Rapport de scan en ligne

Thanos · le 20 septembre 2007

salut

Ok l'infection a été éliinée par FixWareOut.

Etant donné que tu as un très bon antivirus en place, on va l'utiliser et au passage le configurer car c'est très important!

1) Il est impératif de le configurer correctement afin de faire la meilleure analyse possible (et avoir la meilleure protection possible). Consulte le tuto suivant, et configure Antivir exactement comme c'est indiqué => Tutoriel de tesgaz

N'oublie surtout pas de mettre Antivir à jour!

Télécharge ATF Cleaner by Atribune sur ton bureau.

Copie/colle le contenu de la procédure dans un fichier texte(que tu met sur le bureau) pour pouvoir le consulter en mode sans échec(tu n'auras pas accès à internet!).

2) Redémarre le PC, impérativement en mode sans échec.

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement > Tapote par alternance les touches [F8] et [F5] jusqu'à l'affichage du menu des options avancées de Windows.

Sélectionne "Mode sans échec" et appuie sur la touche [Entrée].

Choisis ton compte usuel, et non Administrateur

3) Double-clique sur ATF Cleaner afin de lancer le programme.

Sous l'onglet Main, choisis : Select All
Clique sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :
Clique Firefox au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :
Clique Opera au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

* Si l'onglet "Firefox" est grisé dans ATF,nettoie le cache et les cookies dans Firefox comme ceci :

Ouvre Firefox et clique sur Outils=> Options
Clique sur l'onglet Vie Privée
clique sur le bouton Vider le cache dans l'onglet "Historique"
clique sur le bouton Supprimer les cookies dans l'onglet "Cookies"
clique sur le bouton Vider le cache dans l'onglet "Cache"
clique sur le bouton Ok pour fermer la fenêtre des options et valider tes choix.

4) Lance Antivir.

Pour démarrer un scan, il suffit de cliquer sur l'onglet Scanner
Choisis les éléments à scanner > choisis Local Drivers
Clique sur l'icône pour démarrer le scan.
Lorsqu'une infection est détectée, clique sur le bouton Move to quarantine puis coche la case Apply selection to all following detections > cilque sur [ok] pour valider.
Une fois le scan terminé, clique sur le bouton report > un rapport va être créé : enregistre le sur le bureau.

5) Redémarre le pc normalement et colle stp le résultat de l'analyse avec Antivir.

Poste aussi un rapport hijackthis, mais comme ceci stp >

Lance HijackThis.

Clique sur Open Misc Tools Section

Assure toi que les deux cases de droite sont bien cochées:

* List all minor sections(Full)

* List Empty Sections(Complete)

Clique sur Generate StartupList Log

Click sur "oui" lorsque l'on te le demande.

Cela va générer un rapport,copie le et poste le ici.

J'attire ton attention sur le fait que le scan doit être effectué en mode sans échec.

courage

Modifié le 20 septembre 2007 par charles ingals

zegut · le 21 septembre 2007

Merci de me suivre j'ai fais le scan en mode sans echec , je suis surpris que antivir trouve 2 virus qui ont un rapport

avec l'outil wareout et hijackthis ? nom des virus APPL/NirCmd.2 et PCK/Dumped. wareout concernai bien le redemarage par cmd , il faut savoir que depuis je n'ai plus le message de bienvenue de windows et qu'ala place j'ai un ecran tout bleu et après le bureau ? J'aurai également un problème avec hijack concernant le fichier version traduite originale.exe , alors que n'est fais que télecharger la version française hijack , pas sur le site officiel?

Personnellement je suis encore plus paumé !!!!! Du coup hijackthis je me demande si je dois pas le virer ?

Mon pc déconne , toujours au ralentit pour tout.

AntiVir PersonalEdition Classic

Report file date: vendredi 21 septembre 2007 20:28

Scanning for 1077818 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: DEHFOS

Computer name: VOTRE-324AA4A56

Version information:

BUILD.DAT : 268 15604 Bytes 31/08/2007 13:04:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 11/09/2007 18:10:31

AVSCAN.DLL : 7.0.6.0 49192 Bytes 11/09/2007 18:10:31

LUKE.DLL : 7.0.5.3 147496 Bytes 11/09/2007 18:10:31

LUKERES.DLL : 7.0.6.1 10280 Bytes 11/09/2007 18:10:31

ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58

ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 18:10:37

ANTIVIR2.VDF : 6.39.1.120 1918464 Bytes 12/09/2007 17:18:14

ANTIVIR3.VDF : 6.39.1.163 208896 Bytes 21/09/2007 17:55:02

AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 19/09/2007 15:18:34

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 11/09/2007 18:10:31

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 11/09/2007 18:10:39

AVREG.DLL : 7.0.1.6 30760 Bytes 11/09/2007 18:10:31

AVARKT.DLL : 1.0.0.20 278568 Bytes 11/09/2007 18:10:30

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 11/09/2007 18:10:30

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 11/09/2007 18:10:09

RCTEXT.DLL : 7.0.62.0 86056 Bytes 11/09/2007 18:10:09

SQLITE3.DLL : 3.3.17.1 339968 Bytes 11/09/2007 18:10:32

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: c:\program files\antivir personaledition classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: vendredi 21 septembre 2007 20:28

Starting search for hidden objects.

The driver could not be initialized.

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

11 processes with 11 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[NOTE] No virus was found!

[WARNING] The boot sector file could not be read!

[WARNING] Error code: 0x0083

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( '20' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\fixwareout\FindT\nircmd.exe

[DETECTION] Contains detection pattern of the application APPL/NirCmd.2

[iNFO] The file was moved to '47660ffb.qua'!

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

[DETECTION] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file

[iNFO] The file was moved to '4746111a.qua'!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\'

Search path D:\ could not be opened!

Le périphérique n'est pas prêt.

End of the scan: vendredi 21 septembre 2007 21:03

Used time: 34:47 min

The scan has been done completely.

3028 Scanning directories

147301 Files were scanned

2 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

2 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

147299 Files not concerned

630 Archives were scanned

2 Warnings

1 Notes

StartupList report, 21/09/2007, 21:51:12

StartupList version: 1.52.2

Started from : C:\Documents and Settings\DEHFOS\Mes documents\HiJackThis_v2.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.6000.16512)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\DEHFOS\Mes documents\HiJackThis_v2.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:

[C:\Documents and Settings\DEHFOS\Menu Démarrer\Programmes\Démarrage]

*No files*

Shell folders AltStartup:

*Folder not found*

User shell folders Startup:

*Folder not found*

User shell folders AltStartup:

*Folder not found*

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]

*No files*

Shell folders Common AltStartup:

*Folder not found*

User shell folders Common Startup:

*Folder not found*

User shell folders Alternate Common Startup:

*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HP Software Update = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

avgnt = "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

AAWTray = C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

ccleaner = "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[optionalcomponents]

*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *

StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Regedit.exe has no CompanyName property! It is either missing or named something else.

- Regedit.exe has no OriginalFilename property! It is either missing or named something else.

- Regedit.exe has no FileDescription property! It is either missing or named something else.

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

(no name) - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

SesamTVMC.job

Spybot - Search & Destroy - Scheduled Task.job

--------------------------------------------------

Enumerating Download Program Files:

[Windows Genuine Advantage Validation Tool]

InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll

CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[bDSCANONLINE Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\oscan8.ocx

CODEBASE = http://www.zebulon.fr/scan8/oscan8.cab

[Java Plug-in 1.6.0_02]

InProcServer32 = C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

CODEBASE = http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

NameSpace #4: C:\WINDOWS\System32\nwprovau.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

Protocol #18: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Ad-Aware 2007 Service: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" (disabled)

abp480n5: \SystemRoot\system32\DRIVERS\ABP480N5.SYS (disabled)

Pilote ACPI Microsoft: system32\DRIVERS\ACPI.sys (system)

adpu160m: \SystemRoot\system32\DRIVERS\adpu160m.sys (disabled)

Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start)

AFD: \SystemRoot\System32\drivers\afd.sys (system)

Filtre de bus AGP Intel: \SystemRoot\system32\DRIVERS\agp440.sys (disabled)

Filtre de bus AGP Compaq: \SystemRoot\system32\DRIVERS\agpCPQ.sys (disabled)

Aha154x: \SystemRoot\system32\DRIVERS\aha154x.sys (disabled)

aic78u2: \SystemRoot\system32\DRIVERS\aic78u2.sys (disabled)

aic78xx: \SystemRoot\system32\DRIVERS\aic78xx.sys (disabled)

Avertissement: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start)

AliIde: \SystemRoot\system32\DRIVERS\aliide.sys (disabled)

Filtre de bus AGP ALI: \SystemRoot\system32\DRIVERS\alim1541.sys (disabled)

Pilote de filtre du bus AMD AGP: \SystemRoot\system32\DRIVERS\amdagp.sys (disabled)

Pilote de processeur AMD: system32\DRIVERS\AmdK8.sys (system)

amsint: \SystemRoot\system32\DRIVERS\amsint.sys (disabled)

AntiVir PersonalEdition Classic Scheduler: "C:\Program Files\AntiVir PersonalEdition Classic\sched.exe" (autostart)

AntiVir PersonalEdition Classic Guard: "C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe" (autostart)

Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

asc: \SystemRoot\system32\DRIVERS\asc.sys (disabled)

asc3350p: \SystemRoot\system32\DRIVERS\asc3350p.sys (disabled)

asc3550: \SystemRoot\system32\DRIVERS\asc3550.sys (disabled)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)

Pilote de média asynchrone RAS: system32\DRIVERS\asyncmac.sys (manual start)

Contrôleur de disque dur IDE/ESDI standard: system32\DRIVERS\atapi.sys (system)

Protocole client ATM ARP: system32\DRIVERS\atmarpc.sys (manual start)

Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Pilote audio Stub: system32\DRIVERS\audstub.sys (manual start)

avgio: \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys (system)

avgntflt: \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys (manual start)

AVG Network redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)

avipbb: system32\DRIVERS\avipbb.sys (system)

Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

cbidf: \SystemRoot\system32\DRIVERS\cbidf2k.sys (disabled)

cd20xrnt: \SystemRoot\system32\DRIVERS\cd20xrnt.sys (disabled)

Pilote de CD-ROM: system32\DRIVERS\cdrom.sys (system)

Service d'indexation: %SystemRoot%\system32\cisvc.exe (disabled)

Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (disabled)

.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)

CmdIde: \SystemRoot\system32\DRIVERS\cmdide.sys (disabled)

Application système COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Cpqarray: \SystemRoot\system32\DRIVERS\cpqarray.sys (disabled)

Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

dac2w2k: \SystemRoot\system32\DRIVERS\dac2w2k.sys (disabled)

dac960nt: \SystemRoot\system32\DRIVERS\dac960nt.sys (disabled)

Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Pilote de disque: system32\DRIVERS\disk.sys (system)

Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

dmio: System32\drivers\dmio.sys (disabled)

dmload: System32\drivers\dmload.sys (disabled)

Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start)

Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

dpti2o: \SystemRoot\system32\DRIVERS\dpti2o.sys (disabled)

Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start)

drvmcdb: system32\DRIVERS\drvmcdb.sys (system)

Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Journal des événements: %SystemRoot%\system32\services.exe (autostart)

Système d'événements de COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)

Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

FBAPI: \??\C:\WINDOWS\system32\drivers\FBAPI.sys (autostart)

Pilote de contrôleur de lecteur de disquettes: system32\DRIVERS\fdc.sys (manual start)

Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet: system32\DRIVERS\fetnd5.sys (manual start)

VIA Rhine Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5b.sys (manual start)

FltMgr: system32\DRIVERS\fltMgr.sys (system)

Pilote du Gestionnaire de volume: system32\DRIVERS\ftdisk.sys (system)

Filtre AGP version 3.0 générique Microsoft pour plates-formes à base de processeur K8: system32\DRIVERS\gagp30kx.sys (system)

gmer: System32\DRIVERS\gmer.sys (manual start)

GMSIPCI: \??\D:\INSTALL\GMSIPCI.SYS (manual start)

Classificateur de paquets générique: system32\DRIVERS\msgpc.sys (manual start)

Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Pilote de classe HID Microsoft: system32\DRIVERS\hidusb.sys (manual start)

hpn: \SystemRoot\system32\DRIVERS\hpn.sys (disabled)

IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)

Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)

USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

i2omp: \SystemRoot\system32\DRIVERS\i2omp.sys (disabled)

Pilote pour clavier i8042 et souris sur port PS/2: system32\DRIVERS\i8042prt.sys (system)

InstallDriver Table Manager: "C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (disabled)

Pilote de filtre de gravure CD: system32\DRIVERS\imapi.sys (system)

Service COM de gravage de CD IMAPI: C:\WINDOWS\system32\imapi.exe (manual start)

ini910u: \SystemRoot\system32\DRIVERS\ini910u.sys (disabled)

IntelIde: \SystemRoot\system32\DRIVERS\intelide.sys (disabled)

Pilote du pare-feu Windows IPv6: system32\DRIVERS\Ip6Fw.sys (manual start)

Pilote de filtre de trafic IP: system32\DRIVERS\ipfltdrv.sys (manual start)

Pilote de tunnelage IP dans IP: system32\DRIVERS\ipinip.sys (manual start)

Traducteur d'adresses réseau IP: system32\DRIVERS\ipnat.sys (manual start)

Pilote IPSEC: system32\DRIVERS\ipsec.sys (system)

Service énumérateur IR: system32\DRIVERS\irenum.sys (manual start)

Pilote de bus Plug-and-Play ISA/EISA: system32\DRIVERS\isapnp.sys (system)

Pilote de la classe Clavier: system32\DRIVERS\kbdclass.sys (system)

Pilote HID de clavier: system32\DRIVERS\kbdhid.sys (system)

KLIF: \??\C:\WINDOWS\system32\drivers\klif.sys (manual start)

Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start)

Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Machnm32 Driver: \??\C:\WINDOWS\system32\Machnm32.sys (autostart)

Affichage des messages: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Partage de Bureau à distance NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start)

Pilote de la classe Souris: system32\DRIVERS\mouclass.sys (system)

Pilote HID de souris: system32\DRIVERS\mouhid.sys (manual start)

mraid35x: \SystemRoot\system32\DRIVERS\mraid35x.sys (disabled)

Redirecteur client WebDav: system32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: system32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)

Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start)

Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start)

Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start)

Pilote BIOS de gestion de systèmes Microsoft: system32\DRIVERS\mssmbios.sys (manual start)

Pilote TAPI NDIS d'accès distant: system32\DRIVERS\ndistapi.sys (manual start)

NDIS mode utilisateur E/S Protocole: system32\DRIVERS\ndisuio.sys (manual start)

Pilote réseau étendu NDIS d'accès distant: system32\DRIVERS\ndiswan.sys (manual start)

Interface NetBIOS: system32\DRIVERS\netbios.sys (system)

NetBIOS sur TCP/IP: system32\DRIVERS\netbt.sys (system)

DDE réseau: %SystemRoot%\system32\netdde.exe (disabled)

DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (disabled)

Ouverture de session réseau: %SystemRoot%\system32\lsass.exe (manual start)

Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\system32\lsass.exe (manual start)

Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Pilote de filtre de trafic IPX: system32\DRIVERS\nwlnkflt.sys (manual start)

Pilote de transfert de trafic IPX: system32\DRIVERS\nwlnkfwd.sys (manual start)

Office Source Engine: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" (disabled)

Pilote de port parallèle: system32\DRIVERS\parport.sys (manual start)

Pilote de bus PCI: system32\DRIVERS\pci.sys (system)

PCIIde: \SystemRoot\system32\DRIVERS\pciide.sys (disabled)

VSO Software pcouffin: System32\Drivers\pcouffin.sys (manual start)

perc2: \SystemRoot\system32\DRIVERS\perc2.sys (disabled)

perc2hib: \SystemRoot\system32\DRIVERS\perc2hib.sys (disabled)

PhnxVcd: System32\Drivers\PhnxVcd.sys (manual start)

Phoenix VCD Service: C:\WINDOWS\system32\PhnxCDSvr.exe (disabled)

Plug-and-Play: %SystemRoot%\system32\services.exe (autostart)

Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (disabled)

Services IPSEC: %SystemRoot%\system32\lsass.exe (autostart)

Miniport réseau étendu (PPTP): system32\DRIVERS\raspptp.sys (manual start)

Pilote processeur: system32\DRIVERS\processr.sys (system)

Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart)

Planificateur de paquets QoS: system32\DRIVERS\psched.sys (manual start)

Pilote de liaison parallèle directe: system32\DRIVERS\ptilink.sys (manual start)

Disk Filter Driver: system32\drivers\ptpd.sys (system)

PxHelp20: System32\Drivers\PxHelp20.sys (system)

ql1080: \SystemRoot\system32\DRIVERS\ql1080.sys (disabled)

Ql10wnt: \SystemRoot\system32\DRIVERS\ql10wnt.sys (disabled)

ql12160: \SystemRoot\system32\DRIVERS\ql12160.sys (disabled)

ql1240: \SystemRoot\system32\DRIVERS\ql1240.sys (disabled)

ql1280: \SystemRoot\system32\DRIVERS\ql1280.sys (disabled)

Pilote de connexion automatique d'accès distant: system32\DRIVERS\rasacd.sys (system)

Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Miniport réseau étendu (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)

Gestionnaire de connexions d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Pilote PPPOE d'accès à distance: system32\DRIVERS\raspppoe.sys (manual start)

Parallèle direct: system32\DRIVERS\raspti.sys (manual start)

Rdbss: system32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Pilote de redirecteur de périphérique Terminal Server: system32\DRIVERS\rdpdr.sys (manual start)

Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start)

Pilote de filtre de lecture digitale de CD audio: system32\DRIVERS\redbook.sys (system)

Routage et accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Localisateur d'appels de procédure distante (RPC): %SystemRoot%\system32\locator.exe (manual start)

Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)

Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart)

Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start)

Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: system32\DRIVERS\secdrv.sys (manual start)

Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Pilote de filtre Serenum: system32\DRIVERS\serenum.sys (manual start)

Pilote de port série: system32\DRIVERS\serial.sys (system)

Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Filtre de bus AGP SIS: \SystemRoot\system32\DRIVERS\sisagp.sys (disabled)

Sparrow: \SystemRoot\system32\DRIVERS\sparrow.sys (disabled)

Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start)

Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart)

sptd: System32\Drivers\sptd.sys (system)

Pilote de filtre de restauration système: system32\DRIVERS\sr.sys (system)

Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Srv: system32\DRIVERS\srv.sys (manual start)

Service de découvertes SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

ssmdrv: system32\DRIVERS\ssmdrv.sys (system)

SAMSUNG Mobile USB Device II 1.0 driver (WDM): system32\DRIVERS\ssm_bus.sys (manual start)

SAMSUNG Mobile USB Modem II 1.0 Filter: system32\DRIVERS\ssm_mdfl.sys (manual start)

SAMSUNG Mobile USB Modem II 1.0 Drivers: system32\DRIVERS\ssm_mdm.sys (manual start)

Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)

Pilote de bus logiciel: system32\DRIVERS\swenum.sys (manual start)

Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{27D524CB-A5A3-467C-A170-BE5A05D05B86} (manual start)

symc810: \SystemRoot\system32\DRIVERS\symc810.sys (disabled)

symc8xx: \SystemRoot\system32\DRIVERS\symc8xx.sys (disabled)

sym_hi: \SystemRoot\system32\DRIVERS\sym_hi.sys (disabled)

sym_u3: \SystemRoot\system32\DRIVERS\sym_u3.sys (disabled)

Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start)

Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start)

Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Pilote du protocole TCP/IP: system32\DRIVERS\tcpip.sys (system)

Pilote de périphérique terminal: system32\DRIVERS\termdd.sys (system)

Services Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

TosIde: \SystemRoot\system32\DRIVERS\toside.sys (disabled)

Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

ultra: \SystemRoot\system32\DRIVERS\ultra.sys (disabled)

Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (disabled)

Pilote de mise à jour microcode: system32\DRIVERS\update.sys (manual start)

Hôte de périphérique universel Plug-and-Play: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

Onduleur: %SystemRoot%\System32\ups.exe (manual start)

Pilote parent générique USB Microsoft: system32\DRIVERS\usbccgp.sys (manual start)

Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0: system32\DRIVERS\usbehci.sys (manual start)

Concentrateur USB2: system32\DRIVERS\usbhub.sys (manual start)

Classe d'imprimantes USB Microsoft: system32\DRIVERS\usbprint.sys (manual start)

Pilote de scanneur USB: system32\DRIVERS\usbscan.sys (manual start)

Pilote de stockage de masse USB: system32\DRIVERS\USBSTOR.SYS (manual start)

Pilote miniport de contrôleur hôte universel USB Microsoft: system32\DRIVERS\usbuhci.sys (manual start)

VgaSave: \SystemRoot\System32\drivers\vga.sys (system)

Filtre de bus AGP VIA: \SystemRoot\system32\DRIVERS\viaagp.sys (disabled)

viagfx: system32\DRIVERS\vtmini.sys (manual start)

ViaIde: system32\DRIVERS\viaide.sys (system)

viamraid: system32\DRIVERS\viamraid.sys (system)

Vinyl AC'97 Audio Controller (WDM): system32\drivers\vinyl97.sys (manual start)

Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start)

Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Pilote ARP IP d'accès distant: system32\DRIVERS\wanarp.sys (manual start)

Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Service Windows Media Connect: C:\Program Files\Windows Media Connect 2\wmccds.exe (disabled)

Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Carte de performance WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)

Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)

Centre de sécurité: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Service d'approvisionnement réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

Windows NT checkdisk command:

BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':

PendingFileRenameOperations: C:\DOCUME~1\DEHFOS\LOCALS~1\TEMPOR~1\Content.IE5\index.dat||C:\DOCUME~1\DEHFOS\Cookies\index.dat||C:\DOCUME~1\DEHFOS\LOCALS~1\Temp\_iu14D2N.tmp|||\

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 36 438 bytes

Report generated in 0,938 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Thanos · le 21 septembre 2007

salut

Rien de mauvais dans ces rapports! Quant à ceci >

je suis surpris que antivir trouve 2 virus qui ont un rapport
avec l'outil wareout et hijackthis ?

Ne t'inquiête pas pour ca! Les outils qu'on fait utiliser sont parfois détectés à tord par les antivirus comme des malwares! Or il n'en est rien bien sûr! C'est dû au fait que ces programmes intègrent d'autres programmes qui peuvent être utilisés à de mauvaises fin. C'est valable pour hijackthis (version française) et FixWareOut (mais d'autres aussi!)

La lenteur de ton pc n'est pas dûe à un grand nombre de processus lancés, ni un trop grand nombre de services.

Par contre ce que tu dis est important >

j'ai également changé la taille du fichier d'échange bref j'ai éssayé une multitude de choses qui seraient trop longues à emunéré.

Si tu as fait les mauvais réglages, les performances du pc peuvent en pâtir!!

Dis exactement comment tu as rêglé ce paramètre et ce que tu as fait d'autre stp.

Fais ce scan en ligne pour terminer la partie désinfection >

Fais un scan en ligne avec Panda :

http://www.pandasoftware.fr/Activescan/Activescan.html .

Et poste le rapport qu'il t'affichera à la fin, pour cela, assure toi que IE est correctement configuré pour le scan en ligne comme indiqué ici : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId898809 .

Si tu n'y arrives pas, le tuto est : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId237368

Tu n'es pas obligé de donner ton email, tu peux utiliser une adresse jetable si tu le souhaites : http://www.jetable.org/fr/index

Attention!! Panda et Antivir entrent en conflit, pour pouvoir télécharger le contrôle active x de Panda, il faut que tu désactives le bouclier d'Antivir le temps du scan. (Fais un clic droit sur l'icône d'Antivir dans la barre des tâches et décoche Antivir Guard enable> réactive le en fin de scan après avoir sauvegardé le rapport)

zegut · le 22 septembre 2007

Concernant le fichier d'échange j'ai remis les parametres par default sinon je n'ai pas fait de réglage particulier concernant internet ça tourne à peu près ,par contre c'est le tps d'ouverture et de fermeture windows qui est toujours aussi lent le scan suivant fait reference à Avg et effectivement il y a parfois le centre de sécurité (pare feu de windows me rappel que avg n'est pas à jour avec le signe windows en rouge , alors que je n'utilise plus avg je pensai l'avoir virer et le centre de securite ne fais que reference à avg ? comment retrouver ce fichier infecter

;***********************************************************************************************************************************************************************************

ANALYSIS: 2007-09-22 15:35:40

PROTECTIONS: 2

MALWARE: 1

SUSPECTS: 0

;***********************************************************************************************************************************************************************************

PROTECTIONS

Description Version Active Updated

;===================================================================================================================================================================================

Système anti-virus AVG 7.0.289 7.0.289 Yes No

Avira AntiVir PersonalEdition 6.39.1.164

No Yes

;===================================================================================================================================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===================================================================================================================================================================================

00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe

;===================================================================================================================================================================================

SUSPECTS

Location

;===================================================================================================================================================================================

Thanos · le 22 septembre 2007

salut

Le scan en ligne ne montre rien d'infectieux! le fichier détecté appartient à un utilitaire de désinfection type SmitFraudFix par ex.

Stp, fais analyser ce fichier en ligne (c'est rapide) > C:\WINDOWS\system32\drivers\FBAPI.sys

Rend toi à cette adresse => http://www.virustotal.com/

Tu as une case nommée "Parcourir": tu cliques dessus et une fenêtre s'ouvre=> parcours ton disque dur , et recherche le fichier FBAPI.sys que tu trouveras en allant dans le dossier C:\WINDOWS\System32

Tu cliques une fois sur le fichier FBAPI.sys (il prend une couleur bleue!) puis tu cliques sur "ouvrir" en bas de la fenêtre puis sur "Envoyer le fichier". Le scan de ce fichier va débuter. Tu n'as plus qu'à sélectionner puis copier /coller l'analyse .

Note: les fichiers uploadés sont mis en attente, car le virusscan est sollicité! patiente (un message t'indique le temps que ce prendra pour faire analyser)

Il est possible que ce fichier soit caché et que tu ne le vois pas : si c'est le cas, fais au préalable >

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Cocher la case : Afficher les fichiers et dossiers cachés

Décocher la case : Masquer les extensions des fichiers dont le type est connu

Décocher la case : Masquer les fichiers protégés du système d'exploitation

cliquer sur "Appliquer"

cliquer sur le bouton "Appliquer à tous les dossiers" / OK

@+

zegut · le 22 septembre 2007

J'ai fais ce que tu ma indiqué fichier introuvable?

Thanos · le 23 septembre 2007

ok, un scan un peu plus complêt pour voir >

Télécharge WinPFind3U.exe sur ton bureau.

Ouvre le dossier et double clique sur le fichier WinPFind3U.exe pour lancer le programme.
Sous le groupe Files Created Within sélectionne 60 days
Sous le groupe Files Modified Within sélectionne 60 days
Sous le groupe String Search sélectionne Non-Microsoft
Sous le groupe Additional Scans coche les cases >
Reg- Security Settings
Reg- Software Policy Settings
Reg- Additional Folder Scans
A présent clique sur le bouton Run Scan dans la barre d'outils
Lorsque le scan est terminé,le bloc-notes s'ouvre et affiche le rapport.
Clique sur le menu "Format" et assure toi que la case "Retour automatique à la ligne" ne soit pas cochée.
Copie/Colle le contenu du rapport dans ta prochaine réponse.

@+

Modifié le 23 septembre 2007 par charles ingals

zegut · le 23 septembre 2007

Voilà le dernier scan à quoi consiste t-il STP ?

WinPFind3 logfile created on: 23/09/2007 19:53:20

WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\DEHFOS\Bureau\WinPFind3u\

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)

Internet Explorer (Version = 7.0.5730.11)

191,48 Mb Total Physical Memory | 96,54 Mb Available Physical Memory | 50,42% Memory free

463,68 Mb Paging File | 234,13 Mb Available in Paging File | 50,49% Paging File free

Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 65,92 Gb Total Space | 52,38 Gb Free Space | 79,46% Space Free

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Computer Name: VOTRE-324AA4A56

Current User Name: DEHFOS

Logged in as Administrator.

Current Boot Mode: Normal

[Processes - Non-Microsoft Only]

aawtray.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\AAWTray.exe -> [Ver = 1, 0, 0, 1 | Size = 88024 bytes | Modified Date = 08/08/2007 15:53:16 | Attr = ]

avgnt.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.02.00.13 | Size = 249896 bytes | Modified Date = 11/09/2007 20:10:32 | Attr = ]

avguard.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.79 | Size = 210984 bytes | Modified Date = 11/09/2007 20:10:32 | Attr = ]

hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 19/02/2006 02:41:10 | Attr = ]

jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]

sched.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 11/09/2007 20:10:32 | Attr = ]

winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 | Attr = ]

[Win32 Services - Non-Microsoft Only]

(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 19/08/2004 16:09:52 | Attr = ]

(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Stopped] -> -> File not found

(WMConnectCDS) Service Windows Media Connect [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Windows Media Connect 2\wmccds.exe -> File not found

[Registry - Non-Microsoft Only]

< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

AAWTray -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\AAWTray.exe -> [Ver = 1, 0, 0, 1 | Size = 88024 bytes | Modified Date = 08/08/2007 15:53:16 | Attr = ]

avgnt -> %ProgramFiles%\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.02.00.13 | Size = 249896 bytes | Modified Date = 11/09/2007 20:10:32 | Attr = ]

HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 19/02/2006 02:41:10 | Attr = ]

SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]

< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->

IMAIL -> Installed = 1 ->

MAPI -> Installed = 1 ->

MSFS -> Installed = 1 ->

< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

ccleaner -> %ProgramFiles%\CCleaner\ccleaner.exe -> Piriform Ltd [Ver = 1.41.0544 | Size = 598656 bytes | Modified Date = 13/07/2007 11:10:18 | Attr = ]

< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->

< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->

< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->

< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

< HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->

127.0.0.1 localhost -> ->

< Internet Explorer Settings > -> ->

HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->

HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKLM: Local Page -> C:\windows\system32\blank.htm ->

HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->

HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->

HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->

HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKCU: Local Page -> C:\windows\system32\blank.htm ->

HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKCU: Start Page -> http://www.neufportail.fr/ ->

HKCU: ProxyEnable -> 0 ->

< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

msn.com [ - ] -> ->

< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 04:16:42 | Attr = ]

{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [sSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]

< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->

{965B54B0-71E0-4611-8DE7-F73FA0B20E26} [HKLM] -> %ProgramFiles%\Babylon\Babylon-Pro\Babylon Toolbar\BabylonIEToolBar.dll [babylon] -> Babylon Ltd. [Ver = 2.0.1.4 | Size = 264416 bytes | Modified Date = 16/07/2007 15:49:56 | Attr = ]

< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->

ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

WebBrowser\\{965B54B0-71E0-4611-8DE7-F73FA0B20E26} [HKLM] -> %ProgramFiles%\Babylon\Babylon-Pro\Babylon Toolbar\BabylonIEToolBar.dll [babylon] -> Babylon Ltd. [Ver = 2.0.1.4 | Size = 264416 bytes | Modified Date = 16/07/2007 15:49:56 | Attr = ]

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> File not found

< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]

{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found

< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->

Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found

Translate with &Babylon -> %ProgramFiles%\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll\Translate.htm -> File not found

< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->

{88317C58-0B89-4AEE-ACA6-ED4AD09D4599} -> (VIA Rhine II Fast Ethernet Adapter) ->

< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->

ipp -> Reg Data - Key not found -> File not found

msdaipp -> Reg Data - Key not found -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->

{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->

{512FC5A1-7DE1-43F1-BC0C-371622FCB409} -> TotalScan Installer Class - CodeBase = http://www.nanoscan.com/as/v1/cabs/ascstubie.cab ->

{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://www.update.microsoft.com/windowsupd...b?1190487864765 ->

{8436FE12-31DB-48BF-83BF-FE682F9160B4} -> NanoInstaller Class - CodeBase = http://www.nanoscan.com/cabs/nanoinst.cab ->

{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab ->

[Registry - Additional Scans - Non-Microsoft Only]

< Security Settings > -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Service de transfert intelligent en arrière-plan ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfère des données entre les clients et les serveurs en tâche de fond. Si le service BITS est désactivé, les fonctionnalités telles que Windows Update ne fonctionneront pas correctement. ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> Root\LEGACY_BITS00 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique. ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Pare-feu Windows / Partage de connexion Internet ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1324 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Connect ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Connect ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Connect ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Connect ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Connect ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Connect ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\utorrent.exe -> C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\VideoLAN\VLC\vlc.exe -> C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:*:Disabled:@xpsp2res.dll,-22008 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Connect ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Connect ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Connect ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Connect ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Connect ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Connect ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> Root\LEGACY_SHAREDACCESS00 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Active le téléchargement et l'installation des mises à jour Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité des mises à jour automatiques ou le site Windows Update. ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> Root\LEGACY_WUAUSERV00 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->

< Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Restrictions\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventRun -> Reg Data - Value = 0 bytes ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^«0O•zI‰j

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> g°Ô‹4:?Ó¼éÜdgó” ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xÜþøÈ“ÜŠ°Ý„} ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> –; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> ½š*ÛBëØV%Mø/g ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_„ìöiÓk•j"À€ ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\ -> ->

< Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->

HKEY_CURRENT_USER\Software\Policies\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\\PreventRun -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\ -> ->

[Files/Folders - Created Within 60 days]

31.2.5144 -> %SystemDrive%\31.2.5144 -> [Folder | Created Date = 18/09/2007 18:29:25 | Attr = ]

fixwareout -> %SystemDrive%\fixwareout -> [Folder | Created Date = 20/09/2007 17:20:22 | Attr = ]

install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Created Date = 18/09/2007 20:00:38 | Attr = ]

mes documents -> %SystemDrive%\mes documents -> [Folder | Created Date = 01/08/2007 14:32:34 | Attr = ]

$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 07/09/2007 18:32:22 | Attr = H ]

$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 07/09/2007 18:31:57 | Attr = H ]

AU_Temp -> %SystemRoot%\AU_Temp -> [Folder | Created Date = 14/09/2007 18:01:06 | Attr = ]

fllib.dll -> %SystemRoot%\fllib.dll -> [Ver = | Size = 20 bytes | Created Date = 16/09/2007 14:14:37 | Attr = ]

hpoins11.dat -> %SystemRoot%\hpoins11.dat -> [Ver = | Size = 129249 bytes | Created Date = 05/08/2007 15:19:54 | Attr = ]

hpoins11.dat.temp -> %SystemRoot%\hpoins11.dat.temp -> [Ver = | Size = 129223 bytes | Created Date = 05/08/2007 15:08:37 | Attr = ]

hpomdl11.dat.temp -> %SystemRoot%\hpomdl11.dat.temp -> [Ver = | Size = 11634 bytes | Created Date = 05/08/2007 15:08:36 | Attr = ]

ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 07/09/2007 18:32:47 | Attr = H ]

ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 09/09/2007 00:45:48 | Attr = ]

iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Created Date = 16/09/2007 13:33:26 | Attr = ]

LPT$VPN.719 -> %SystemRoot%\LPT$VPN.719 -> [Ver = | Size = 37121453 bytes | Created Date = 14/09/2007 18:03:13 | Attr = ]

McAfee.com -> %SystemRoot%\McAfee.com -> [Folder | Created Date = 17/09/2007 22:54:19 | Attr = ]

network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 07/09/2007 18:29:43 | Attr = ]

PATCH.EXE -> %SystemRoot%\PATCH.EXE -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 286720 bytes | Created Date = 07/09/2007 18:00:14 | Attr = ]

PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 02/08/2007 21:32:55 | Attr = H ]

VPTNFILE.719 -> %SystemRoot%\VPTNFILE.719 -> [Ver = | Size = 37121453 bytes | Created Date = 14/09/2007 18:01:52 | Attr = ]

WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 07/09/2007 18:34:17 | Attr = ]

wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 94 bytes | Created Date = 03/09/2007 22:03:20 | Attr = ]

Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [Ver = | Size = 242 bytes | Created Date = 19/09/2007 15:41:59 | Attr = ]

ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 17/09/2007 21:53:29 | Attr = ]

dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ]

fr-fr -> %System32%\fr-fr -> [Folder | Created Date = 07/09/2007 18:34:16 | Attr = ]

inetsrv -> %System32%\inetsrv -> [Folder | Created Date = 20/09/2007 17:04:45 | Attr = ]

java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 17/09/2007 22:09:02 | Attr = ]

javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Created Date = 17/09/2007 22:09:02 | Attr = ]

javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 17/09/2007 22:09:02 | Attr = ]

javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Created Date = 17/09/2007 22:09:02 | Attr = ]

LogFiles -> %System32%\LogFiles -> [Folder | Created Date = 09/09/2007 22:20:17 | Attr = ]

pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 17/09/2007 21:53:32 | Attr = ]

Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ]

Samsung_USB_Drivers -> %System32%\Samsung_USB_Drivers -> [Folder | Created Date = 03/09/2007 18:10:51 | Attr = ]

SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ]

swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ]

swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ]

swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ]

tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2238 bytes | Created Date = 19/09/2007 19:43:11 | Attr = ]

VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 19/09/2007 19:41:37 | Attr = ]

avgntdd.sys -> %System32%\drivers\avgntdd.sys -> AVIRA GmbH [Ver = 6.38.00.01 | Size = 40000 bytes | Created Date = 11/09/2007 18:14:20 | Attr = ]

avgntmgr.sys -> %System32%\drivers\avgntmgr.sys -> AVIRA GmbH [Ver = 6.37.01.01 | Size = 14848 bytes | Created Date = 11/09/2007 18:14:20 | Attr = ]

avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.11 | Size = 62016 bytes | Created Date = 11/09/2007 18:14:17 | Attr = ]

AWRTRD.sys -> %System32%\drivers\AWRTRD.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 8320 bytes | Created Date = 07/08/2007 12:58:08 | Attr = ]

fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 66336 bytes | Created Date = 06/09/2007 11:31:04 | Attr = HS]

fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 1220 bytes | Created Date = 06/09/2007 11:31:04 | Attr = HS]

fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 1824 bytes | Created Date = 06/09/2007 11:31:04 | Attr = HS]

fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 1172 bytes | Created Date = 06/09/2007 11:31:04 | Attr = HS]

NSDriver.sys -> %System32%\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 9344 bytes | Created Date = 07/08/2007 12:56:58 | Attr = ]

ssmdrv.sys -> %System32%\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 11/09/2007 18:14:19 | Attr = ]

ssm_bus.sys -> %System32%\drivers\ssm_bus.sys -> MCCI [Ver = V4.34 | Size = 58320 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ]

ssm_cm.sys -> %System32%\drivers\ssm_cm.sys -> MCCI [Ver = V4.34 | Size = 6176 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ]

ssm_cmnt.sys -> %System32%\drivers\ssm_cmnt.sys -> MCCI [Ver = V4.34 | Size = 6176 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ]

ssm_mdfl.sys -> %System32%\drivers\ssm_mdfl.sys -> MCCI [Ver = V4.34 | Size = 8336 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ]

ssm_mdm.sys -> %System32%\drivers\ssm_mdm.sys -> MCCI [Ver = V4.34 | Size = 94000 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ]

ssm_wh.sys -> %System32%\drivers\ssm_wh.sys -> MCCI [Ver = V4.34 | Size = 5840 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ]

ssm_whnt.sys -> %System32%\drivers\ssm_whnt.sys -> MCCI [Ver = V4.34 | Size = 5840 bytes | Created Date = 03/09/2007 18:11:08 | Attr = ]

StarOpen.sys -> %System32%\drivers\StarOpen.sys -> [Ver = | Size = 5632 bytes | Created Date = 03/09/2007 18:10:16 | Attr = ]

hosts.20070919-162720.backup -> %System32%\drivers\etc\hosts.20070919-162720.backup -> [Ver = | Size = 734 bytes | Created Date = 19/09/2007 15:27:20 | Attr = ]

AntiVir PersonalEdition Classic -> %AllUsersAppData%\AntiVir PersonalEdition Classic -> [Folder | Created Date = 11/09/2007 18:14:14 | Attr = ]

Babylon -> %AllUsersAppData%\Babylon -> [Folder | Created Date = 19/09/2007 11:53:16 | Attr = ]

Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 04/09/2007 22:07:31 | Attr = ]

Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Created Date = 17/09/2007 23:33:21 | Attr = ]

Kaspersky Lab Setup Files -> %AllUsersAppData%\Kaspersky Lab Setup Files -> [Folder | Created Date = 06/09/2007 11:24:13 | Attr = ]

LauncherAccess.dt -> %AllUsersAppData%\LauncherAccess.dt -> [Ver = | Size = 0 bytes | Created Date = 03/09/2007 18:30:00 | Attr = ]

Babylon -> %UserAppData%\Babylon -> [Folder | Created Date = 19/09/2007 11:53:16 | Attr = ]

Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 04/09/2007 22:08:18 | Attr = ]

Samsung -> %UserAppData%\Samsung -> [Folder | Created Date = 03/09/2007 18:31:52 | Attr = ]

Uniblue -> %UserAppData%\Uniblue -> [Folder | Created Date = 10/09/2007 18:54:44 | Attr = ]

vlc -> %UserAppData%\vlc -> [Folder | Created Date = 03/08/2007 18:44:39 | Attr = ]

Babylon -> %LocalAppData%\Babylon -> [Folder | Created Date = 19/09/2007 11:56:20 | Attr = ]

{AC84089A-4614-4D65-9C7F-C70274C17586} -> %LocalAppData%\{AC84089A-4614-4D65-9C7F-C70274C17586} -> [Folder | Created Date = 05/09/2007 19:23:16 | Attr = ]

Nouveau dossier -> %AllUsersDocuments%\Nouveau dossier -> [Folder | Created Date = 08/09/2007 23:44:39 | Attr = ]

10000.jpg -> %UserDocuments%\10000.jpg -> [Ver = | Size = 43530 bytes | Created Date = 03/09/2007 19:26:49 | Attr = ]

ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe -> %UserDocuments%\ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe -> [Ver = | Size = 19142000 bytes | Created Date = 19/09/2007 14:44:29 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe:Zone.Identifier ->

Amee..[JAM-HOT.com].wmv.torrent -> %UserDocuments%\Amee..[JAM-HOT.com].wmv.torrent -> [Ver = | Size = 17139 bytes | Created Date = 21/09/2007 22:09:12 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\Amee..[JAM-HOT.com].wmv.torrent:Zone.Identifier ->

Babylon6_setup_eng_eng_oxford.exe -> %UserDocuments%\Babylon6_setup_eng_eng_oxford.exe -> [Ver = | Size = 13584608 bytes | Created Date = 19/09/2007 11:52:56 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\Babylon6_setup_eng_eng_oxford.exe:Zone.Identifier ->

cv conseiller insertion Pro.rtf -> %UserDocuments%\cv conseiller insertion Pro.rtf -> [Ver = | Size = 2990 bytes | Created Date = 20/09/2007 12:21:23 | Attr = ]

DiagHelp.zip -> %UserDocuments%\DiagHelp.zip -> [Ver = | Size = 623220 bytes | Created Date = 19/09/2007 16:26:11 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\DiagHelp.zip:Zone.Identifier ->

DSPP_CIP.doc -> %UserDocuments%\DSPP_CIP.doc -> [Ver = | Size = 144384 bytes | Created Date = 20/09/2007 18:23:56 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\DSPP_CIP.doc:Zone.Identifier ->

Fixwareout.exe -> %UserDocuments%\Fixwareout.exe -> [Ver = 1.0.0.5 | Size = 486449 bytes | Created Date = 20/09/2007 17:20:10 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\Fixwareout.exe:Zone.Identifier ->

formations_crp.pdf -> %UserDocuments%\formations_crp.pdf -> [Ver = | Size = 179530 bytes | Created Date = 16/09/2007 18:08:39 | Attr = ]

funrecent.fmp -> %UserDocuments%\funrecent.fmp -> [Ver = | Size = 20 bytes | Created Date = 03/09/2007 18:43:29 | Attr = ]

HiJackThis_v2.exe -> %UserDocuments%\HiJackThis_v2.exe -> Trend Micro Inc. [Ver = 2.00 | Size = 1308216 bytes | Created Date = 21/09/2007 20:47:52 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\HiJackThis_v2.exe:Zone.Identifier ->

lettre conseil général.rtf -> %UserDocuments%\lettre conseil général.rtf -> [Ver = | Size = 1721 bytes | Created Date = 13/09/2007 17:09:35 | Attr = ]

Masha..[JAM-HOT.com].avi.torrent -> %UserDocuments%\Masha..[JAM-HOT.com].avi.torrent -> [Ver = | Size = 15239 bytes | Created Date = 21/09/2007 22:08:15 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\Masha..[JAM-HOT.com].avi.torrent:Zone.Identifier ->

MenuBorderTR.gif -> %UserDocuments%\MenuBorderTR.gif -> [Ver = | Size = 113 bytes | Created Date = 09/09/2007 13:42:11 | Attr = ]

Samsung PC Studio -> %UserDocuments%\Samsung PC Studio -> [Folder | Created Date = 03/09/2007 18:08:44 | Attr = ]

Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent -> %UserDocuments%\Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent -> [Ver = | Size = 14333 bytes | Created Date = 22/09/2007 20:53:16 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent:Zone.Identifier ->

SP_A0163.jpg -> %UserDocuments%\SP_A0163.jpg -> [Ver = | Size = 17950 bytes | Created Date = 03/09/2007 19:34:37 | Attr = ]

SP_A0164.jpg -> %UserDocuments%\SP_A0164.jpg -> [Ver = | Size = 16338 bytes | Created Date = 03/09/2007 19:34:47 | Attr = ]

SP_A0166.jpg -> %UserDocuments%\SP_A0166.jpg -> [Ver = | Size = 17230 bytes | Created Date = 03/09/2007 19:31:21 | Attr = ]

supp-dll-mémoire.reg -> %UserDocuments%\supp-dll-mémoire.reg -> [Ver = | Size = 115 bytes | Created Date = 17/09/2007 16:53:02 | Attr = ]

Track 01.bin -> %UserDocuments%\Track 01.bin -> [Ver = | Size = 529849152 bytes | Created Date = 02/09/2007 14:26:45 | Attr = ]

tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe -> %UserDocuments%\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe -> [Ver = 6.0.1.4 | Size = 6376978 bytes | Created Date = 16/09/2007 14:04:10 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe:Zone.Identifier ->

txp4trial.exe -> %UserDocuments%\txp4trial.exe -> [Ver = 6.0.1.4 | Size = 6367757 bytes | Created Date = 16/09/2007 13:31:46 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\txp4trial.exe:Zone.Identifier ->

[.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent -> %UserDocuments%\[.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent -> [Ver = | Size = 15141 bytes | Created Date = 21/09/2007 22:08:47 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\[.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent:Zone.Identifier ->

Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1790 bytes | Created Date = 19/09/2007 14:46:06 | Attr = ]

Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1790 bytes | Created Date = 19/09/2007 14:46:06 | Attr = ]

Babylon.lnk -> %AllUsersDesktop%\Babylon.lnk -> [Ver = | Size = 798 bytes | Created Date = 19/09/2007 11:56:17 | Attr = ]

HP Photosmart Essential.lnk -> %AllUsersDesktop%\HP Photosmart Essential.lnk -> [Ver = | Size = 1887 bytes | Created Date = 17/09/2007 16:33:42 | Attr = ]

Multimedia manager.lnk -> %AllUsersDesktop%\Multimedia manager.lnk -> [Ver = | Size = 1805 bytes | Created Date = 03/09/2007 18:11:50 | Attr = ]

Multimedia player.lnk -> %AllUsersDesktop%\Multimedia player.lnk -> [Ver = | Size = 1828 bytes | Created Date = 03/09/2007 18:11:50 | Attr = ]

Samsung PC Studio 3.lnk -> %AllUsersDesktop%\Samsung PC Studio 3.lnk -> [Ver = | Size = 1765 bytes | Created Date = 03/09/2007 18:11:50 | Attr = ]

20070112093709031_Samsung_PC_Studio.exe -> %UserDesktop%\20070112093709031_Samsung_PC_Studio.exe -> [Ver = | Size = 57273968 bytes | Created Date = 03/09/2007 18:07:21 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\20070112093709031_Samsung_PC_Studio.exe:Zone.Identifier ->

antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe -> %UserDesktop%\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe -> [Ver = | Size = 17180760 bytes | Created Date = 11/09/2007 18:13:13 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe:Zone.Identifier ->

ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 21/09/2007 19:23:23 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier ->

CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Created Date = 15/09/2007 11:59:58 | Attr = ]

ccleaner_ccleaner_1.41.544_francais_14492.exe -> %UserDesktop%\ccleaner_ccleaner_1.41.544_francais_14492.exe -> Piriform Ltd [Ver = 1.41.0.544 | Size = 2720456 bytes | Created Date = 15/09/2007 11:59:15 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\ccleaner_ccleaner_1.41.544_francais_14492.exe:Zone.Identifier ->

DiagHelp -> %UserDesktop%\DiagHelp -> [Folder | Created Date = 11/09/2007 18:03:36 | Attr = ]

Diskeeper2007-Home.exe -> %UserDesktop%\Diskeeper2007-Home.exe -> Diskeeper Corporation [Ver = 11.0.709t | Size = 15087208 bytes | Created Date = 09/09/2007 18:34:53 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\Diskeeper2007-Home.exe:Zone.Identifier ->

inland.empire.fr.dvdrip.torrent -> %UserDesktop%\inland.empire.fr.dvdrip.torrent -> [Ver = | Size = 38264 bytes | Created Date = 01/09/2007 13:13:12 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\inland.empire.fr.dvdrip.torrent:Zone.Identifier ->

IZArc_Setup.exe -> %UserDesktop%\IZArc_Setup.exe -> IZSoftware [Ver = 3.81 Build 1550 | Size = 3723454 bytes | Created Date = 01/08/2007 14:16:39 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\IZArc_Setup.exe:Zone.Identifier ->

La Môme.torrent -> %UserDesktop%\La Môme.torrent -> [Ver = | Size = 14246 bytes | Created Date = 17/08/2007 14:40:30 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\La Môme.torrent:Zone.Identifier ->

Samsung_PC_Studio_311_FKB.exe -> %UserDesktop%\Samsung_PC_Studio_311_FKB.exe -> Macrovision Corporation [Ver = 10.50.132 | Size = 58032562 bytes | Created Date = 03/09/2007 18:07:55 | Attr = ]

WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 23/09/2007 18:47:12 | Attr = ]

winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Created Date = 23/09/2007 18:46:30 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

X86 -> %UserDesktop%\X86 -> [Folder | Created Date = 09/09/2007 18:35:15 | Attr = ]

µTorrent.lnk -> %UserDesktop%\µTorrent.lnk -> [Ver = | Size = 630 bytes | Created Date = 12/08/2007 16:07:41 | Attr = ]

HP -> %CommonProgramFiles%\HP -> [Folder | Created Date = 05/08/2007 15:27:48 | Attr = ]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 19/09/2007 14:44:40 | Attr = ]

[Files/Folders - Modified Within 60 days]

31.2.5144 -> %SystemDrive%\31.2.5144 -> [Folder | Modified Date = 18/09/2007 19:29:26 | Attr = ]

boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 216 bytes | Modified Date = 20/09/2007 18:12:26 | Attr = HS]

Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 19/09/2007 15:53:30 | Attr = ]

fixwareout -> %SystemDrive%\fixwareout -> [Folder | Modified Date = 20/09/2007 18:27:38 | Attr = ]

install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Modified Date = 18/09/2007 21:00:42 | Attr = ]

mes documents -> %SystemDrive%\mes documents -> [Folder | Modified Date = 09/09/2007 00:56:20 | Attr = ]

Program Files -> %ProgramFiles% -> [Folder | Modified Date = 22/09/2007 15:28:08 | Attr = R ]

System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 20/09/2007 12:40:30 | Attr = HS]

WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 23/09/2007 19:34:36 | Attr = ]

$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 08/09/2007 22:33:40 | Attr = H ]

$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 07/09/2007 19:32:24 | Attr = H ]

$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 07/09/2007 19:31:58 | Attr = H ]

AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 07/08/2007 21:38:08 | Attr = ]

assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 16/09/2007 15:08:54 | Attr = R S]

AU_Backup -> %SystemRoot%\AU_Backup -> [Folder | Modified Date = 07/09/2007 19:04:46 | Attr = ]

AU_Temp -> %SystemRoot%\AU_Temp -> [Folder | Modified Date = 14/09/2007 19:02:08 | Attr = ]

bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 23/09/2007 19:33:02 | Attr = S]

BPMNT.dll -> %SystemRoot%\BPMNT.dll -> Trend Micro Inc. [Ver = 8.000-1001 | Size = 86094 bytes | Modified Date = 14/09/2007 19:02:04 | Attr = ]

Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 20/09/2007 17:10:30 | Attr = ]

Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 20/09/2007 17:06:16 | Attr = ]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 22/09/2007 21:04:40 | Attr = S]

fllib.dll -> %SystemRoot%\fllib.dll -> [Ver = | Size = 20 bytes | Modified Date = 16/09/2007 15:14:38 | Attr = ]

GetServer.ini -> %SystemRoot%\GetServer.ini -> [Ver = | Size = 170 bytes | Modified Date = 14/09/2007 19:01:08 | Attr = ]

hcextoutput.dll -> %SystemRoot%\hcextoutput.dll -> [Ver = | Size = 71749 bytes | Modified Date = 14/09/2007 19:02:06 | Attr = ]

Help -> %SystemRoot%\Help -> [Folder | Modified Date = 10/09/2007 20:13:00 | Attr = ]

hpoins11.dat -> %SystemRoot%\hpoins11.dat -> [Ver = | Size = 129249 bytes | Modified Date = 05/08/2007 16:32:24 | Attr = ]

ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 07/09/2007 19:33:54 | Attr = H ]

ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 09/09/2007 01:45:50 | Attr = ]

inf -> %SystemRoot%\inf -> [Folder | Modified Date = 22/09/2007 15:29:46 | Attr = H ]

Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 19/09/2007 15:46:22 | Attr = HS]

iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 16/09/2007 15:04:24 | Attr = ]

LPT$VPN.719 -> %SystemRoot%\LPT$VPN.719 -> [Ver = | Size = 37121453 bytes | Modified Date = 14/09/2007 19:02:04 | Attr = ]

McAfee.com -> %SystemRoot%\McAfee.com -> [Folder | Modified Date = 17/09/2007 23:54:20 | Attr = ]

Media -> %SystemRoot%\Media -> [Folder | Modified Date = 07/09/2007 19:34:10 | Attr = ]

Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 09/09/2007 19:52:24 | Attr = ]

msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 03/08/2007 14:20:52 | Attr = ]

network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 07/09/2007 19:29:44 | Attr = ]

PATCH.EXE -> %SystemRoot%\PATCH.EXE -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 286720 bytes | Modified Date = 14/09/2007 19:00:36 | Attr = ]

PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 02/08/2007 22:32:56 | Attr = H ]

Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 23/09/2007 19:46:48 | Attr = ]

pss -> %SystemRoot%\pss -> [Folder | Modified Date = 09/09/2007 23:54:04 | Attr = ]

repair -> %SystemRoot%\repair -> [Folder | Modified Date = 03/08/2007 17:32:56 | Attr = ]

report -> %SystemRoot%\report -> [Folder | Modified Date = 14/09/2007 19:03:52 | Attr = ]

SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 07/08/2007 21:46:02 | Attr = ]

system -> %SystemRoot%\system -> [Folder | Modified Date = 03/08/2007 14:23:00 | Attr = ]

system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 237 bytes | Modified Date = 20/09/2007 18:12:26 | Attr = ]

system32 -> %System32% -> [Folder | Modified Date = 22/09/2007 21:04:40 | Attr = ]

Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 19/09/2007 16:42:00 | Attr = S]

Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 23/09/2007 19:45:24 | Attr = ]

TMUPDATE.DLL -> %SystemRoot%\TMUPDATE.DLL -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 507904 bytes | Modified Date = 14/09/2007 19:00:38 | Attr = ]

tsc.exe -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.3.0.1103 | Size = 267845 bytes | Modified Date = 14/09/2007 19:02:08 | Attr = ]

tsc.ini -> %SystemRoot%\tsc.ini -> [Ver = | Size = 823 bytes | Modified Date = 14/09/2007 20:16:04 | Attr = ]

tsc.ptn -> %SystemRoot%\tsc.ptn -> [Ver = | Size = 1871245 bytes | Modified Date = 14/09/2007 19:02:08 | Attr = ]

twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 16/09/2007 15:31:56 | Attr = ]

UNZIP.DLL -> %SystemRoot%\UNZIP.DLL -> Trend Micro Inc. [Ver = 1.32.0.1000 | Size = 69689 bytes | Modified Date = 14/09/2007 19:00:36 | Attr = ]

VPTNFILE.719 -> %SystemRoot%\VPTNFILE.719 -> [Ver = | Size = 37121453 bytes | Modified Date = 14/09/2007 19:02:04 | Attr = ]

vsapi32.dll -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1163344 bytes | Modified Date = 14/09/2007 19:02:06 | Attr = ]

WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 07/09/2007 19:34:18 | Attr = ]

win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 992 bytes | Modified Date = 20/09/2007 18:12:26 | Attr = ]

wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 94 bytes | Modified Date = 03/09/2007 23:03:22 | Attr = ]

WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 09/09/2007 19:12:16 | Attr = ]

SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 23/09/2007 19:33:04 | Attr = H ]

Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [Ver = | Size = 242 bytes | Modified Date = 19/09/2007 16:42:28 | Attr = ]

ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 20/09/2007 17:14:04 | Attr = ]

CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 07/09/2007 19:31:28 | Attr = ]

CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 22/09/2007 21:04:38 | Attr = ]

config -> %System32%\config -> [Folder | Modified Date = 07/09/2007 19:34:28 | Attr = ]

dllcache -> %System32%\dllcache -> [Folder | Modified Date = 22/09/2007 21:04:46 | Attr = RHS]

drivers -> %System32%\drivers -> [Folder | Modified Date = 22/09/2007 15:33:14 | Attr = ]

fr-fr -> %System32%\fr-fr -> [Folder | Modified Date = 09/09/2007 01:47:12 | Attr = ]

Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 17/09/2007 22:55:06 | Attr = ]

imon1.dat -> %System32%\imon1.dat -> [Ver = | Size = 184 bytes | Modified Date = 22/08/2007 22:36:46 | Attr = ]

inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 20/09/2007 18:04:46 | Attr = ]

LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 09/09/2007 23:20:20 | Attr = ]

Macromed -> %System32%\Macromed -> [Folder | Modified Date = 20/09/2007 17:17:02 | Attr = ]

mui -> %System32%\mui -> [Folder | Modified Date = 16/09/2007 15:08:46 | Attr = ]

pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 17/09/2007 22:55:06 | Attr = ]

perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 62344 bytes | Modified Date = 09/09/2007 19:13:36 | Attr = ]

perfc00C.dat -> %System32%\perfc00C.dat -> [Ver = | Size = 75266 bytes | Modified Date = 09/09/2007 19:13:36 | Attr = ]

perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 401064 bytes | Modified Date = 09/09/2007 19:13:36 | Attr = ]

perfh00C.dat -> %System32%\perfh00C.dat -> [Ver = | Size = 468072 bytes | Modified Date = 09/09/2007 19:13:36 | Attr = ]

PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 980254 bytes | Modified Date = 09/09/2007 19:13:36 | Attr = ]

Restore -> %System32%\Restore -> [Folder | Modified Date = 20/09/2007 12:40:30 | Attr = ]

Samsung_USB_Drivers -> %System32%\Samsung_USB_Drivers -> [Folder | Modified Date = 03/09/2007 19:11:16 | Attr = ]

tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2238 bytes | Modified Date = 19/09/2007 21:00:52 | Attr = ]

Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 17/09/2007 22:55:06 | Attr = ]

VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 06/09/2007 00:22:24 | Attr = ]

wbem -> %System32%\wbem -> [Folder | Modified Date = 07/08/2007 21:50:10 | Attr = ]

wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1374 bytes | Modified Date = 23/09/2007 19:34:10 | Attr = ]

avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.11 | Size = 62016 bytes | Modified Date = 11/09/2007 20:10:42 | Attr = ]

AWRTRD.sys -> %System32%\drivers\AWRTRD.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 8320 bytes | Modified Date = 07/08/2007 13:58:08 | Attr = ]

etc -> %System32%\drivers\etc -> [Folder | Modified Date = 19/09/2007 16:27:22 | Attr = ]

fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 66336 bytes | Modified Date = 06/09/2007 12:49:00 | Attr = HS]

fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 1220 bytes | Modified Date = 06/09/2007 12:40:06 | Attr = HS]

fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 1824 bytes | Modified Date = 06/09/2007 12:47:32 | Attr = HS]

fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 1172 bytes | Modified Date = 06/09/2007 12:40:06 | Attr = HS]

NSDriver.sys -> %System32%\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 9344 bytes | Modified Date = 07/08/2007 13:56:58 | Attr = ]

sptd.sys -> %System32%\drivers\sptd.sys -> [Ver = | Size = 685816 bytes | Modified Date = 02/09/2007 15:11:20 | Attr = ]

hosts.20070919-162720.backup -> %System32%\drivers\etc\hosts.20070919-162720.backup -> [Ver = | Size = 734 bytes | Modified Date = 18/09/2007 22:05:36 | Attr = ]

AntiVir PersonalEdition Classic -> %AllUsersAppData%\AntiVir PersonalEdition Classic -> [Folder | Modified Date = 12/09/2007 19:14:46 | Attr = ]

Babylon -> %AllUsersAppData%\Babylon -> [Folder | Modified Date = 19/09/2007 19:51:26 | Attr = ]

Google -> %AllUsersAppData%\Google -> [Folder | Modified Date = 07/09/2007 19:08:30 | Attr = ]

Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 04/09/2007 23:07:32 | Attr = ]

Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Modified Date = 18/09/2007 00:33:22 | Attr = ]

Kaspersky Lab Setup Files -> %AllUsersAppData%\Kaspersky Lab Setup Files -> [Folder | Modified Date = 06/09/2007 12:24:14 | Attr = ]

LauncherAccess.dt -> %AllUsersAppData%\LauncherAccess.dt -> [Ver = | Size = 0 bytes | Modified Date = 11/09/2007 17:33:34 | Attr = ]

Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Modified Date = 02/08/2007 22:35:18 | Attr = ]

Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 10/09/2007 20:11:54 | Attr = S]

Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 19/09/2007 17:04:00 | Attr = ]

Babylon -> %UserAppData%\Babylon -> [Folder | Modified Date = 19/09/2007 19:58:50 | Attr = ]

dvdcss -> %UserAppData%\dvdcss -> [Folder | Modified Date = 12/08/2007 21:09:58 | Attr = ]

Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 04/09/2007 23:08:20 | Attr = ]

Image Zone Express -> %UserAppData%\Image Zone Express -> [Folder | Modified Date = 04/08/2007 14:16:44 | Attr = ]

Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 10/09/2007 20:18:50 | Attr = S]

Samsung -> %UserAppData%\Samsung -> [Folder | Modified Date = 03/09/2007 19:31:54 | Attr = ]

Uniblue -> %UserAppData%\Uniblue -> [Folder | Modified Date = 10/09/2007 19:54:46 | Attr = ]

uTorrent -> %UserAppData%\uTorrent -> [Folder | Modified Date = 23/09/2007 02:23:12 | Attr = ]

vlc -> %UserAppData%\vlc -> [Folder | Modified Date = 03/08/2007 19:44:40 | Attr = ]

Vso -> %UserAppData%\Vso -> [Folder | Modified Date = 02/09/2007 16:24:02 | Attr = ]

Babylon -> %LocalAppData%\Babylon -> [Folder | Modified Date = 19/09/2007 12:56:22 | Attr = ]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 160256 bytes | Modified Date = 23/09/2007 02:05:18 | Attr = ]

IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3767682 bytes | Modified Date = 23/09/2007 02:38:48 | Attr = H ]

Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 18/09/2007 18:25:08 | Attr = ]

{AC84089A-4614-4D65-9C7F-C70274C17586} -> %LocalAppData%\{AC84089A-4614-4D65-9C7F-C70274C17586} -> [Folder | Modified Date = 05/09/2007 20:23:18 | Attr = ]

Nouveau dossier -> %AllUsersDocuments%\Nouveau dossier -> [Folder | Modified Date = 09/09/2007 00:44:40 | Attr = ]

ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe -> %UserDocuments%\ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe -> [Ver = | Size = 19142000 bytes | Modified Date = 19/09/2007 15:44:40 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe:Zone.Identifier ->

Amee..[JAM-HOT.com].wmv.torrent -> %UserDocuments%\Amee..[JAM-HOT.com].wmv.torrent -> [Ver = | Size = 17139 bytes | Modified Date = 21/09/2007 23:09:14 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\Amee..[JAM-HOT.com].wmv.torrent:Zone.Identifier ->

Babylon6_setup_eng_eng_oxford.exe -> %UserDocuments%\Babylon6_setup_eng_eng_oxford.exe -> [Ver = | Size = 13584608 bytes | Modified Date = 19/09/2007 12:53:10 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\Babylon6_setup_eng_eng_oxford.exe:Zone.Identifier ->

ConvertXtoDVD -> %UserDocuments%\ConvertXtoDVD -> [Folder | Modified Date = 29/08/2007 19:08:58 | Attr = ]

cv conseiller insertion Pro.rtf -> %UserDocuments%\cv conseiller insertion Pro.rtf -> [Ver = | Size = 2990 bytes | Modified Date = 20/09/2007 13:21:24 | Attr = ]

desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 138 bytes | Modified Date = 07/09/2007 19:41:18 | Attr = HS]

DiagHelp.zip -> %UserDocuments%\DiagHelp.zip -> [Ver = | Size = 623220 bytes | Modified Date = 19/09/2007 17:26:16 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\DiagHelp.zip:Zone.Identifier ->

DSPP_CIP.doc -> %UserDocuments%\DSPP_CIP.doc -> [Ver = | Size = 144384 bytes | Modified Date = 20/09/2007 19:23:58 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\DSPP_CIP.doc:Zone.Identifier ->

Fixwareout.exe -> %UserDocuments%\Fixwareout.exe -> [Ver = 1.0.0.5 | Size = 486449 bytes | Modified Date = 20/09/2007 18:20:18 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\Fixwareout.exe:Zone.Identifier ->

formations_crp.pdf -> %UserDocuments%\formations_crp.pdf -> [Ver = | Size = 179530 bytes | Modified Date = 16/09/2007 19:08:40 | Attr = ]

funrecent.fmp -> %UserDocuments%\funrecent.fmp -> [Ver = | Size = 20 bytes | Modified Date = 03/09/2007 19:43:30 | Attr = ]

HiJackThis_v2.exe -> %UserDocuments%\HiJackThis_v2.exe -> Trend Micro Inc. [Ver = 2.00 | Size = 1308216 bytes | Modified Date = 21/09/2007 21:48:16 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\HiJackThis_v2.exe:Zone.Identifier ->

lettre conseil général.rtf -> %UserDocuments%\lettre conseil général.rtf -> [Ver = | Size = 1721 bytes | Modified Date = 13/09/2007 18:09:36 | Attr = ]

lettre conseiller.doc.rtf -> %UserDocuments%\lettre conseiller.doc.rtf -> [Ver = | Size = 2263 bytes | Modified Date = 30/08/2007 13:32:44 | Attr = ]

Ma musique -> %UserDocuments%\Ma musique -> [Folder | Modified Date = 07/09/2007 19:41:20 | Attr = R ]

Masha..[JAM-HOT.com].avi.torrent -> %UserDocuments%\Masha..[JAM-HOT.com].avi.torrent -> [Ver = | Size = 15239 bytes | Modified Date = 21/09/2007 23:08:18 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\Masha..[JAM-HOT.com].avi.torrent:Zone.Identifier ->

MenuBorderTR.gif -> %UserDocuments%\MenuBorderTR.gif -> [Ver = | Size = 113 bytes | Modified Date = 09/09/2007 14:39:52 | Attr = ]

Mes images -> %UserDocuments%\Mes images -> [Folder | Modified Date = 11/09/2007 17:39:42 | Attr = R ]

Mes vidéos -> %UserDocuments%\Mes vidéos -> [Folder | Modified Date = 09/09/2007 01:08:52 | Attr = ]

papier entête anglis.rtf -> %UserDocuments%\papier entête anglis.rtf -> [Ver = | Size = 2555 bytes | Modified Date = 11/08/2007 23:34:04 | Attr = ]

Samsung PC Studio -> %UserDocuments%\Samsung PC Studio -> [Folder | Modified Date = 16/09/2007 15:25:16 | Attr = ]

sandraCV.rtf -> %UserDocuments%\sandraCV.rtf -> [Ver = | Size = 3537 bytes | Modified Date = 10/08/2007 13:13:48 | Attr = ]

Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent -> %UserDocuments%\Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent -> [Ver = | Size = 14333 bytes | Modified Date = 22/09/2007 21:53:18 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent:Zone.Identifier ->

SP_A0163.jpg -> %UserDocuments%\SP_A0163.jpg -> [Ver = | Size = 17950 bytes | Modified Date = 03/09/2007 20:32:46 | Attr = ]

SP_A0164.jpg -> %UserDocuments%\SP_A0164.jpg -> [Ver = | Size = 16338 bytes | Modified Date = 03/09/2007 20:32:34 | Attr = ]

SP_A0166.jpg -> %UserDocuments%\SP_A0166.jpg -> [Ver = | Size = 17230 bytes | Modified Date = 03/09/2007 20:31:06 | Attr = ]

supp-dll-mémoire.reg -> %UserDocuments%\supp-dll-mémoire.reg -> [Ver = | Size = 115 bytes | Modified Date = 17/09/2007 17:53:04 | Attr = ]

Track 01.bin -> %UserDocuments%\Track 01.bin -> [Ver = | Size = 529849152 bytes | Modified Date = 02/09/2007 15:28:22 | Attr = ]

tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe -> %UserDocuments%\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe -> [Ver = 6.0.1.4 | Size = 6376978 bytes | Modified Date = 16/09/2007 15:04:24 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe:Zone.Identifier ->

txp4trial.exe -> %UserDocuments%\txp4trial.exe -> [Ver = 6.0.1.4 | Size = 6367757 bytes | Modified Date = 16/09/2007 14:32:14 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\txp4trial.exe:Zone.Identifier ->

[.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent -> %UserDocuments%\[.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent -> [Ver = | Size = 15141 bytes | Modified Date = 21/09/2007 23:08:48 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\[.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent:Zone.Identifier ->

Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1790 bytes | Modified Date = 19/09/2007 15:46:08 | Attr = ]

Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1790 bytes | Modified Date = 19/09/2007 15:46:08 | Attr = ]

Babylon.lnk -> %AllUsersDesktop%\Babylon.lnk -> [Ver = | Size = 798 bytes | Modified Date = 19/09/2007 12:56:18 | Attr = ]

HP Photosmart Essential.lnk -> %AllUsersDesktop%\HP Photosmart Essential.lnk -> [Ver = | Size = 1887 bytes | Modified Date = 17/09/2007 17:34:12 | Attr = ]

Multimedia manager.lnk -> %AllUsersDesktop%\Multimedia manager.lnk -> [Ver = | Size = 1805 bytes | Modified Date = 03/09/2007 19:11:52 | Attr = ]

Multimedia player.lnk -> %AllUsersDesktop%\Multimedia player.lnk -> [Ver = | Size = 1828 bytes | Modified Date = 03/09/2007 19:11:52 | Attr = ]

Samsung PC Studio 3.lnk -> %AllUsersDesktop%\Samsung PC Studio 3.lnk -> [Ver = | Size = 1765 bytes | Modified Date = 03/09/2007 19:11:52 | Attr = ]

20070112093709031_Samsung_PC_Studio.exe -> %UserDesktop%\20070112093709031_Samsung_PC_Studio.exe -> [Ver = | Size = 57273968 bytes | Modified Date = 03/09/2007 19:07:42 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\20070112093709031_Samsung_PC_Studio.exe:Zone.Identifier ->

antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe -> %UserDesktop%\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe -> [Ver = | Size = 17180760 bytes | Modified Date = 11/09/2007 19:13:32 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe:Zone.Identifier ->

ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 21/09/2007 20:23:24 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier ->

CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Modified Date = 15/09/2007 13:00:00 | Attr = ]

ccleaner_ccleaner_1.41.544_francais_14492.exe -> %UserDesktop%\ccleaner_ccleaner_1.41.544_francais_14492.exe -> Piriform Ltd [Ver = 1.41.0.544 | Size = 2720456 bytes | Modified Date = 15/09/2007 12:59:30 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\ccleaner_ccleaner_1.41.544_francais_14492.exe:Zone.Identifier ->

DiagHelp -> %UserDesktop%\DiagHelp -> [Folder | Modified Date = 11/09/2007 19:03:38 | Attr = ]

Diskeeper2007-Home.exe -> %UserDesktop%\Diskeeper2007-Home.exe -> Diskeeper Corporation [Ver = 11.0.709t | Size = 15087208 bytes | Modified Date = 09/09/2007 19:35:08 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\Diskeeper2007-Home.exe:Zone.Identifier ->

inland.empire.fr.dvdrip.torrent -> %UserDesktop%\inland.empire.fr.dvdrip.torrent -> [Ver = | Size = 38264 bytes | Modified Date = 01/09/2007 14:13:14 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\inland.empire.fr.dvdrip.torrent:Zone.Identifier ->

installer -> %UserDesktop%\installer -> [Folder | Modified Date = 21/09/2007 22:46:02 | Attr = ]

IZArc_Setup.exe -> %UserDesktop%\IZArc_Setup.exe -> IZSoftware [Ver = 3.81 Build 1550 | Size = 3723454 bytes | Modified Date = 01/08/2007 15:16:46 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\IZArc_Setup.exe:Zone.Identifier ->

La Môme.torrent -> %UserDesktop%\La Môme.torrent -> [Ver = | Size = 14246 bytes | Modified Date = 17/08/2007 15:40:32 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\La Môme.torrent:Zone.Identifier ->

WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 23/09/2007 19:48:58 | Attr = ]

winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Modified Date = 23/09/2007 19:46:38 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

X86 -> %UserDesktop%\X86 -> [Folder | Modified Date = 09/09/2007 19:35:16 | Attr = ]

µTorrent.lnk -> %UserDesktop%\µTorrent.lnk -> [Ver = | Size = 630 bytes | Modified Date = 12/08/2007 17:07:42 | Attr = ]

HP -> %CommonProgramFiles%\HP -> [Folder | Modified Date = 17/09/2007 17:33:42 | Attr = ]

SureThing Shared -> %CommonProgramFiles%\SureThing Shared -> [Folder | Modified Date = 03/08/2007 14:22:14 | Attr = ]

System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 03/08/2007 14:20:34 | Attr = ]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 19/09/2007 15:44:42 | Attr = ]

[File String Scan - Non-Microsoft Only]

abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %SystemDrive%\rapport.txt -> [Ver = | Size = 220568 bytes | Modified Date = 19/09/2007 21:12:44 | Attr = ]

UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.3.0.1103 | Size = 267845 bytes | Modified Date = 14/09/2007 19:02:08 | Attr = ]

UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1163344 bytes | Modified Date = 14/09/2007 19:02:06 | Attr = ]

PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 24/04/2003 13:00:00 | Attr = ]

UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27/04/2006 17:49:30 | Attr = ]

UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29/08/2006 19:43:54 | Attr = ]

UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 09/01/2006 10:36:06 | Attr = ]

UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/2006 06:20:34 | Attr = ]

UPX! , UPX0 , -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 06/09/2007 00:22:24 | Attr = ]

winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 24/04/2003 13:00:00 | Attr = ]

WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 24/04/2003 14:00:00 | Attr = ]

UPX0 , -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 809394 bytes | Modified Date = 24/04/2003 14:00:00 | Attr = ]

@Alternate Data Stream - 140 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2 ->

@Alternate Data Stream - 26 bytes -> %UserDocuments%\ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDocuments%\Amee..[JAM-HOT.com].wmv.torrent:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDocuments%\Babylon6_setup_eng_eng_oxford.exe:Zone.Identifier ->

Thawte Consulting , -> %UserDocuments%\Babylon6_setup_eng_eng_oxford.exe -> [Ver = | Size = 13584608 bytes | Modified Date = 19/09/2007 12:53:10 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\DiagHelp.zip:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDocuments%\DSPP_CIP.doc:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDocuments%\Fixwareout.exe:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDocuments%\HiJackThis_v2.exe:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDocuments%\Masha..[JAM-HOT.com].avi.torrent:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDocuments%\Shoot_Em_Up_French_Ts_Xvid_Vcdfrv_-_{{{-_www.Meganova.org_-}}}.torrent:Zone.Identifier ->

File scan skipped for file %UserDocuments%\Track 01.bin -> File size too big (529849152 bytes) ->

@Alternate Data Stream - 26 bytes -> %UserDocuments%\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe:Zone.Identifier ->

UPX! , UPX0 , -> %UserDocuments%\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe -> [Ver = 6.0.1.4 | Size = 6376978 bytes | Modified Date = 16/09/2007 15:04:24 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\txp4trial.exe:Zone.Identifier ->

UPX! , UPX0 , -> %UserDocuments%\txp4trial.exe -> [Ver = 6.0.1.4 | Size = 6367757 bytes | Modified Date = 16/09/2007 14:32:14 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\[.www.torsky.org.]Asian.&.Black.Interracial.Creampie.torrent:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\1408:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\20070112093709031_Samsung_PC_Studio.exe:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.04.15_anglais_10821.exe:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier ->

UPX! , UPX0 , -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 21/09/2007 20:23:24 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\ccleaner_ccleaner_1.41.544_francais_14492.exe:Zone.Identifier ->

Thawte Consulting , -> %UserDesktop%\ccleaner_ccleaner_1.41.544_francais_14492.exe -> Piriform Ltd [Ver = 1.41.0.544 | Size = 2720456 bytes | Modified Date = 15/09/2007 12:59:30 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\Diskeeper2007-Home.exe:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\inland.empire.fr.dvdrip.torrent:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\invisible:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\IZArc_Setup.exe:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\La Môme.torrent:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\laidcv.rtf:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\MBSASetup-FR.msi:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\Mr Brooks:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\roldfic.zip:Zone.Identifier ->

Thawte Consulting , -> %UserDesktop%\Samsung_PC_Studio_311_FKB.exe -> Macrovision Corporation [Ver = 10.50.132 | Size = 58032562 bytes | Modified Date = 11/01/2007 15:07:18 | Attr = ]

FSG! , -> %UserDesktop%\uTorrent-1.6.1-install.exe -> [Ver = 1.6.1 | Size = 697492 bytes | Modified Date = 09/06/2007 15:07:30 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

< End of report >

Thanos · le 23 septembre 2007

salut

Rien de méchant sur ton rapport. Si je t'ai demandé de faire ce scan, c'est pour avoir quelques infos supplémentaires sur ton système. Je vois par ex que le pc ne dispose que de 191,48 MO de mémoire, ce qui est largement insuffisant pour faire fonctionner Windows XP SP2 sans gros ralentissements. Il faudrait que tu ajoutes une barrête de mémoire afin d'avoir au moins 512 Mo. Le fichier d'échange est de 463,68 Mo. Je ne sais pas si le fait d'augmenter sa taille permettra d'améliorer les performances (je ne pense pas).Ceci dit, n'étant pas pro en ma matière, je te conseille de poster à ce propos afin d'obtenir le bonnes infos sur le forum Optimisation, Trucs & Astuces

Télécharge ToolsCleaner! de A.Rothstein qui va supprimer ce que l'on à téléchargé durant la procédure.
Enregistre le fichier sur le Bureau puis dézippe le .
Double-clique sur le fichier ToolsCleaner! sur ton bureau >
L'outil va procéder au nettoyage.
Ouvre le rapport qui se trouve ici > C:\TCleaner.txt Copie puis poste son contenu dans ta prochaine réponse.

Désactive puis réactive la restauration système comme ceci => aide visuelle

Clique sur Démarrer.
Clique avec le bouton droit sur l'icône Poste de travail, puis cliquez sur Propriétés.

Clique sur l'onglet «Restauration du système».

Sélectionne «Désactiver la Restauration du système» ou «Désactiver la Restauration du système sur tous les lecteurs»

Clique sur "Appliquer".

Comme le dit le message, ceci supprimera tous les points de restauration existants. Pour faire cela, clique sur Oui.

Clique sur OK.Redémarre ton PC. Fais l'opération inverse, et réactive la restauration:un nouveau point sera automatiquement créé.

@+

Modifié le 23 septembre 2007 par charles ingals

zegut · le 23 septembre 2007

Concernant le rapport c'est tout , ça n'a pas nettoyer les autres outils utliser et j'ai recommencer mais toolscleaner me dis fin du scan le lien que tu ma donner n'est pas bon j'arrive sur orange page introuvable ! est- ce qu'il y a moyen devirer tous ces outils , manuellement ? concernant la mémoire tu à peut etre raison pourtant ,il y aplusieurs

semaines l'o ********ToolsCleaner2 (A.Rothstein)********

merci encore si tu as d'autres conseils

Debut le 23/09/2007 a 23:45:29,04

***************************************

Aucun Programme trouve!

//////

** Module de recherche complementaire ** (Beta Test 1)

***************************************

Fin le 23/09/2007 a 23:46:00,18

Point de Restauration cree!

Corbeille videe!

Fichiers temporaires nettoyes!

rdi était plus rapide je comprends pas !

Connexion

Pas encore inscrit ?

Rapport de scan en ligne

Messages recommandés

Thanos

zegut

Thanos

zegut

Thanos

zegut

Thanos

zegut

Thanos

zegut

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer