Ordi qui redémarre tout seul.

[Rex Nirvana]

Rapport WinPFind3U :

WinPFind3 logfile created on: 03/09/2007 07:36:02

WinPFind3U by OldTimer - Version 1.0.41 Folder = C:\Documents and Settings\Propriétaire\Bureau\WinPFind3u\

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)

Internet Explorer (Version = 7.0.5730.11)

 

767,48 Mb Total Physical Memory | 399,78 Mb Available Physical Memory | 52,09% Memory free

1,83 Gb Paging File | 1,55 Gb Available in Paging File | 84,71% Paging File free

Paging file location(s): C:\pagefile.sys 1152 2304;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19,53 Gb Total Space | 3,73 Gb Free Space | 19,08% Space Free

Drive D: | 6,02 Gb Total Space | 3,96 Gb Free Space | 65,80% Space Free

Drive E: | 9,09 Gb Total Space | 2,26 Gb Free Space | 24,88% Space Free

F: Drive not present or media not loaded

 

Computer Name: BENEL-PC

Current User Name: Propriétaire

Logged in as Administrator.

Current Boot Mode: Normal

 

 

[Processes - Non-Microsoft Only]

alertm~1.exe -> %System32%\AlertModule\AlertModule.exe -> [Ver = 1, 0, 0, 1 | Size = 45056 bytes | Modified Date = 21/10/2004 08:50:52 | Attr = ]

ares.exe -> %ProgramFiles%\Ares\Ares.exe -> Ares Development Group [Ver = 2.0.6.3027 | Size = 969728 bytes | Modified Date = 18/02/2007 23:30:18 | Attr = ]

avgnt.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\avgnt.exe -> H+BEDV Datentechnik GmbH [Ver = 7.00.00.06 | Size = 229416 bytes | Modified Date = 18/01/2006 15:52:36 | Attr = ]

avguard.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\avguard.exe -> H+BEDV Datentechnik GmbH [Ver = 7.00.00.20 | Size = 424488 bytes | Modified Date = 20/01/2006 12:56:20 | Attr = ]

cnxdsltb.exe -> %ProgramFiles%\ZTE Corporation\ZXDSL852\CnxDslTb.exe -> Conexant Systems, Inc. [Ver = 040.001.023.000 | Size = 278528 bytes | Modified Date = 20/05/2005 19:32:18 | Attr = R ]

comcomp.exe -> %ProgramFiles%\Wanadoo\ComComp.exe -> France Télécom R&D [Ver = 11.0 (9) | Size = 245760 bytes | Modified Date = 25/10/2004 09:41:36 | Attr = ]

daemon.exe -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.08.0.0 | Size = 157592 bytes | Modified Date = 12/11/2006 12:48:48 | Attr = ]

espacewanadoo.exe -> %ProgramFiles%\Wanadoo\EspaceWanadoo.exe -> France Télécom R&D [Ver = 5.9 (3) | Size = 802816 bytes | Modified Date = 21/02/2005 15:17:02 | Attr = ]

ftrtsvc.exe -> %System32%\FTRTSVC.exe -> France Telecom [Ver = 11.0 (4) | Size = 40960 bytes | Modified Date = 23/08/2004 14:49:56 | Attr = ]

inactivity.exe -> %ProgramFiles%\Wanadoo\Inactivity.exe -> [Ver = 1, 0, 0, 1 | Size = 32768 bytes | Modified Date = 27/10/2004 11:30:44 | Attr = ]

nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 11/08/2006 21:42:50 | Attr = ]

pollingmodule.exe -> %ProgramFiles%\Wanadoo\PollingModule.exe -> [Ver = 1, 0, 0, 1 | Size = 69632 bytes | Modified Date = 27/10/2004 11:07:06 | Attr = ]

reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 14/12/2004 04:44:06 | Attr = ]

rocketdock.exe -> %ProgramFiles%\RocketDock\RocketDock.exe -> [Ver = | Size = 364544 bytes | Modified Date = 16/08/2006 07:00:00 | Attr = ]

sched.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\sched.exe -> H+BEDV Datentechnik GmbH [Ver = 7.00.00.04 | Size = 32808 bytes | Modified Date = 18/01/2006 13:06:02 | Attr = ]

skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 20058152 bytes | Modified Date = 13/10/2006 18:20:08 | Attr = ]

taskbaricon.exe -> %ProgramFiles%\Wanadoo\TaskBarIcon.exe -> France Télécom R&D [Ver = 5.9 (1) | Size = 61440 bytes | Modified Date = 05/10/2004 17:00:12 | Attr = ]

toaster.exe -> %ProgramFiles%\Wanadoo\Toaster.exe -> France Telecom R&D [Ver = 1, 0, 0, 1 | Size = 69632 bytes | Modified Date = 02/11/2004 15:31:20 | Attr = ]

ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 31/01/2005 10:45:20 | Attr = ]

watch.exe -> %ProgramFiles%\Wanadoo\Watch.exe -> France Télécom R&D [Ver = 11.0 (2) | Size = 20480 bytes | Modified Date = 23/08/2004 14:49:56 | Attr = ]

winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.41.0 | Size = 322560 bytes | Modified Date = 31/08/2007 10:30:22 | Attr = ]

 

[Win32 Services - Non-Microsoft Only]

(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 04/12/2006 13:39:18 | Attr = ]

(AntiVirScheduler) AntiVir Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\AntiVir PersonalEdition Classic\sched.exe -> H+BEDV Datentechnik GmbH [Ver = 7.00.00.04 | Size = 32808 bytes | Modified Date = 18/01/2006 13:06:02 | Attr = ]

(AntiVirService) AntiVir PersonalEdition Classic Service [Win32_Own | Auto | Running] -> %ProgramFiles%\AntiVir PersonalEdition Classic\avguard.exe -> H+BEDV Datentechnik GmbH [Ver = 7.00.00.20 | Size = 424488 bytes | Modified Date = 20/01/2006 12:56:20 | Attr = ]

(AresChatServer) Ares Chatroom server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Ares\chatServer.exe -> Ares Development Group [Ver = 2.0.5.3027 | Size = 263168 bytes | Modified Date = 18/02/2007 23:28:04 | Attr = ]

(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 19/08/2004 16:09:52 | Attr = ]

(FTRTSVC) France Telecom Routing Table Service [Win32_Own | Auto | Running] -> %System32%\FTRTSVC.exe -> France Telecom [Ver = 11.0 (4) | Size = 40960 bytes | Modified Date = 23/08/2004 14:49:56 | Attr = ]

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 00:41:10 | Attr = ]

(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> File not found

(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 11/08/2006 21:42:50 | Attr = ]

(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 31/01/2005 10:45:20 | Attr = ]

(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Stopped] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 23/08/2006 23:38:26 | Attr = ]

(WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe -> [Ver = 12.0.1202.0516 | Size = 228208 bytes | Modified Date = 16/05/2007 13:48:56 | Attr = ]

 

[Registry - Non-Microsoft Only]

< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

avgnt -> %ProgramFiles%\AntiVir PersonalEdition Classic\avgnt.exe -> H+BEDV Datentechnik GmbH [Ver = 7.00.00.06 | Size = 229416 bytes | Modified Date = 18/01/2006 15:52:36 | Attr = ]

CnxDslTaskBar -> %ProgramFiles%\ZTE Corporation\ZXDSL852\CnxDslTb.exe -> Conexant Systems, Inc. [Ver = 040.001.023.000 | Size = 278528 bytes | Modified Date = 20/05/2005 19:32:18 | Attr = R ]

DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.08.0.0 | Size = 157592 bytes | Modified Date = 12/11/2006 12:48:48 | Attr = ]

NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 11/08/2006 21:43:02 | Attr = ]

nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 11/08/2006 21:43:00 | Attr = ]

UVS10 Preload -> %ProgramFiles%\Ulead Systems\Ulead VideoStudio 10\uvPL.exe -> Ulead Systems, Inc. [Ver = 9.0 | Size = 36864 bytes | Modified Date = 07/03/2006 01:52:16 | Attr = ]

WOOTASKBARICON -> %SystemDrive%\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe -> File not found

WOOWATCH -> %ProgramFiles%\Wanadoo\Watch.exe -> France Télécom R&D [Ver = 11.0 (2) | Size = 20480 bytes | Modified Date = 23/08/2004 14:49:56 | Attr = ]

Zone Labs Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 23/08/2006 23:38:28 | Attr = ]

< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->

IMAIL -> Installed = 1 ->

MAPI -> Installed = 1 ->

MSFS -> Installed = 1 ->

< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

ares -> %ProgramFiles%\Ares\Ares.exe -> Ares Development Group [Ver = 2.0.6.3027 | Size = 969728 bytes | Modified Date = 18/02/2007 23:30:18 | Attr = ]

Espace Client -> %ProgramFiles%\Wanadoo\EspaceWanadoo.exe -> France Télécom R&D [Ver = 5.9 (3) | Size = 802816 bytes | Modified Date = 21/02/2005 15:17:02 | Attr = ]

msnmsgr -> %ProgramFiles%\MSN Messenger\msnmsgr.exe -> File not found

RocketDock -> %ProgramFiles%\RocketDock\RocketDock.exe -> [Ver = | Size = 364544 bytes | Modified Date = 16/08/2006 07:00:00 | Attr = ]

Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 20058152 bytes | Modified Date = 13/10/2006 18:20:08 | Attr = ]

Tok-Cirrhatus -> %LocalAppData%\smss.exe -> File not found

WOOKIT -> %SystemDrive%\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe -> File not found

< Common Startup > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage ->

%AllUsersStartup%\Lancement rapide d'Adobe Reader.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 14/12/2004 04:44:06 | Attr = ]

< User Startup > -> C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage ->

%UserStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/2005 19:16:50 | Attr = ]

< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->

< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->

"C:\WINDOWS\eksplorasi.exe" -> %SystemRoot%\eksplorasi.exe -> File not found

< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->

< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> •

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions -> 1 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCMD -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 ->

< HOSTS File > (7459 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->

< Internet Explorer Settings > -> ->

HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->

HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->

HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->

HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->

HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->

HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->

HKLM: SearchAssistant -> http://www.google.com/ie ->

HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->

HKCU: Search Bar -> http://www.wanadoo.fr/go/page_recherche/ ->

HKCU: Search Page -> http://www.google.com ->

HKCU: Start Page -> http://www.google.fr/ ->

HKCU: URLSearchHooks\\{08C06D61-F1F3-4799-86F8-BE1A89362C85} [HKLM] -> %ProgramFiles%\Wanadoo\SearchPageURL.dll [search Class] -> [Ver = 1, 0, 0, 1 | Size = 57344 bytes | Modified Date = 06/12/2004 14:27:48 | Attr = ]

HKCU: ProxyEnable -> 0 ->

< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

msn.com [ - ] -> ->

< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->

{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKLM] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 5, 1, 6 | Size = 405504 bytes | Modified Date = 26/08/2004 11:27:32 | Attr = ]

< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [buttonText: Recherche] -> File not found

{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found

{FB5F1910-F110-11d2-BB9E-00C04F795683} -> %ProgramFiles%\Wanadoo Messager\Wanadoo Messager.exe [buttonText: Messager Wanadoo] -> France Telecom [Ver = 3, 5, 0, 7 | Size = 2342912 bytes | Modified Date = 08/11/2004 16:07:10 | Attr = ]

< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->

Add to AMV Converter... -> %ProgramFiles%\MP3 Player Utilities 4.05\AMVConverter\grab.htm -> File not found

E&xporter vers Microsoft Excel -> -> File not found

Easy-WebPrint Ajouter à la liste d'impressions -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_AddToList.htm -> File not found

Easy-WebPrint Impression rapide -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_HSPrint.htm -> File not found

Easy-WebPrint Imprimer -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Print.htm -> File not found

Easy-WebPrint Prévisualiser -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Preview.htm -> File not found

MediaManager tool grab multimedia file -> %ProgramFiles%\MP3 Player Utilities 4.05\MediaManager\grab.htm -> File not found

< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->

Wanadoo 7.1 -> IEAKFT ->

< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->

{2B0F4D9B-4ECE-44DE-9CB4-7485A79DC0A7} -> (Carte réseau Fast Ethernet PCI Realtek RTL8139 Family) ->

{5537F4D8-9AC2-498A-B3CE-D2B4E26F5A0C} -> () ->

< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->

ipp -> Reg Data - Key not found -> File not found

msdaipp -> Reg Data - Key not found -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->

{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->

DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->

Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

 

[Registry - Additional Scans - Non-Microsoft Only]

< Security Settings > -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Service de transfert intelligent en arrière-plan ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> Rpcss; ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfère des fichiers en tâche de fond en utilisant la bande passante du réseau lors de ses périodes d'inactivité. Si le service est arrêté, des fonctionnalités telles que Windows Update et MSN Explorer ne pourront plus télécharger automatiquement des programmes et d'autres informations. Si ce service est désactivé, tous les services qui en dépendent explicitement peuvent présenter des problèmes de transfert de fichiers s'ils ne disposent pas d'un mécanisme sûr de remplacement pour transférer les fichier ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\System32\qmgr.dll ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> Root\LEGACY_BITS�00 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Pare-feu Windows / Partage de connexion Internet ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique. ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 8442 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Propriétaire\Bureau\emule0.47a-Xtreme5.2.1\emule.exe -> C:\Documents and Settings\Propriétaire\Bureau\emule0.47a-Xtreme5.2.1\emule.exe:*:Enabled:eMule ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\eMule\eMule.exe -> C:\Program Files\eMule\eMule.exe:*:Enabled:eMule Plus ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Age of Empires III\age3.exe -> C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Azureus\Azureus.exe -> C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rtcshare.exe -> C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partage de l'application RTC ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe -> C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe -> C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Age of Mythology\aom.exe -> C:\Program Files\Microsoft Games\Age of Mythology\aom.exe:*:Enabled:Age of Mythology ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe -> C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Crack\PES5.exe -> D:\Crack\PES5.exe:*:Enabled:pes5.exe ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Maple 10\jre\bin\java.exe -> C:\Program Files\Maple 10\jre\bin\java.exe:*:Disabled:java ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Maple 10\jre\bin\maple.exe -> C:\Program Files\Maple 10\jre\bin\maple.exe:*:Disabled:maple ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\microsoft frontpage\bin\fpexplor.exe -> C:\Program Files\microsoft frontpage\bin\fpexplor.exe:*:Enabled:Microsoft FrontPage Explorer ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\FrontPage Webs\Server\vhttpd32.exe -> C:\FrontPage Webs\Server\vhttpd32.exe:*:Enabled:Serveur Web personnel Microsoft FrontPage ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Propriétaire\Bureau\WoW-frFR-Installer-downloader.exe -> C:\Documents and Settings\Propriétaire\Bureau\WoW-frFR-Installer-downloader.exe:*:Enabled:Blizzard Downloader ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares\Ares.exe -> C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Warcraft III\Warcraft III.exe -> C:\Program Files\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\maxima\src\xmaxima.exe -> C:\maxima\src\xmaxima.exe:*:Enabled:xmaxima ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\6112:TCP -> 6112:TCP:*:Enabled:Warcraft III ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\6112:UDP -> 6112:UDP:*:Enabled:Warcraft III ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> Root\LEGACY_SHAREDACCESS�00 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Active le téléchargement et l'installation des mises à jour Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité des mises à jour automatiques ou le site Windows Update. ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\System32\wuauserv.dll ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> Root\LEGACY_WUAUSERV�00 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->

< Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\WindowsLiveCall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\WindowsLiveCall\CertificatePolicy\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\WindowsLiveCall\PortRange\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\DisableServerCheck -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\LegacyPresence -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\CertificatePolicy\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\PortRange\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AllowLockdownMedia -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AllowLockdownBrowse -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\CertificatePolicy\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\\Enabled -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^«0O•zI‰j

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> g°Ô‹4:?Ó¼éÜdgóâ€? ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xÜþøÈ“ÜÅ °Ý„} ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> –; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> ½Å¡*ÛBëØV%Mø/g ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_„ìöiÓk•j"À€ ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->

< Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->

HKEY_CURRENT_USER\Software\Policies\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\Conferencing\ -> ->

 

[Files/Folders - Created Within 60 days]

Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Created Date = 31/08/2007 08:37:51 | Attr = ]

QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 31/08/2007 20:08:30 | Attr = ]

QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 31/08/2007 20:08:30 | Attr = H ]

AVGUARD_46ddcb03 -> %System32%\AVGUARD_46ddcb03 -> [Folder | Created Date = 02/09/2007 21:02:32 | Attr = ]

AVGUARD_46df2307 -> %System32%\AVGUARD_46df2307 -> [Folder | Created Date = 02/09/2007 21:28:11 | Attr = ]

AVGUARD_46df3c2f -> %System32%\AVGUARD_46df3c2f -> [Folder | Created Date = 02/09/2007 10:35:45 | Attr = ]

AVGUARD_46e08eab -> %System32%\AVGUARD_46e08eab -> [Folder | Created Date = 02/09/2007 13:45:21 | Attr = ]

avsda.dll -> %System32%\avsda.dll -> H+BEDV Datentechnik GmbH [Ver = 06.30.00.02 | Size = 57344 bytes | Created Date = 01/09/2007 21:14:51 | Attr = ]

libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796584 bytes | Created Date = 31/08/2007 08:38:48 | Attr = ]

vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 54112 bytes | Created Date = 31/08/2007 08:38:35 | Attr = ]

vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 83960 bytes | Created Date = 31/08/2007 08:37:51 | Attr = ]

vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 392824 bytes | Created Date = 31/08/2007 08:38:35 | Attr = ]

vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 157688 bytes | Created Date = 31/08/2007 08:37:51 | Attr = ]

vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 104440 bytes | Created Date = 31/08/2007 08:38:36 | Attr = ]

vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 268280 bytes | Created Date = 31/08/2007 08:38:36 | Attr = ]

vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 71672 bytes | Created Date = 31/08/2007 08:38:48 | Attr = ]

vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 440312 bytes | Created Date = 31/08/2007 08:37:51 | Attr = ]

vsutil_loc040c.dll -> %System32%\vsutil_loc040c.dll -> Zone Labs Inc. [Ver = 5.3.017.000 | Size = 42920 bytes | Created Date = 31/08/2007 08:38:52 | Attr = ]

vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 59384 bytes | Created Date = 31/08/2007 08:38:37 | Attr = ]

vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 100344 bytes | Created Date = 31/08/2007 08:38:36 | Attr = ]

zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 83960 bytes | Created Date = 31/08/2007 08:38:46 | Attr = ]

zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 71672 bytes | Created Date = 31/08/2007 08:38:46 | Attr = ]

zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Created Date = 31/08/2007 08:39:12 | Attr = H ]

ZoneLabs -> %System32%\ZoneLabs -> [Folder | Created Date = 31/08/2007 08:38:36 | Attr = ]

avgntdd.sys -> %System32%\drivers\avgntdd.sys -> H+BEDV Datentechnik GmbH [Ver = 6.32.01.09 | Size = 31744 bytes | Created Date = 01/09/2007 21:14:51 | Attr = ]

avgntmgr.sys -> %System32%\drivers\avgntmgr.sys -> H+BEDV Datentechnik GmbH [Ver = 6.32.01.03 | Size = 14848 bytes | Created Date = 01/09/2007 21:14:51 | Attr = ]

AntiVir PersonalEdition Classic -> %AllUsersAppData%\AntiVir PersonalEdition Classic -> [Folder | Created Date = 01/09/2007 21:14:50 | Attr = ]

Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 30/08/2007 10:37:10 | Attr = ]

Bron.tok-10-1 -> %LocalAppData%\Bron.tok-10-1 -> [Folder | Created Date = 01/09/2007 07:38:53 | Attr = ]

Bron.tok-10-2 -> %LocalAppData%\Bron.tok-10-2 -> [Folder | Created Date = 02/09/2007 08:22:36 | Attr = ]

Bron.tok-10-28 -> %LocalAppData%\Bron.tok-10-28 -> [Folder | Created Date = 28/08/2007 11:11:14 | Attr = ]

Bron.tok-10-29 -> %LocalAppData%\Bron.tok-10-29 -> [Folder | Created Date = 29/08/2007 07:54:01 | Attr = ]

Bron.tok-10-30 -> %LocalAppData%\Bron.tok-10-30 -> [Folder | Created Date = 30/08/2007 08:27:45 | Attr = ]

Bron.tok-10-31 -> %LocalAppData%\Bron.tok-10-31 -> [Folder | Created Date = 30/08/2007 23:00:01 | Attr = ]

Bron.tok.A10.em.bin -> %LocalAppData%\Bron.tok.A10.em.bin -> [Ver = | Size = 7329 bytes | Created Date = 01/09/2007 19:50:32 | Attr = ]

Loc.Mail.Bron.Tok -> %LocalAppData%\Loc.Mail.Bron.Tok -> [Folder | Created Date = 28/08/2007 11:17:15 | Attr = ]

Ok-SendMail-Bron-tok -> %LocalAppData%\Ok-SendMail-Bron-tok -> [Folder | Created Date = 28/08/2007 11:17:00 | Attr = ]

PCHealth -> %LocalAppData%\PCHealth -> [Folder | Created Date = 06/07/2007 17:42:48 | Attr = ]

DiagHelp -> %UserDocuments%\DiagHelp -> [Folder | Created Date = 30/08/2007 19:27:52 | Attr = ]

DiagHelp.zip -> %UserDesktop%\DiagHelp.zip -> [Ver = | Size = 599145 bytes | Created Date = 02/09/2007 21:17:34 | Attr = ]

hijackthis.zip -> %UserDesktop%\hijackthis.zip -> [Ver = | Size = 212849 bytes | Created Date = 02/09/2007 21:17:53 | Attr = ]

WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 02/09/2007 21:18:52 | Attr = ]

winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 355884 bytes | Created Date = 02/09/2007 21:18:25 | Attr = ]

 

[Files/Folders - Modified Within 60 days]

AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 7 bytes | Modified Date = 02/09/2007 09:22:36 | Attr = HS]

Program Files -> %ProgramFiles% -> [Folder | Modified Date = 01/09/2007 22:14:52 | Attr = R ]

WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 02/09/2007 10:25:14 | Attr = ]

bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 02/09/2007 22:28:06 | Attr = S]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 31/08/2007 22:32:34 | Attr = S]

Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 28/08/2007 19:47:22 | Attr = R S]

Help -> %SystemRoot%\Help -> [Folder | Modified Date = 30/08/2007 11:33:44 | Attr = ]

Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 02/09/2007 14:45:24 | Attr = ]

NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 02/09/2007 20:14:20 | Attr = ]

Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 03/09/2007 07:33:40 | Attr = ]

QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 31/08/2007 21:08:32 | Attr = ]

QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 31/08/2007 21:08:32 | Attr = H ]

SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 02/09/2007 09:24:52 | Attr = ]

system32 -> %System32% -> [Folder | Modified Date = 02/09/2007 22:28:12 | Attr = ]

Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 31/08/2007 10:00:34 | Attr = S]

Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 03/09/2007 07:34:42 | Attr = ]

win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 925 bytes | Modified Date = 30/08/2007 11:36:18 | Attr = ]

SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 02/09/2007 22:28:10 | Attr = H ]

AVGUARD_46ddcb03 -> %System32%\AVGUARD_46ddcb03 -> [Folder | Modified Date = 02/09/2007 22:13:44 | Attr = ]

AVGUARD_46df2307 -> %System32%\AVGUARD_46df2307 -> [Folder | Modified Date = 02/09/2007 22:35:58 | Attr = ]

AVGUARD_46df3c2f -> %System32%\AVGUARD_46df3c2f -> [Folder | Modified Date = 02/09/2007 12:15:12 | Attr = ]

AVGUARD_46e08eab -> %System32%\AVGUARD_46e08eab -> [Folder | Modified Date = 02/09/2007 19:45:44 | Attr = ]

CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 02/09/2007 22:28:18 | Attr = ]

drivers -> %System32%\drivers -> [Folder | Modified Date = 01/09/2007 22:14:52 | Attr = ]

FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 302824 bytes | Modified Date = 29/08/2007 08:52:46 | Attr = ]

nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 81203 bytes | Modified Date = 03/09/2007 07:33:34 | Attr = ]

vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 54112 bytes | Modified Date = 03/09/2007 07:33:56 | Attr = ]

wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 6202 bytes | Modified Date = 30/08/2007 20:32:50 | Attr = ]

zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 31/08/2007 09:41:08 | Attr = H ]

ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 31/08/2007 09:38:56 | Attr = ]

etc -> %System32%\drivers\etc -> [Folder | Modified Date = 02/09/2007 09:23:04 | Attr = ]

AntiVir PersonalEdition Classic -> %AllUsersAppData%\AntiVir PersonalEdition Classic -> [Folder | Modified Date = 03/09/2007 07:34:48 | Attr = ]

Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 30/08/2007 11:42:10 | Attr = ]

Vc soap curb loud -> %AllUsersAppData%\Vc soap curb loud -> [Folder | Modified Date = 31/08/2007 11:05:58 | Attr = ]

Skype -> %UserAppData%\Skype -> [Folder | Modified Date = 03/09/2007 07:34:08 | Attr = ]

SoftwareLiveEq -> %UserAppData%\SoftwareLiveEq -> [Folder | Modified Date = 31/08/2007 10:00:34 | Attr = ]

Ares -> %LocalAppData%\Ares -> [Folder | Modified Date = 02/09/2007 16:16:46 | Attr = ]

Bron.tok-10-1 -> %LocalAppData%\Bron.tok-10-1 -> [Folder | Modified Date = 01/09/2007 08:38:54 | Attr = ]

Bron.tok-10-2 -> %LocalAppData%\Bron.tok-10-2 -> [Folder | Modified Date = 02/09/2007 09:22:38 | Attr = ]

Bron.tok-10-28 -> %LocalAppData%\Bron.tok-10-28 -> [Folder | Modified Date = 28/08/2007 12:11:16 | Attr = ]

Bron.tok-10-29 -> %LocalAppData%\Bron.tok-10-29 -> [Folder | Modified Date = 29/08/2007 08:54:02 | Attr = ]

Bron.tok-10-30 -> %LocalAppData%\Bron.tok-10-30 -> [Folder | Modified Date = 30/08/2007 09:27:46 | Attr = ]

Bron.tok-10-31 -> %LocalAppData%\Bron.tok-10-31 -> [Folder | Modified Date = 31/08/2007 00:00:02 | Attr = ]

Bron.tok.A10.em.bin -> %LocalAppData%\Bron.tok.A10.em.bin -> [Ver = | Size = 7329 bytes | Modified Date = 01/09/2007 20:50:34 | Attr = ]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 69120 bytes | Modified Date = 02/09/2007 18:12:44 | Attr = ]

GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 84296 bytes | Modified Date = 28/08/2007 22:39:46 | Attr = ]

IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3711750 bytes | Modified Date = 29/08/2007 08:55:56 | Attr = H ]

Loc.Mail.Bron.Tok -> %LocalAppData%\Loc.Mail.Bron.Tok -> [Folder | Modified Date = 01/09/2007 18:08:46 | Attr = ]

Ok-SendMail-Bron-tok -> %LocalAppData%\Ok-SendMail-Bron-tok -> [Folder | Modified Date = 28/08/2007 12:17:02 | Attr = ]

PCHealth -> %LocalAppData%\PCHealth -> [Folder | Modified Date = 06/07/2007 18:42:50 | Attr = ]

WMTools Downloaded Files -> %LocalAppData%\WMTools Downloaded Files -> [Folder | Modified Date = 29/08/2007 15:12:26 | Attr = ]

A suprr -> %UserDocuments%\A suprr -> [Folder | Modified Date = 02/09/2007 09:43:10 | Attr = ]

AWD Flash -> %UserDocuments%\AWD Flash -> [Folder | Modified Date = 02/09/2007 09:43:12 | Attr = ]

DiagHelp -> %UserDocuments%\DiagHelp -> [Folder | Modified Date = 02/09/2007 09:43:12 | Attr = ]

GeoPlan W -> %UserDocuments%\GeoPlan W -> [Folder | Modified Date = 02/09/2007 09:43:14 | Attr = ]

Ma musique -> %UserDocuments%\Ma musique -> [Folder | Modified Date = 02/09/2007 09:43:18 | Attr = R ]

Mariam -> %UserDocuments%\Mariam -> [Folder | Modified Date = 02/09/2007 09:43:18 | Attr = ]

Mes archives de conversations -> %UserDocuments%\Mes archives de conversations -> [Folder | Modified Date = 01/09/2007 10:17:00 | Attr = ]

Mes dossiers de partage.lnk -> %UserDocuments%\Mes dossiers de partage.lnk -> [Ver = | Size = 628 bytes | Modified Date = 02/09/2007 22:31:06 | Attr = ]

Mes fichiers reçus -> %UserDocuments%\Mes fichiers reçus -> [Folder | Modified Date = 03/09/2007 07:35:34 | Attr = R ]

Mes images -> %UserDocuments%\Mes images -> [Folder | Modified Date = 02/09/2007 09:45:02 | Attr = R ]

Mes vidéos -> %UserDocuments%\Mes vidéos -> [Folder | Modified Date = 02/09/2007 09:45:04 | Attr = R ]

My Albums -> %UserDocuments%\My Albums -> [Folder | Modified Date = 02/09/2007 09:45:04 | Attr = ]

My Skype Pictures -> %UserDocuments%\My Skype Pictures -> [Folder | Modified Date = 02/09/2007 09:45:06 | Attr = ]

Paint.net -> %UserDocuments%\Paint.net -> [Folder | Modified Date = 02/09/2007 09:45:08 | Attr = ]

WDM -> %UserDocuments%\WDM -> [Folder | Modified Date = 02/09/2007 09:45:30 | Attr = ]

WebCam Album -> %UserDocuments%\WebCam Album -> [Folder | Modified Date = 02/09/2007 09:45:34 | Attr = ]

Winrar 3.5 -> %UserDocuments%\Winrar 3.5 -> [Folder | Modified Date = 02/09/2007 09:45:34 | Attr = ]

DiagHelp.zip -> %UserDesktop%\DiagHelp.zip -> [Ver = | Size = 599145 bytes | Modified Date = 02/09/2007 22:17:34 | Attr = ]

hijackthis.zip -> %UserDesktop%\hijackthis.zip -> [Ver = | Size = 212849 bytes | Modified Date = 02/09/2007 22:17:52 | Attr = ]

WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 02/09/2007 22:18:54 | Attr = ]

winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 355884 bytes | Modified Date = 02/09/2007 22:18:26 | Attr = ]

 

[File String Scan - Non-Microsoft Only]

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->

WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.03 | Size = 10435072 bytes | Modified Date = 21/08/2003 10:37:38 | Attr = ]

PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 30/08/2002 14:00:00 | Attr = ]

PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Modified Date = 02/10/2006 21:04:40 | Attr = ]

winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 30/08/2002 14:00:00 | Attr = ]

WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 30/08/2002 14:00:00 | Attr = ]

UPX0 , -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 809394 bytes | Modified Date = 30/08/2002 14:00:00 | Attr = ]

PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03/08/2004 22:41:38 | Attr = ]

FSG! , -> %System32%\drivers\etc\tuneup2006keygen.exe -> [Ver = | Size = 196629 bytes | Modified Date = 10/07/2006 22:51:54 | Attr = ]

UPX! , UPX0 , -> %UserDocuments%\aVast Setup.exe -> [Ver = | Size = 11803568 bytes | Modified Date = 08/09/2006 11:30:02 | Attr = ]

WSUD , -> %UserDocuments%\RTK650_W98DM_a349.exe -> [Ver = | Size = 6827393 bytes | Modified Date = 13/10/2002 16:39:28 | Attr = ]

@Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable ->

 

< End of report >

 

 

 

 

 

 

Le rapport DiagHelp :

 

catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-03 07:46:32

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:e29c5ef8

"s2"=dword:a27d1763

"h0"=dword:00000002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04]

"h0"=dword:00000001

"ujdew"=hex:15,ba,cf,5b,7e,ee,00,de,88,61,0b,37,fa,6e,90,91,0c,8d,69,49,d2,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:3f,94,e0,e0,6b,5d,d8,95,dd,80,64,46,b4,89,c2,e1,9e,6b,e7,4d,77,..

"p0"="C:\Program Files\DAEMON Tools\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001]

"a0"=hex:20,01,00,00,d5,53,19,c4,22,3f,62,6a,5d,5f,b6,bd,73,f5,f0,5f,ab,..

"khjeh"=hex:4b,15,0e,51,ff,56,ba,ac,7a,93,7d,ed,ed,b3,c8,3e,c4,7d,78,2e,60,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf40]

"khjeh"=hex:b4,1e,b3,4b,b0,4a,95,29,ad,97,03,1a,71,d2,27,83,79,fa,fd,a2,87,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04]

"h0"=dword:00000001

"ujdew"=hex:15,ba,cf,5b,7e,ee,00,de,88,61,0b,37,fa,6e,90,91,0c,8d,69,49,d2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:3f,94,e0,e0,6b,5d,d8,95,dd,80,64,46,b4,89,c2,e1,9e,6b,e7,4d,77,..

"p0"="C:\Program Files\DAEMON Tools\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001]

"a0"=hex:20,01,00,00,d5,53,19,c4,22,3f,62,6a,5d,5f,b6,bd,73,f5,f0,5f,ab,..

"khjeh"=hex:4b,15,0e,51,ff,56,ba,ac,7a,93,7d,ed,ed,b3,c8,3e,c4,7d,78,2e,60,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf40]

"khjeh"=hex:b4,1e,b3,4b,b0,4a,95,29,ad,97,03,1a,71,d2,27,83,79,fa,fd,a2,87,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

 

 

 

 

Rapport HiJackThis :

 

Logfile of HijackThis v1.99.1

Scan saved at 07:50:33, on 03/09/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Ares\Ares.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Rar$EX00.006\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"

O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">

O1 - Hosts: <html>

O1 - Hosts: <head>

O1 - Hosts: <script LANGUAGE="JavaScript">

O1 - Hosts: <!--

O1 - Hosts: if (window != top)

O1 - Hosts: top.location.href = location.href;

O1 - Hosts: // -->

O1 - Hosts: </script>

O1 - Hosts: <title>Site Unavailable</title>

O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

O1 - Hosts: <style type="text/css">

O1 - Hosts: body{text-align:center;}

O1 - Hosts: .geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}

O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }

O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}

O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}

O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}

O1 - Hosts: .ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}

O1 - Hosts: .bodywrap{display:block;height:470px;}

O1 - Hosts: .bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}

O1 - Hosts: .title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}

O1 - Hosts: .adcnt{width:172px; display:block; float:right; text-align:left;cursor:pointer;cursor:hand;}

O1 - Hosts: .adcnt td {text-align:left;}

O1 - Hosts: .adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:#b4b4b4; cursor:default;margin-top:5px;}

O1 - Hosts: .ybadge { font-family: Verdana, Arial, Helvetica, sans-serif; font-size:10px; color: #666666; margin-top:10px;}

O1 - Hosts: .ybadge img {margin-top:6px;}

O1 - Hosts: .adtable {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;border: 1px solid #d6dbe7; background-color:#eff7ff; padding:3px; margin-bottom:10px; width:172px;}

O1 - Hosts: .adttl{font-weight:bold;margin-bottom:3px;}

O1 - Hosts: .addescr{color:#6b6b6b; margin-bottom:3px;}

O1 - Hosts: .adlink a {color:#008200; text-decoration:none;}

O1 - Hosts: </style>

O1 - Hosts: </head>

O1 - Hosts: <body>

O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->

O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->

O1 - Hosts: <div id="maincnt">

O1 - Hosts: <div class="geohead"><div id="geologo"><a href="http://geocities.yahoo.com"><img'>http://geocities.yahoo.com"><img height=33 alt="Yahoo! GeoCities" src="http://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_geo_1.gif" width=259 border=0></a></div>

O1 - Hosts: <div id="rightside"><div id="wlinks"><a href="http://geocities.yahoo.com">GeoCities Home</a> - <a href="http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com/help/us/geo/">Help</a></div>'>http://help.yahoo.com/help/us/geo/">Help</a></div>

O1 - Hosts: </div></div>

O1 - Hosts: <div class="bodywrap">

O1 - Hosts: <div class="bodycnt">

O1 - Hosts: <div class="title">Sorry, this GeoCities site is currently unavailable.</div>

O1 - Hosts: <p>The GeoCities web site you were trying to view has temporarily exceeded its data transfer limit. Please try again later. </p>

O1 - Hosts: <p>Are you the site owner?

O1 - Hosts: Avoid service interruptions in the future by increasing your data transfer limit!

O1 - Hosts: <a href="http://help.yahoo.com/help/us/geo/transfer/transfer-05.html" target="_blank">Find out how.</a> </p>

O1 - Hosts: <p><a href="http://help.yahoo.com/help/us/geo/transfer/" target="_blank">Learn more about data transfer.</a></p>

O1 - Hosts: </div>

O1 - Hosts: <div class="adcnt">

O1 - Hosts: <a target="_top" href="http://geocities.yahoo.com"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/smbiz/b/geo_mast_small2.gif" alt="Yahoo! GeoCities" border="0" height="15" hspace="0" vspace="0" width="141"></a>

O1 - Hosts: <div class="adsubt">SPONSORED LINKS</div>

O1 - Hosts: <!--<table width="172" border="0" bgcolor="#FFFFFF" class="adtable"><tr><td align=left>-->

O1 - Hosts: <div class="adtable">

O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting"'>http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">Yahoo! Web Hosting<br>

O1 - Hosts: $25 Setup Waived</a></div>

O1 - Hosts: <div class="addescr" title="Reliable plans include domain & 24x7 support.">Reliable plans include domain & 24x7 support.</div>

O1 - Hosts: <div class="adlink" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">webhosting.yahoo.com</a></div>

O1 - Hosts: </div>

O1 - Hosts: <div class="adtable">

O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/"'>http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">Domain Names from Yahoo! only $9.95/yr</a></div>

O1 - Hosts: <div class="addescr" title="Includes starter web page, email & domain forwarding, 24x7 support.">Includes starter web page, email & domain forwarding, 24x7 support.</div>

O1 - Hosts: <div class="adlink" title="Includes starter web page, email & domain forwarding, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">domains.yahoo.com</a></div>

O1 - Hosts: </div>

O1 - Hosts: <div class="adtable">

O1 - Hosts: <div class="adttl" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail"'>http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">Yahoo! Business Email<br> Domain Included</a></div>

O1 - Hosts: <div class="addescr" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.">Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.</div>

O1 - Hosts: <div class="adlink" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">smallbusiness.yahoo.com</a></div>

O1 - Hosts: </div>

O1 - Hosts: <div class="adtable">

O1 - Hosts: <div class="adttl" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant"'>http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">Ecommerce from Yahoo!<br> 1 Month Free</a></div>

O1 - Hosts: <div class="addescr" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support.">$50 setup fee waived. A reliable ecommerce plan, 24x7 support.</div>

O1 - Hosts: <div class="adlink" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">smallbusiness.yahoo.com</a></div>

O1 - Hosts: </div>

O1 - Hosts: <div class="ybadge">

O1 - Hosts: Get your own web site at <br><a target="_top" href="http://geocities.yahoo.com">Yahoo! GeoCities</a>

O1 - Hosts: <a href="http://smallbusiness.yahoo.com/webhosting/" target="_top"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/badge_hostedby_purp_2.gif" alt="Hosted by Yahoo! Web Hosting" align="middle" border="0" height="31" width="88"></a>

O1 - Hosts: </div>

O1 - Hosts: </div>

O1 - Hosts: </div>

O1 - Hosts: <div class=ftr>

O1 - Hosts: <hr size=1 width=100%>

O1 - Hosts: Copyright ©

O1 - Hosts: 2005 Yahoo! Inc. All rights reserved<br>

O1 - Hosts: <a href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a>

O1 - Hosts: - <a href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a>

O1 - Hosts: - <a href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a>

O1 - Hosts: - <a href="http://docs.yahoo.com/info/terms/geoterms.html">Terms of Service</a>

O1 - Hosts: - <a href="http://help.yahoo.com/help/us/geo/">Help</a>

O1 - Hosts: </div>

O1 - Hosts: </div>

O1 - Hosts: </body>

O1 - Hosts: </html>

O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>

O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1188295865&f=us-w89" ALT=1 WIDTH=1 HEIGHT=1>

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Espace Client] C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe web

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Propriétaire\Local Settings\Application Data\smss.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O17 - HKLM\System\CCS\Services\Tcpip\..\{8B67554B-E5B4-47B1-B73E-DA35F65DEB9D}: NameServer = 80.10.246.130 80.10.246.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Modifié le 3 septembre 2007 par Rex Nirvana

[Thanos]

salut

 

C'est beau coup mieux

Je vois que tu as réussi à lancer DiagHelp > le problème c'est que le rapport n'est pas entier!

Stp une fois la manip avec WinpFind3U (ci dessous) faite, relance DiagHelp en oubliant pas de taper sur une touche à la fin du rapport catchme (la fenêtre est rouge à ce moment là). Si tu ne vois pas le rapport, tu le trouveras ici > C:\rapport.txt

 

1) Démarre WinPFind3U en double cliquant sur WinPFind3U.exe et copie/colle le texte ci dessous (ne copie pas le mot CODE) dans le Panneau Paste fix here , puis clique sur le bouton Run Fix.

[Registry - Non-Microsoft Only]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Tok-Cirrhatus -> %LocalAppData%\smss.exe
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
YN -> "C:\WINDOWS\eksplorasi.exe" -> %SystemRoot%\eksplorasi.exe
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions -> 1
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCMD -> 0
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1
[Files/Folders - Created Within 60 days]
NY -> Bron.tok-10-1 -> %LocalAppData%\Bron.tok-10-1
NY -> Bron.tok-10-2 -> %LocalAppData%\Bron.tok-10-2
NY -> Bron.tok-10-28 -> %LocalAppData%\Bron.tok-10-28
NY -> Bron.tok-10-29 -> %LocalAppData%\Bron.tok-10-29
NY -> Bron.tok-10-30 -> %LocalAppData%\Bron.tok-10-30
NY -> Bron.tok-10-31 -> %LocalAppData%\Bron.tok-10-31
NY -> Bron.tok.A10.em.bin -> %LocalAppData%\Bron.tok.A10.em.bin
NY -> Loc.Mail.Bron.Tok -> %LocalAppData%\Loc.Mail.Bron.Tok
NY -> Ok-SendMail-Bron-tok -> %LocalAppData%\Ok-SendMail-Bron-tok
[Files/Folders - Modified Within 60 days]
NY -> Vc soap curb loud -> %AllUsersAppData%\Vc soap curb loud
NY -> Bron.tok-10-1 -> %LocalAppData%\Bron.tok-10-1
NY -> Bron.tok-10-2 -> %LocalAppData%\Bron.tok-10-2
NY -> Bron.tok-10-28 -> %LocalAppData%\Bron.tok-10-28
NY -> Bron.tok-10-29 -> %LocalAppData%\Bron.tok-10-29
NY -> Bron.tok-10-30 -> %LocalAppData%\Bron.tok-10-30
NY -> Bron.tok-10-31 -> %LocalAppData%\Bron.tok-10-31
NY -> Bron.tok.A10.em.bin -> %LocalAppData%\Bron.tok.A10.em.bin
NY -> Loc.Mail.Bron.Tok -> %LocalAppData%\Loc.Mail.Bron.Tok
NY -> Ok-SendMail-Bron-tok -> %LocalAppData%\Ok-SendMail-Bron-tok

 

Poste le rapport qui se trouve dans le dossier WinPFind3u( c'est un rapport qui a pour nom la date du jour\mois\année\heure).

 

2) On va faire une petite recherche dans ton registre car Brontok modifie les registres et il faut rétablir les valeurs >

 

Stp rend toi sur cette page afin de télécharger le fichier look.bat > http://www.sendspace.com/file/o8brcy

pour cela, clique sur le lien en bas de page > Download Link: look.bat

 

Double clique sur le fichier et poste le rapport stp.

 

3) - Fais un scan en ligne avec Panda :

http://www.pandasoftware.fr/Activescan/Activescan.html .

Et poste le rapport qu'il t'affichera à la fin, pour cela, assure toi que IE est correctement configuré pour le scan en ligne comme indiqué ici : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId898809 .

Si tu n'y arrives pas, le tuto est : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId237368

 

Tu n'es pas obligé de donner ton email, tu peux utiliser une adresse jetable si tu le souhaites : http://www.jetable.org/fr/index

 

Attention!! Panda et Antivir entrent en conflit!

Pour pouvoir télécharger le contrôle active x de Panda, il faut que tu désactives le bouclier d'Antivir avant de lancer le scan. (Fais un clic sur l'icône d'Antivir dans la barre des tâches et décoche Activate Antivir Guard > réactive le en fin de scan après avoir sauvegardé le rapport)

 

Poste un dernier rapport hijackthis stp.

 

Je récapitule : le rapport WinpFind3U, le nouveau rapport DiagHelp, le rapport du scan en ligne et enfin le nouveau rapport hijackthis.

 

Allez, courage, on touche au but!

Modifié le 3 septembre 2007 par charles ingals