {3248F0A8-6813-11D6-A77B-00B0D0160020} -> Java 6 Update 2 -> {350C940c-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP -> {491DD792-AD81-429C-9EB4-86DD3D22E333} -> Windows Communication Foundation -> {4D3B509A-82E2-4E8B-9D90-C880A2131C73} -> Dynamic Security Agent 1.0 -> {534802E0-761E-47F4-BD27-061BC8F976AE} -> O&O SafeErase -> {53480330-E1D1-41CA-B8F8-7F78644F7F50} -> O&O Defrag Professional Edition -> {53480390-0EC4-429E-BBEE-78E19EEB03BD} -> O&O CleverCache -> {56C049BE-79E9-4502-BEA7-9754A3E60F9B} -> neroxml -> {5A710547-B58E-488B-828D-CA9A25A0533C} -> MSXML 6.0 Parser (KB927977) -> {620797B0-A022-4B57-A95E-DD7DD0321028} -> ProxyWay Extra -> {6901DD22-527A-41EF-9059-E81FEDE9E494} -> Windows Presentation Foundation Language Pack (FRA) -> {69B9A8B6-75C7-4B0C-A530-129C3C0768C8} -> Personal Translator 2008 Professional English French -> {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0 -> {7D1B85BD-AA07-48B8-808D-67A4067FC6BD} -> Windows Workflow Foundation -> {86EC42B5-346E-4BAB-948D-58E021EA4BD1} -> ATI Catalyst Control Center -> {9011040C-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003 -> {B168C59D-5FCF-4EEC-B464-BFA7A8266150} -> Windows Communication Foundation Language Pack - FRA -> {B84C141C-9A13-44BE-9A69-301D7B11D836} -> Windows Workflow Foundation FR Language Pack -> {BAF78226-3200-4DB4-BE33-4D922A799840} -> Windows Presentation Foundation -> {C151CE54-E7EA-4804-854B-F515368B0798} -> Athlon 64 Processor Driver -> {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 -> {CF097717-F174-4144-954A-FBC4BF301036} -> Nero 7 Premium -> {DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1 -> NOD32 FiX -> {DBEA1034-5882-4A88-8033-81C4EF0CFA29} -> Google Toolbar for Internet Explorer -> {E3C080B0-23F5-49AF-89F8-8E8DBC89E659} -> Microsoft .NET Framework 3.0 French Language Pack -> {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} -> Microsoft .NET Framework 2.0 Language Pack - FRA -> {F7338FA3-DAB5-49B2-900D-0AFB5760C166} -> PC Probe II -> {FB08F381-6533-4108-B7DD-039E11FBC27E} -> Realtek AC'97 Audio -> 97149975-b4b1-4d2b-b9fe-7ba413d0efeb_is1 -> SummerProperties 1.2 -> Adobe Flash Player Plugin -> Adobe Flash Player Plugin -> Adobe® Photoshop® Album Edition Découverte 3.2 -> Adobe® Photoshop® Album Edition Découverte 3.2 -> AI RoboForm -> AI RoboForm (All Users) -> All ATI Software -> ATI - Utilitaire de désinstallation du logiciel -> a-squared Free_is1 -> a-squared Free 3.0 -> AsusUpdate -> AsusUpdate -> ATI Display Driver -> ATI Display Driver -> AVGantiRootkit -> AVG Anti-Rootkit Free -> AVGAntiSpyware75 -> AVG Anti-Spyware 7.5 -> AxCrypt -> AxCrypt (Désinstaller uniquement) -> CCleaner -> CCleaner (remove only) -> dBpoweramp [Arrange Audio] Codec -> dBpoweramp [Arrange Audio] Codec -> dBpoweramp [Multi Encoder] Codec -> dBpoweramp [Multi Encoder] Codec -> dBpoweramp [ReplayGain] Codec -> dBpoweramp [ReplayGain] Codec -> dBpoweramp AAC Encoder -> dBpoweramp AAC Encoder -> dBpowerAMP CD Writer -> dBpowerAMP CD Writer -> dBPowerAMP Dalet codec R2 -> dBPowerAMP Dalet codec R2 -> dBpoweramp DirectShow Decoder -> dBpoweramp DirectShow Decoder -> dBpoweramp DSP Effects -> dBpoweramp DSP Effects -> dBpoweramp FLAC Codec -> dBpoweramp FLAC Codec -> dBpoweramp m4a Codec -> dBpoweramp m4a Codec -> dBpoweramp m4a Utilities -> dBpoweramp m4a Utilities -> dBpoweramp Midi Decoder -> dBpoweramp Midi Decoder -> dBpoweramp Monkeys Audio Codec -> dBpoweramp Monkeys Audio Codec -> dBpoweramp Musepack Codec -> dBpoweramp Musepack Codec -> dBpoweramp Music Converter -> dBpoweramp Music Converter -> dBpoweramp Ogg Vorbis Codec -> dBpoweramp Ogg Vorbis Codec -> dBpowerAMP Rename Extension -> dBpowerAMP Rename Extension -> dBpowerAMP Tag From Filename -> dBpowerAMP Tag From Filename -> dBpowerAMP Update ID Tag -> dBpowerAMP Update ID Tag -> dBpoweramp WavPack Codec -> dBpoweramp WavPack Codec -> dBpoweramp Windows Media Audio 10 Codec -> dBpoweramp Windows Media Audio 10 Codec -> DFX for Winamp -> DFX 8 for Winamp -> e-Carte Bleue Banque Populaire -> e-Carte Bleue Banque Populaire -> ERUNT_is1 -> ERUNT 1.1h -> EVEREST Ultimate Edition_is1 -> EVEREST Ultimate Edition v4.00 -> Foxit Reader -> Foxit Reader -> HijackThis -> HijackThis 1.99.1 -> Hijackthis Version Française_is1 -> Hijackthis Version Française -> IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs -> ie7 -> Windows Internet Explorer 7 -> InstallShield_{69B9A8B6-75C7-4B0C-A530-129C3C0768C8} -> Personal Translator 2008 Professional English French -> iZotope Ozone 1.0 for Winamp2 and Winamp3_is1 -> iZotope Ozone 1.0 for Winamp2 and Winamp3 -> jv16 PowerTools_is1 -> jv16 PowerTools 2007 -> Kaspersky Online Scanner -> Kaspersky Online Scanner -> KB892130 -> Windows Genuine Advantage Validation Tool (KB892130) -> KB920342 -> Mise à jour pour Windows XP (KB920342) -> KB921503 -> Mise à jour de sécurité pour Windows XP (KB921503) -> KB923789 -> Mise à jour de sécurité pour Windows XP (KB923789) -> KB929969 -> Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) -> KB933566-IE7 -> Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) -> KB936021 -> Mise à jour de sécurité pour Windows XP (KB936021) -> KB936782_WMP9 -> Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782) -> KB937143-IE7 -> Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) -> KB938127-IE7 -> Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) -> KB938828 -> Mise à jour pour Windows XP (KB938828) -> KB938829 -> Mise à jour de sécurité pour Windows XP (KB938829) -> L'Assistant DartyBox -> L'Assistant DartyBox -> Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 Language Pack - FRA -> Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA -> Microsoft .NET Framework 3.0 -> Microsoft .NET Framework 3.0 -> Microsoft .NET Framework 3.0 French Language Pack -> Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0 -> MRU-Blaster_is1 -> MRU-Blaster v1.5 (Database 3/28/2004) -> NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs -> NOD32 -> NOD32 Antivirus System -> NTREGOPT_is1 -> NTREGOPT 1.1h -> NVIDIA Drivers -> NVIDIA Drivers -> PowerISO -> PowerISO -> Privoxy -> Privoxy 3.0.6 -> Random Password Generator-PRO -> Random Password Generator-PRO -> RegScanner -> RegScanner -> Revo Uninstaller -> Revo Uninstaller 1.34 -> ShockwaveFlash -> Adobe Flash Player 9 ActiveX -> SpeedFan -> SpeedFan (remove only) -> Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.4 -> SpywareBlaster_is1 -> SpywareBlaster v3.5.1 -> SpywareGuard_is1 -> SpywareGuard v2.2 -> Steinberg Nuendo v3.2.0.1128 -> Steinberg Nuendo v3.2.0.1128 -> SuperCopier2 -> SuperCopier2 -> SyncroSoft Emu -> SyncroSoft Emu (Remove only) -> Syncrosoft's License Control -> Le Centre de Contrôle de Licences de Syncrosoft -> The KMPlayer FR_is1 -> The KMPlayer v2.9.3.1340 FR -> Tor -> Tor 0.1.2.16 -> Totalcmd -> Total Commander (Remove or Repair) -> Uninstall -> Uninstall -> Vidalia -> Vidalia 0.0.13 -> WGA -> Windows Genuine Advantage Validation Tool (KB892130) -> WIC -> Windows Imaging Component -> Winamp -> Winamp (remove only) -> Window Washer -> Window Washer -> Windows Media Format Runtime -> Windows Media Format 11 runtime -> WinRAR archiver -> Archiveur WinRAR -> WMFDist11 -> Windows Media Format 11 runtime -> xp-AntiSpy -> xp-AntiSpy 3.96-5 -> XpsEPSC -> XML Paper Specification Shared Components Pack 1.0 -> XPSEPSCLP -> XML Paper Specification Shared Components Language Pack 1.0 -> ZoneAlarm Pro -> ZoneAlarm Pro -> [Files/Folders - Created Within 60 days] AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Created Date = 2007-07-23 21:06:30 | Attr = ] Bases -> %SystemDrive%\Bases -> [Folder | Created Date = 2007-09-01 17:43:59 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 212 bytes | Created Date = 2007-07-23 22:51:41 | Attr = HS] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2007-09-05 00:41:15 | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 2007-08-05 17:30:24 | Attr = ] CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Created Date = 2007-07-23 21:06:30 | Attr = ] CWShredder -> %SystemDrive%\CWShredder -> [Folder | Created Date = 2007-08-20 20:58:05 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 2007-07-23 22:52:26 | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Created Date = 2007-09-01 17:43:59 | Attr = ] HijackThis-fr -> %SystemDrive%\HijackThis-fr -> [Folder | Created Date = 2007-08-03 06:06:39 | Attr = ] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 2007-07-23 21:06:30 | Attr = RHS] Kaspersky -> %SystemDrive%\Kaspersky -> [Folder | Created Date = 2007-09-01 17:42:46 | Attr = ] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 2007-07-23 21:06:30 | Attr = RHS] Program Files -> %ProgramFiles% -> [Folder | Created Date = 2007-07-23 22:53:16 | Attr = R ] qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 2007-09-05 00:41:59 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 2007-07-23 22:08:27 | Attr = HS] RegProt -> %SystemDrive%\RegProt -> [Folder | Created Date = 2007-08-30 08:11:48 | Attr = ] Rustbfix -> %SystemDrive%\Rustbfix -> [Folder | Created Date = 2007-08-23 15:17:03 | Attr = ] SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 2007-09-05 01:09:46 | Attr = ] Smitfraudfix -> %SystemDrive%\Smitfraudfix -> [Folder | Created Date = 2007-08-20 18:05:18 | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 1782-11-30 03:04:26 | Attr = HS] totalcmd -> %SystemDrive%\totalcmd -> [Folder | Created Date = 2007-08-18 09:50:23 | Attr = ] treeinfo.wc -> %SystemDrive%\treeinfo.wc -> [Ver = | Size = 196893 bytes | Created Date = 2007-08-19 20:15:51 | Attr = H ] WINDOWS -> %SystemRoot% -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Created Date = 2007-07-23 22:47:32 | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 2007-07-23 23:10:12 | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 2007-07-23 23:10:02 | Attr = H ] $NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Created Date = 2007-08-20 13:18:29 | Attr = H ] $NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 2007-08-20 13:25:25 | Attr = H ] $NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 2007-08-20 13:26:16 | Attr = H ] $NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Created Date = 2007-08-20 13:26:06 | Attr = H ] $NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 2007-08-20 13:24:32 | Attr = H ] $NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 2007-08-20 13:25:31 | Attr = H ] $NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Created Date = 2007-08-20 13:18:41 | Attr = H ] $NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Created Date = 2007-08-07 00:20:39 | Attr = H ] $NtUninstallXPSEPSCLP$ -> %SystemRoot%\$NtUninstallXPSEPSCLP$ -> [Folder | Created Date = 2007-08-20 13:24:14 | Attr = H ] addins -> %SystemRoot%\addins -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] ALCFDRTM.EXE -> %SystemRoot%\ALCFDRTM.EXE -> Realtek Semiconductor Corp. [Ver = 1.01 | Size = 60416 bytes | Created Date = 2007-07-26 15:19:39 | Attr = ] ALCFDRTM.VER -> %SystemRoot%\ALCFDRTM.VER -> Realtek Semiconductor Corp. [Ver = 1.01 | Size = 60416 bytes | Created Date = 2007-07-26 15:19:39 | Attr = ] alcrmv.exe -> %SystemRoot%\alcrmv.exe -> Realtek Semiconductor Corp. [Ver = 1, 9, 0, 1 | Size = 200704 bytes | Created Date = 2007-07-23 21:35:43 | Attr = ] alcupd.exe -> %SystemRoot%\alcupd.exe -> Realtek Semiconductor Corp. [Ver = 2, 0, 0, 1 | Size = 294912 bytes | Created Date = 2007-07-23 21:35:43 | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] ARJ.PIF -> %SystemRoot%\ARJ.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] Ascd_tmp.ini -> %SystemRoot%\Ascd_tmp.ini -> [Ver = | Size = 5733 bytes | Created Date = 2007-07-23 21:28:23 | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Created Date = 2007-07-23 21:44:24 | Attr = R S] avrack.ini -> %SystemRoot%\avrack.ini -> [Ver = | Size = 164 bytes | Created Date = 2007-07-23 21:35:55 | Attr = ] BissHM.ini -> %SystemRoot%\BissHM.ini -> [Ver = | Size = 251 bytes | Created Date = 2007-07-26 18:28:24 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Created Date = 2007-07-23 21:08:16 | Attr = S] Bulles de savon.bmp -> %SystemRoot%\Bulles de savon.bmp -> [Ver = | Size = 65978 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Created Date = 2007-09-05 00:41:26 | Attr = ] CMDLIC.DLL -> %SystemRoot%\CMDLIC.DLL -> COMODO [Ver = 1.0.1.2 | Size = 208896 bytes | Created Date = 2007-08-03 06:34:25 | Attr = ] Config -> %SystemRoot%\Config -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Created Date = 2007-07-23 21:06:30 | Attr = ] Cursors -> %SystemRoot%\Cursors -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] desktop.ini -> %SystemRoot%\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 2007-07-23 21:04:55 | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 2007-07-23 21:30:52 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 2007-07-23 21:05:33 | Attr = S] Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] ehome -> %SystemRoot%\ehome -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2007-09-05 00:42:28 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = R S] gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 13, 12551 | Size = 585791 bytes | Created Date = 2007-08-23 20:29:25 | Attr = ] gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 13, 12551 | Size = 581632 bytes | Created Date = 2007-08-23 20:29:25 | Attr = ] gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 297 bytes | Created Date = 2007-08-23 20:29:26 | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 2007-08-23 20:29:25 | Attr = ] Granit vert.bmp -> %SystemRoot%\Granit vert.bmp -> [Ver = | Size = 26582 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 2007-07-23 23:10:20 | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 2007-07-25 12:24:40 | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Created Date = 2007-07-23 22:53:19 | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Created Date = 2007-08-28 07:30:34 | Attr = ] IsUninst.exe -> %SystemRoot%\IsUninst.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Created Date = 2007-07-23 21:38:25 | Attr = ] java -> %SystemRoot%\java -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] Jour de pêche.bmp -> %SystemRoot%\Jour de pêche.bmp -> [Ver = | Size = 17336 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] LHA.PIF -> %SystemRoot%\LHA.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Created Date = 2007-07-23 21:44:24 | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1595 bytes | Created Date = 2007-07-24 22:47:08 | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] msapps -> %SystemRoot%\msapps -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] mui -> %SystemRoot%\mui -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] Mur de Santa Fe.bmp -> %SystemRoot%\Mur de Santa Fe.bmp -> [Ver = | Size = 65832 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Created Date = 2007-08-29 06:44:19 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 2007-07-23 23:09:17 | Attr = ] nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2007-09-05 00:41:26 | Attr = ] NOCLOSE.PIF -> %SystemRoot%\NOCLOSE.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 385 bytes | Created Date = 2007-08-05 20:11:26 | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4205 bytes | Created Date = 2007-07-23 22:53:18 | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Created Date = 2007-07-23 21:05:33 | Attr = R ] pchealth -> %SystemRoot%\pchealth -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] PeerNet -> %SystemRoot%\PeerNet -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] pestpatrol5.INI -> %SystemRoot%\pestpatrol5.INI -> [Ver = | Size = 0 bytes | Created Date = 2007-07-28 12:25:33 | Attr = ] PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 2007-08-14 22:47:46 | Attr = H ] PKUNZIP.PIF -> %SystemRoot%\PKUNZIP.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] PKZIP.PIF -> %SystemRoot%\PKZIP.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] Plume.bmp -> %SystemRoot%\Plume.bmp -> [Ver = | Size = 16730 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 2007-07-23 21:09:14 | Attr = ] Provisioning -> %SystemRoot%\Provisioning -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 2007-08-01 16:55:31 | Attr = ] RAR.PIF -> %SystemRoot%\RAR.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Created Date = 2007-07-31 09:56:21 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Created Date = 2007-07-23 21:03:54 | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] Resources -> %SystemRoot%\Resources -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp -> [Ver = | Size = 17362 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] Rivière Sumida.bmp -> %SystemRoot%\Rivière Sumida.bmp -> [Ver = | Size = 26680 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] Rosace bleue 16.bmp -> %SystemRoot%\Rosace bleue 16.bmp -> [Ver = | Size = 1272 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] RtlExUpd.dll -> %SystemRoot%\RtlExUpd.dll -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 1 | Size = 192512 bytes | Created Date = 2007-07-23 21:35:37 | Attr = ] RtlRack.ini -> %SystemRoot%\RtlRack.ini -> [Ver = | Size = 169 bytes | Created Date = 2007-07-27 23:52:54 | Attr = ] security -> %SystemRoot%\security -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Created Date = 2007-08-05 13:32:43 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 2007-07-23 21:09:15 | Attr = ] SOUNDMAN.EXE -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.38 | Size = 77824 bytes | Created Date = 2007-07-23 21:35:53 | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Created Date = 2007-07-23 21:04:45 | Attr = ] SummerProperties.dll -> %SystemRoot%\SummerProperties.dll -> frozenlogic.org [Ver = 1, 2, 0, 0 | Size = 86016 bytes | Created Date = 2007-07-25 09:21:17 | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 2007-07-23 22:42:19 | Attr = ] SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Created Date = 2007-08-08 12:08:29 | Attr = ] system -> %SystemRoot%\system -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] system32 -> %System32% -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Created Date = 2007-07-23 21:04:48 | Attr = S] Tasse à café.bmp -> %SystemRoot%\Tasse à café.bmp -> [Ver = | Size = 17062 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] UC.PIF -> %SystemRoot%\UC.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] UNBOC.EXE -> %SystemRoot%\UNBOC.EXE -> COMODO [Ver = 4.24.001 | Size = 241904 bytes | Created Date = 2007-08-03 06:34:26 | Attr = ] unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 964 bytes | Created Date = 2007-08-21 15:08:50 | Attr = ] uninst.exe -> %SystemRoot%\uninst.exe -> InstallShield Corporation, Inc. [Ver = 2.20.924.0 | Size = 299520 bytes | Created Date = 2007-08-07 22:47:40 | Attr = ] Unwash6.exe -> %SystemRoot%\Unwash6.exe -> Webroot Software, Inc. [Ver = 6.5.0.100 | Size = 69960 bytes | Created Date = 2007-08-28 06:26:21 | Attr = ] vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Created Date = 2007-07-23 21:03:58 | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Created Date = 2007-07-23 21:03:58 | Attr = ] Vent de prairie.bmp -> %SystemRoot%\Vent de prairie.bmp -> [Ver = | Size = 65954 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 2007-07-23 23:10:30 | Attr = ] wcx_ftp.ini -> %SystemRoot%\wcx_ftp.ini -> [Ver = | Size = 135 bytes | Created Date = 2007-08-18 10:03:52 | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = R ] wincmd.ini -> %SystemRoot%\wincmd.ini -> [Ver = | Size = 4618 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Created Date = 2007-07-23 21:05:28 | Attr = RH ] winnt.bmp -> %SystemRoot%\winnt.bmp -> [Ver = | Size = 49102 bytes | Created Date = 2007-07-23 21:04:55 | Attr = HS] winnt256.bmp -> %SystemRoot%\winnt256.bmp -> [Ver = | Size = 49102 bytes | Created Date = 2007-07-23 21:04:55 | Attr = HS] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Created Date = 2007-07-23 21:06:21 | Attr = ] WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [Ver = | Size = 754 bytes | Created Date = 2007-07-25 15:21:41 | Attr = ] Zapotec.bmp -> %SystemRoot%\Zapotec.bmp -> [Ver = | Size = 9522 bytes | Created Date = 2007-07-23 21:03:32 | Attr = ] zipinst.exe -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Created Date = 2007-09-04 18:07:47 | Attr = ] desktop.ini -> %SystemRoot%\tasks\desktop.ini -> [Ver = | Size = 65 bytes | Created Date = 2007-07-23 21:04:48 | Attr = RH ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Created Date = 2007-07-23 21:09:14 | Attr = H ] $winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 261 bytes | Created Date = 2007-07-23 22:51:38 | Attr = ] 1025 -> %System32%\1025 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 1028 -> %System32%\1028 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 1031 -> %System32%\1031 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 1033 -> %System32%\1033 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 1036 -> %System32%\1036 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 1037 -> %System32%\1037 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 1041 -> %System32%\1041 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 1042 -> %System32%\1042 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 1054 -> %System32%\1054 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 2052 -> %System32%\2052 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 3076 -> %System32%\3076 -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] 3com_dmi -> %System32%\3com_dmi -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] acaebfcdf2_r.ocx -> %System32%\acaebfcdf2_r.ocx -> [Ver = | Size = 23 bytes | Created Date = 2007-07-23 22:06:19 | Attr = ] ALSNDMGR.CPL -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.43 | Size = 18706432 bytes | Created Date = 2007-07-23 21:35:43 | Attr = ] ALSNDMGR.WAV -> %System32%\ALSNDMGR.WAV -> [Ver = | Size = 141016 bytes | Created Date = 2007-07-23 21:35:49 | Attr = ] amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Created Date = 2007-07-23 21:06:22 | Attr = ] appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 2007-08-08 12:08:29 | Attr = ] AsIO.dll -> %System32%\AsIO.dll -> [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Created Date = 2007-08-07 23:27:31 | Attr = R ] ati2sgag.exe -> %System32%\ati2sgag.exe -> [Ver = 5.13.0024 | Size = 516096 bytes | Created Date = 2007-07-23 21:44:00 | Attr = ] atifglpf.xml -> %System32%\atifglpf.xml -> [Ver = | Size = 5496 bytes | Created Date = 2007-07-23 21:43:56 | Attr = R ] atiicdxx.dat -> %System32%\atiicdxx.dat -> [Ver = | Size = 95617 bytes | Created Date = 2007-07-23 21:43:56 | Attr = R ] atiiiexx.dll -> %System32%\atiiiexx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4004 | Size = 307200 bytes | Created Date = 2007-07-23 21:43:58 | Attr = R ] AUTOEXEC.NT -> %System32%\AUTOEXEC.NT -> [Ver = | Size = 1896 bytes | Created Date = 2007-07-23 22:53:05 | Attr = ] BASSMOD.dll -> %System32%\BASSMOD.dll -> [Ver = | Size = 10752 bytes | Created Date = 2007-07-31 09:37:06 | Attr = ] bdco1.dll -> %System32%\bdco1.dll -> NVIDIA Corporation [Ver = 1.0 | Size = 9728 bytes | Created Date = 2007-07-23 21:29:36 | Attr = R ] bdco1ins.dll -> %System32%\bdco1ins.dll -> NVIDIA Corporation [Ver = 1.0 | Size = 9728 bytes | Created Date = 2007-07-23 21:29:36 | Attr = R ] bopomofo.uce -> %System32%\bopomofo.uce -> [Ver = | Size = 22984 bytes | Created Date = 2007-07-23 21:03:31 | Attr = ] BuzzingBee.wav -> %System32%\BuzzingBee.wav -> [Ver = | Size = 146650 bytes | Created Date = 2007-07-26 15:19:41 | Attr = ] CapabilityTable.exe -> %System32%\CapabilityTable.exe -> NVIDIA Corporation [Ver = 2, 2, 1, 464 | Size = 454656 bytes | Created Date = 2007-07-23 21:30:27 | Attr = ] CatRoot -> %System32%\CatRoot -> [Folder | Created Date = 2007-07-23 22:52:46 | Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Created Date = 2007-07-23 22:52:46 | Attr = ] cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Created Date = 2007-07-23 21:05:28 | Attr = RH ] CDWriterXP.ocx -> %System32%\CDWriterXP.ocx -> NUGROOVZ [Ver = 2, 0, 0, 1 | Size = 647168 bytes | Created Date = 2007-08-07 00:26:34 | Attr = ] ChCfg.exe -> %System32%\ChCfg.exe -> [Ver = | Size = 40960 bytes | Created Date = 2007-07-23 21:35:53 | Attr = ] Com -> %System32%\Com -> [Folder | Created Date = 2007-07-23 21:03:15 | Attr = ] config -> %System32%\config -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 3072 bytes | Created Date = 2007-07-23 21:06:30 | Attr = ] c_10006.nls -> %System32%\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:11 | Attr = ] c_10007.nls -> %System32%\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:12 | Attr = ] c_10010.nls -> %System32%\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:08 | Attr = ] c_10017.nls -> %System32%\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:12 | Attr = ] c_10029.nls -> %System32%\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:08 | Attr = ] c_10081.nls -> %System32%\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:13 | Attr = ] c_10082.nls -> %System32%\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:08 | Attr = ] c_20127.nls -> %System32%\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:07 | Attr = ] C_28594.NLS -> %System32%\C_28594.NLS -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:10 | Attr = ] C_28595.NLS -> %System32%\C_28595.NLS -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:12 | Attr = ] C_28597.NLS -> %System32%\C_28597.NLS -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:11 | Attr = ] c_28599.nls -> %System32%\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:13 | Attr = ] c_28603.nls -> %System32%\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:14 | Attr = ] c_737.nls -> %System32%\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 2007-07-23 22:53:11 | Attr = ] c_852.nls -> %System32%\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 2007-07-23 22:53:08 | Attr = ] c_855.nls -> %System32%\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 2007-07-23 22:53:10 | Attr = ] c_857.nls -> %System32%\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 2007-07-23 22:53:13 | Attr = ] c_866.nls -> %System32%\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 2007-07-23 22:53:10 | Attr = ] c_869.nls -> %System32%\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 2007-07-23 22:53:11 | Attr = ] c_875.nls -> %System32%\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 2007-07-23 22:53:11 | Attr = ] decdnet.dll -> %System32%\decdnet.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 61952 bytes | Created Date = 2007-07-31 09:56:13 | Attr = ] desktop.ini -> %System32%\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 2007-07-23 21:04:55 | Attr = ] dgrpsetu.dll -> %System32%\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 2007-07-23 22:53:07 | Attr = ] dgsetup.dll -> %System32%\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 86044 bytes | Created Date = 2007-07-23 22:53:07 | Attr = ] dhcp -> %System32%\dhcp -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] DirectX -> %System32%\DirectX -> [Folder | Created Date = 2007-07-23 21:05:10 | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] drivers -> %System32%\drivers -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 21892 bytes | Created Date = 2007-07-23 21:04:07 | Attr = ] en-us -> %System32%\en-us -> [Folder | Created Date = 2007-08-20 13:19:46 | Attr = ] encdnet.dll -> %System32%\encdnet.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 85504 bytes | Created Date = 2007-07-31 09:56:13 | Attr = ] EqnClass.Dll -> %System32%\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 2007-07-23 22:53:06 | Attr = ] export -> %System32%\export -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] fdco1.dll -> %System32%\fdco1.dll -> NVIDIA Corporation [Ver = 1.0 | Size = 201728 bytes | Created Date = 2007-07-23 21:29:37 | Attr = R ] fdco1ins.dll -> %System32%\fdco1ins.dll -> NVIDIA Corporation [Ver = 1.0 | Size = 201728 bytes | Created Date = 2007-07-23 21:29:37 | Attr = R ] fddccfebcf_r.dll -> %System32%\fddccfebcf_r.dll -> [Ver = | Size = 23 bytes | Created Date = 2007-07-23 22:06:19 | Attr = HS] FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 196160 bytes | Created Date = 2007-07-23 22:52:25 | Attr = ] fr-fr -> %System32%\fr-fr -> [Folder | Created Date = 2007-07-23 23:10:30 | Attr = ] gb2312.uce -> %System32%\gb2312.uce -> [Ver = | Size = 24006 bytes | Created Date = 2007-07-23 21:03:31 | Attr = ] GroupPolicy -> %System32%\GroupPolicy -> [Folder | Created Date = 2007-07-28 21:20:11 | Attr = H ] hticons.dll -> %System32%\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 2007-07-23 21:03:36 | Attr = ] hypertrm.dll -> %System32%\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2563 | Size = 354304 bytes | Created Date = 2007-07-23 21:03:18 | Attr = ] ias -> %System32%\ias -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] icsxml -> %System32%\icsxml -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] idecoi.dll -> %System32%\idecoi.dll -> NVIDIA Corporation [Ver = 1, 0, 0, 1 | Size = 300032 bytes | Created Date = 2007-07-23 21:30:18 | Attr = R ] ideograf.uce -> %System32%\ideograf.uce -> [Ver = | Size = 60458 bytes | Created Date = 2007-07-23 21:03:31 | Attr = ] IME -> %System32%\IME -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] imon.dll -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Created Date = 2007-08-18 09:31:14 | Attr = ] imon1.dat -> %System32%\imon1.dat -> [Ver = | Size = 142 bytes | Created Date = 2007-08-21 22:14:43 | Attr = ] inetsrv -> %System32%\inetsrv -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] initdebug.nfo -> %System32%\initdebug.nfo -> [Ver = | Size = 45 bytes | Created Date = 2007-08-07 20:09:09 | Attr = ] isrdbg32.dll -> %System32%\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 2007-07-23 21:04:34 | Attr = ] java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 2007-07-23 22:44:44 | Attr = ] javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Created Date = 2007-07-23 22:30:39 | Attr = ] javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 2007-07-23 22:44:44 | Attr = ] javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Created Date = 2007-07-23 22:44:44 | Attr = ] kanji_1.uce -> %System32%\kanji_1.uce -> [Ver = | Size = 6948 bytes | Created Date = 2007-07-23 21:03:31 | Attr = ] kanji_2.uce -> %System32%\kanji_2.uce -> [Ver = | Size = 8484 bytes | Created Date = 2007-07-23 21:03:31 | Attr = ] Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 2007-07-29 20:37:34 | Attr = ] korean.uce -> %System32%\korean.uce -> [Ver = | Size = 12876 bytes | Created Date = 2007-07-23 21:03:31 | Attr = ] Lang -> %System32%\Lang -> [Folder | Created Date = 2007-07-26 15:19:37 | Attr = ] libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796312 bytes | Created Date = 2007-08-28 07:32:02 | Attr = ] logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Created Date = 2007-07-23 21:05:33 | Attr = RH ] LoopyMusic.wav -> %System32%\LoopyMusic.wav -> [Ver = | Size = 940794 bytes | Created Date = 2007-07-26 15:19:41 | Attr = ] Macromed -> %System32%\Macromed -> [Folder | Created Date = 2007-07-23 21:04:45 | Attr = ] Microsoft -> %System32%\Microsoft -> [Folder | Created Date = 2007-07-23 21:09:14 | Attr = S] moveex.exe -> %System32%\moveex.exe -> [Ver = | Size = 38400 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ] MsDtc -> %System32%\MsDtc -> [Folder | Created Date = 2007-07-23 21:03:16 | Attr = ] msdtcprf.h -> %System32%\msdtcprf.h -> [Ver = | Size = 768 bytes | Created Date = 2007-07-23 21:03:29 | Attr = ] msdtcprf.ini -> %System32%\msdtcprf.ini -> [Ver = | Size = 3914 bytes | Created Date = 2007-07-23 21:03:29 | Attr = ] MSWAY.dll -> %System32%\MSWAY.dll -> Canal+ Active [Ver = 4.4.0.0 | Size = 105272 bytes | Created Date = 2007-07-23 22:25:00 | Attr = ] mui -> %System32%\mui -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 2007-07-23 21:05:28 | Attr = RH ] npp -> %System32%\npp -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Created Date = 2007-07-23 21:06:22 | Attr = ] nvconrm.dll -> %System32%\nvconrm.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 17 | Size = 32256 bytes | Created Date = 2007-07-23 21:29:36 | Attr = R ] nvnrm.nvu -> %System32%\nvnrm.nvu -> [Ver = | Size = 3596 bytes | Created Date = 2007-07-23 21:29:36 | Attr = ] nvsmb.nvu -> %System32%\nvsmb.nvu -> [Ver = | Size = 1231 bytes | Created Date = 2007-07-23 21:29:35 | Attr = R ] NVUNINST.EXE -> %System32%\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 37 | Size = 176128 bytes | Created Date = 2007-07-23 21:29:35 | Attr = ] nvunrm.exe -> %System32%\nvunrm.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 37 | Size = 176128 bytes | Created Date = 2007-07-23 21:29:36 | Attr = ] nvusmb.exe -> %System32%\nvusmb.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 37 | Size = 176128 bytes | Created Date = 2007-07-23 21:29:35 | Attr = R ] nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 2007-07-23 21:05:28 | Attr = RH ] oobe -> %System32%\oobe -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] oodbs.lor -> %System32%\oodbs.lor -> [Ver = | Size = 14047 bytes | Created Date = 2007-09-03 15:47:20 | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 1129320 bytes | Created Date = 2007-07-23 22:53:19 | Attr = ] pnc3250.dll -> %System32%\pnc3250.dll -> RealNetworks, Inc. [Ver = 5.0.0.113 | Size = 130560 bytes | Created Date = 2007-07-31 09:56:13 | Attr = ] pncrt.dll -> %System32%\pncrt.dll -> RealNetworks, Inc. [Ver = 4.20.0000 | Size = 273408 bytes | Created Date = 2007-07-31 09:56:13 | Attr = ] pneng50.dll -> %System32%\pneng50.dll -> RealNetworks, Inc. [Ver = 5.0.0.113 | Size = 131072 bytes | Created Date = 2007-07-31 09:56:13 | Attr = ] pngu3263.dll -> %System32%\pngu3263.dll -> RealNetworks, Inc. [Ver = 6.3.0.226 | Size = 352768 bytes | Created Date = 2007-07-31 09:56:13 | Attr = ] poweroff.exe -> %System32%\poweroff.exe -> Jorgen Bosman [Ver = 3, 0, 1, 3 | Size = 172032 bytes | Created Date = 2007-09-01 07:31:40 | Attr = ] PreInstall -> %System32%\PreInstall -> [Folder | Created Date = 2007-07-23 22:47:34 | Attr = ] px.dll -> %System32%\px.dll -> Sonic Solutions [Ver = 3.6.36.500 | Size = 547576 bytes | Created Date = 2007-08-07 00:08:41 | Attr = ] pxafs.dll -> %System32%\pxafs.dll -> Sonic Solutions [Ver = 3.6.36.500 | Size = 129784 bytes | Created Date = 2007-08-07 00:08:41 | Attr = ] pxcpya64.exe -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.40a | Size = 64760 bytes | Created Date = 2007-08-07 00:08:42 | Attr = ] pxdrv.dll -> %System32%\pxdrv.dll -> Sonic Solutions [Ver = 1.02.05a | Size = 510712 bytes | Created Date = 2007-08-07 00:08:41 | Attr = ] pxhpinst.exe -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.56a | Size = 72440 bytes | Created Date = 2007-08-07 00:08:42 | Attr = ] pxinsa64.exe -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.56a | Size = 64760 bytes | Created Date = 2007-08-07 00:08:42 | Attr = ] pxmas.dll -> %System32%\pxmas.dll -> Sonic Solutions [Ver = 3.6.36.500 | Size = 187128 bytes | Created Date = 2007-08-07 00:08:41 | Attr = ] pxsfs.dll -> %System32%\pxsfs.dll -> Sonic Solutions [Ver = 3.6.36.500 | Size = 1628920 bytes | Created Date = 2007-08-07 00:08:41 | Attr = ] pxwave.dll -> %System32%\pxwave.dll -> Sonic Solutions [Ver = 3.6.36.500 | Size = 379640 bytes | Created Date = 2007-08-07 00:08:41 | Attr = ] ra3214_4.dll -> %System32%\ra3214_4.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 81920 bytes | Created Date = 2007-07-31 09:56:14 | Attr = ] ra3228_8.dll -> %System32%\ra3228_8.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 72704 bytes | Created Date = 2007-07-31 09:56:14 | Attr = ] ra32dnet.dll -> %System32%\ra32dnet.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 21504 bytes | Created Date = 2007-07-31 09:56:14 | Attr = ] ra32sipr.dll -> %System32%\ra32sipr.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 87040 bytes | Created Date = 2007-07-31 09:56:14 | Attr = ] raidmgmt.ini -> %System32%\raidmgmt.ini -> [Ver = | Size = 266 bytes | Created Date = 2007-07-23 21:28:52 | Attr = R ] ras -> %System32%\ras -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Created Date = 2007-07-23 21:29:28 | Attr = ] Restore -> %System32%\Restore -> [Folder | Created Date = 2007-07-23 21:04:35 | Attr = ] rmbe3260.dll -> %System32%\rmbe3260.dll -> RealNetworks, Inc. [Ver = 6.0.7.26 | Size = 487936 bytes | Created Date = 2007-07-31 09:56:14 | Attr = ] RTLCPAPI.dll -> %System32%\RTLCPAPI.dll -> [Ver = 1, 0, 0, 4 | Size = 156672 bytes | Created Date = 2007-07-23 21:35:53 | Attr = ] RTLCPL.EXE -> %System32%\RTLCPL.EXE -> Realtek Semiconductor Corp. [Ver = 1.0.1.45 | Size = 9324032 bytes | Created Date = 2007-07-23 21:35:49 | Attr = ] sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 2007-07-23 21:05:28 | Attr = RH ] SATA.bmp -> %System32%\SATA.bmp -> [Ver = | Size = 810056 bytes | Created Date = 2007-07-23 21:28:52 | Attr = R ] Sblist.ocx -> %System32%\Sblist.ocx -> Global Components (GlobalCom@pobox.com) [Ver = 2, 0, 0, 17 | Size = 65536 bytes | Created Date = 2007-08-26 00:30:45 | Attr = ] Setup -> %System32%\Setup -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] ShellExt -> %System32%\ShellExt -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] shiftjis.uce -> %System32%\shiftjis.uce -> [Ver = | Size = 16740 bytes | Created Date = 2007-07-23 21:03:31 | Attr = ] SoftwareDistribution -> %System32%\SoftwareDistribution -> [Folder | Created Date = 2007-07-23 22:35:44 | Attr = ] spool -> %System32%\spool -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] SpoonUninstall-dBpoweramp AAC Encoder.bmp -> %System32%\SpoonUninstall-dBpoweramp AAC Encoder.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:15:30 | Attr = ] SpoonUninstall-dBpoweramp AAC Encoder.dat -> %System32%\SpoonUninstall-dBpoweramp AAC Encoder.dat -> [Ver = | Size = 3229 bytes | Created Date = 2007-08-05 13:15:30 | Attr = ] SpoonUninstall-dBpowerAMP CD Writer.bmp -> %System32%\SpoonUninstall-dBpowerAMP CD Writer.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-07 00:26:35 | Attr = ] SpoonUninstall-dBpowerAMP CD Writer.dat -> %System32%\SpoonUninstall-dBpowerAMP CD Writer.dat -> [Ver = | Size = 13767 bytes | Created Date = 2007-08-07 00:26:35 | Attr = ] SpoonUninstall-dBpoweramp CLI Encoder.bmp -> %System32%\SpoonUninstall-dBpoweramp CLI Encoder.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:17:02 | Attr = ] SpoonUninstall-dBpoweramp CLI Encoder.dat -> %System32%\SpoonUninstall-dBpoweramp CLI Encoder.dat -> [Ver = | Size = 2983 bytes | Created Date = 2007-08-05 13:17:02 | Attr = ] SpoonUninstall-dBPowerAMP Dalet codec R2.bmp -> %System32%\SpoonUninstall-dBPowerAMP Dalet codec R2.bmp -> [Ver = | Size = 28898 bytes | Created Date = 2007-08-05 13:18:23 | Attr = ] SpoonUninstall-dBPowerAMP Dalet codec R2.dat -> %System32%\SpoonUninstall-dBPowerAMP Dalet codec R2.dat -> [Ver = | Size = 705 bytes | Created Date = 2007-08-05 13:18:23 | Attr = ] SpoonUninstall-dBpoweramp DirectShow Decoder.bmp -> %System32%\SpoonUninstall-dBpoweramp DirectShow Decoder.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:15:45 | Attr = ] SpoonUninstall-dBpoweramp DirectShow Decoder.dat -> %System32%\SpoonUninstall-dBpoweramp DirectShow Decoder.dat -> [Ver = | Size = 2703 bytes | Created Date = 2007-08-05 13:15:45 | Attr = ] SpoonUninstall-dBpoweramp DSP Effects.bmp -> %System32%\SpoonUninstall-dBpoweramp DSP Effects.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:14:32 | Attr = ] SpoonUninstall-dBpoweramp DSP Effects.dat -> %System32%\SpoonUninstall-dBpoweramp DSP Effects.dat -> [Ver = | Size = 4511 bytes | Created Date = 2007-08-05 13:14:32 | Attr = ] SpoonUninstall-dBpoweramp FLAC Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp FLAC Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:17:15 | Attr = ] SpoonUninstall-dBpoweramp FLAC Codec.dat -> %System32%\SpoonUninstall-dBpoweramp FLAC Codec.dat -> [Ver = | Size = 2951 bytes | Created Date = 2007-08-05 13:17:15 | Attr = ] SpoonUninstall-dBpoweramp m4a Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp m4a Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:18:47 | Attr = ] SpoonUninstall-dBpoweramp m4a Codec.dat -> %System32%\SpoonUninstall-dBpoweramp m4a Codec.dat -> [Ver = | Size = 3552 bytes | Created Date = 2007-08-05 13:18:47 | Attr = ] SpoonUninstall-dBpoweramp m4a Utilities.bmp -> %System32%\SpoonUninstall-dBpoweramp m4a Utilities.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:14:58 | Attr = ] SpoonUninstall-dBpoweramp m4a Utilities.dat -> %System32%\SpoonUninstall-dBpoweramp m4a Utilities.dat -> [Ver = | Size = 3175 bytes | Created Date = 2007-08-05 13:14:58 | Attr = ] SpoonUninstall-dBpoweramp Midi Decoder.bmp -> %System32%\SpoonUninstall-dBpoweramp Midi Decoder.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:18:33 | Attr = ] SpoonUninstall-dBpoweramp Midi Decoder.dat -> %System32%\SpoonUninstall-dBpoweramp Midi Decoder.dat -> [Ver = | Size = 2649 bytes | Created Date = 2007-08-05 13:18:33 | Attr = ] SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:15:59 | Attr = ] SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat -> %System32%\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat -> [Ver = | Size = 3107 bytes | Created Date = 2007-08-05 13:15:59 | Attr = ] SpoonUninstall-dBpoweramp Musepack Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp Musepack Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:17:33 | Attr = ] SpoonUninstall-dBpoweramp Musepack Codec.dat -> %System32%\SpoonUninstall-dBpoweramp Musepack Codec.dat -> [Ver = | Size = 3283 bytes | Created Date = 2007-08-05 13:17:33 | Attr = ] SpoonUninstall-dBpoweramp Music Converter.bmp -> %System32%\SpoonUninstall-dBpoweramp Music Converter.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-07 00:28:16 | Attr = ] SpoonUninstall-dBpoweramp Music Converter.dat -> %System32%\SpoonUninstall-dBpoweramp Music Converter.dat -> [Ver = | Size = 13083 bytes | Created Date = 2007-08-07 00:28:16 | Attr = ] SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:19:21 | Attr = ] SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat -> %System32%\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat -> [Ver = | Size = 3030 bytes | Created Date = 2007-08-05 13:19:21 | Attr = ] SpoonUninstall-dBpowerAMP Rename Extension.bmp -> %System32%\SpoonUninstall-dBpowerAMP Rename Extension.bmp -> [Ver = | Size = 28898 bytes | Created Date = 2007-08-07 00:24:07 | Attr = ] SpoonUninstall-dBpowerAMP Rename Extension.dat -> %System32%\SpoonUninstall-dBpowerAMP Rename Extension.dat -> [Ver = | Size = 349 bytes | Created Date = 2007-08-07 00:24:07 | Attr = ] SpoonUninstall-dBpowerAMP Tag From Filename.bmp -> %System32%\SpoonUninstall-dBpowerAMP Tag From Filename.bmp -> [Ver = | Size = 28898 bytes | Created Date = 2007-08-05 13:21:12 | Attr = ] SpoonUninstall-dBpowerAMP Tag From Filename.dat -> %System32%\SpoonUninstall-dBpowerAMP Tag From Filename.dat -> [Ver = | Size = 2077 bytes | Created Date = 2007-08-05 13:21:12 | Attr = ] SpoonUninstall-dBPowerAMP tooLame MP2 codec.bmp -> %System32%\SpoonUninstall-dBPowerAMP tooLame MP2 codec.bmp -> [Ver = | Size = 34358 bytes | Created Date = 2007-08-05 13:16:36 | Attr = ] SpoonUninstall-dBPowerAMP tooLame MP2 codec.dat -> %System32%\SpoonUninstall-dBPowerAMP tooLame MP2 codec.dat -> [Ver = | Size = 1856 bytes | Created Date = 2007-08-05 13:16:36 | Attr = ] SpoonUninstall-dBpowerAMP Update ID Tag.bmp -> %System32%\SpoonUninstall-dBpowerAMP Update ID Tag.bmp -> [Ver = | Size = 28898 bytes | Created Date = 2007-08-05 13:20:53 | Attr = ] SpoonUninstall-dBpowerAMP Update ID Tag.dat -> %System32%\SpoonUninstall-dBpowerAMP Update ID Tag.dat -> [Ver = | Size = 1863 bytes | Created Date = 2007-08-05 13:20:53 | Attr = ] SpoonUninstall-dBpoweramp WavPack Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp WavPack Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:17:48 | Attr = ] SpoonUninstall-dBpoweramp WavPack Codec.dat -> %System32%\SpoonUninstall-dBpoweramp WavPack Codec.dat -> [Ver = | Size = 3007 bytes | Created Date = 2007-08-05 13:17:48 | Attr = ] SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:16:49 | Attr = ] SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat -> %System32%\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat -> [Ver = | Size = 3365 bytes | Created Date = 2007-08-05 13:16:49 | Attr = ] SpoonUninstall-dBpoweramp [Arrange Audio] Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:15:08 | Attr = ] SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat -> %System32%\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat -> [Ver = | Size = 2765 bytes | Created Date = 2007-08-05 13:15:08 | Attr = ] SpoonUninstall-dBpoweramp [Multi Encoder] Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:16:10 | Attr = ] SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat -> %System32%\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat -> [Ver = | Size = 2961 bytes | Created Date = 2007-08-05 13:16:10 | Attr = ] SpoonUninstall-dBpoweramp [ReplayGain] Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp [ReplayGain] Codec.bmp -> [Ver = | Size = 33846 bytes | Created Date = 2007-08-05 13:14:43 | Attr = ] SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat -> %System32%\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat -> [Ver = | Size = 2793 bytes | Created Date = 2007-08-05 13:14:43 | Attr = ] SpoonUninstall.exe -> %System32%\SpoonUninstall.exe -> [Ver = | Size = 4131192 bytes | Created Date = 2007-08-07 00:14:30 | Attr = ] spxcoins.dll -> %System32%\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 2007-07-23 22:53:06 | Attr = ] subrange.uce -> %System32%\subrange.uce -> [Ver = | Size = 93702 bytes | Created Date = 2007-07-23 21:03:31 | Attr = ] swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ] swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ] swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ] SYNSOACC-Aide.chm -> %System32%\SYNSOACC-Aide.chm -> [Ver = | Size = 147425 bytes | Created Date = 2007-07-31 09:53:09 | Attr = ] SYNSOACC-Help.chm -> %System32%\SYNSOACC-Help.chm -> [Ver = | Size = 114279 bytes | Created Date = 2007-07-31 09:53:09 | Attr = ] SYNSOACC-Hilfe.chm -> %System32%\SYNSOACC-Hilfe.chm -> [Ver = | Size = 120468 bytes | Created Date = 2007-07-31 09:53:09 | Attr = ] SYNSOACC.dll -> %System32%\SYNSOACC.dll -> SIA Syncrosoft [Ver = 1, 7, 3, 0 | Size = 708608 bytes | Created Date = 2007-07-31 09:53:05 | Attr = ] SynsoLChk.dll -> %System32%\SynsoLChk.dll -> SIA Syncrosoft [Ver = 1, 0, 0, 1 | Size = 147456 bytes | Created Date = 2007-07-31 09:53:05 | Attr = ] Synsopos.exe -> %System32%\Synsopos.exe -> SIA Syncrosoft [Ver = 9, 9, 0, 0 | Size = 45056 bytes | Created Date = 2007-07-31 09:53:07 | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2302 bytes | Created Date = 2007-08-20 18:09:27 | Attr = ] tslabels.h -> %System32%\tslabels.h -> [Ver = | Size = 3286 bytes | Created Date = 2007-07-23 21:03:30 | Attr = ] tslabels.ini -> %System32%\tslabels.ini -> [Ver = | Size = 27768 bytes | Created Date = 2007-07-23 21:03:30 | Attr = ] unacev2.dll -> %System32%\unacev2.dll -> [Ver = | Size = 75264 bytes | Created Date = 2007-07-25 14:59:55 | Attr = ] UNRAR3.dll -> %System32%\UNRAR3.dll -> [Ver = | Size = 153088 bytes | Created Date = 2007-07-25 14:59:55 | Attr = ] URTTemp -> %System32%\URTTemp -> [Folder | Created Date = 2007-07-23 21:44:24 | Attr = ] usmt -> %System32%\usmt -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] usrlogon.cmd -> %System32%\usrlogon.cmd -> [Ver = | Size = 1263 bytes | Created Date = 2007-07-23 21:03:30 | Attr = ] vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ] vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 52662 bytes | Created Date = 2007-08-28 07:31:55 | Attr = ] vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 83696 bytes | Created Date = 2007-08-28 07:30:33 | Attr = ] vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 394192 bytes | Created Date = 2007-08-28 07:31:55 | Attr = ] vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 157424 bytes | Created Date = 2007-08-28 07:30:33 | Attr = ] vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 104176 bytes | Created Date = 2007-08-28 07:31:55 | Attr = ] vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 276208 bytes | Created Date = 2007-08-28 07:31:55 | Attr = ] vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 71408 bytes | Created Date = 2007-08-28 07:32:02 | Attr = ] vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 472816 bytes | Created Date = 2007-08-28 07:30:30 | Attr = ] vsutil_loc040c.dll -> %System32%\vsutil_loc040c.dll -> Zone Labs Inc. [Ver = 5.3.017.000 | Size = 54936 bytes | Created Date = 2007-08-28 07:32:05 | Attr = ] vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 46832 bytes | Created Date = 2007-08-28 07:31:56 | Attr = ] vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 100080 bytes | Created Date = 2007-08-28 07:31:56 | Attr = ] vxblock.dll -> %System32%\vxblock.dll -> Sonic Solutions [Ver = 1.00.74a | Size = 39672 bytes | Created Date = 2007-08-07 00:08:41 | Attr = ] wbem -> %System32%\wbem -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] WindowsLogon.manifest -> %System32%\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Created Date = 2007-07-23 21:05:33 | Attr = RH ] wins -> %System32%\wins -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] wmimgmt.msc -> %System32%\wmimgmt.msc -> [Ver = | Size = 63488 bytes | Created Date = 2007-07-23 21:03:25 | Attr = ] wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 2007-07-23 21:05:28 | Attr = RH ] xircom -> %System32%\xircom -> [Folder | Created Date = 2007-07-23 21:06:45 | Attr = ] XPSViewer -> %System32%\XPSViewer -> [Folder | Created Date = 2007-08-20 13:19:48 | Attr = ] zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 83696 bytes | Created Date = 2007-08-28 07:32:01 | Attr = ] zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 71408 bytes | Created Date = 2007-08-28 07:32:01 | Attr = ] zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Created Date = 2007-08-28 07:32:08 | Attr = H ] ZoneLabs -> %System32%\ZoneLabs -> [Folder | Created Date = 2007-08-28 07:31:55 | Attr = ] zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1087216 bytes | Created Date = 2007-08-28 07:31:56 | Attr = ] ALCXWDM.SYS -> %System32%\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5830 built by: WinDDK | Size = 2317504 bytes | Created Date = 2007-07-23 21:35:53 | Attr = ] AmdK8.sys -> %System32%\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.2.2 (dnsrv(wmbla).050120-1444) | Size = 43008 bytes | Created Date = 2007-07-23 21:36:51 | Attr = ] amon.sys -> %System32%\drivers\amon.sys -> Eset [Ver = 2, 70, 39 | Size = 512096 bytes | Created Date = 2007-08-18 09:31:14 | Attr = ] ASACPI.sys -> %System32%\drivers\ASACPI.sys -> [Ver = 1043, 2, 15, 37 | Size = 5810 bytes | Created Date = 2007-07-23 21:28:25 | Attr = R ] AsInsHelp32.sys -> %System32%\drivers\AsInsHelp32.sys -> [Ver = | Size = 3328 bytes | Created Date = 2007-08-07 23:27:28 | Attr = ] AsInsHelp64.sys -> %System32%\drivers\AsInsHelp64.sys -> [Ver = | Size = 5120 bytes | Created Date = 2007-08-07 23:27:28 | Attr = ] AsIO.sys -> %System32%\drivers\AsIO.sys -> [Ver = | Size = 4962 bytes | Created Date = 2007-08-07 23:27:31 | Attr = R ] ASLM75.SYS -> %System32%\drivers\ASLM75.SYS -> [Ver = | Size = 6272 bytes | Created Date = 2007-08-07 22:47:50 | Attr = ] ASUSHWIO.SYS -> %System32%\drivers\ASUSHWIO.SYS -> [Ver = | Size = 5824 bytes | Created Date = 2007-07-23 21:28:22 | Attr = ] ativcaxx.cpa -> %System32%\drivers\ativcaxx.cpa -> [Ver = | Size = 524850 bytes | Created Date = 2007-07-23 21:43:55 | Attr = R ] ativcaxx.vp -> %System32%\drivers\ativcaxx.vp -> [Ver = | Size = 929 bytes | Created Date = 2007-07-23 21:43:55 | Attr = R ] ativckxx.vp -> %System32%\drivers\ativckxx.vp -> [Ver = | Size = 58560 bytes | Created Date = 2007-07-23 21:43:55 | Attr = ] ativvpxx.vp -> %System32%\drivers\ativvpxx.vp -> [Ver = | Size = 21712 bytes | Created Date = 2007-07-23 21:43:55 | Attr = R ] AvgArCln.sys -> %System32%\drivers\AvgArCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 2007-07-26 23:25:07 | Attr = ] AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 2007-08-28 07:24:47 | Attr = ] cdr4_xp.sys -> %System32%\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 9336 bytes | Created Date = 2007-08-07 00:08:42 | Attr = ] cdralw2k.sys -> %System32%\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 9464 bytes | Created Date = 2007-08-07 00:08:42 | Attr = ] cledx.sys -> %System32%\drivers\cledx.sys -> Team H2O [Ver = v0.3.1411 | Size = 33792 bytes | Created Date = 2007-07-31 09:53:18 | Attr = ] disdn -> %System32%\drivers\disdn -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] etc -> %System32%\drivers\etc -> [Folder | Created Date = 2007-07-23 22:49:00 | Attr = ] gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3911 | Size = 70001 bytes | Created Date = 2007-08-23 20:29:25 | Attr = ] nod32drv.sys -> %System32%\drivers\nod32drv.sys -> [Ver = | Size = 15424 bytes | Created Date = 2007-08-18 09:31:14 | Attr = ] nvata.sys -> %System32%\drivers\nvata.sys -> NVIDIA Corporation [Ver = 5.10.2600.0534 built by: WinDDK | Size = 92800 bytes | Created Date = 2007-07-23 21:30:18 | Attr = R ] NVENETFD.sys -> %System32%\drivers\NVENETFD.sys -> NVIDIA Corporation [Ver = 1.00.00.0482 | Size = 33536 bytes | Created Date = 2007-07-23 21:29:37 | Attr = R ] nvnetbus.sys -> %System32%\drivers\nvnetbus.sys -> NVIDIA Corporation [Ver = 1.00.00.0482 | Size = 12928 bytes | Created Date = 2007-07-23 21:29:36 | Attr = R ] nvnrm.sys -> %System32%\drivers\nvnrm.sys -> NVIDIA Corporation [Ver = 1.00.00.0482 | Size = 261888 bytes | Created Date = 2007-07-23 21:29:36 | Attr = R ] nvsnpu.sys -> %System32%\drivers\nvsnpu.sys -> NVIDIA Corporation [Ver = 1.00.00.0482 | Size = 208256 bytes | Created Date = 2007-07-23 21:29:36 | Attr = R ] PxHelp20.sys -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Created Date = 2007-08-07 00:08:42 | Attr = ] snapman.sys -> %System32%\drivers\snapman.sys -> Acronis [Ver = 2.1 build 222 | Size = 99776 bytes | Created Date = 2007-08-28 05:19:08 | Attr = ] synasUSB.sys -> %System32%\drivers\synasUSB.sys -> SIA Syncrosoft [Ver = 3.5.1.2 | Size = 16896 bytes | Created Date = 2007-07-31 09:53:08 | Attr = ] umdf -> %System32%\drivers\umdf -> [Folder | Created Date = 2007-08-07 00:20:47 | Attr = ] Adobe -> %AllUsersAppData%\Adobe -> [Folder | Created Date = 2007-07-28 16:34:27 | Attr = ] Ahead -> %AllUsersAppData%\Ahead -> [Folder | Created Date = 2007-08-28 05:47:14 | Attr = ] Babylon(2) -> %AllUsersAppData%\Babylon(2) -> [Folder | Created Date = 2007-08-05 13:29:06 | Attr = ] desktop.ini -> %AllUsersAppData%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 2007-07-23 22:52:58 | Attr = HS] Google -> %AllUsersAppData%\Google -> [Folder | Created Date = 2007-07-23 22:30:51 | Attr = ] Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 2007-07-25 14:31:28 | Attr = ] logs -> %AllUsersAppData%\logs -> [Folder | Created Date = 2007-07-25 15:47:47 | Attr = ] McAfee -> %AllUsersAppData%\McAfee -> [Folder | Created Date = 2007-07-26 16:56:39 | Attr = ] Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Created Date = 2007-07-23 22:52:41 | Attr = S] Nero -> %AllUsersAppData%\Nero -> [Folder | Created Date = 2007-08-28 05:45:29 | Attr = ] PT2008 -> %AllUsersAppData%\PT2008 -> [Folder | Created Date = 2007-08-28 06:05:09 | Attr = ] RoboForm -> %AllUsersAppData%\RoboForm -> [Folder | Created Date = 2007-08-30 08:50:22 | Attr = ] SiteAdvisor -> %AllUsersAppData%\SiteAdvisor -> [Folder | Created Date = 2007-07-26 16:56:39 | Attr = ] Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 2007-07-24 13:05:45 | Attr = ] TEMP -> %AllUsersAppData%\TEMP -> [Folder | Created Date = 2007-08-28 17:40:54 | Attr = ] @Alternate Data Stream - 122 bytes -> %AllUsersAppData%\TEMP:5E1F4E0B -> Webroot -> %AllUsersAppData%\Webroot -> [Folder | Created Date = 2007-07-26 14:07:18 | Attr = ] Windows Genuine Advantage -> %AllUsersAppData%\Windows Genuine Advantage -> [Folder | Created Date = 2007-07-23 22:51:54 | Attr = ] Ahead -> %UserAppData%\Ahead -> [Folder | Created Date = 2007-08-28 05:47:34 | Attr = ] ATI -> %UserAppData%\ATI -> [Folder | Created Date = 2007-07-23 21:56:31 | Attr = ] Babylon -> %UserAppData%\Babylon -> [Folder | Created Date = 2007-08-05 17:44:42 | Attr = ] desktop.ini -> %UserAppData%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 2007-07-23 21:11:55 | Attr = HS] Google -> %UserAppData%\Google -> [Folder | Created Date = 2007-07-23 22:32:58 | Attr = ] Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 2007-08-28 07:24:57 | Attr = ] gtopala -> %UserAppData%\gtopala -> [Folder | Created Date = 2007-08-06 21:07:14 | Attr = ] Help -> %UserAppData%\Help -> [Folder | Created Date = 2007-07-30 16:00:34 | Attr = ] Identities -> %UserAppData%\Identities -> [Folder | Created Date = 2007-07-23 21:12:01 | Attr = ] Jetico Personal Firewall -> %UserAppData%\Jetico Personal Firewall -> [Folder | Created Date = 2007-07-23 22:37:49 | Attr = ] Leadertech -> %UserAppData%\Leadertech -> [Folder | Created Date = 2007-08-08 00:50:04 | Attr = ] Macromedia -> %UserAppData%\Macromedia -> [Folder | Created Date = 2007-07-24 22:56:44 | Attr = ] Microsoft -> %UserAppData%\Microsoft -> [Folder | Created Date = 2007-07-23 21:11:54 | Attr = S] Mozilla -> %UserAppData%\Mozilla -> [Folder | Created Date = 2007-07-24 21:36:49 | Attr = ] SiteAdvisor -> %UserAppData%\SiteAdvisor -> [Folder | Created Date = 2007-07-26 16:56:39 | Attr = ] Steinberg -> %UserAppData%\Steinberg -> [Folder | Created Date = 2007-07-31 10:06:09 | Attr = ] Sun -> %UserAppData%\Sun -> [Folder | Created Date = 2007-07-23 22:30:06 | Attr = ] Thunderbird -> %UserAppData%\Thunderbird -> [Folder | Created Date = 2007-07-25 16:34:41 | Attr = ] tor -> %UserAppData%\tor -> [Folder | Created Date = 2007-08-25 11:56:55 | Attr = ] uTorrent -> %UserAppData%\uTorrent -> [Folder | Created Date = 2007-08-04 01:15:17 | Attr = ] Vidalia -> %UserAppData%\Vidalia -> [Folder | Created Date = 2007-08-25 11:55:48 | Attr = ] VSRevoGroup -> %UserAppData%\VSRevoGroup -> [Folder | Created Date = 2007-09-03 16:10:28 | Attr = ] Webroot -> %UserAppData%\Webroot -> [Folder | Created Date = 2007-07-26 14:06:05 | Attr = ] WinRAR -> %UserAppData%\WinRAR -> [Folder | Created Date = 2007-07-23 22:03:05 | Attr = ] Adobe -> %LocalAppData%\Adobe -> [Folder | Created Date = 2007-07-28 16:39:24 | Attr = ] Ahead -> %LocalAppData%\Ahead -> [Folder | Created Date = 2007-08-28 05:53:42 | Attr = ] ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Created Date = 2007-07-23 21:56:29 | Attr = ] ATI -> %LocalAppData%\ATI -> [Folder | Created Date = 2007-07-23 21:56:31 | Attr = ] Babylon -> %LocalAppData%\Babylon -> [Folder | Created Date = 2007-08-05 18:08:55 | Attr = ] Babylon(2) -> %LocalAppData%\Babylon(2) -> [Folder | Created Date = 2007-08-05 17:33:34 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 23040 bytes | Created Date = 2007-08-12 21:09:17 | Attr = ] fusioncache.dat -> %LocalAppData%\fusioncache.dat -> [Ver = | Size = 130 bytes | Created Date = 2007-07-23 21:56:29 | Attr = ] GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 43640 bytes | Created Date = 2007-07-23 21:12:15 | Attr = ] GHISLER -> %LocalAppData%\GHISLER -> [Folder | Created Date = 2007-08-18 10:03:12 | Attr = ] Google -> %LocalAppData%\Google -> [Folder | Created Date = 2007-07-23 22:32:58 | Attr = ] Help -> %LocalAppData%\Help -> [Folder | Created Date = 2007-07-30 16:00:34 | Attr = ] IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 1578010 bytes | Created Date = 2007-07-23 21:32:53 | Attr = H ] Microsoft -> %LocalAppData%\Microsoft -> [Folder | Created Date = 2007-07-23 21:11:54 | Attr = ] Mozilla -> %LocalAppData%\Mozilla -> [Folder | Created Date = 2007-07-24 21:36:49 | Attr = ] Thunderbird -> %LocalAppData%\Thunderbird -> [Folder | Created Date = 2007-07-25 16:34:41 | Attr = ] desktop.ini -> %AllUsersDocuments%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 2007-07-23 22:52:58 | Attr = HS] Ma musique -> %AllUsersDocuments%\Ma musique -> [Folder | Created Date = 2007-07-23 21:03:49 | Attr = R ] Mes images -> %AllUsersDocuments%\Mes images -> [Folder | Created Date = 2007-07-23 21:04:25 | Attr = R ] Mes vidéos -> %AllUsersDocuments%\Mes vidéos -> [Folder | Created Date = 2007-07-23 21:03:07 | Attr = R ] a-squared -> %UserDocuments%\a-squared -> [Folder | Created Date = 2007-07-31 09:25:52 | Attr = ] AlwaysUnloadDll.reg -> %UserDocuments%\AlwaysUnloadDll.reg -> [Ver = | Size = 125 bytes | Created Date = 2007-08-16 21:48:44 | Attr = ] cache_dns.reg -> %UserDocuments%\cache_dns.reg -> [Ver = | Size = 289 bytes | Created Date = 2007-08-16 21:39:26 | Attr = ] cc Clean avant scan complet_20070816_1527.reg -> %UserDocuments%\cc Clean avant scan complet_20070816_1527.reg -> [Ver = | Size = 2928 bytes | Created Date = 2007-08-16 14:28:05 | Attr = ] cc_20070725_0012Repar CClean.reg -> %UserDocuments%\cc_20070725_0012Repar CClean.reg -> [Ver = | Size = 64660 bytes | Created Date = 2007-07-24 23:13:03 | Attr = ] cc_20070725_1908Sup Thunder.reg -> %UserDocuments%\cc_20070725_1908Sup Thunder.reg -> [Ver = | Size = 150213 bytes | Created Date = 2007-07-25 18:08:47 | Attr = ] cc_20070831_0721.reg -> %UserDocuments%\cc_20070831_0721.reg -> [Ver = | Size = 20117 bytes | Created Date = 2007-08-31 06:22:06 | Attr = ] Conf.PT 2008 Pro -> %UserDocuments%\Conf.PT 2008 Pro -> [Folder | Created Date = 2007-08-28 06:16:06 | Attr = ] CoolWebSearch_homesearch.php.htm -> %UserDocuments%\CoolWebSearch_homesearch.php.htm -> [Ver = | Size = 41398 bytes | Created Date = 2007-08-30 05:16:26 | Attr = ] desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 79 bytes | Created Date = 2007-07-23 21:11:58 | Attr = HS] frames2.php.htm -> %UserDocuments%\frames2.php.htm -> [Ver = | Size = 16697 bytes | Created Date = 2007-08-22 16:39:07 | Attr = ] Ma musique -> %UserDocuments%\Ma musique -> [Folder | Created Date = 2007-07-23 21:11:58 | Attr = R ] MEIGNAN LOIC.doc -> %UserDocuments%\MEIGNAN LOIC.doc -> [Ver = | Size = 42496 bytes | Created Date = 2007-08-20 13:46:10 | Attr = ] Mes images -> %UserDocuments%\Mes images -> [Folder | Created Date = 2007-07-23 21:11:58 | Attr = R ] My RoboForm Data -> %UserDocuments%\My RoboForm Data -> [Folder | Created Date = 2007-08-30 08:50:03 | Attr = ] Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP.htm -> %UserDocuments%\Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP.htm -> [Ver = | Size = 15570 bytes | Created Date = 2007-08-29 04:45:23 | Attr = ] Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP_fichiers -> %UserDocuments%\Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP_fichiers -> [Folder | Created Date = 2007-08-29 04:45:23 | Attr = ] Nouveau fichier de paramètres.OPS -> %UserDocuments%\Nouveau fichier de paramètres.OPS -> [Ver = | Size = 24046 bytes | Created Date = 2007-08-05 14:39:06 | Attr = ] O&O -> %UserDocuments%\O&O -> [Folder | Created Date = 2007-08-18 10:39:38 | Attr = ] Personal Translator 2008 Professional -> %UserDocuments%\Personal Translator 2008 Professional -> [Folder | Created Date = 2007-08-28 06:09:27 | Attr = ] Proxy Lists. Sorted by type. List #1.htm -> %UserDocuments%\Proxy Lists. Sorted by type. List #1.htm -> [Ver = | Size = 13905 bytes | Created Date = 2007-08-26 18:29:44 | Attr = ] proxy.php.htm -> %UserDocuments%\proxy.php.htm -> [Ver = | Size = 700 bytes | Created Date = 2007-08-26 19:17:36 | Attr = ] sup.easy cleanReg.htm -> %UserDocuments%\sup.easy cleanReg.htm -> [Ver = | Size = 11448 bytes | Created Date = 2007-08-01 09:29:14 | Attr = ] AvRack.lnk -> %AllUsersDesktop%\AvRack.lnk -> [Ver = | Size = 1519 bytes | Created Date = 2007-07-23 21:35:57 | Attr = ] Configuration.lnk -> %AllUsersDesktop%\Configuration.lnk -> [Ver = | Size = 1535 bytes | Created Date = 2007-08-05 17:14:14 | Attr = ] Personal Translator 2008.lnk -> %AllUsersDesktop%\Personal Translator 2008.lnk -> [Ver = | Size = 962 bytes | Created Date = 2007-08-28 06:05:46 | Attr = ] The KMPlayer FR.lnk -> %AllUsersDesktop%\The KMPlayer FR.lnk -> [Ver = | Size = 665 bytes | Created Date = 2007-08-07 00:31:45 | Attr = ] Winamp.lnk -> %AllUsersDesktop%\Winamp.lnk -> [Ver = | Size = 654 bytes | Created Date = 2007-08-07 00:08:49 | Attr = ] ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 2007-07-24 16:10:15 | Attr = ] EVEREST Ultimate Edition.lnk -> %UserDesktop%\EVEREST Ultimate Edition.lnk -> [Ver = | Size = 787 bytes | Created Date = 2007-08-14 22:27:26 | Attr = ] L'Assistant Dartybox.lnk -> %UserDesktop%\L'Assistant Dartybox.lnk -> [Ver = | Size = 1698 bytes | Created Date = 2007-08-08 12:14:33 | Attr = ] Nuendo 3.lnk -> %UserDesktop%\Nuendo 3.lnk -> [Ver = | Size = 731 bytes | Created Date = 2007-07-31 10:05:50 | Attr = ] Poste de travail.lnk -> %UserDesktop%\Poste de travail.lnk -> [Ver = | Size = 104 bytes | Created Date = 2007-07-24 14:19:38 | Attr = ] Raccourci vers jv16PT.exe.lnk -> %UserDesktop%\Raccourci vers jv16PT.exe.lnk -> [Ver = | Size = 670 bytes | Created Date = 2007-08-01 11:30:42 | Attr = ] Raccourci vers NoTrace.exe.lnk -> %UserDesktop%\Raccourci vers NoTrace.exe.lnk -> [Ver = | Size = 587 bytes | Created Date = 2007-08-01 18:50:59 | Attr = ] Raccourci vers RegSeeker.exe.lnk -> %UserDesktop%\Raccourci vers RegSeeker.exe.lnk -> [Ver = | Size = 572 bytes | Created Date = 2007-08-01 10:36:29 | Attr = ] Revo Uninstaller.lnk -> %UserDesktop%\Revo Uninstaller.lnk -> [Ver = | Size = 917 bytes | Created Date = 2007-09-03 16:09:43 | Attr = ] Window Washer.lnk -> %UserDesktop%\Window Washer.lnk -> [Ver = | Size = 1596 bytes | Created Date = 2007-08-28 06:26:48 | Attr = ] µpdater.lnk -> %UserDesktop%\µpdater.lnk -> [Ver = | Size = 1001 bytes | Created Date = 2007-08-06 10:01:59 | Attr = ] Barre d'état système d'ATI CATALYST.lnk -> %AllUsersStartup%\Barre d'état système d'ATI CATALYST.lnk -> [Ver = | Size = 1851 bytes | Created Date = 2007-07-23 21:45:40 | Attr = ] desktop.ini -> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 2007-07-23 22:52:58 | Attr = HS] desktop.ini -> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 2007-07-23 21:11:54 | Attr = HS] ERUNT AutoBackup.lnk -> %UserStartup%\ERUNT AutoBackup.lnk -> [Ver = | Size = 767 bytes | Created Date = 2007-08-01 10:10:49 | Attr = ] MRU-Blaster Silent Clean.lnk -> %UserStartup%\MRU-Blaster Silent Clean.lnk -> [Ver = | Size = 683 bytes | Created Date = 2007-07-24 15:28:35 | Attr = ] TrayIt!.lnk -> %UserStartup%\TrayIt!.lnk -> [Ver = | Size = 604 bytes | Created Date = 2007-07-25 22:02:41 | Attr = ] Acronis -> %CommonProgramFiles%\Acronis -> [Folder | Created Date = 2007-08-28 05:19:03 | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Created Date = 2007-07-28 16:34:27 | Attr = ] Ahead -> %CommonProgramFiles%\Ahead -> [Folder | Created Date = 2007-08-28 05:45:29 | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Created Date = 2007-08-05 20:09:13 | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Created Date = 2007-07-23 21:28:54 | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 2007-07-23 22:30:28 | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Created Date = 2007-07-23 22:53:16 | Attr = ] MSSoap -> %CommonProgramFiles%\MSSoap -> [Folder | Created Date = 2007-07-23 21:04:47 | Attr = ] ODBC -> %CommonProgramFiles%\ODBC -> [Folder | Created Date = 2007-07-23 22:53:18 | Attr = ] Services -> %CommonProgramFiles%\Services -> [Folder | Created Date = 2007-07-23 21:04:49 | Attr = ] SpeechEngines -> %CommonProgramFiles%\SpeechEngines -> [Folder | Created Date = 2007-07-23 22:53:16 | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Created Date = 2007-07-23 21:04:26 | Attr = ] Webroot Shared -> %CommonProgramFiles%\Webroot Shared -> [Folder | Created Date = 2007-08-28 06:26:36 | Attr = ] [Files/Folders - Modified Within 60 days] AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Modified Date = 2007-07-23 22:06:32 | Attr = ] Bases -> %SystemDrive%\Bases -> [Folder | Modified Date = 2007-09-01 18:45:56 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 212 bytes | Modified Date = 2007-08-31 07:45:08 | Attr = HS] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2007-09-05 01:46:52 | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2007-09-02 14:40:12 | Attr = ] CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Modified Date = 2007-07-23 22:06:32 | Attr = ] CWShredder -> %SystemDrive%\CWShredder -> [Folder | Modified Date = 2007-09-01 07:24:38 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 2007-08-01 12:58:26 | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 2007-09-01 18:45:52 | Attr = ] HijackThis-fr -> %SystemDrive%\HijackThis-fr -> [Folder | Modified Date = 2007-08-03 07:08:46 | Attr = ] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Modified Date = 2007-07-23 22:06:32 | Attr = RHS] Kaspersky -> %SystemDrive%\Kaspersky -> [Folder | Modified Date = 2007-09-01 18:42:54 | Attr = ] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Modified Date = 2007-07-23 22:06:32 | Attr = RHS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2007-09-04 19:07:48 | Attr = R ] qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 2007-09-05 01:42:32 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 2007-07-29 16:52:38 | Attr = HS] RegProt -> %SystemDrive%\RegProt -> [Folder | Modified Date = 2007-09-05 16:56:46 | Attr = ] Rustbfix -> %SystemDrive%\Rustbfix -> [Folder | Modified Date = 2007-08-30 07:58:08 | Attr = ] SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 2007-09-02 00:20:24 | Attr = ] Smitfraudfix -> %SystemDrive%\Smitfraudfix -> [Folder | Modified Date = 2007-08-21 15:38:14 | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2007-08-31 07:43:18 | Attr = HS] totalcmd -> %SystemDrive%\totalcmd -> [Folder | Modified Date = 2007-09-02 14:21:32 | Attr = ] treeinfo.wc -> %SystemDrive%\treeinfo.wc -> [Ver = | Size = 196893 bytes | Modified Date = 2007-08-26 01:47:38 | Attr = H ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-09-05 17:43:48 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-08-20 14:13:34 | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 2007-07-24 00:10:14 | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 2007-07-24 00:10:04 | Attr = H ] $NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Modified Date = 2007-08-20 14:18:32 | Attr = H ] $NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 2007-08-20 14:25:26 | Attr = H ] $NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 2007-08-20 14:26:18 | Attr = H ] $NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Modified Date = 2007-08-20 14:26:08 | Attr = H ] $NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Modified Date = 2007-08-20 14:24:34 | Attr = H ] $NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 2007-08-20 14:25:32 | Attr = H ] $NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Modified Date = 2007-08-20 14:18:42 | Attr = H ] $NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Modified Date = 2007-08-07 01:20:42 | Attr = H ] $NtUninstallXPSEPSCLP$ -> %SystemRoot%\$NtUninstallXPSEPSCLP$ -> [Folder | Modified Date = 2007-08-20 14:24:16 | Attr = H ] addins -> %SystemRoot%\addins -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] ALCFDRTM.EXE -> %SystemRoot%\ALCFDRTM.EXE -> Realtek Semiconductor Corp. [Ver = 1.01 | Size = 60416 bytes | Modified Date = 2007-07-26 16:19:40 | Attr = ] ALCFDRTM.VER -> %SystemRoot%\ALCFDRTM.VER -> Realtek Semiconductor Corp. [Ver = 1.01 | Size = 60416 bytes | Modified Date = 2007-08-29 07:54:36 | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2007-07-23 23:51:26 | Attr = ] Ascd_tmp.ini -> %SystemRoot%\Ascd_tmp.ini -> [Ver = | Size = 5733 bytes | Modified Date = 2007-07-23 22:34:58 | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2007-08-20 18:26:48 | Attr = R S] BissHM.ini -> %SystemRoot%\BissHM.ini -> [Ver = | Size = 251 bytes | Modified Date = 2007-08-21 15:58:44 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-09-05 16:53:38 | Attr = S] catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Modified Date = 2007-07-20 00:47:24 | Attr = ] Config -> %SystemRoot%\Config -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Modified Date = 2007-07-23 22:06:32 | Attr = ] Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 2007-07-23 22:03:42 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2007-09-04 07:34:44 | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 2007-07-23 22:30:54 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2007-08-20 22:33:06 | Attr = S] Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 2007-07-23 23:51:24 | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 2007-09-05 01:59:42 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2007-08-21 15:59:38 | Attr = R S] gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 13, 12551 | Size = 585791 bytes | Modified Date = 2007-08-23 21:29:26 | Attr = ] gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 297 bytes | Modified Date = 2007-09-04 07:42:42 | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 2007-08-23 21:29:26 | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2007-09-03 18:05:24 | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 2007-07-24 00:10:26 | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 2007-07-25 13:24:42 | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 2007-07-23 22:06:46 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-09-03 18:05:24 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-09-02 14:40:12 | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 2007-09-05 19:12:02 | Attr = ] java -> %SystemRoot%\java -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 2007-07-24 00:10:30 | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 2007-08-20 18:22:00 | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1595 bytes | Modified Date = 2007-07-28 17:31:52 | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 2007-07-24 00:14:26 | Attr = ] msapps -> %SystemRoot%\msapps -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] mui -> %SystemRoot%\mui -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 2007-09-02 02:06:56 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 2007-07-24 00:09:18 | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 385 bytes | Modified Date = 2007-08-05 21:11:28 | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4205 bytes | Modified Date = 2007-07-23 22:06:16 | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Modified Date = 2007-07-23 22:05:34 | Attr = R ] pchealth -> %SystemRoot%\pchealth -> [Folder | Modified Date = 2007-08-05 21:08:48 | Attr = ] PeerNet -> %SystemRoot%\PeerNet -> [Folder | Modified Date = 2007-07-23 23:51:18 | Attr = ] pestpatrol5.INI -> %SystemRoot%\pestpatrol5.INI -> [Ver = | Size = 0 bytes | Modified Date = 2007-07-28 13:25:34 | Attr = ] PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 2007-08-14 23:47:48 | Attr = H ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2007-09-05 02:50:00 | Attr = ] Provisioning -> %SystemRoot%\Provisioning -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 2007-08-01 17:56:12 | Attr = ] RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Modified Date = 2007-07-31 10:56:38 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2007-09-05 16:54:08 | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Modified Date = 2007-07-23 22:06:46 | Attr = ] Resources -> %SystemRoot%\Resources -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] RtlRack.ini -> %SystemRoot%\RtlRack.ini -> [Ver = | Size = 169 bytes | Modified Date = 2007-08-26 19:23:10 | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 2007-09-05 01:46:00 | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 2007-08-05 21:08:48 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 2007-07-23 23:46:14 | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 2007-07-23 22:05:16 | Attr = ] SummerProperties.dll -> %SystemRoot%\SummerProperties.dll -> frozenlogic.org [Ver = 1, 2, 0, 0 | Size = 86016 bytes | Modified Date = 2007-07-25 10:21:18 | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 2007-07-23 23:42:20 | Attr = ] SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 2007-08-14 00:38:50 | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 2007-08-07 23:59:08 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2007-08-31 07:45:08 | Attr = ] system32 -> %System32% -> [Folder | Modified Date = 2007-09-05 01:45:06 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2007-09-03 21:40:32 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2007-09-05 19:10:40 | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 2007-07-23 23:50:00 | Attr = ] unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 964 bytes | Modified Date = 2007-08-21 16:08:52 | Attr = ] Unwash6.exe -> %SystemRoot%\Unwash6.exe -> Webroot Software, Inc. [Ver = 6.5.0.100 | Size = 69960 bytes | Modified Date = 2007-08-09 13:56:20 | Attr = ] vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Modified Date = 2007-07-23 22:04:00 | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Modified Date = 2007-07-23 22:04:00 | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 2007-07-24 00:10:32 | Attr = ] wcx_ftp.ini -> %SystemRoot%\wcx_ftp.ini -> [Ver = | Size = 135 bytes | Modified Date = 2007-08-25 20:46:12 | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Modified Date = 2007-08-03 14:47:32 | Attr = R ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 477 bytes | Modified Date = 2007-08-31 07:45:08 | Attr = ] wincmd.ini -> %SystemRoot%\wincmd.ini -> [Ver = | Size = 4618 bytes | Modified Date = 2007-09-05 17:45:30 | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 2007-07-23 22:05:30 | Attr = RH ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2007-08-28 07:05:00 | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 2007-07-31 10:56:34 | Attr = ] WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [Ver = | Size = 754 bytes | Modified Date = 2007-07-25 16:56:34 | Attr = ] zipinst.exe -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Modified Date = 2007-09-04 19:07:48 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-09-03 22:13:38 | Attr = H ] $winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 261 bytes | Modified Date = 2007-07-23 22:08:18 | Attr = ] 1025 -> %System32%\1025 -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] 1028 -> %System32%\1028 -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] 1031 -> %System32%\1031 -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] 1033 -> %System32%\1033 -> [Folder | Modified Date = 2007-07-23 23:49:40 | Attr = ] 1036 -> %System32%\1036 -> [Folder | Modified Date = 2007-07-23 23:50:02 | Attr = ] 1037 -> %System32%\1037 -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] 1041 -> %System32%\1041 -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] 1042 -> %System32%\1042 -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] 1054 -> %System32%\1054 -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] 2052 -> %System32%\2052 -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] 3076 -> %System32%\3076 -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] 3com_dmi -> %System32%\3com_dmi -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] acaebfcdf2_r.ocx -> %System32%\acaebfcdf2_r.ocx -> [Ver = | Size = 23 bytes | Modified Date = 2007-07-23 23:06:20 | Attr = ] amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 2007-07-23 22:06:24 | Attr = ] appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 2007-08-08 13:08:30 | Attr = ] BASSMOD.dll -> %System32%\BASSMOD.dll -> [Ver = | Size = 10752 bytes | Modified Date = 2007-08-26 18:57:34 | Attr = ] BuzzingBee.wav -> %System32%\BuzzingBee.wav -> [Ver = | Size = 146650 bytes | Modified Date = 2007-07-26 16:19:42 | Attr = ] CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 2007-09-03 21:38:54 | Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-09-05 18:05:00 | Attr = ] cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Modified Date = 2007-07-23 22:05:30 | Attr = RH ] CDWriterXP.ocx -> %System32%\CDWriterXP.ocx -> NUGROOVZ [Ver = 2, 0, 0, 1 | Size = 647168 bytes | Modified Date = 2007-08-07 01:26:36 | Attr = ] Com -> %System32%\Com -> [Folder | Modified Date = 2007-07-24 00:04:30 | Attr = ] config -> %System32%\config -> [Folder | Modified Date = 2007-09-05 01:45:26 | Attr = ] CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 3072 bytes | Modified Date = 2007-07-23 22:06:32 | Attr = ] decdnet.dll -> %System32%\decdnet.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 61952 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] dhcp -> %System32%\dhcp -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] DirectX -> %System32%\DirectX -> [Folder | Modified Date = 2007-08-28 06:45:02 | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-09-04 19:24:36 | Attr = ] drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-09-05 18:27:28 | Attr = ] emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 21892 bytes | Modified Date = 2007-07-23 22:04:08 | Attr = ] en-us -> %System32%\en-us -> [Folder | Modified Date = 2007-08-20 14:19:48 | Attr = ] encdnet.dll -> %System32%\encdnet.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 85504 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] export -> %System32%\export -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] fddccfebcf_r.dll -> %System32%\fddccfebcf_r.dll -> [Ver = | Size = 23 bytes | Modified Date = 2007-07-23 23:06:20 | Attr = HS] FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 196160 bytes | Modified Date = 2007-08-22 13:32:24 | Attr = ] fr-fr -> %System32%\fr-fr -> [Folder | Modified Date = 2007-08-20 14:24:00 | Attr = ] GroupPolicy -> %System32%\GroupPolicy -> [Folder | Modified Date = 2007-07-29 12:16:56 | Attr = H ] ias -> %System32%\ias -> [Folder | Modified Date = 2007-07-23 22:06:04 | Attr = ] icsxml -> %System32%\icsxml -> [Folder | Modified Date = 2007-07-23 23:49:54 | Attr = ] IME -> %System32%\IME -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] imon.dll -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ] imon1.dat -> %System32%\imon1.dat -> [Ver = | Size = 142 bytes | Modified Date = 2007-09-05 01:45:58 | Attr = ] inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] initdebug.nfo -> %System32%\initdebug.nfo -> [Ver = | Size = 45 bytes | Modified Date = 2007-08-07 21:09:12 | Attr = ] java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Modified Date = 2007-07-12 01:22:00 | Attr = ] javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Modified Date = 2007-07-12 02:22:36 | Attr = ] javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Modified Date = 2007-07-12 01:22:04 | Attr = ] javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Modified Date = 2007-07-12 02:22:38 | Attr = ] Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 2007-07-29 21:37:36 | Attr = ] Lang -> %System32%\Lang -> [Folder | Modified Date = 2007-07-26 16:19:38 | Attr = ] logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Modified Date = 2007-07-23 22:05:34 | Attr = RH ] LoopyMusic.wav -> %System32%\LoopyMusic.wav -> [Ver = | Size = 940794 bytes | Modified Date = 2007-07-26 16:19:42 | Attr = ] Macromed -> %System32%\Macromed -> [Folder | Modified Date = 2007-07-23 22:04:46 | Attr = ] Microsoft -> %System32%\Microsoft -> [Folder | Modified Date = 2007-07-23 22:09:16 | Attr = S] MsDtc -> %System32%\MsDtc -> [Folder | Modified Date = 2007-07-23 22:03:54 | Attr = ] mui -> %System32%\mui -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 2007-07-23 22:05:30 | Attr = RH ] npp -> %System32%\npp -> [Folder | Modified Date = 2007-07-23 23:51:12 | Attr = ] nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 2007-07-23 22:06:24 | Attr = ] nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 2007-07-23 22:05:30 | Attr = RH ] oobe -> %System32%\oobe -> [Folder | Modified Date = 2007-07-23 22:05:06 | Attr = ] oodbs.lor -> %System32%\oodbs.lor -> [Ver = | Size = 14047 bytes | Modified Date = 2007-09-05 16:53:32 | Attr = ] perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 73790 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ] perfc00C.dat -> %System32%\perfc00C.dat -> [Ver = | Size = 87470 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ] perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 444648 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ] perfh00C.dat -> %System32%\perfh00C.dat -> [Ver = | Size = 513842 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 1129320 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ] pnc3250.dll -> %System32%\pnc3250.dll -> RealNetworks, Inc. [Ver = 5.0.0.113 | Size = 130560 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] pncrt.dll -> %System32%\pncrt.dll -> RealNetworks, Inc. [Ver = 4.20.0000 | Size = 273408 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] pneng50.dll -> %System32%\pneng50.dll -> RealNetworks, Inc. [Ver = 5.0.0.113 | Size = 131072 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] pngu3263.dll -> %System32%\pngu3263.dll -> RealNetworks, Inc. [Ver = 6.3.0.226 | Size = 352768 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] poweroff.exe -> %System32%\poweroff.exe -> Jorgen Bosman [Ver = 3, 0, 1, 3 | Size = 172032 bytes | Modified Date = 2007-09-01 08:00:24 | Attr = ] PreInstall -> %System32%\PreInstall -> [Folder | Modified Date = 2007-07-23 23:47:36 | Attr = ] ra3214_4.dll -> %System32%\ra3214_4.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 81920 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] ra3228_8.dll -> %System32%\ra3228_8.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 72704 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] ra32dnet.dll -> %System32%\ra32dnet.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 21504 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] ra32sipr.dll -> %System32%\ra32sipr.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 87040 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] ras -> %System32%\ras -> [Folder | Modified Date = 2007-07-23 23:49:56 | Attr = ] ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 2007-07-23 22:29:30 | Attr = ] Restore -> %System32%\Restore -> [Folder | Modified Date = 2007-08-31 07:43:18 | Attr = ] rmbe3260.dll -> %System32%\rmbe3260.dll -> RealNetworks, Inc. [Ver = 6.0.7.26 | Size = 487936 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ] sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 2007-07-23 22:05:30 | Attr = RH ] Setup -> %System32%\Setup -> [Folder | Modified Date = 2007-07-23 23:51:34 | Attr = ] ShellExt -> %System32%\ShellExt -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] SoftwareDistribution -> %System32%\SoftwareDistribution -> [Folder | Modified Date = 2007-07-23 23:35:46 | Attr = ] spool -> %System32%\spool -> [Folder | Modified Date = 2007-07-23 22:02:48 | Attr = ] SpoonUninstall-dBpoweramp AAC Encoder.bmp -> %System32%\SpoonUninstall-dBpoweramp AAC Encoder.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:16:42 | Attr = ] SpoonUninstall-dBpoweramp AAC Encoder.dat -> %System32%\SpoonUninstall-dBpoweramp AAC Encoder.dat -> [Ver = | Size = 3229 bytes | Modified Date = 2007-08-07 01:17:00 | Attr = ] SpoonUninstall-dBpowerAMP CD Writer.bmp -> %System32%\SpoonUninstall-dBpowerAMP CD Writer.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:25:54 | Attr = ] SpoonUninstall-dBpowerAMP CD Writer.dat -> %System32%\SpoonUninstall-dBpowerAMP CD Writer.dat -> [Ver = | Size = 13767 bytes | Modified Date = 2007-08-07 01:26:36 | Attr = ] SpoonUninstall-dBpoweramp CLI Encoder.bmp -> %System32%\SpoonUninstall-dBpoweramp CLI Encoder.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-05 14:16:58 | Attr = ] SpoonUninstall-dBpoweramp CLI Encoder.dat -> %System32%\SpoonUninstall-dBpoweramp CLI Encoder.dat -> [Ver = | Size = 2983 bytes | Modified Date = 2007-08-05 14:17:04 | Attr = ] SpoonUninstall-dBPowerAMP Dalet codec R2.bmp -> %System32%\SpoonUninstall-dBPowerAMP Dalet codec R2.bmp -> [Ver = | Size = 28898 bytes | Modified Date = 2007-08-07 01:21:34 | Attr = ] SpoonUninstall-dBPowerAMP Dalet codec R2.dat -> %System32%\SpoonUninstall-dBPowerAMP Dalet codec R2.dat -> [Ver = | Size = 705 bytes | Modified Date = 2007-08-07 01:22:14 | Attr = ] SpoonUninstall-dBpoweramp DirectShow Decoder.bmp -> %System32%\SpoonUninstall-dBpoweramp DirectShow Decoder.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:17:04 | Attr = ] SpoonUninstall-dBpoweramp DirectShow Decoder.dat -> %System32%\SpoonUninstall-dBpoweramp DirectShow Decoder.dat -> [Ver = | Size = 2703 bytes | Modified Date = 2007-08-07 01:17:24 | Attr = ] SpoonUninstall-dBpoweramp DSP Effects.bmp -> %System32%\SpoonUninstall-dBpoweramp DSP Effects.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:16:20 | Attr = ] SpoonUninstall-dBpoweramp DSP Effects.dat -> %System32%\SpoonUninstall-dBpoweramp DSP Effects.dat -> [Ver = | Size = 4511 bytes | Modified Date = 2007-08-07 01:16:38 | Attr = ] SpoonUninstall-dBpoweramp FLAC Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp FLAC Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:18:16 | Attr = ] SpoonUninstall-dBpoweramp FLAC Codec.dat -> %System32%\SpoonUninstall-dBpoweramp FLAC Codec.dat -> [Ver = | Size = 2951 bytes | Modified Date = 2007-08-07 01:18:36 | Attr = ] SpoonUninstall-dBpoweramp m4a Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp m4a Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:22:42 | Attr = ] SpoonUninstall-dBpoweramp m4a Codec.dat -> %System32%\SpoonUninstall-dBpoweramp m4a Codec.dat -> [Ver = | Size = 3552 bytes | Modified Date = 2007-08-07 01:23:02 | Attr = ] SpoonUninstall-dBpoweramp m4a Utilities.bmp -> %System32%\SpoonUninstall-dBpoweramp m4a Utilities.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:15:32 | Attr = ] SpoonUninstall-dBpoweramp m4a Utilities.dat -> %System32%\SpoonUninstall-dBpoweramp m4a Utilities.dat -> [Ver = | Size = 3175 bytes | Modified Date = 2007-08-07 01:15:54 | Attr = ] SpoonUninstall-dBpoweramp Midi Decoder.bmp -> %System32%\SpoonUninstall-dBpoweramp Midi Decoder.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:22:16 | Attr = ] SpoonUninstall-dBpoweramp Midi Decoder.dat -> %System32%\SpoonUninstall-dBpoweramp Midi Decoder.dat -> [Ver = | Size = 2649 bytes | Modified Date = 2007-08-07 01:22:36 | Attr = ] SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:17:30 | Attr = ] SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat -> %System32%\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat -> [Ver = | Size = 3107 bytes | Modified Date = 2007-08-07 01:17:48 | Attr = ] SpoonUninstall-dBpoweramp Musepack Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp Musepack Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:18:40 | Attr = ] SpoonUninstall-dBpoweramp Musepack Codec.dat -> %System32%\SpoonUninstall-dBpoweramp Musepack Codec.dat -> [Ver = | Size = 3283 bytes | Modified Date = 2007-08-07 01:19:00 | Attr = ] SpoonUninstall-dBpoweramp Music Converter.bmp -> %System32%\SpoonUninstall-dBpoweramp Music Converter.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:27:44 | Attr = ] SpoonUninstall-dBpoweramp Music Converter.dat -> %System32%\SpoonUninstall-dBpoweramp Music Converter.dat -> [Ver = | Size = 13083 bytes | Modified Date = 2007-08-07 01:28:18 | Attr = ] SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:23:08 | Attr = ] SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat -> %System32%\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat -> [Ver = | Size = 3030 bytes | Modified Date = 2007-08-07 01:23:26 | Attr = ] SpoonUninstall-dBpowerAMP Rename Extension.bmp -> %System32%\SpoonUninstall-dBpowerAMP Rename Extension.bmp -> [Ver = | Size = 28898 bytes | Modified Date = 2007-08-07 01:24:00 | Attr = ] SpoonUninstall-dBpowerAMP Rename Extension.dat -> %System32%\SpoonUninstall-dBpowerAMP Rename Extension.dat -> [Ver = | Size = 349 bytes | Modified Date = 2007-08-07 01:24:08 | Attr = ] SpoonUninstall-dBpowerAMP Tag From Filename.bmp -> %System32%\SpoonUninstall-dBpowerAMP Tag From Filename.bmp -> [Ver = | Size = 28898 bytes | Modified Date = 2007-08-07 01:24:20 | Attr = ] SpoonUninstall-dBpowerAMP Tag From Filename.dat -> %System32%\SpoonUninstall-dBpowerAMP Tag From Filename.dat -> [Ver = | Size = 2077 bytes | Modified Date = 2007-08-07 01:24:38 | Attr = ] SpoonUninstall-dBPowerAMP tooLame MP2 codec.bmp -> %System32%\SpoonUninstall-dBPowerAMP tooLame MP2 codec.bmp -> [Ver = | Size = 34358 bytes | Modified Date = 2007-08-05 14:16:16 | Attr = ] SpoonUninstall-dBPowerAMP tooLame MP2 codec.dat -> %System32%\SpoonUninstall-dBPowerAMP tooLame MP2 codec.dat -> [Ver = | Size = 1856 bytes | Modified Date = 2007-08-05 14:16:38 | Attr = ] SpoonUninstall-dBpowerAMP Update ID Tag.bmp -> %System32%\SpoonUninstall-dBpowerAMP Update ID Tag.bmp -> [Ver = | Size = 28898 bytes | Modified Date = 2007-08-07 01:25:20 | Attr = ] SpoonUninstall-dBpowerAMP Update ID Tag.dat -> %System32%\SpoonUninstall-dBpowerAMP Update ID Tag.dat -> [Ver = | Size = 1863 bytes | Modified Date = 2007-08-07 01:25:36 | Attr = ] SpoonUninstall-dBpoweramp WavPack Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp WavPack Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:19:04 | Attr = ] SpoonUninstall-dBpoweramp WavPack Codec.dat -> %System32%\SpoonUninstall-dBpoweramp WavPack Codec.dat -> [Ver = | Size = 3007 bytes | Modified Date = 2007-08-07 01:19:20 | Attr = ] SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:19:28 | Attr = ] SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat -> %System32%\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat -> [Ver = | Size = 3365 bytes | Modified Date = 2007-08-07 01:19:44 | Attr = ] SpoonUninstall-dBpoweramp [Arrange Audio] Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:15:58 | Attr = ] SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat -> %System32%\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat -> [Ver = | Size = 2765 bytes | Modified Date = 2007-08-07 01:16:10 | Attr = ] SpoonUninstall-dBpoweramp [Multi Encoder] Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:17:54 | Attr = ] SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat -> %System32%\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat -> [Ver = | Size = 2961 bytes | Modified Date = 2007-08-07 01:18:04 | Attr = ] SpoonUninstall-dBpoweramp [ReplayGain] Codec.bmp -> %System32%\SpoonUninstall-dBpoweramp [ReplayGain] Codec.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 2007-08-07 01:15:12 | Attr = ] SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat -> %System32%\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat -> [Ver = | Size = 2793 bytes | Modified Date = 2007-08-07 01:15:28 | Attr = ] swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 2007-07-22 18:39:28 | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2302 bytes | Modified Date = 2007-08-31 20:58:48 | Attr = ] URTTemp -> %System32%\URTTemp -> [Folder | Modified Date = 2007-08-03 08:04:38 | Attr = ] usmt -> %System32%\usmt -> [Folder | Modified Date = 2007-07-23 23:51:30 | Attr = ] vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 52662 bytes | Modified Date = 2007-09-05 16:53:54 | Attr = ] wbem -> %System32%\wbem -> [Folder | Modified Date = 2007-08-08 12:07:24 | Attr = ] WindowsLogon.manifest -> %System32%\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Modified Date = 2007-07-23 22:05:34 | Attr = RH ] wins -> %System32%\wins -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2007-09-03 16:47:32 | Attr = ] wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 2007-07-23 22:05:30 | Attr = RH ] xircom -> %System32%\xircom -> [Folder | Modified Date = 2007-07-23 22:06:46 | Attr = ] XPSViewer -> %System32%\XPSViewer -> [Folder | Modified Date = 2007-08-20 14:19:50 | Attr = ] zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 2007-09-05 16:53:56 | Attr = H ] ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 2007-08-28 19:31:42 | Attr = ] amon.sys -> %System32%\drivers\amon.sys -> Eset [Ver = 2, 70, 39 | Size = 512096 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ] disdn -> %System32%\drivers\disdn -> [Folder | Modified Date = 2007-07-23 23:49:02 | Attr = ] etc -> %System32%\drivers\etc -> [Folder | Modified Date = 2007-08-31 07:28:04 | Attr = ] gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3911 | Size = 70001 bytes | Modified Date = 2007-08-23 21:29:26 | Attr = ] nod32drv.sys -> %System32%\drivers\nod32drv.sys -> [Ver = | Size = 15424 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ] snapman.sys -> %System32%\drivers\snapman.sys -> Acronis [Ver = 2.1 build 222 | Size = 99776 bytes | Modified Date = 2007-08-28 06:19:10 | Attr = ] umdf -> %System32%\drivers\umdf -> [Folder | Modified Date = 2007-08-07 01:20:48 | Attr = ] Adobe -> %AllUsersAppData%\Adobe -> [Folder | Modified Date = 2007-08-14 00:14:32 | Attr = ] Ahead -> %AllUsersAppData%\Ahead -> [Folder | Modified Date = 2007-08-28 06:47:16 | Attr = ] Babylon(2) -> %AllUsersAppData%\Babylon(2) -> [Folder | Modified Date = 2007-08-05 18:44:42 | Attr = ] desktop.ini -> %AllUsersAppData%\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 2007-07-23 23:53:00 | Attr = HS] Google -> %AllUsersAppData%\Google -> [Folder | Modified Date = 2007-07-23 23:30:54 | Attr = ] Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 2007-07-25 15:31:30 | Attr = ] logs -> %AllUsersAppData%\logs -> [Folder | Modified Date = 2007-07-25 16:47:48 | Attr = ] McAfee -> %AllUsersAppData%\McAfee -> [Folder | Modified Date = 2007-07-26 17:56:40 | Attr = ] Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 2007-07-24 16:01:18 | Attr = S] Nero -> %AllUsersAppData%\Nero -> [Folder | Modified Date = 2007-08-28 06:45:30 | Attr = ] PT2008 -> %AllUsersAppData%\PT2008 -> [Folder | Modified Date = 2007-08-28 07:05:10 | Attr = ] RoboForm -> %AllUsersAppData%\RoboForm -> [Folder | Modified Date = 2007-08-30 09:50:24 | Attr = ] SiteAdvisor -> %AllUsersAppData%\SiteAdvisor -> [Folder | Modified Date = 2007-07-26 17:56:40 | Attr = ] Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 2007-09-04 07:28:54 | Attr = ] TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 2007-08-30 05:16:36 | Attr = ] @Alternate Data Stream - 122 bytes -> %AllUsersAppData%\TEMP:5E1F4E0B -> Webroot -> %AllUsersAppData%\Webroot -> [Folder | Modified Date = 2007-09-03 21:08:58 | Attr = ] Windows Genuine Advantage -> %AllUsersAppData%\Windows Genuine Advantage -> [Folder | Modified Date = 2007-07-23 23:51:56 | Attr = ] Ahead -> %UserAppData%\Ahead -> [Folder | Modified Date = 2007-08-29 07:47:04 | Attr = ] ATI -> %UserAppData%\ATI -> [Folder | Modified Date = 2007-07-23 22:56:32 | Attr = ] Babylon -> %UserAppData%\Babylon -> [Folder | Modified Date = 2007-08-13 10:47:52 | Attr = ] desktop.ini -> %UserAppData%\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 2007-07-23 23:53:00 | Attr = HS] Google -> %UserAppData%\Google -> [Folder | Modified Date = 2007-07-23 23:33:00 | Attr = ] Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 2007-08-28 08:24:58 | Attr = ] gtopala -> %UserAppData%\gtopala -> [Folder | Modified Date = 2007-08-06 22:07:16 | Attr = ] Help -> %UserAppData%\Help -> [Folder | Modified Date = 2007-07-30 17:00:36 | Attr = ] Identities -> %UserAppData%\Identities -> [Folder | Modified Date = 2007-07-23 22:12:02 | Attr = ] Jetico Personal Firewall -> %UserAppData%\Jetico Personal Firewall -> [Folder | Modified Date = 2007-07-23 23:37:50 | Attr = ] Leadertech -> %UserAppData%\Leadertech -> [Folder | Modified Date = 2007-08-08 01:50:06 | Attr = ] Macromedia -> %UserAppData%\Macromedia -> [Folder | Modified Date = 2007-07-24 23:56:46 | Attr = ] Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 2007-09-02 14:39:26 | Attr = S] Mozilla -> %UserAppData%\Mozilla -> [Folder | Modified Date = 2007-07-25 17:34:52 | Attr = ] SiteAdvisor -> %UserAppData%\SiteAdvisor -> [Folder | Modified Date = 2007-07-26 17:56:40 | Attr = ] Steinberg -> %UserAppData%\Steinberg -> [Folder | Modified Date = 2007-07-31 11:09:40 | Attr = ] Sun -> %UserAppData%\Sun -> [Folder | Modified Date = 2007-07-23 23:30:08 | Attr = ] Thunderbird -> %UserAppData%\Thunderbird -> [Folder | Modified Date = 2007-07-25 17:34:52 | Attr = ] tor -> %UserAppData%\tor -> [Folder | Modified Date = 2007-08-28 20:08:24 | Attr = ] uTorrent -> %UserAppData%\uTorrent -> [Folder | Modified Date = 2007-09-02 00:50:32 | Attr = ] Vidalia -> %UserAppData%\Vidalia -> [Folder | Modified Date = 2007-08-30 12:52:46 | Attr = ] VSRevoGroup -> %UserAppData%\VSRevoGroup -> [Folder | Modified Date = 2007-09-03 17:10:30 | Attr = ] Webroot -> %UserAppData%\Webroot -> [Folder | Modified Date = 2007-09-03 21:08:58 | Attr = ] WinRAR -> %UserAppData%\WinRAR -> [Folder | Modified Date = 2007-07-23 23:03:06 | Attr = ] Adobe -> %LocalAppData%\Adobe -> [Folder | Modified Date = 2007-08-14 00:14:20 | Attr = ] Ahead -> %LocalAppData%\Ahead -> [Folder | Modified Date = 2007-08-28 06:55:28 | Attr = ] ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 2007-09-05 17:00:04 | Attr = ] ATI -> %LocalAppData%\ATI -> [Folder | Modified Date = 2007-07-23 22:56:32 | Attr = ] Babylon -> %LocalAppData%\Babylon -> [Folder | Modified Date = 2007-08-05 19:08:56 | Attr = ] Babylon(2) -> %LocalAppData%\Babylon(2) -> [Folder | Modified Date = 2007-08-05 18:43:04 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 23040 bytes | Modified Date = 2007-08-19 21:37:16 | Attr = ] fusioncache.dat -> %LocalAppData%\fusioncache.dat -> [Ver = | Size = 130 bytes | Modified Date = 2007-07-23 22:56:30 | Attr = ] GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 43640 bytes | Modified Date = 2007-08-23 00:02:08 | Attr = ] GHISLER -> %LocalAppData%\GHISLER -> [Folder | Modified Date = 2007-08-18 11:03:14 | Attr = ] Google -> %LocalAppData%\Google -> [Folder | Modified Date = 2007-07-23 23:33:00 | Attr = ] Help -> %LocalAppData%\Help -> [Folder | Modified Date = 2007-07-30 17:00:36 | Attr = ] IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 1578010 bytes | Modified Date = 2007-08-28 07:53:36 | Attr = H ] Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 2007-09-02 00:55:14 | Attr = ] Mozilla -> %LocalAppData%\Mozilla -> [Folder | Modified Date = 2007-07-24 22:36:50 | Attr = ] Thunderbird -> %LocalAppData%\Thunderbird -> [Folder | Modified Date = 2007-07-25 17:34:58 | Attr = ] desktop.ini -> %AllUsersDocuments%\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 2007-07-23 23:53:00 | Attr = HS] Ma musique -> %AllUsersDocuments%\Ma musique -> [Folder | Modified Date = 2007-07-23 22:04:58 | Attr = R ] Mes images -> %AllUsersDocuments%\Mes images -> [Folder | Modified Date = 2007-07-23 22:04:56 | Attr = R ] Mes vidéos -> %AllUsersDocuments%\Mes vidéos -> [Folder | Modified Date = 2007-07-23 22:03:08 | Attr = R ] a-squared -> %UserDocuments%\a-squared -> [Folder | Modified Date = 2007-08-16 16:58:04 | Attr = ] AlwaysUnloadDll.reg -> %UserDocuments%\AlwaysUnloadDll.reg -> [Ver = | Size = 125 bytes | Modified Date = 2007-08-16 22:48:48 | Attr = ] cache_dns.reg -> %UserDocuments%\cache_dns.reg -> [Ver = | Size = 289 bytes | Modified Date = 2007-08-16 22:39:32 | Attr = ] cc Clean avant scan complet_20070816_1527.reg -> %UserDocuments%\cc Clean avant scan complet_20070816_1527.reg -> [Ver = | Size = 2928 bytes | Modified Date = 2007-08-16 15:28:10 | Attr = ] cc_20070725_0012Repar CClean.reg -> %UserDocuments%\cc_20070725_0012Repar CClean.reg -> [Ver = | Size = 64660 bytes | Modified Date = 2007-07-25 00:13:10 | Attr = ] cc_20070725_1908Sup Thunder.reg -> %UserDocuments%\cc_20070725_1908Sup Thunder.reg -> [Ver = | Size = 150213 bytes | Modified Date = 2007-07-25 19:08:52 | Attr = ] cc_20070831_0721.reg -> %UserDocuments%\cc_20070831_0721.reg -> [Ver = | Size = 20117 bytes | Modified Date = 2007-08-31 07:22:14 | Attr = ] Conf.PT 2008 Pro -> %UserDocuments%\Conf.PT 2008 Pro -> [Folder | Modified Date = 2007-08-28 07:16:46 | Attr = ] CoolWebSearch_homesearch.php.htm -> %UserDocuments%\CoolWebSearch_homesearch.php.htm -> [Ver = | Size = 41398 bytes | Modified Date = 2007-08-30 06:16:34 | Attr = ] desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 79 bytes | Modified Date = 2007-07-24 00:14:38 | Attr = HS] frames2.php.htm -> %UserDocuments%\frames2.php.htm -> [Ver = | Size = 16697 bytes | Modified Date = 2007-08-22 17:39:12 | Attr = ] Ma musique -> %UserDocuments%\Ma musique -> [Folder | Modified Date = 2007-07-24 00:14:38 | Attr = R ] MEIGNAN LOIC.doc -> %UserDocuments%\MEIGNAN LOIC.doc -> [Ver = | Size = 42496 bytes | Modified Date = 2007-08-20 14:46:12 | Attr = ] Mes images -> %UserDocuments%\Mes images -> [Folder | Modified Date = 2007-09-05 19:05:56 | Attr = R ] My RoboForm Data -> %UserDocuments%\My RoboForm Data -> [Folder | Modified Date = 2007-08-30 11:03:50 | Attr = ] Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP.htm -> %UserDocuments%\Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP.htm -> [Ver = | Size = 15570 bytes | Modified Date = 2007-08-29 05:45:30 | Attr = ] Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP_fichiers -> %UserDocuments%\Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP_fichiers -> [Folder | Modified Date = 2007-08-29 05:45:26 | Attr = ] Nouveau fichier de paramètres.OPS -> %UserDocuments%\Nouveau fichier de paramètres.OPS -> [Ver = | Size = 24046 bytes | Modified Date = 2007-08-05 15:39:10 | Attr = ] O&O -> %UserDocuments%\O&O -> [Folder | Modified Date = 2007-08-18 11:39:40 | Attr = ] Personal Translator 2008 Professional -> %UserDocuments%\Personal Translator 2008 Professional -> [Folder | Modified Date = 2007-08-28 07:24:12 | Attr = ] Proxy Lists. Sorted by type. List #1.htm -> %UserDocuments%\Proxy Lists. Sorted by type. List #1.htm -> [Ver = | Size = 13905 bytes | Modified Date = 2007-08-26 19:29:46 | Attr = ] proxy.php.htm -> %UserDocuments%\proxy.php.htm -> [Ver = | Size = 700 bytes | Modified Date = 2007-08-26 20:17:38 | Attr = ] sup.easy cleanReg.htm -> %UserDocuments%\sup.easy cleanReg.htm -> [Ver = | Size = 11448 bytes | Modified Date = 2007-08-01 10:29:16 | Attr = ] AvRack.lnk -> %AllUsersDesktop%\AvRack.lnk -> [Ver = | Size = 1519 bytes | Modified Date = 2007-07-23 22:35:58 | Attr = ] Configuration.lnk -> %AllUsersDesktop%\Configuration.lnk -> [Ver = | Size = 1535 bytes | Modified Date = 2007-07-23 23:23:40 | Attr = ] Personal Translator 2008.lnk -> %AllUsersDesktop%\Personal Translator 2008.lnk -> [Ver = | Size = 962 bytes | Modified Date = 2007-08-28 07:05:48 | Attr = ] The KMPlayer FR.lnk -> %AllUsersDesktop%\The KMPlayer FR.lnk -> [Ver = | Size = 665 bytes | Modified Date = 2007-08-07 01:31:46 | Attr = ] Winamp.lnk -> %AllUsersDesktop%\Winamp.lnk -> [Ver = | Size = 654 bytes | Modified Date = 2007-08-07 01:08:50 | Attr = ] ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2007-08-25 15:48:52 | Attr = ] EVEREST Ultimate Edition.lnk -> %UserDesktop%\EVEREST Ultimate Edition.lnk -> [Ver = | Size = 787 bytes | Modified Date = 2007-08-14 23:27:28 | Attr = ] L'Assistant Dartybox.lnk -> %UserDesktop%\L'Assistant Dartybox.lnk -> [Ver = | Size = 1698 bytes | Modified Date = 2007-08-08 13:14:34 | Attr = ] Nuendo 3.lnk -> %UserDesktop%\Nuendo 3.lnk -> [Ver = | Size = 731 bytes | Modified Date = 2007-07-31 10:56:38 | Attr = ] Poste de travail.lnk -> %UserDesktop%\Poste de travail.lnk -> [Ver = | Size = 104 bytes | Modified Date = 2007-07-24 15:19:40 | Attr = ] Raccourci vers jv16PT.exe.lnk -> %UserDesktop%\Raccourci vers jv16PT.exe.lnk -> [Ver = | Size = 670 bytes | Modified Date = 2007-08-01 12:30:44 | Attr = ] Raccourci vers NoTrace.exe.lnk -> %UserDesktop%\Raccourci vers NoTrace.exe.lnk -> [Ver = | Size = 587 bytes | Modified Date = 2007-08-01 19:50:56 | Attr = ] Raccourci vers RegSeeker.exe.lnk -> %UserDesktop%\Raccourci vers RegSeeker.exe.lnk -> [Ver = | Size = 572 bytes | Modified Date = 2007-08-01 11:44:18 | Attr = ] Revo Uninstaller.lnk -> %UserDesktop%\Revo Uninstaller.lnk -> [Ver = | Size = 917 bytes | Modified Date = 2007-09-03 17:09:44 | Attr = ] Window Washer.lnk -> %UserDesktop%\Window Washer.lnk -> [Ver = | Size = 1596 bytes | Modified Date = 2007-08-28 07:26:50 | Attr = ] µpdater.lnk -> %UserDesktop%\µpdater.lnk -> [Ver = | Size = 1001 bytes | Modified Date = 2007-08-06 11:02:00 | Attr = ] Barre d'état système d'ATI CATALYST.lnk -> %AllUsersStartup%\Barre d'état système d'ATI CATALYST.lnk -> [Ver = | Size = 1851 bytes | Modified Date = 2007-08-21 14:55:26 | Attr = ] desktop.ini -> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 2007-07-23 22:06:36 | Attr = HS] desktop.ini -> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 2007-07-23 22:06:36 | Attr = HS] ERUNT AutoBackup.lnk -> %UserStartup%\ERUNT AutoBackup.lnk -> [Ver = | Size = 767 bytes | Modified Date = 2007-08-01 11:10:50 | Attr = ] MRU-Blaster Silent Clean.lnk -> %UserStartup%\MRU-Blaster Silent Clean.lnk -> [Ver = | Size = 683 bytes | Modified Date = 2007-07-24 16:28:36 | Attr = ] TrayIt!.lnk -> %UserStartup%\TrayIt!.lnk -> [Ver = | Size = 604 bytes | Modified Date = 2007-08-24 13:41:14 | Attr = ] Acronis -> %CommonProgramFiles%\Acronis -> [Folder | Modified Date = 2007-08-28 06:19:08 | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 2007-08-14 00:14:34 | Attr = ] Ahead -> %CommonProgramFiles%\Ahead -> [Folder | Modified Date = 2007-08-28 06:46:44 | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Modified Date = 2007-08-05 21:09:14 | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 2007-08-05 18:20:04 | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 2007-07-23 23:30:30 | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 2007-08-05 21:10:20 | Attr = ] MSSoap -> %CommonProgramFiles%\MSSoap -> [Folder | Modified Date = 2007-07-23 22:04:48 | Attr = ] ODBC -> %CommonProgramFiles%\ODBC -> [Folder | Modified Date = 2007-07-23 23:53:20 | Attr = ] Services -> %CommonProgramFiles%\Services -> [Folder | Modified Date = 2007-07-23 22:04:52 | Attr = ] SpeechEngines -> %CommonProgramFiles%\SpeechEngines -> [Folder | Modified Date = 2007-07-23 23:53:18 | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 2007-08-05 14:32:48 | Attr = ] Webroot Shared -> %CommonProgramFiles%\Webroot Shared -> [Folder | Modified Date = 2007-08-28 07:26:46 | Attr = ] [File String Scan - Non-Microsoft Only] PTech , ad-beh , abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %SystemDrive%\rapport Nettoyage SmitFraudFix.txt -> [Ver = | Size = 9516565 bytes | Modified Date = 2007-08-22 22:33:20 | Attr = ] PTech , ad-beh , abetterinternet.com , ad-w-a-r-e.com , -> %SystemDrive%\rapport SmitFraudFix 31.08 .txt -> [Ver = | Size = 8431185 bytes | Modified Date = 2007-08-31 18:46:10 | Attr = ] UPX! , UPX0 , -> %SystemRoot%\Unwash6.exe -> Webroot Software, Inc. [Ver = 6.5.0.100 | Size = 69960 bytes | Modified Date = 2007-08-09 13:56:20 | Attr = ] UPX! , UPX0 , -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Modified Date = 2007-09-04 19:07:48 | Attr = ] WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.43 | Size = 18706432 bytes | Modified Date = 2005-04-18 13:57:58 | Attr = ] PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 2002-09-07 03:00:00 | Attr = ] USERTRUST , -> %System32%\SpoonUninstall.exe -> [Ver = | Size = 4131192 bytes | Modified Date = 2007-07-02 19:09:04 | Attr = ] UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 2007-07-22 18:39:28 | Attr = ] winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2002-09-07 03:00:00 | Attr = ] @Alternate Data Stream - 88 bytes -> %System32%\drivers\etc\tesgaz:SummaryInformation -> @Alternate Data Stream - 0 bytes -> %System32%\drivers\etc\tesgaz:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} -> PTech , ad-beh , abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\tesgaz -> [Ver = | Size = 9518036 bytes | Modified Date = 2007-08-21 22:35:06 | Attr = R ] @Alternate Data Stream - 122 bytes -> %AllUsersAppData%\TEMP:5E1F4E0B -> Call (RPC) Help , -> %UserDocuments%\CoolWebSearch_homesearch.php.htm -> [Ver = | Size = 41398 bytes | Modified Date = 2007-08-30 06:16:34 | Attr = ] Call (RPC) Help , -> %UserDocuments%\emove instruction.txt -> [Ver = | Size = 23675 bytes | Modified Date = 2007-08-30 06:45:56 | Attr = ] UPX! , UPX0 , -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2007-08-25 15:48:52 | Attr = ] < End of report > Merci par avance je signale que j'ai SafeXP et XP AntiSpy . amicalement
  7. chtilo

    O&O defrag

    chtilo a répondu à un(e) sujet de Barban dans Software

    je vien de revoir la chose et repense il faut ouvrir un port mais il est sans risque Si sa peut t'aidé pour le port: amicalement
  8. chtilo

    O&O defrag

    chtilo a répondu à un(e) sujet de Barban dans Software

    Et les deux .exe sont bien autoriser tu en est sure et quand tu demarre le service tu n'as pas de soucis ?
  9. chtilo

    O&O defrag

    chtilo a répondu à un(e) sujet de Barban dans Software

    Voilà une recherche sur google Tu auras le chois pour les tuto ou sinon tape ajoute(ou autoriser) application dans Sygate . Car c'est là que sa bloque une fois passé ça , tu suis mle restede mes instruction et sa sera bon. Sinon esaye ça : tu vas dans application et regarde ta liste voir si tu as des ligne avec Defrag si oui il faut que se soit autoriser ou ASK sinon vas dans advanced et créer une règle il faut que tu ais les dux .exe pour après demarrer le service . amicalement
  10. chtilo

    O&O defrag

    chtilo a répondu à un(e) sujet de Barban dans Software

    Pour ajouter une application vois sur Microsoftcréer une règle sinon recherche sur google.
  11. chtilo
    Bonjours à tous et merci de m'aider, Bon pas de changement a part que je me demande si les clés que j'ai effacer il faudrait que je les remette en place , non ? Pour mes droit après recherche sur le forum Sécu il y a un outil qui peut regarder dans le registre c'est WinPFind3U.exe mais par contre vaut connaitre la bête pour savoir corriger et même l'analyser ça pas l'air simple donc voilà pour le moment. Si quelqu'un Peut m'aider , merci à tous du coup de main. amicalement.
  12. chtilo
    Bonjours à tous , Bon pas de changement , mais pour les Màj peut ^tre que je devrait remettre les clés que j'ai enlever. Pour mes droit utilisateur j'ai vu que WinPFind3U.exe permet de rentrer dans le vif des changement effectuer mais par contre là c'est compliquer je ne sais analyser ce log et résoudre les problème avec donc je lance un appel....... Amicalement.
  13. chtilo

    O&O defrag

    chtilo a répondu à un(e) sujet de Barban dans Software

    Bonjours, J'ai se logiciels en version payante et j'ai eu se problème, ilfaut que tu regarde la doc de ton firewall pour ajouter les deux .exe. Par exemple dans Zone Alarme , dans la zone programme j'ai clické ajouté puis j'ai pris les .exe dans programme files\O&O Defrag. Une fois les .exe ajouté vas dans services.msc et trouve O&O defrag Agent mets le en automatique puis démarre le service et relance O&O Defrag. Amicalement.
  14. chtilo
    Bonsoir AngieG, Pour completer il serai utile que tu lance un scan Kapersky en ligne et que tu post ton rapport. Pour ce faire accepte le controle ActiveX et pour le rapport enregistre le sur ton bureau puis Copier/Coller le contenu Esuite telecharge AVG anti-spy ensuite parametre le ainsi Option a cocher puis lance un scan complet en mode sans echec à la fin du scan , supprime les objets trouvés Tracking cookie et surtout enregistre le rapport puis post le. Ton prochain post avec ces deux rapport: Kapersky AVG Anti-Spyware Permettra de trouvé une infection lié a l'executable. Il faut aussi afficher les fichier système mais juste le supprimer n'enlèvera malheureusement pas ton infection. Amicalement.
  15. chtilo
    On a du ecrire notre message en même temp , je répondai à Pear qui me proposait l'outils NTright. Je lisait du coup ton message mais les lignes était lié au logiciels que tu parle mais si on n'a pas ce logiciels alors on est infecté voici ma source parmi d'autre. Il y a aussi des explication sur microsoft qui parle d'une faille de sécurité avec certain logiciels qui permette l'execution de code malicieux qui peuvent altéré les droit et bien d'autre chose, voir ici mais ça date mais j'ai installer Office 2003 y a pas longtemp. As tu lu mon post sur l'autre topic mon dernier message Qu'en pense tu ? amicalement. PS: Oui j'ai essayé ZebRestore mais rien par contre je suis en train de me dire pour les Màj je peu réécrire les clé, mais est ce que l'emplacement d'où je les ai effacer est le bon a l'origine. merci, amicalement
  16. chtilo
    J'ai l'impression que je ne suis plus tout seul en regardant les nouveaux topic ouvert. Je voudrait proposer une solution pour avoir une confirmation mais avant je voudrai une convirmation: Donc quand j'installe windows un compte admin est créer d'office là, on est d'accord. Ensuite dans mon cas (pour changé, lol!) je suis seul sur le PC donc le compte que je crée pour utilisé le PC est un compte admin donc j'ai bien tout les droit, je veux dire comme le compte admin créer en même temp que windows , si oui je suis pas fou et donc j'ai vraiment se problème.Merci de me confirmer. Sinon voilà a quoi j'ai pensé mais j'attend votre accord et surtout votre avis : J'ai ERUNT qui crée des backup de mon registre donc comme le problème pour moi semble venir des clés de registre , je me demandai, si j'ajoute (pas remplacé) un backup antérieur a la date de l'infection et que je passe un coup de regseeker pour les clés qui ne sont plus valide, est ce que cela peut marché ? Ou y a-t-il d'autre chose que les clés qui peuvent être lié a ce problème. Merci à vous amicalement.
  17. chtilo
    Cet outils me donne accès au même chose que GPEDIT si j'ai bien compris, et j'ai été sur gpedit mais il n'y a rien de touché du moins ça a l'air. Car si c'est la même chose j'ai accès a gpedit mais le problème c'est que je ne comprend pas trop cette zone, je n'y suis pas alèse. Je pars poster un message sur l'autre topic que j'ai ouvert, j'ai une idée pour essayer de résoudre tout ça mais j'ai besoin d'avis. Merci à vous de m'aider et de me consacré du temp. amicalement.
  18. chtilo
    Bonsoir brianb, Pour ces lignes c'est normal : Outil indésirable:Application/Processor No Désinfecté E:\Program Files\Navilog1\Process.exe Outil indésirable:Application/Pskill.A No Désinfecté E:\WINDOWS\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE] Outil indésirable:Application/Pskill.A No Désinfecté E:\WINDOWS\system\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE] Outil indésirable:Application/Processor No Désinfecté E:\Documents and Settings\mr bouazziz.SN4970687158\Bureau\MSNFix\incl\Process.exe C'est lié au outils de désinfection Pour NPMyWebS.dll je ne peut m'avancé car je ne trouve rien et je ne suis pas seul donc pour le moment n'y touche pas. Sinon nettoie tout ce qui est fichier temporaire en suivant les conseil de pré désinfection une fois que tu as fais ça va à la fin de ce topic mais lit tous quand même et si cela fonctionne vien le signaler ici sa peut aider d'autre personne. Pour riched20.dll vas sur le site microsoft mais occupe toi de lui aprés avoir désinfecter ton PC. Je pense que cela resoudra ton problème. Amicalement
  19. chtilo
    Merci eclypse , mais je n'ai pas ce message d'erreur.Mais par contre c'est bon de le savoir. Je voulait demander un truc est ce que ce groupe est légale CREATEUR PROPRIETAIRE Pour mes Màj et mes droit rien de nouveaux je pense d'apres les infos que j'ai trouvé que je dois trouvé le moyen de remettre les clé de registre. Pour le moment je vais ré-éssayer ZebRestore et encore merci de m'aider amicalement
  20. chtilo
    Bonjour Pear, Malheureusement ce problème est persistant mais je commence à trouvé des info sur le : Où tout à commencé, car en soit j'ai vu le svdhost.exe mais les analyse ne trouvait rien donc pas de nom a mettre sur cette infection. En tout cas elle m'a fait des dégât, j'espère en venir a bout et bien sur grace a l'aide de tout ceux qui le peuvent car je pense que si pour lr moment on n'est pas nombreux( a ce que j'en vois) on le sera donc on continu de cherché et votre aide est la bien venu. D'après les info que j'ai trouvé (les lien sont sur l'autre sujet) il y a eu un code malicieux qui je crois a créer un ou deux "compte" et moi dans l'histoire j'ai plus mes droit et de plus le 2eme compte admin céer a l'install de windows n'a plus son MDP mais je vais re-vérifier. Merci pear de votre aide. amicalement.
  21. chtilo
    Merci Angelique je vais aller vérifier cette clés a l'issue de mon post. Sinon j'ai plusieur chose a rajouter j'ai fais "Policies" avec ZebRestore mais sa turer et le truc a bloquer il faudrait que je re-éssaie car là mes droit ne sont pas revenu de plus même si je pige pas tout sur GPEDIT il me semble que rien n'est modifier. Par contre je pense connaitre la source de mon infection et si vous pouviez me renseigné voici la reponse possible tout d'abord a la vue de svdhost.exe j'ai rechercher sur sophos et voici ce qui etait pour mon cas sur le site sophos qui dit que c'est un code malicieux passant par le RPC mais j'ai également trouvé ça en recherchant perte de droit administrateur sur Microsoft sécurité par rapport a ce lien j'ai , il me semble car j'ai juste un vague souvenir que certain compte n'aexistait pas avant dans mon onglet sécurité.Je peut vous les mettre dans le prochain poste si vous voulez les voir . ce qui est également plus ou moins mon cas. si vous avez un avis à donner.Je suis preneur pour les solution pour récupérer mes droits.Et je me demandai, comment restore ZebRestore les clés lié au droit , il se fit au compte ou c'est déjà formater d'une manière unique ? Encore merci de m'aider car là c'est très difficile je dois l'avouer je vais également teste une astuce trouvé sur ce dernier site présenté en lien. amicalement. P.S Pour le fichier Hosts j'ai fais ça mais il me dit qu'il ne peut créer le fichier Hosts(précédé du chemin d'acces).
  22. chtilo
    Alors en faite il restaure ce que je lui demande sauf le fichier hosts(c'était pour lui le message d'erreur) pour les mise à jour c'est pas possible pourtant je fait ce qui demande aux message d'erreur. Voici le message : Je continue mes recherche de mon côté. merci de votre aide amicalement
  23. chtilo
    Voici le log de look2Me Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 03/09/2007 21:38:01 Attempting to delete infected files... Making registry repairs. Restoring Windows certificates. Replaced hosts file with default windows hosts file Par contre il a eu un peu de mal ou alors j'ai pas été patient mais après il a marché.Par contre j'ai fait ZebRestore pas pour Policies car avec VX2 cela semble avoir marcher mais j'ai fais pour Windows Update car mes Màj bloque, j'ai fait aussi pour le fichier Hosts et pour IE mais voici le message qu'il m'affiche : amicalement.
  24. chtilo
    Merci a vous de m'aider, et le rapport VX2 vous semble t-il bon ? Sinon je résume j'appuie sur policy et sinon j'essaie Look2meDestroyer et pour les tois action que j'ai lister au premier post vous en pensé quoi ? Je me demandai comment savoir si le problème est résolu car l'apps je l'ai enlever avec le compte que l'on créer a l'installe de windows donc comment je peu connaitre rapidement si c'est bueno. Encore merci amicalement.
  25. chtilo
    Bonjours à tous, Et merci aux personne qui analyseront mon rapport VX2 Finder Voici le résumé de mon problème que j'essaie de traité actuellement ici Donc j'ai fait ce que ma proposer Angelique et voici le rapport VX2 : Log for VX2.BetterInternet File Finder (ALL) Files Found--- Additional Files--- Keys Under Notify--- AtiExtEvent crypt32chain cryptnet cscdll ScCertProp Schedule sclgntfy SensLogn termsrv wlballoon WRNotifier Guardian Key--- is called: Guardian Key--- : User Agent String--- Je ne sais pas du tout analyser ce rapport et sur un lien qui traite de ces problème de droit/privilège il parlent de supprimer puis de * Appuyez sur le bouton "Guardian.reg". * Appuyez sur le bouton "User Agent". * Appuyez sur le bouton "Restore Policy". Mais je préfère demander a ceux qui connaissent car je ne sais si je peux supprimer ces fichiers. Mon PC a été scanné plusieur fois et il n'y a rien et par contre en plus d'avoir perdu mes droit je ne peux plus faire mes Màj, j'avais un problème avec Windows Installer que j'ai réussie a remettre et mon rapport HijackThis est clean. Encore merci aux personne qui analyseront mon log, pour leur temp et leur connaissance. Sinon où peut on trouvé les réponse pour les fichier, est ce que c'est comme pour les log HijackThis ? amicalement.
×
×
  • Créer...