Analyse rapport Winpfind3u.exe

[chtilo]

Bonsoir Charles , et les lecteur,

 

Pour les Màj il veut pas, pour DSA désinstalle impossible le message dit que l'administrateur a mis une restriction mais je vois pas je peut la trouvé dans le registre.

 

En attendant de nouvelles instruction je repost un log de Winpfind3u.exe

 

WinPFind3 logfile created on: 2007-09-07 00:42:01

WinPFind3U by OldTimer - Version 1.0.42 Folder = U:\Télécharger\WinPFind3u\

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)

Internet Explorer (Version = 7.0.5730.11)

 

1023.48 Mb Total Physical Memory | 378.32 Mb Available Physical Memory | 36.96% Memory free

2.40 Gb Paging File | 1.73 Gb Available in Paging File | 72.06% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 58.59 Gb Total Space | 49.12 Gb Free Space | 83.82% Space Free

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

 

Computer Name: LO-516AA449945E

Current User Name: Loickos

Logged in as Administrator.

Current Boot Mode: Normal

 

 

[Processes - Non-Microsoft Only]

a2service.exe -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 2007-08-19 21:30:02 | Attr = ]

ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 2005-08-04 05:02:58 | Attr = ]

ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 2005-08-04 05:02:58 | Attr = ]

avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 11:25:42 | Attr = ]

cledx.exe -> %ProgramFiles%\SyncroSoft\POS\H2O\cledx.exe -> Team H2O [Ver = v0.3.1412 | Size = 307200 bytes | Modified Date = 2007-12-11 04:59:40 | Attr = ]

cports.exe -> U:\Télécharger\cports\cports.exe -> NirSoft [Ver = 1.20 | Size = 39936 bytes | Modified Date = 2007-05-05 07:44:32 | Attr = ]

firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.6: 2007072518 | Size = 7644520 bytes | Modified Date = 2007-07-31 07:35:16 | Attr = ]

guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 14:31:10 | Attr = ]

jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]

nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 39 | Size = 552064 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ]

nod32kui.exe -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 39 | Size = 949376 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ]

ooccag.exe -> %ProgramFiles%\OO Software\CleverCache\ooccag.exe -> O&O Software GmbH [Ver = 6.0.1.2851 | Size = 391952 bytes | Modified Date = 2007-01-28 15:08:26 | Attr = ]

ooccctrl.exe -> %ProgramFiles%\OO Software\CleverCache\ooccctrl.exe -> O&O Software GmbH [Ver = 6.0.1.4036 | Size = 1911568 bytes | Modified Date = 2007-01-28 15:08:36 | Attr = ]

oodag.exe -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 10.0.1670 | Size = 1049856 bytes | Modified Date = 2007-06-28 23:02:08 | Attr = ]

procexp.exe -> U:\Sécurité\Utilitaires Sécurité\Process Explorer\procexp.exe -> Sysinternals [Ver = 10.21 | Size = 3623736 bytes | Modified Date = 2006-11-01 13:07:34 | Attr = ]

ptdirect.exe -> %ProgramFiles%\linguatec\Personal Translator 2008\PTDirect.exe -> Linguatec GmbH [Ver = 2.0.0.0 | Size = 643072 bytes | Modified Date = 2007-07-02 18:10:46 | Attr = ]

pwrisovm.exe -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 7, 0, 0 | Size = 200704 bytes | Modified Date = 2007-04-09 14:23:12 | Attr = ]

regprot.exe -> %SystemDrive%\RegProt\regprot.exe -> [Ver = | Size = 19614 bytes | Modified Date = 2001-09-13 06:54:22 | Attr = ]

robotaskbaricon.exe -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe -> Siber Systems [Ver = 6-9-5 | Size = 160568 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ]

soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.38 | Size = 77824 bytes | Modified Date = 2005-04-15 05:01:46 | Attr = ]

supercopier2.exe -> %ProgramFiles%\SuperCopier2\SuperCopier2.exe -> SFX TEAM [Ver = 2.0.0.579 | Size = 1052672 bytes | Modified Date = 2006-07-07 18:45:00 | Attr = ]

totalcmd.exe -> %SystemDrive%\totalcmd\TOTALCMD.EXE -> C. Ghisler & Co. [Ver = 7.01 | Size = 1071560 bytes | Modified Date = 2007-06-24 17:18:04 | Attr = ]

trayit!.exe -> U:\Optimisation & Diagnostic\Tray It\TrayIt!.exe -> Igor Nys [Ver = 4, 6, 5, 5 | Size = 204800 bytes | Modified Date = 2007-07-18 15:57:00 | Attr = ]

utorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe -> [Ver = | Size = 218624 bytes | Modified Date = 2007-08-06 00:50:30 | Attr = ]

vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 2007-03-09 00:01:58 | Attr = ]

washersvc.exe -> %ProgramFiles%\Webroot\Washer\WasherSvc.exe -> Webroot Software, Inc. [Ver = 6,5,0,1093 | Size = 388936 bytes | Modified Date = 2007-08-09 13:56:26 | Attr = ]

winpfind3u.exe -> U:\Télécharger\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 2007-09-04 10:47:26 | Attr = ]

wtsserver.exe -> %ProgramFiles%\linguatec\Personal Translator 2008\WtsServer.exe -> [Ver = 1.0.0.0 | Size = 16384 bytes | Modified Date = 2007-07-02 18:09:46 | Attr = ]

zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 2007-03-09 00:02:00 | Attr = ]

 

[Win32 Services - Non-Microsoft Only]

(a2free) a-squared Free Service [Win32_Own | Auto | Running] -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 2007-08-19 21:30:02 | Attr = ]

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 2005-08-04 05:02:58 | Attr = ]

(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0024 | Size = 516096 bytes | Modified Date = 2005-08-05 21:05:00 | Attr = ]

(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 14:31:10 | Attr = ]

(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 2004-08-19 23:09:52 | Attr = ]

(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2007-07-23 23:33:14 | Attr = ]

(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found

(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 10, 3, 2 | Size = 800040 bytes | Modified Date = 2007-06-29 19:16:56 | Attr = ]

(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 2,0,16,0 | Size = 279848 bytes | Modified Date = 2007-06-27 19:04:00 | Attr = ]

(NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 39 | Size = 552064 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ]

(O&O Defrag) O&O Defrag [Win32_Own | Auto | Running] -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 10.0.1670 | Size = 1049856 bytes | Modified Date = 2007-06-28 23:02:08 | Attr = ]

(OOCleverCacheAgent) O&O CleverCache Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\OO Software\CleverCache\ooccag.exe -> O&O Software GmbH [Ver = 6.0.1.2851 | Size = 391952 bytes | Modified Date = 2007-01-28 15:08:26 | Attr = ]

(PFNet) Privacyware network service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Privacyware\Dynamic Security Agent\pfsvc.exe -> PWI, Inc. [Ver = 5, 0, 8, 8 | Size = 319488 bytes | Modified Date = 2006-08-08 17:23:26 | Attr = ]

(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 2007-03-09 00:01:58 | Attr = ]

(wwEngineSvc) Window Washer Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Washer\WasherSvc.exe -> Webroot Software, Inc. [Ver = 6,5,0,1093 | Size = 388936 bytes | Modified Date = 2007-08-09 13:56:26 | Attr = ]

 

[Registry - Non-Microsoft Only]

< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 11:25:42 | Attr = ]

ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.2.2044.224 | Size = 61440 bytes | Modified Date = 2005-08-06 01:07:30 | Attr = ]

DSA -> %ProgramFiles%\Privacyware\Dynamic Security Agent\DSA.exe -> Privacyware [Ver = 1, 0, 8, 8 | Size = 2347008 bytes | Modified Date = 2006-08-08 19:01:24 | Attr = ]

H2O -> %ProgramFiles%\SyncroSoft\POS\H2O\cledx.exe -> Team H2O [Ver = v0.3.1412 | Size = 307200 bytes | Modified Date = 2007-12-11 04:59:40 | Attr = ]

NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 2007-03-01 15:57:24 | Attr = ]

nod32kui -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 39 | Size = 949376 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ]

ooccctrl.exe -> %ProgramFiles%\OO Software\CleverCache\ooccctrl.exe -> O&O Software GmbH [Ver = 6.0.1.4036 | Size = 1911568 bytes | Modified Date = 2007-01-28 15:08:36 | Attr = ]

OSSelectorReinstall -> %CommonProgramFiles%\Acronis\Partition Suite\oss_reinstall.exe -> [Ver = | Size = 1281425 bytes | Modified Date = 2006-05-31 11:20:56 | Attr = ]

PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 7, 0, 0 | Size = 200704 bytes | Modified Date = 2007-04-09 14:23:12 | Attr = ]

RegProt -> %SystemDrive%\RegProt\regprot.exe -> [Ver = | Size = 19614 bytes | Modified Date = 2001-09-13 06:54:22 | Attr = ]

SDFix -> %SystemDrive%\SDFix\RunThis.bat -> [Ver = | Size = 287207 bytes | Modified Date = 2007-09-02 00:18:46 | Attr = ]

SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.38 | Size = 77824 bytes | Modified Date = 2005-04-15 05:01:46 | Attr = ]

SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]

ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 2007-03-09 00:02:00 | Attr = ]

< RunOnce [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->

MRUBlaster -> %ProgramFiles%\MRU-Blaster\indexcleaner.exe -> [Ver = 1.00.0002 | Size = 32768 bytes | Modified Date = 2003-01-05 13:20:20 | Attr = ]

SDFix -> %SystemDrive%\SDFix\RunThis.bat -> [Ver = | Size = 287207 bytes | Modified Date = 2007-09-02 00:18:46 | Attr = ]

< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

RoboForm -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe -> Siber Systems [Ver = 6-9-5 | Size = 160568 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ]

SuperCopier2.exe -> %ProgramFiles%\SuperCopier2\SuperCopier2.exe -> SFX TEAM [Ver = 2.0.0.579 | Size = 1052672 bytes | Modified Date = 2006-07-07 18:45:00 | Attr = ]

swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 2007-07-27 12:54:44 | Attr = ]

< Common Startup > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage ->

%AllUsersStartup%\Barre d'état système d'ATI CATALYST.lnk -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.2.2044.224 | Size = 61440 bytes | Modified Date = 2005-08-06 01:07:30 | Attr = ]

< User Startup > -> C:\Documents and Settings\Loickos\Menu Démarrer\Programmes\Démarrage ->

%UserStartup%\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [Ver = | Size = 36864 bytes | Modified Date = 2005-03-06 15:26:48 | Attr = ]

%UserStartup%\MRU-Blaster Silent Clean.lnk -> %ProgramFiles%\MRU-Blaster\mrublaster.exe -> [Ver = 1.05.0009 | Size = 1216512 bytes | Modified Date = 2004-03-28 15:07:48 | Attr = ]

%UserStartup%\TrayIt!.lnk -> U:\Optimisation & Diagnostic\Tray It\TrayIt!.exe -> Igor Nys [Ver = 4, 6, 5, 5 | Size = 204800 bytes | Modified Date = 2007-07-18 15:57:00 | Attr = ]

< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->

{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 2007-05-30 14:29:58 | Attr = ]

{81559C35-8464-49F7-BB0E-07A383BEF910} [HKLM] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [spywareGuard] -> [Ver = 2.02 | Size = 126976 bytes | Modified Date = 2003-08-02 23:20:58 | Attr = R ]

< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->

< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->

AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 46080 bytes | Modified Date = 2005-08-04 05:04:18 | Attr = ]

< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveAutoRun -> 67108863 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveTypeAutoRun -> 255 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsMenu -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoFavoritesMenu -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMMyDocs -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMMyPictures -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoStartMenuMyMusic -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsHistory -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsNetHood -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMHelp -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoInstrumentation -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSimpleStartMenu -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoFileSharing -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoPrintSharing -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\UNINSTALL\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\ -> ->

< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\DisableWindowsUpdate -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveTypeAutoRun -> 145 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsMenu -> 1 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoFavoritesMenu -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMMyDocs -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMMyPictures -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoStartMenuMyMusic -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsHistory -> 1 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\ClearRecentDocsOnExit -> 1 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoRecentDocsNetHood -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSMHelp -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoUserNameInStartMenu -> 1 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoInstrumentation -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoStartMenuPinnedList -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\ForceStartMenuLogoff -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoSharedDocuments -> 1 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\DISALLOWCPL\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RESTRICTCPL\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RESTRICTRUN\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoFileSharing -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoFileSharingControl -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoPrintSharing -> 1 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\UNINSTALL\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\\DisableWindowsUpdateAccess -> 0 ->

< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->

127.0.0.1 localhost -> ->

< Internet Explorer Settings > -> ->

HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->

HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKLM: Local Page -> C:\windows\system32\blank.htm ->

HKLM: Search Bar -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->

HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->

HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->

HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->

HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKCU: Local Page -> C:\windows\system32\blank.htm ->

HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->

HKCU: ProxyEnable -> 0 ->

< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

msn.com [ - ] -> ->

< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

*.update_microsoft.com [http] -> ->

*.update_microsoft.com [https] -> ->

www.update_microsoft.com [http] -> ->

download_windowsupdate.com [http] -> ->

< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->

{2E03C0FD-4C48-43A7-9A54-00240C70FF16} [HKLM] -> %System32%\BhoECart.dll [ECarteBleueBrowserHelper Class] -> Orbiscom Ltd. All rights reserved. [Ver = 2, 2, 1, 3, 94 | Size = 69632 bytes | Modified Date = 2003-05-14 14:41:30 | Attr = ]

{4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [spywareGuardDLBLOCK.CBrowserHelper] -> [Ver = 2.02 | Size = 192512 bytes | Modified Date = 2003-08-02 23:24:02 | Attr = R ]

{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 2005-05-31 01:04:00 | Attr = ]

{724d43a9-0d85-11d4-9908-00400523e39a} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [Reg Data - Value does not exist] -> Siber Systems [Ver = 6-9-5 | Size = 5645104 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [sSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]

{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-07-23 23:33:12 | Attr = R ]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 2007-07-27 12:54:44 | Attr = ]

< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->

{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-07-23 23:33:12 | Attr = R ]

{724d43a0-0d85-11d4-9908-00400523e39a} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-5 | Size = 5645104 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ]

< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-07-23 23:33:12 | Attr = R ]

WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-5 | Size = 5645104 bytes | Modified Date = 2007-08-30 11:06:32 | Attr = ]

< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ]

{320AF880-6646-11D3-ABEE-C5DBF3571F46} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComFillForms.htm [buttonText: Remplir] -> File not found

{320AF880-6646-11D3-ABEE-C5DBF3571F49} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComSavePass.htm [buttonText: Enregistrer] -> File not found

{724d43aa-0d85-11d4-9908-00400523e39a} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htm [buttonText: Barre RoboForm] -> File not found

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [buttonText: Recherche] -> File not found

< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->

Barre RoboForm -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htm -> File not found

E&xporter vers Microsoft Excel -> -> File not found

Enregistrer le formulaire -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComSavePass.htm -> File not found

Personnaliser le menu -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htm -> File not found

Remplir le formulaire -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComFillForms.htm -> File not found

< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->

sv1 -> ->

< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->

{022C77D4-E660-4630-8947-94654E82A62B} -> () ->

< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->

Protocol_Catalog9\Catalog_Entries�0000000001 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ]

Protocol_Catalog9\Catalog_Entries�0000000002 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ]

Protocol_Catalog9\Catalog_Entries�0000000003 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ]

Protocol_Catalog9\Catalog_Entries�0000000004 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ]

Protocol_Catalog9\Catalog_Entries�0000000005 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ]

Protocol_Catalog9\Catalog_Entries�0000000017 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ]

< Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->

about -> 4 = Restricted sites (Not a Default Protocol) ->

about: -> 4 = Restricted sites (Not a Default Protocol) ->

mhtml -> 4 = Restricted sites (Not a Default Protocol) ->

< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->

ipp -> Reg Data - Key not found -> File not found

msdaipp -> Reg Data - Key not found -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://webscanner.kaspersky.fr/kavwebscan_unicode.cab ->

{6414512B-B978-451D-A0D8-FCFDF33E833C} -> - CodeBase = http://www.update.microsoft.com/windowsupd...b?1185227167531 ->

{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->

{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab ->

 

 

[Registry - Additional Scans - Non-Microsoft Only]

< Security Settings > -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Service de transfert intelligent en arrière-plan ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfère des données entre les clients et les serveurs en tâche de fond. Si le service BITS est désactivé, les fonctionnalités telles que Windows Update ne fonctionneront pas correctement. ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> Root\LEGACY_BITS�00 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Group -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 200 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\135:TCP -> 135:TCP:*:Enabled:DCOM(135) ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> Root\LEGACY_SHAREDACCESS�00 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Autorise le téléchargement et l'installation des mises à jour de Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité Mises à jour automatiques, ni accéder au site Web Windows Update. ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Group -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> Root\LEGACY_WUAUSERV�00 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->

< Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\\NoUpdateCheck -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventRun -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\Disabled -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventBackgroundDownload -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoUpdate -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\\DontReportInfectionInformation -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\\DWNeverUpload -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\\DWNoExternalURL -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\\DWNoFileCollection -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\10.0\Common\\DWNoSecondLevelCollection -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\Common\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\Common\\DWNoExternalURL -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\Common\\DWNoFileCollection -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\11.0\Common\\DWNoSecondLevelCollection -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\\DWNeverUpload -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\\DWNoExternalURL -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\\DWNoFileCollection -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Office\9.0\Common\\DWNoSecondLevelCollection -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\PCHealth\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\PCHealth\ErrorReporting\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\PCHealth\ErrorReporting\DW\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\PCHealth\ErrorReporting\DW\\DWNeverUpload -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\DisableMSI -> 2 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AlwaysInstallElevated -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Psched\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Psched\\NonBestEffortLimit -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^«0O•zI‰j

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> g°Ô‹4:?Ó¼éÜdgó” ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xÜþøÈ“ÜŠ°Ý„} ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> –; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> ½š*ÛBëØV%Mø/g ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_„ìöiÓk•j"À€ ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Windows Update\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\\DisableAutoUpdate -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\\PreventCodecDownload -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\\DisableMRU -> 1 ->

< Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->

HKEY_CURRENT_USER\Software\Policies\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\\PreventRun -> 0 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNeverUpload -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNoExternalURL -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNoFileCollection -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNoSecondLevelCollection -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Outlook\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Outlook\InstantMessaging\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Outlook\InstantMessaging\\ForceDisableIM -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\\DWNeverUpload -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\\DWNoExternalURL -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\\DWNoFileCollection -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\\DWNoSecondLevelCollection -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\\DWNeverUpload -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\\DWNoExternalURL -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\\DWNoFileCollection -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\Common\\DWNoSecondLevelCollection -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ErrorReporting\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW\\DWNeverUpload -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windows Update\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\WindowsUpdate\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\\PreventCodecDownload -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\\NoCodecDownload -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\\PreventMusicFileMetadataRetrieval -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\\PreventCDDVDMetadataRetrieval -> 1 ->

< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->

{083F79E4-6FE9-46FB-A6C6-4F8862742947} -> ATI HYDRAVISION ->

{15095BF3-A3D7-4DDF-B193-3A496881E003} -> Microsoft .NET Framework 3.0 ->

{2300EE96-0A41-4FAB-BD03-989EC44577A0} -> Partition Suite ->

{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer ->

{3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java SE Runtime Environment 6 Update 1 ->

{3248F0A8-6813-11D6-A77B-00B0D0160020} -> Java 6 Update 2 ->

{350C940c-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->

{491DD792-AD81-429C-9EB4-86DD3D22E333} -> Windows Communication Foundation ->

{4D3B509A-82E2-4E8B-9D90-C880A2131C73} -> Dynamic Security Agent 1.0 ->

{534802E0-761E-47F4-BD27-061BC8F976AE} -> O&O SafeErase ->

{53480330-E1D1-41CA-B8F8-7F78644F7F50} -> O&O Defrag Professional Edition ->

{53480390-0EC4-429E-BBEE-78E19EEB03BD} -> O&O CleverCache ->

{56C049BE-79E9-4502-BEA7-9754A3E60F9B} -> neroxml ->

{5A710547-B58E-488B-828D-CA9A25A0533C} -> MSXML 6.0 Parser (KB927977) ->

{620797B0-A022-4B57-A95E-DD7DD0321028} -> ProxyWay Extra ->

{6901DD22-527A-41EF-9059-E81FEDE9E494} -> Windows Presentation Foundation Language Pack (FRA) ->

{69B9A8B6-75C7-4B0C-A530-129C3C0768C8} -> Personal Translator 2008 Professional English French ->

{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0 ->

{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} -> Windows Workflow Foundation ->

{86EC42B5-346E-4BAB-948D-58E021EA4BD1} -> ATI Catalyst Control Center ->

{9011040C-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003 ->

{B168C59D-5FCF-4EEC-B464-BFA7A8266150} -> Windows Communication Foundation Language Pack - FRA ->

{B84C141C-9A13-44BE-9A69-301D7B11D836} -> Windows Workflow Foundation FR Language Pack ->

{BAF78226-3200-4DB4-BE33-4D922A799840} -> Windows Presentation Foundation ->

{C151CE54-E7EA-4804-854B-F515368B0798} -> Athlon 64 Processor Driver ->

{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 ->

{CF097717-F174-4144-954A-FBC4BF301036} -> Nero 7 Premium ->

{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1 -> NOD32 FiX ->

{DBEA1034-5882-4A88-8033-81C4EF0CFA29} -> Google Toolbar for Internet Explorer ->

{E3C080B0-23F5-49AF-89F8-8E8DBC89E659} -> Microsoft .NET Framework 3.0 French Language Pack ->

{F196AC50-7C95-42E1-9947-BDAB18BF3C8C} -> Microsoft .NET Framework 2.0 Language Pack - FRA ->

{F7338FA3-DAB5-49B2-900D-0AFB5760C166} -> PC Probe II ->

{FB08F381-6533-4108-B7DD-039E11FBC27E} -> Realtek AC'97 Audio ->

97149975-b4b1-4d2b-b9fe-7ba413d0efeb_is1 -> SummerProperties 1.2 ->

Adobe Flash Player Plugin -> Adobe Flash Player Plugin ->

Adobe® Photoshop® Album Edition Découverte 3.2 -> Adobe® Photoshop® Album Edition Découverte 3.2 ->

AI RoboForm -> AI RoboForm (All Users) ->

All ATI Software -> ATI - Utilitaire de désinstallation du logiciel ->

a-squared Free_is1 -> a-squared Free 3.0 ->

AsusUpdate -> AsusUpdate ->

ATI Display Driver -> ATI Display Driver ->

AVGantiRootkit -> AVG Anti-Rootkit Free ->

AVGAntiSpyware75 -> AVG Anti-Spyware 7.5 ->

AxCrypt -> AxCrypt (Désinstaller uniquement) ->

CCleaner -> CCleaner (remove only) ->

dBpoweramp [Arrange Audio] Codec -> dBpoweramp [Arrange Audio] Codec ->

dBpoweramp [Multi Encoder] Codec -> dBpoweramp [Multi Encoder] Codec ->

dBpoweramp [ReplayGain] Codec -> dBpoweramp [ReplayGain] Codec ->

dBpoweramp AAC Encoder -> dBpoweramp AAC Encoder ->

dBpowerAMP CD Writer -> dBpowerAMP CD Writer ->

dBPowerAMP Dalet codec R2 -> dBPowerAMP Dalet codec R2 ->

dBpoweramp DirectShow Decoder -> dBpoweramp DirectShow Decoder ->

dBpoweramp DSP Effects -> dBpoweramp DSP Effects ->

dBpoweramp FLAC Codec -> dBpoweramp FLAC Codec ->

dBpoweramp m4a Codec -> dBpoweramp m4a Codec ->

dBpoweramp m4a Utilities -> dBpoweramp m4a Utilities ->

dBpoweramp Midi Decoder -> dBpoweramp Midi Decoder ->

dBpoweramp Monkeys Audio Codec -> dBpoweramp Monkeys Audio Codec ->

dBpoweramp Musepack Codec -> dBpoweramp Musepack Codec ->

dBpoweramp Music Converter -> dBpoweramp Music Converter ->

dBpoweramp Ogg Vorbis Codec -> dBpoweramp Ogg Vorbis Codec ->

dBpowerAMP Rename Extension -> dBpowerAMP Rename Extension ->

dBpowerAMP Tag From Filename -> dBpowerAMP Tag From Filename ->

dBpowerAMP Update ID Tag -> dBpowerAMP Update ID Tag ->

dBpoweramp WavPack Codec -> dBpoweramp WavPack Codec ->

dBpoweramp Windows Media Audio 10 Codec -> dBpoweramp Windows Media Audio 10 Codec ->

DFX for Winamp -> DFX 8 for Winamp ->

e-Carte Bleue Banque Populaire -> e-Carte Bleue Banque Populaire ->

ERUNT_is1 -> ERUNT 1.1h ->

EVEREST Ultimate Edition_is1 -> EVEREST Ultimate Edition v4.00 ->

Foxit Reader -> Foxit Reader ->

HijackThis -> HijackThis 1.99.1 ->

Hijackthis Version Française_is1 -> Hijackthis Version Française ->

IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs ->

ie7 -> Windows Internet Explorer 7 ->

InstallShield_{69B9A8B6-75C7-4B0C-A530-129C3C0768C8} -> Personal Translator 2008 Professional English French ->

iZotope Ozone 1.0 for Winamp2 and Winamp3_is1 -> iZotope Ozone 1.0 for Winamp2 and Winamp3 ->

jv16 PowerTools_is1 -> jv16 PowerTools 2007 ->

Kaspersky Online Scanner -> Kaspersky Online Scanner ->

KB892130 -> Windows Genuine Advantage Validation Tool (KB892130) ->

KB920342 -> Mise à jour pour Windows XP (KB920342) ->

KB921503 -> Mise à jour de sécurité pour Windows XP (KB921503) ->

KB923789 -> Mise à jour de sécurité pour Windows XP (KB923789) ->

KB929969 -> Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) ->

KB933566-IE7 -> Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) ->

KB936021 -> Mise à jour de sécurité pour Windows XP (KB936021) ->

KB936782_WMP9 -> Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782) ->

KB937143-IE7 -> Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) ->

KB938127-IE7 -> Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) ->

KB938828 -> Mise à jour pour Windows XP (KB938828) ->

KB938829 -> Mise à jour de sécurité pour Windows XP (KB938829) ->

L'Assistant DartyBox -> L'Assistant DartyBox ->

Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 ->

Microsoft .NET Framework 2.0 Language Pack - FRA -> Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA ->

Microsoft .NET Framework 3.0 -> Microsoft .NET Framework 3.0 ->

Microsoft .NET Framework 3.0 French Language Pack -> Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0 ->

MRU-Blaster_is1 -> MRU-Blaster v1.5 (Database 3/28/2004) ->

NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs ->

NOD32 -> NOD32 Antivirus System ->

NTREGOPT_is1 -> NTREGOPT 1.1h ->

NVIDIA Drivers -> NVIDIA Drivers ->

PowerISO -> PowerISO ->

Privoxy -> Privoxy 3.0.6 ->

Random Password Generator-PRO -> Random Password Generator-PRO ->

RegScanner -> RegScanner ->

Revo Uninstaller -> Revo Uninstaller 1.34 ->

ShockwaveFlash -> Adobe Flash Player 9 ActiveX ->

SpeedFan -> SpeedFan (remove only) ->

Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.4 ->

SpywareBlaster_is1 -> SpywareBlaster v3.5.1 ->

SpywareGuard_is1 -> SpywareGuard v2.2 ->

Steinberg Nuendo v3.2.0.1128 -> Steinberg Nuendo v3.2.0.1128 ->

SuperCopier2 -> SuperCopier2 ->

SyncroSoft Emu -> SyncroSoft Emu (Remove only) ->

Syncrosoft's License Control -> Le Centre de Contrôle de Licences de Syncrosoft ->

The KMPlayer FR_is1 -> The KMPlayer v2.9.3.1340 FR ->

Tor -> Tor 0.1.2.16 ->

Totalcmd -> Total Commander (Remove or Repair) ->

Uninstall -> Uninstall ->

Vidalia -> Vidalia 0.0.13 ->

WGA -> Windows Genuine Advantage Validation Tool (KB892130) ->

WIC -> Windows Imaging Component ->

Winamp -> Winamp (remove only) ->

Window Washer -> Window Washer ->

Windows Media Format Runtime -> Windows Media Format 11 runtime ->

WinRAR archiver -> Archiveur WinRAR ->

WMFDist11 -> Windows Media Format 11 runtime ->

xp-AntiSpy -> xp-AntiSpy 3.96-5 ->

XpsEPSC -> XML Paper Specification Shared Components Pack 1.0 ->

XPSEPSCLP -> XML Paper Specification Shared Components Language Pack 1.0 ->

ZoneAlarm Pro -> ZoneAlarm Pro ->

 

[Files/Folders - Created Within 30 days]

Bases -> %SystemDrive%\Bases -> [Folder | Created Date = 2007-09-01 17:43:59 | Attr = ]

ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2007-09-05 00:41:15 | Attr = ]

CWShredder -> %SystemDrive%\CWShredder -> [Folder | Created Date = 2007-08-20 20:58:05 | Attr = ]

Downloads -> %SystemDrive%\Downloads -> [Folder | Created Date = 2007-09-01 17:43:59 | Attr = ]

Kaspersky -> %SystemDrive%\Kaspersky -> [Folder | Created Date = 2007-09-01 17:42:46 | Attr = ]

qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 2007-09-05 00:41:59 | Attr = ]

RegProt -> %SystemDrive%\RegProt -> [Folder | Created Date = 2007-08-30 08:11:48 | Attr = ]

Rustbfix -> %SystemDrive%\Rustbfix -> [Folder | Created Date = 2007-08-23 15:17:03 | Attr = ]

SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 2007-09-05 01:09:46 | Attr = ]

Smitfraudfix -> %SystemDrive%\Smitfraudfix -> [Folder | Created Date = 2007-08-20 18:05:18 | Attr = ]

totalcmd -> %SystemDrive%\totalcmd -> [Folder | Created Date = 2007-08-18 09:50:23 | Attr = ]

treeinfo.wc -> %SystemDrive%\treeinfo.wc -> [Ver = | Size = 196893 bytes | Created Date = 2007-08-19 20:15:51 | Attr = H ]

$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Created Date = 2007-08-20 13:18:29 | Attr = H ]

$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 2007-08-20 13:25:25 | Attr = H ]

$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 2007-08-20 13:26:16 | Attr = H ]

$NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Created Date = 2007-08-20 13:26:06 | Attr = H ]

$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 2007-08-20 13:24:32 | Attr = H ]

$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 2007-08-20 13:25:31 | Attr = H ]

$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Created Date = 2007-08-20 13:18:41 | Attr = H ]

$NtUninstallXPSEPSCLP$ -> %SystemRoot%\$NtUninstallXPSEPSCLP$ -> [Folder | Created Date = 2007-08-20 13:24:14 | Attr = H ]

ARJ.PIF -> %SystemRoot%\ARJ.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ]

catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Created Date = 2007-09-05 00:41:26 | Attr = ]

ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2007-09-05 00:42:28 | Attr = ]

ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 2007-09-06 16:37:24 | Attr = ]

gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 13, 12551 | Size = 585791 bytes | Created Date = 2007-08-23 20:29:25 | Attr = ]

gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 13, 12551 | Size = 581632 bytes | Created Date = 2007-08-23 20:29:25 | Attr = ]

gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 297 bytes | Created Date = 2007-08-23 20:29:26 | Attr = ]

gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 2007-08-23 20:29:25 | Attr = ]

Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Created Date = 2007-08-28 07:30:34 | Attr = ]

LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 2007-09-06 19:09:28 | Attr = ]

LHA.PIF -> %SystemRoot%\LHA.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ]

NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Created Date = 2007-08-29 06:44:19 | Attr = ]

nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2007-09-05 00:41:26 | Attr = ]

NOCLOSE.PIF -> %SystemRoot%\NOCLOSE.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ]

PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 2007-08-14 22:47:46 | Attr = H ]

PKUNZIP.PIF -> %SystemRoot%\PKUNZIP.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ]

PKZIP.PIF -> %SystemRoot%\PKZIP.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ]

RAR.PIF -> %SystemRoot%\RAR.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ]

UC.PIF -> %SystemRoot%\UC.PIF -> [Ver = | Size = 545 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ]

unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 964 bytes | Created Date = 2007-08-21 15:08:50 | Attr = ]

Unwash6.exe -> %SystemRoot%\Unwash6.exe -> Webroot Software, Inc. [Ver = 6.5.0.100 | Size = 69960 bytes | Created Date = 2007-08-28 06:26:21 | Attr = ]

wcx_ftp.ini -> %SystemRoot%\wcx_ftp.ini -> [Ver = | Size = 135 bytes | Created Date = 2007-08-18 10:03:52 | Attr = ]

wincmd.ini -> %SystemRoot%\wincmd.ini -> [Ver = | Size = 4669 bytes | Created Date = 2007-08-18 09:50:23 | Attr = ]

zipinst.exe -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Created Date = 2007-09-04 18:07:47 | Attr = ]

en-us -> %System32%\en-us -> [Folder | Created Date = 2007-08-20 13:19:46 | Attr = ]

imon.dll -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Created Date = 2007-08-18 09:31:14 | Attr = ]

imon1.dat -> %System32%\imon1.dat -> [Ver = | Size = 142 bytes | Created Date = 2007-08-21 22:14:43 | Attr = ]

libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796312 bytes | Created Date = 2007-08-28 07:32:02 | Attr = ]

moveex.exe -> %System32%\moveex.exe -> [Ver = | Size = 38400 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ]

oodbs.lor -> %System32%\oodbs.lor -> [Ver = | Size = 20432 bytes | Created Date = 2007-09-03 15:47:20 | Attr = ]

poweroff.exe -> %System32%\poweroff.exe -> Jorgen Bosman [Ver = 3, 0, 1, 3 | Size = 172032 bytes | Created Date = 2007-09-01 07:31:40 | Attr = ]

Sblist.ocx -> %System32%\Sblist.ocx -> Global Components (GlobalCom@pobox.com) [Ver = 2, 0, 0, 17 | Size = 65536 bytes | Created Date = 2007-08-26 00:30:45 | Attr = ]

swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ]

swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ]

swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ]

tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2302 bytes | Created Date = 2007-08-20 18:09:27 | Attr = ]

vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2007-09-05 00:41:25 | Attr = ]

vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 52662 bytes | Created Date = 2007-08-28 07:31:55 | Attr = ]

vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 83696 bytes | Created Date = 2007-08-28 07:30:33 | Attr = ]

vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 394192 bytes | Created Date = 2007-08-28 07:31:55 | Attr = ]

vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 157424 bytes | Created Date = 2007-08-28 07:30:33 | Attr = ]

vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 104176 bytes | Created Date = 2007-08-28 07:31:55 | Attr = ]

vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 276208 bytes | Created Date = 2007-08-28 07:31:55 | Attr = ]

vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 71408 bytes | Created Date = 2007-08-28 07:32:02 | Attr = ]

vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 472816 bytes | Created Date = 2007-08-28 07:30:30 | Attr = ]

vsutil_loc040c.dll -> %System32%\vsutil_loc040c.dll -> Zone Labs Inc. [Ver = 5.3.017.000 | Size = 54936 bytes | Created Date = 2007-08-28 07:32:05 | Attr = ]

vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 46832 bytes | Created Date = 2007-08-28 07:31:56 | Attr = ]

vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 100080 bytes | Created Date = 2007-08-28 07:31:56 | Attr = ]

XPSViewer -> %System32%\XPSViewer -> [Folder | Created Date = 2007-08-20 13:19:48 | Attr = ]

zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 83696 bytes | Created Date = 2007-08-28 07:32:01 | Attr = ]

zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 71408 bytes | Created Date = 2007-08-28 07:32:01 | Attr = ]

zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Created Date = 2007-08-28 07:32:08 | Attr = H ]

ZoneLabs -> %System32%\ZoneLabs -> [Folder | Created Date = 2007-08-28 07:31:55 | Attr = ]

zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1087216 bytes | Created Date = 2007-08-28 07:31:56 | Attr = ]

amon.sys -> %System32%\drivers\amon.sys -> Eset [Ver = 2, 70, 39 | Size = 512096 bytes | Created Date = 2007-08-18 09:31:14 | Attr = ]

AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 2007-08-28 07:24:47 | Attr = ]

gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3911 | Size = 70001 bytes | Created Date = 2007-08-23 20:29:25 | Attr = ]

nod32drv.sys -> %System32%\drivers\nod32drv.sys -> [Ver = | Size = 15424 bytes | Created Date = 2007-08-18 09:31:14 | Attr = ]

snapman.sys -> %System32%\drivers\snapman.sys -> Acronis [Ver = 2.1 build 222 | Size = 99776 bytes | Created Date = 2007-08-28 05:19:08 | Attr = ]

Ahead -> %AllUsersAppData%\Ahead -> [Folder | Created Date = 2007-08-28 05:47:14 | Attr = ]

Nero -> %AllUsersAppData%\Nero -> [Folder | Created Date = 2007-08-28 05:45:29 | Attr = ]

PT2008 -> %AllUsersAppData%\PT2008 -> [Folder | Created Date = 2007-08-28 06:05:09 | Attr = ]

RoboForm -> %AllUsersAppData%\RoboForm -> [Folder | Created Date = 2007-08-30 08:50:22 | Attr = ]

TEMP -> %AllUsersAppData%\TEMP -> [Folder | Created Date = 2007-08-28 17:40:54 | Attr = ]

@Alternate Data Stream - 122 bytes -> %AllUsersAppData%\TEMP:5E1F4E0B ->

Ahead -> %UserAppData%\Ahead -> [Folder | Created Date = 2007-08-28 05:47:34 | Attr = ]

Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 2007-08-28 07:24:57 | Attr = ]

tor -> %UserAppData%\tor -> [Folder | Created Date = 2007-08-25 11:56:55 | Attr = ]

Vidalia -> %UserAppData%\Vidalia -> [Folder | Created Date = 2007-08-25 11:55:48 | Attr = ]

VSRevoGroup -> %UserAppData%\VSRevoGroup -> [Folder | Created Date = 2007-09-03 16:10:28 | Attr = ]

Ahead -> %LocalAppData%\Ahead -> [Folder | Created Date = 2007-08-28 05:53:42 | Attr = ]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 23040 bytes | Created Date = 2007-08-12 21:09:17 | Attr = ]

GHISLER -> %LocalAppData%\GHISLER -> [Folder | Created Date = 2007-08-18 10:03:12 | Attr = ]

AlwaysUnloadDll.reg -> %UserDocuments%\AlwaysUnloadDll.reg -> [Ver = | Size = 125 bytes | Created Date = 2007-08-16 21:48:44 | Attr = ]

cache_dns.reg -> %UserDocuments%\cache_dns.reg -> [Ver = | Size = 289 bytes | Created Date = 2007-08-16 21:39:26 | Attr = ]

cc Clean avant scan complet_20070816_1527.reg -> %UserDocuments%\cc Clean avant scan complet_20070816_1527.reg -> [Ver = | Size = 2928 bytes | Created Date = 2007-08-16 14:28:05 | Attr = ]

cc_20070831_0721.reg -> %UserDocuments%\cc_20070831_0721.reg -> [Ver = | Size = 20117 bytes | Created Date = 2007-08-31 06:22:06 | Attr = ]

Conf.PT 2008 Pro -> %UserDocuments%\Conf.PT 2008 Pro -> [Folder | Created Date = 2007-08-28 06:16:06 | Attr = ]

CoolWebSearch_homesearch.php.htm -> %UserDocuments%\CoolWebSearch_homesearch.php.htm -> [Ver = | Size = 41398 bytes | Created Date = 2007-08-30 05:16:26 | Attr = ]

frames2.php.htm -> %UserDocuments%\frames2.php.htm -> [Ver = | Size = 16697 bytes | Created Date = 2007-08-22 16:39:07 | Attr = ]

Mon nom.doc -> %UserDocuments%\Mon nom.doc -> [Ver = | Size = 42496 bytes | Created Date = 2007-08-20 13:46:10 | Attr = ]

My RoboForm Data -> %UserDocuments%\My RoboForm Data -> [Folder | Created Date = 2007-08-30 08:50:03 | Attr = ]

Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP.htm -> %UserDocuments%\Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP.htm -> [Ver = | Size = 15570 bytes | Created Date = 2007-08-29 04:45:23 | Attr = ]

Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP_fichiers -> %UserDocuments%\Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP_fichiers -> [Folder | Created Date = 2007-08-29 04:45:23 | Attr = ]

O&O -> %UserDocuments%\O&O -> [Folder | Created Date = 2007-08-18 10:39:38 | Attr = ]

Personal Translator 2008 Professional -> %UserDocuments%\Personal Translator 2008 Professional -> [Folder | Created Date = 2007-08-28 06:09:27 | Attr = ]

Proxy Lists. Sorted by type. List #1.htm -> %UserDocuments%\Proxy Lists. Sorted by type. List #1.htm -> [Ver = | Size = 13905 bytes | Created Date = 2007-08-26 18:29:44 | Attr = ]

proxy.php.htm -> %UserDocuments%\proxy.php.htm -> [Ver = | Size = 700 bytes | Created Date = 2007-08-26 19:17:36 | Attr = ]

Personal Translator 2008.lnk -> %AllUsersDesktop%\Personal Translator 2008.lnk -> [Ver = | Size = 962 bytes | Created Date = 2007-08-28 06:05:46 | Attr = ]

EVEREST Ultimate Edition.lnk -> %UserDesktop%\EVEREST Ultimate Edition.lnk -> [Ver = | Size = 787 bytes | Created Date = 2007-08-14 22:27:26 | Attr = ]

Revo Uninstaller.lnk -> %UserDesktop%\Revo Uninstaller.lnk -> [Ver = | Size = 917 bytes | Created Date = 2007-09-03 16:09:43 | Attr = ]

Window Washer.lnk -> %UserDesktop%\Window Washer.lnk -> [Ver = | Size = 1596 bytes | Created Date = 2007-08-28 06:26:48 | Attr = ]

Acronis -> %CommonProgramFiles%\Acronis -> [Folder | Created Date = 2007-08-28 05:19:03 | Attr = ]

Ahead -> %CommonProgramFiles%\Ahead -> [Folder | Created Date = 2007-08-28 05:45:29 | Attr = ]

Webroot Shared -> %CommonProgramFiles%\Webroot Shared -> [Folder | Created Date = 2007-08-28 06:26:36 | Attr = ]

 

[Files/Folders - Modified Within 30 days]

Bases -> %SystemDrive%\Bases -> [Folder | Modified Date = 2007-09-01 18:45:56 | Attr = ]

boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 212 bytes | Modified Date = 2007-08-31 07:45:08 | Attr = HS]

ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2007-09-05 01:46:52 | Attr = ]

Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2007-09-02 14:40:12 | Attr = ]

CWShredder -> %SystemDrive%\CWShredder -> [Folder | Modified Date = 2007-09-01 07:24:38 | Attr = ]

Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 2007-09-01 18:45:52 | Attr = ]

Kaspersky -> %SystemDrive%\Kaspersky -> [Folder | Modified Date = 2007-09-01 18:42:54 | Attr = ]

Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2007-09-04 19:07:48 | Attr = R ]

qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 2007-09-05 01:42:32 | Attr = ]

RegProt -> %SystemDrive%\RegProt -> [Folder | Modified Date = 2007-09-06 17:41:58 | Attr = ]

Rustbfix -> %SystemDrive%\Rustbfix -> [Folder | Modified Date = 2007-08-30 07:58:08 | Attr = ]

SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 2007-09-06 17:43:16 | Attr = ]

Smitfraudfix -> %SystemDrive%\Smitfraudfix -> [Folder | Modified Date = 2007-08-21 15:38:14 | Attr = ]

System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2007-08-31 07:43:18 | Attr = HS]

totalcmd -> %SystemDrive%\totalcmd -> [Folder | Modified Date = 2007-09-02 14:21:32 | Attr = ]

treeinfo.wc -> %SystemDrive%\treeinfo.wc -> [Ver = | Size = 196893 bytes | Modified Date = 2007-08-26 01:47:38 | Attr = H ]

WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-09-06 20:09:30 | Attr = ]

$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-08-20 14:13:34 | Attr = H ]

$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Modified Date = 2007-08-20 14:18:32 | Attr = H ]

$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 2007-08-20 14:25:26 | Attr = H ]

$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 2007-08-20 14:26:18 | Attr = H ]

$NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Modified Date = 2007-08-20 14:26:08 | Attr = H ]

$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Modified Date = 2007-08-20 14:24:34 | Attr = H ]

$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 2007-08-20 14:25:32 | Attr = H ]

$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Modified Date = 2007-08-20 14:18:42 | Attr = H ]

$NtUninstallXPSEPSCLP$ -> %SystemRoot%\$NtUninstallXPSEPSCLP$ -> [Folder | Modified Date = 2007-08-20 14:24:16 | Attr = H ]

ALCFDRTM.VER -> %SystemRoot%\ALCFDRTM.VER -> Realtek Semiconductor Corp. [Ver = 1.01 | Size = 60416 bytes | Modified Date = 2007-08-29 07:54:36 | Attr = ]

assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2007-08-20 18:26:48 | Attr = R S]

BissHM.ini -> %SystemRoot%\BissHM.ini -> [Ver = | Size = 251 bytes | Modified Date = 2007-08-21 15:58:44 | Attr = ]

bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-09-06 17:40:06 | Attr = S]

Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2007-09-04 07:34:44 | Attr = ]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2007-08-20 22:33:06 | Attr = S]

ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 2007-09-05 01:59:42 | Attr = ]

ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 2007-09-06 17:37:26 | Attr = ]

Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2007-08-21 15:59:38 | Attr = R S]

gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 13, 12551 | Size = 585791 bytes | Modified Date = 2007-08-23 21:29:26 | Attr = ]

gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 297 bytes | Modified Date = 2007-09-05 22:52:04 | Attr = ]

gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 2007-08-23 21:29:26 | Attr = ]

Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2007-09-05 22:23:42 | Attr = ]

inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-09-05 22:23:42 | Attr = H ]

Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-09-02 14:40:12 | Attr = HS]

Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 2007-09-07 00:36:52 | Attr = ]

LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 2007-09-06 20:09:30 | Attr = ]

Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 2007-08-20 18:22:00 | Attr = ]

NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 2007-09-02 02:06:56 | Attr = ]

PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 2007-08-14 23:47:48 | Attr = H ]

Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2007-09-06 08:12:10 | Attr = ]

Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2007-09-06 17:41:04 | Attr = ]

RtlRack.ini -> %SystemRoot%\RtlRack.ini -> [Ver = | Size = 169 bytes | Modified Date = 2007-08-26 19:23:10 | Attr = ]

security -> %SystemRoot%\security -> [Folder | Modified Date = 2007-09-05 01:46:00 | Attr = ]

SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 2007-08-14 00:38:50 | Attr = ]

system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2007-08-31 07:45:08 | Attr = ]

system32 -> %System32% -> [Folder | Modified Date = 2007-09-07 00:10:14 | Attr = ]

Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2007-09-03 21:40:32 | Attr = S]

Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2007-09-07 00:35:40 | Attr = ]

unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 964 bytes | Modified Date = 2007-08-21 16:08:52 | Attr = ]

Unwash6.exe -> %SystemRoot%\Unwash6.exe -> Webroot Software, Inc. [Ver = 6.5.0.100 | Size = 69960 bytes | Modified Date = 2007-08-09 13:56:20 | Attr = ]

wcx_ftp.ini -> %SystemRoot%\wcx_ftp.ini -> [Ver = | Size = 135 bytes | Modified Date = 2007-08-25 20:46:12 | Attr = ]

win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 477 bytes | Modified Date = 2007-08-31 07:45:08 | Attr = ]

wincmd.ini -> %SystemRoot%\wincmd.ini -> [Ver = | Size = 4669 bytes | Modified Date = 2007-09-06 17:49:22 | Attr = ]

WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2007-08-28 07:05:00 | Attr = ]

zipinst.exe -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Modified Date = 2007-09-04 19:07:48 | Attr = ]

SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-09-03 22:13:38 | Attr = H ]

BASSMOD.dll -> %System32%\BASSMOD.dll -> [Ver = | Size = 10752 bytes | Modified Date = 2007-08-26 18:57:34 | Attr = ]

CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 2007-09-03 21:38:54 | Attr = ]

CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-09-06 19:32:26 | Attr = ]

config -> %System32%\config -> [Folder | Modified Date = 2007-09-05 01:45:26 | Attr = ]

decdnet.dll -> %System32%\decdnet.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 61952 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ]

DirectX -> %System32%\DirectX -> [Folder | Modified Date = 2007-08-28 06:45:02 | Attr = ]

dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-09-07 00:10:20 | Attr = ]

drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-09-06 19:32:24 | Attr = ]

en-us -> %System32%\en-us -> [Folder | Modified Date = 2007-08-20 14:19:48 | Attr = ]

encdnet.dll -> %System32%\encdnet.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 85504 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ]

FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 196160 bytes | Modified Date = 2007-08-22 13:32:24 | Attr = ]

fr-fr -> %System32%\fr-fr -> [Folder | Modified Date = 2007-08-20 14:24:00 | Attr = ]

imon.dll -> %System32%\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 2007-08-18 10:29:30 | Attr = ]

imon1.dat -> %System32%\imon1.dat -> [Ver = | Size = 142 bytes | Modified Date = 2007-09-05 01:45:58 | Attr = ]

oodbs.lor -> %System32%\oodbs.lor -> [Ver = | Size = 20432 bytes | Modified Date = 2007-09-06 17:40:00 | Attr = ]

perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 73790 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ]

perfc00C.dat -> %System32%\perfc00C.dat -> [Ver = | Size = 87470 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ]

perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 444648 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ]

perfh00C.dat -> %System32%\perfh00C.dat -> [Ver = | Size = 513842 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ]

PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 1129320 bytes | Modified Date = 2007-08-20 14:23:06 | Attr = ]

pnc3250.dll -> %System32%\pnc3250.dll -> RealNetworks, Inc. [Ver = 5.0.0.113 | Size = 130560 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ]

pncrt.dll -> %System32%\pncrt.dll -> RealNetworks, Inc. [Ver = 4.20.0000 | Size = 273408 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ]

pneng50.dll -> %System32%\pneng50.dll -> RealNetworks, Inc. [Ver = 5.0.0.113 | Size = 131072 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ]

pngu3263.dll -> %System32%\pngu3263.dll -> RealNetworks, Inc. [Ver = 6.3.0.226 | Size = 352768 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ]

poweroff.exe -> %System32%\poweroff.exe -> Jorgen Bosman [Ver = 3, 0, 1, 3 | Size = 172032 bytes | Modified Date = 2007-09-01 08:00:24 | Attr = ]

ra3214_4.dll -> %System32%\ra3214_4.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 81920 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ]

ra3228_8.dll -> %System32%\ra3228_8.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 72704 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ]

ra32dnet.dll -> %System32%\ra32dnet.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 21504 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ]

ra32sipr.dll -> %System32%\ra32sipr.dll -> RealNetworks, Inc. [Ver = 5.0.0.119 | Size = 87040 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ]

Restore -> %System32%\Restore -> [Folder | Modified Date = 2007-08-31 07:43:18 | Attr = ]

rmbe3260.dll -> %System32%\rmbe3260.dll -> RealNetworks, Inc. [Ver = 6.0.7.26 | Size = 487936 bytes | Modified Date = 2007-12-09 00:32:40 | Attr = ]

tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2302 bytes | Modified Date = 2007-08-31 20:58:48 | Attr = ]

vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 52662 bytes | Modified Date = 2007-09-06 17:40:26 | Attr = ]

wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2007-09-03 16:47:32 | Attr = ]

XPSViewer -> %System32%\XPSViewer -> [Folder | Modified Date = 2007-08-20 14:19:50 | Attr = ]

zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 2007-09-06 22:43:40 | Attr = H ]

ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 2007-09-06 21:58:38 | Attr = ]

amon.sys -> %System32%\drivers\amon.sys -> Eset [Ver = 2, 70, 39 | Size = 512096 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ]

etc -> %System32%\drivers\etc -> [Folder | Modified Date = 2007-09-06 17:38:14 | Attr = ]

gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3911 | Size = 70001 bytes | Modified Date = 2007-08-23 21:29:26 | Attr = ]

nod32drv.sys -> %System32%\drivers\nod32drv.sys -> [Ver = | Size = 15424 bytes | Modified Date = 2007-08-18 10:29:28 | Attr = ]

snapman.sys -> %System32%\drivers\snapman.sys -> Acronis [Ver = 2.1 build 222 | Size = 99776 bytes | Modified Date = 2007-08-28 06:19:10 | Attr = ]

Adobe -> %AllUsersAppData%\Adobe -> [Folder | Modified Date = 2007-08-14 00:14:32 | Attr = ]

Ahead -> %AllUsersAppData%\Ahead -> [Folder | Modified Date = 2007-08-28 06:47:16 | Attr = ]

Nero -> %AllUsersAppData%\Nero -> [Folder | Modified Date = 2007-08-28 06:45:30 | Attr = ]

PT2008 -> %AllUsersAppData%\PT2008 -> [Folder | Modified Date = 2007-08-28 07:05:10 | Attr = ]

RoboForm -> %AllUsersAppData%\RoboForm -> [Folder | Modified Date = 2007-08-30 09:50:24 | Attr = ]

Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 2007-09-04 07:28:54 | Attr = ]

TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 2007-08-30 05:16:36 | Attr = ]

@Alternate Data Stream - 122 bytes -> %AllUsersAppData%\TEMP:5E1F4E0B ->

Webroot -> %AllUsersAppData%\Webroot -> [Folder | Modified Date = 2007-09-03 21:08:58 | Attr = ]

Ahead -> %UserAppData%\Ahead -> [Folder | Modified Date = 2007-08-29 07:47:04 | Attr = ]

Babylon -> %UserAppData%\Babylon -> [Folder | Modified Date = 2007-08-13 10:47:52 | Attr = ]

Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 2007-08-28 08:24:58 | Attr = ]

Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 2007-09-02 14:39:26 | Attr = S]

tor -> %UserAppData%\tor -> [Folder | Modified Date = 2007-08-28 20:08:24 | Attr = ]

uTorrent -> %UserAppData%\uTorrent -> [Folder | Modified Date = 2007-09-07 00:41:56 | Attr = ]

Vidalia -> %UserAppData%\Vidalia -> [Folder | Modified Date = 2007-08-30 12:52:46 | Attr = ]

VSRevoGroup -> %UserAppData%\VSRevoGroup -> [Folder | Modified Date = 2007-09-03 17:10:30 | Attr = ]

Webroot -> %UserAppData%\Webroot -> [Folder | Modified Date = 2007-09-03 21:08:58 | Attr = ]

Adobe -> %LocalAppData%\Adobe -> [Folder | Modified Date = 2007-08-14 00:14:20 | Attr = ]

Ahead -> %LocalAppData%\Ahead -> [Folder | Modified Date = 2007-08-28 06:55:28 | Attr = ]

ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 2007-09-06 17:42:04 | Attr = ]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 23040 bytes | Modified Date = 2007-08-19 21:37:16 | Attr = ]

GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 43640 bytes | Modified Date = 2007-08-23 00:02:08 | Attr = ]

GHISLER -> %LocalAppData%\GHISLER -> [Folder | Modified Date = 2007-08-18 11:03:14 | Attr = ]

IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 1578010 bytes | Modified Date = 2007-08-28 07:53:36 | Attr = H ]

Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 2007-09-02 00:55:14 | Attr = ]

a-squared -> %UserDocuments%\a-squared -> [Folder | Modified Date = 2007-08-16 16:58:04 | Attr = ]

AlwaysUnloadDll.reg -> %UserDocuments%\AlwaysUnloadDll.reg -> [Ver = | Size = 125 bytes | Modified Date = 2007-08-16 22:48:48 | Attr = ]

cache_dns.reg -> %UserDocuments%\cache_dns.reg -> [Ver = | Size = 289 bytes | Modified Date = 2007-08-16 22:39:32 | Attr = ]

cc Clean avant scan complet_20070816_1527.reg -> %UserDocuments%\cc Clean avant scan complet_20070816_1527.reg -> [Ver = | Size = 2928 bytes | Modified Date = 2007-08-16 15:28:10 | Attr = ]

cc_20070831_0721.reg -> %UserDocuments%\cc_20070831_0721.reg -> [Ver = | Size = 20117 bytes | Modified Date = 2007-08-31 07:22:14 | Attr = ]

Conf.PT 2008 Pro -> %UserDocuments%\Conf.PT 2008 Pro -> [Folder | Modified Date = 2007-08-28 07:16:46 | Attr = ]

CoolWebSearch_homesearch.php.htm -> %UserDocuments%\CoolWebSearch_homesearch.php.htm -> [Ver = | Size = 41398 bytes | Modified Date = 2007-08-30 06:16:34 | Attr = ]

frames2.php.htm -> %UserDocuments%\frames2.php.htm -> [Ver = | Size = 16697 bytes | Modified Date = 2007-08-22 17:39:12 | Attr = ]

Mon nom.doc -> %UserDocuments%\Mon nom.doc -> [Ver = | Size = 42496 bytes | Modified Date = 2007-08-20 14:46:12 | Attr = ]

Mes images -> %UserDocuments%\Mes images -> [Folder | Modified Date = 2007-09-06 17:32:56 | Attr = R ]

My RoboForm Data -> %UserDocuments%\My RoboForm Data -> [Folder | Modified Date = 2007-08-30 11:03:50 | Attr = ]

Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP.htm -> %UserDocuments%\Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP.htm -> [Ver = | Size = 15570 bytes | Modified Date = 2007-08-29 05:45:30 | Attr = ]

Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP_fichiers -> %UserDocuments%\Nilz Weblog » Blog Archive » S'authentifier en tant que SYSTEM sous Windows XP_fichiers -> [Folder | Modified Date = 2007-08-29 05:45:26 | Attr = ]

O&O -> %UserDocuments%\O&O -> [Folder | Modified Date = 2007-08-18 11:39:40 | Attr = ]

Personal Translator 2008 Professional -> %UserDocuments%\Personal Translator 2008 Professional -> [Folder | Modified Date = 2007-08-28 07:24:12 | Attr = ]

Proxy Lists. Sorted by type. List #1.htm -> %UserDocuments%\Proxy Lists. Sorted by type. List #1.htm -> [Ver = | Size = 13905 bytes | Modified Date = 2007-08-26 19:29:46 | Attr = ]

proxy.php.htm -> %UserDocuments%\proxy.php.htm -> [Ver = | Size = 700 bytes | Modified Date = 2007-08-26 20:17:38 | Attr = ]

Personal Translator 2008.lnk -> %AllUsersDesktop%\Personal Translator 2008.lnk -> [Ver = | Size = 962 bytes | Modified Date = 2007-08-28 07:05:48 | Attr = ]

ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2007-08-25 15:48:52 | Attr = ]

EVEREST Ultimate Edition.lnk -> %UserDesktop%\EVEREST Ultimate Edition.lnk -> [Ver = | Size = 787 bytes | Modified Date = 2007-08-14 23:27:28 | Attr = ]

Revo Uninstaller.lnk -> %UserDesktop%\Revo Uninstaller.lnk -> [Ver = | Size = 917 bytes | Modified Date = 2007-09-03 17:09:44 | Attr = ]

Window Washer.lnk -> %UserDesktop%\Window Washer.lnk -> [Ver = | Size = 1596 bytes | Modified Date = 2007-08-28 07:26:50 | Attr = ]

Barre d'état système d'ATI CATALYST.lnk -> %AllUsersStartup%\Barre d'état système d'ATI CATALYST.lnk -> [Ver = | Size = 1851 bytes | Modified Date = 2007-08-21 14:55:26 | Attr = ]

TrayIt!.lnk -> %UserStartup%\TrayIt!.lnk -> [Ver = | Size = 604 bytes | Modified Date = 2007-08-24 13:41:14 | Attr = ]

Acronis -> %CommonProgramFiles%\Acronis -> [Folder | Modified Date = 2007-08-28 06:19:08 | Attr = ]

Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 2007-08-14 00:14:34 | Attr = ]

Ahead -> %CommonProgramFiles%\Ahead -> [Folder | Modified Date = 2007-08-28 06:46:44 | Attr = ]

Webroot Shared -> %CommonProgramFiles%\Webroot Shared -> [Folder | Modified Date = 2007-08-28 07:26:46 | Attr = ]

 

[File String Scan - Non-Microsoft Only]

PTech , ad-beh , abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %SystemDrive%\rapport Nettoyage SmitFraudFix.txt -> [Ver = | Size = 9516565 bytes | Modified Date = 2007-08-22 22:33:20 | Attr = ]

PTech , ad-beh , abetterinternet.com , ad-w-a-r-e.com , -> %SystemDrive%\rapport SmitFraudFix 31.08 .txt -> [Ver = | Size = 8431185 bytes | Modified Date = 2007-08-31 18:46:10 | Attr = ]

UPX! , UPX0 , -> %SystemRoot%\Unwash6.exe -> Webroot Software, Inc. [Ver = 6.5.0.100 | Size = 69960 bytes | Modified Date = 2007-08-09 13:56:20 | Attr = ]

UPX! , UPX0 , -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Modified Date = 2007-09-04 19:07:48 | Attr = ]

WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.43 | Size = 18706432 bytes | Modified Date = 2005-04-18 13:57:58 | Attr = ]

PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 2002-09-07 03:00:00 | Attr = ]

USERTRUST , -> %System32%\SpoonUninstall.exe -> [Ver = | Size = 4131192 bytes | Modified Date = 2007-07-02 19:09:04 | Attr = ]

UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 2007-07-22 18:39:28 | Attr = ]

winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2002-09-07 03:00:00 | Attr = ]

@Alternate Data Stream - 88 bytes -> %System32%\drivers\etc\tesgaz:SummaryInformation ->

@Alternate Data Stream - 0 bytes -> %System32%\drivers\etc\tesgaz:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->

PTech , ad-beh , abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\tesgaz -> [Ver = | Size = 9518036 bytes | Modified Date = 2007-08-21 22:35:06 | Attr = R ]

@Alternate Data Stream - 122 bytes -> %AllUsersAppData%\TEMP:5E1F4E0B ->

Call (RPC) Help , -> %UserDocuments%\CoolWebSearch_homesearch.php.htm -> [Ver = | Size = 41398 bytes | Modified Date = 2007-08-30 06:16:34 | Attr = ]

Call (RPC) Help , -> %UserDocuments%\emove instruction.txt -> [Ver = | Size = 23675 bytes | Modified Date = 2007-08-30 06:45:56 | Attr = ]

UPX! , UPX0 , -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2007-08-25 15:48:52 | Attr = ]

 

< End of report >

 

merci de m'aider ,

 

amicalement

Modifié le 6 septembre 2007 par chtilo

[chtilo]

Bonsoir voici le rapport Winpfind3u.exe

Modifié le 6 septembre 2007 par chtilo

[Thanos]

salut

 

Je relirai le tout tout à l'heure, en attendant >

 

Pour les Màj il veut pas, pour DSA désinstalle impossible le message dit que l'administrateur a mis une restriction mais je vois pas je peut la trouvé dans le registre.

Pour les majs, c'est normal! au vu de ton rapport, le service Mises à jour automatiques est désactivé!

 

-vas dans le menu Démarrer/Executer et tu tapes : services.msc

 

Cherche le service suivant et double clique dessus > Mises à jour automatiques

 

-dans le champs"Type de démarrage" sélectionne"automatique"

-dans le champs"Status du service" sélectionne "Démarrer"

-clique ensuite sur "Appliquer", puis"ok"

Quitte les services.

 

Pour l'impossibilité de désinstaller une application, tu vas effectuer ce qui suit >

 

Démarre WinPFind3U en double cliquant sur WinPFind3U.exe et copie/colle le texte ci dessous (ne copie pas le mot CODE) dans le Panneau Paste fix here , puis clique sur le bouton Run Fix.

[Registry - Additional Scans - Non-Microsoft Only]
< Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\DisableMSI -> 2

Poste le rapport qui se trouve dans le dossier WinPFind3u( c'est un rapport qui a pour nom la date du jour\mois\année\heure).

 

Si ca ne fonctionne pas, fais la même manip (avec le même script) en mode sans échec.

 

Dis moi si tu parviens à désinstaller un programme après .

 

@+ tard

Modifié le 7 septembre 2007 par charles ingals

[chtilo]

Bonjours Charles,

 

J'ai suivi tes instruction pour ce qui est des désinstalle le fix a marché , je n'aurai pas pensé que s'était cette clé qui génait car voilà d'où je la sort (car c'est moi qui l'ai mis volontairement): topic de Coolman sur zebulon : Comment résoudre mon problème de Windows Installer voilà pourquoi cette clé était dans mon registre.

 

Mais c'est grace à ce topic que j'ai réussi à ré-installé Windows Installer.

 

Voici le rapport après avoir fixé :

 

[Registry - Additional Scans - Non-Microsoft Only]

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\DisableMSI deleted successfully.

< End of log >

Created on 09-07-2007 17:58:00

 

 

 

 

 

Pour les Màj pas de changement toujours le même message d'erreur (plus haut dans le sujet), et le services était déjà sur automatique et il était déjà démarrer.

 

 

Pour le moment je peux toujours pas désactiver des application en locurence SDFix, car a chaque fois que j'allume ou redémarre le PC il fait la dernière étape, je veux dire, quand il nettoie les fichier et service.(j'utilise JV16 2007 pour le faire) et je ne peux supprimer également.Le message d'erreur est plus haut dans le sujet et la ligne entouré en rouge.

 

L'autre soucis qui n'en ai pas forcément un, c'est que personnellement je suis seul sur le PC donc je ne crée n'y compte n'y groupe et voici celui que je rencontre et pour qui je ne me rappel pas l'avoir vu, c'est : CREATEUR PROPRIETAIRE

 

Dis moi Charles a quoi correspond YN dans ton script car parfois on le voit inversé ? Je suis pas juste curieux,mais tu m'aide donc je vais pas te regarder bosser en me glandant donc j'en profite pour ressortir de ce problème avec des connaissanece et comme tu là vus sur d'autre infection j'ai pris gout a la sécurité et j'apprend les lod hijack et le reste, pour pouvoir aidé aussi, voilà pourquoi cette question.Merci

 

Une autre question mais là c'est pour protéger mon nouveau fichier Hosts, puis-je le crypté pour le protéger car lecture seul n'ai pas vraiment utile j'ai remarqué.Je veux dire une fois crypté sera t-il fonctionnelle.

 

 

 

Merci de m'aider Charles,

 

Amicalement

[chtilo]

Bonsoir

 

Etant toujours en quète de solution pour pouvoir faire mes Màj de Windows , voici l'info que j'ai pu lire : Avec Zone alarm les maj windows passent difficilement .

 

Un avis ou une solution ?

 

Amicalement

[eclypse]

Salut

 

Ton windows est légal si oui desinstalle et reinstalle le genuine ca peut etre ca qui bug

 

@+

 

Eclypse

[chtilo]

Oui il est légale ma dernière màj date de début aout voir dans le rapport Windpfind3u

 

regarde l'erreur que j'ai eu :Failure Content Install Installation Failure: Windows failed to install the following update with error 0x8024d007: Mises à jour automatiques.

 

j'ai regarder dans le dossier Software Distribution\selfupdate\registered et il est vide, c'est normal

 

De plus j'ai suivi une solution de microsoft qui dit de renomer le dossier Software Distribution que j'ai fais ça na pas marcher alors j'ai voulu remettre le nom et voici la finalité

 

C:windows\softwaredistribution\les dossier qui doit avoir\oldsd(quand renommer)\eventcache et log donc j'ai deux eventcache et log

Est ce que c'est grave.

 

merci de ton aide, amoicalement

[Thanos]

salut

 

Le service Mises à jour automatiques est déjà sur automatique et démarré ?? bizarre, le rapport montre le contraire.

Essaie ceci >

 

Passe par le Panneau de Configuration et sélectionne les Options Internet > puis tu cliques sur l'onglet Avancé. Descend dans l'arborescence et choisis le menu Sécurité.

Décoche la case Vérifier la révocation des certificats puis clique sur Appliquer puis sur OK

Essaie d'accéder de nouveau à Windows Update pour voir si ca fonctionne.

 

Quant à la manip donnée par Microsoft, voilà ce qu'il fallait faire >

 

 

-vas dans le menu Démarrer/Executer et tu tapes : services.msc

 

Cherche le service suivant:Service de transfert intelligent en arrière-plan

Double clique dessus:

-dans le champs"Status du service" sélectionne "arrêté"

puis "Appliquer" puis"ok"

 

Fait de même avec le service Mises à jour automatiques

Note: tu ne désactives pas ces services, tu les stoppe seulement.

Quitte les services.

 

Tu vas dans C:\WINDOWS et tu sélectionnes le dossier SoftwareDistribution > tu fais un clic droit sur ce dossier et tu choisis renommer. Tu le renommes SoftwareDistribution.old

Ensuite tu quittes l'explorateur et tu redémarres les deux services que tu as prédédemment arrêté.

(tu cliques sur Démarrer)

 

Après ca repasse par Windows Update et constate si ca fonctionne.

 

Je rebondis sur ta question concernant le fichier Hosts > crypter ce fichier n'est pas la solution je pense.

Le fichier risque d'être inexploitable ! La seule solution connue est de mettre ce fichier en lecture seule afin d'empêcher l'écriture.

 

Je regarde pour ton problème de droits...

Modifié le 8 septembre 2007 par charles ingals

[chtilo]

Bonsoir Charles ,

 

Je pensait pas te revoir et puis avec le temps que j'était là-dessus j'ai donc fait un formatage de C:, je le fait pas d'habitude mais là sa me faisait #@]|^¤ les problème s'arrêtait pas.

 

Pour les Màj le rapport d'erreur indiquait un problème avec un fichier mais je l'ai plus en tête et avec le formatage il est effacer, de plus je lisait un peu partout que ZoneAlarme ne fait pas bon ménage avec les Màj.Avec la nouvelle install les Màj auto fonctionne mais quand je veux lancé les Màj moi_même sa marche pas, je veux dire, qu'il veut pas afficher les Màj dispo.

 

En tout cas je te remercie de ton aide et merci à tout ceux qui mon aidé .

 

amicalement.

 

Bonsoir Charles ,

 

Je pensait pas te revoir et puis avec le temps que j'était là-dessus j'ai donc fait un formatage de C:, je le fait pas d'habitude mais là sa me faisait #@]|^¤ les problème s'arrêtait pas.

 

Pour les Màj le rapport d'erreur indiquait un problème avec un fichier mais je l'ai plus en tête et avec le formatage il est effacer, de plus je lisait un peu partout que ZoneAlarme ne fait pas bon ménage avec les Màj.Avec la nouvelle install les Màj auto fonctionne mais quand je veux lancé les Màj moi_même sa marche pas, je veux dire, qu'il veut pas afficher les Màj dispo.

 

En tout cas je te remercie de ton aide et merci à tout ceux qui mon aidé .

 

amicalement.

[Thanos]

salut,

 

 

Désolé de ne pas avoir pû t'aider à résoudre ce problème

Une chose importante chtilo : méfie toi à l'avenir à ne pas faire trop de modifications dans ton système! parfois la bidouille dans la base de registre s'avère périlleuse! Le porblème c'est que lorsqu'un trop de grand nombre de modifs ont été faite, il faut pouvoir s'en souvenir pour evenir en arrière si besoin est.

Essaie dans la mesure du possible de conserver ton système dans son état d'origine (pense bien sûr au mises à jour et aux protections de base!)

 

bon surf

Modifié le 10 septembre 2007 par charles ingals