PC truffé de virus

[Donlarbe]

Bonjour,

 

j'ai l'ordi d'un ami en dépannage.

Il était truffé de virus, KIS 6 en a enlevés un bon paquet mais il en reste et notamment des trojans.

Malgré Giant Anti Spyware, AVG Antispyware, SpyBot Search & Destroy, rien y fait : il en reste!!!

 

Alors si quelqu'in peut quelque chose pour moi...

D'avance Merci.

 

Voici le rapport de HijackThis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:01:36, on 25/09/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\usnsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\apps\ABoard\ABoard.exe

C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\apps\ABoard\AOSD.exe

C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe

C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasNotice.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe

O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"

O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [CheckMedi8or] C:\Program Files\Mediator 7 Pro\CheckNewUser.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Search - ?p=ZCfox000

O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: SDIN Adapter (gay) - Unknown owner - C:\WINDOWS\System32\sdin.exe (file missing)

O23 - Service: Microsoft usnsvc Service - Unknown owner - C:\WINDOWS\usnsvc.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

--

End of file - 7557 bytes

[zygui]

tu as test de demarer en Mode sans echec et faire une analyse de kaspersky etc voir si il les suprime ?

[Zonk]

tu as test de demarer en Mode sans echec et faire une analyse de kaspersky etc voir si il les suprime ?

http://www.malekal.com/modesansechec.php

Même que idéalement de passer ta panoplie de antipestes en sans échec

@+

[Donlarbe]

tu as test de demarer en Mode sans echec et faire une analyse de kaspersky etc voir si il les suprime ?

Bonjour,

 

Tout d'abord, je corrige c'est avec KIS 7 que j'ai fait une analyse et non KIS 6 (qui est sur mon PC) !

Effectivement, j'ai fait l'analyse en mode normal et et en mode sans échec !

Le résultat est le même !!!

 

Merci encore de prendre du temps ...

[Donlarbe]

Pour info : une menace détectée par Kaspersky mais qui revient sans cesse est:

 

Trojan Downloader.Win32.LoadAdv.gen

 

j'en peux plus...

[Thanos]

salut

 

Télécharge combofix.exe de sUBs

• Assure toi que tous les programmes sont fermés avant de lancer le fix!
  
• Fait un double clique sur combofix.exe.
  
• Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
  
• Tape sur la touche 1 pour démarrer le scan.
  
• Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
  
• Si le rapport est trop long, poste le en deux fois.
  

[Donlarbe]

salut

 

Télécharge combofix.exe de sUBs

• Assure toi que tous les programmes sont fermés avant de lancer le fix!
  
• Fait un double clique sur combofix.exe.
  
• Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
  
• Tape sur la touche 1 pour démarrer le scan.
  
• Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
  
• Si le rapport est trop long, poste le en deux fois.
  

Bonsoir,

Combofix ne cesse de redémarrer au bout de l'étape 24 ou25.

Je ne peux donc pas éditer de log.

J'aimerais savoir comment éradiquer :

- Trojan-Downloader.Win32.LoadAdv.gen

- Trojan-Downloader.Win32.Small.fky

qui ont l'air d'être les responsables de tout ce mer.....

merci

[Thanos]

ok, un scan un peu plus complêt pour voir >

 

Télécharge WinPFind3U.exe sur ton bureau.

• Ouvre le dossier et double clique sur le fichier WinPFind3U.exe pour lancer le programme.
  
• Sous le groupe Files Created Within sélectionne 60 days
  
• Sous le groupe Files Modified Within sélectionne 60 days
  
• Sous le groupe String Search sélectionne Non-Microsoft
  
• Sous le groupe Additional Scans coche les cases >
  Reg- Security Settings
  Reg- Software Policy Settings
  Reg- Uninstall List
  Reg- Additional Folder Scans
  
  
• A présent clique sur le bouton Run Scan dans la barre d'outils
  
• Lorsque le scan est terminé,le bloc-notes s'ouvre et affiche le rapport.
  
• Clique sur le menu "Format" et assure toi que la case "Retour automatique à la ligne" ne soit pas cochée.
  
• Copie/Colle le contenu du rapport dans ta prochaine réponse.
  

@+

Modifié le 26 septembre 2007 par charles ingals

[Donlarbe]

ok, un scan un peu plus complêt pour voir >

 

Télécharge WinPFind3U.exe sur ton bureau.

• Ouvre le dossier et double clique sur le fichier WinPFind3U.exe pour lancer le programme.
• Sous le groupe Files Created Within sélectionne 60 days
• Sous le groupe Files Modified Within sélectionne 60 days
• Sous le groupe String Search sélectionne Non-Microsoft
• Sous le groupe Additional Scans coche les cases >

  Reg- Security Settings

  Reg- Software Policy Settings

  Reg- Uninstall List

  Reg- Additional Folder Scans

• A présent clique sur le bouton Run Scan dans la barre d'outils
• Lorsque le scan est terminé,le bloc-notes s'ouvre et affiche le rapport.
• Clique sur le menu "Format" et assure toi que la case "Retour automatique à la ligne" ne soit pas cochée.
• Copie/Colle le contenu du rapport dans ta prochaine réponse.

@+

Salut,

Désolé pour les délais de réponse mais j'ai l'impression d'être revenu au bas débit!!!

 

Voici ce que me propose WinPFind3U :

WinPFind3 logfile created on: 2007-09-26 22:46:42

WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\jean pierre\Bureau\WinPFind3u\

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)

Internet Explorer (Version = 6.0.2900.2180)

 

511.48 Mb Total Physical Memory | 173.17 Mb Available Physical Memory | 33.86% Memory free

1.22 Gb Paging File | 0.83 Gb Available in Paging File | 68.14% Paging File free

Paging file location(s): C:\pagefile.sys 766 766;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 107.78 Gb Total Space | 29.88 Gb Free Space | 27.72% Space Free

Drive D: | 65.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free

E: Drive not present or media not loaded

F: Drive not present or media not loaded

 

Computer Name: BELL

Current User Name: jean pierre

Logged in as Administrator.

Current Boot Mode: Normal

 

 

[Processes - Non-Microsoft Only]

a2service.exe -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 2007-08-31 20:24:24 | Attr = ]

aboard.exe -> %SystemDrive%\APPS\ABoard\ABOARD.EXE -> NEC Computers International [Ver = 1, 2, 0, 0 | Size = 24576 bytes | Modified Date = 2003-05-02 12:31:50 | Attr = ]

aosd.exe -> %SystemDrive%\APPS\ABoard\AOSD.EXE -> NEC Computers International [Ver = 1, 2, 0, 0 | Size = 69632 bytes | Modified Date = 2003-05-02 12:31:38 | Attr = ]

atiptaxx.exe -> %SystemDrive%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5046 | Size = 335872 bytes | Modified Date = 2003-09-12 22:10:00 | Attr = ]

avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 11:25:42 | Attr = ]

avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.0.123 | Size = 218376 bytes | Modified Date = 2007-06-20 13:04:00 | Attr = ]

avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.0.123 | Size = 218376 bytes | Modified Date = 2007-06-20 13:04:00 | Attr = ]

avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.0.123 | Size = 218376 bytes | Modified Date = 2007-06-20 13:04:00 | Attr = ]

gcasdtserv.exe -> %ProgramFiles%\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe -> GIANT Company Software inc. [Ver = 1.00.0411 | Size = 737280 bytes | Modified Date = 2004-11-28 11:30:30 | Attr = ]

guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 14:31:10 | Attr = ]

jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 2005-11-10 13:03:52 | Attr = ]

qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 2006-06-29 12:01:42 | Attr = ]

realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.1622 | Size = 151597 bytes | Modified Date = 2004-01-21 19:04:16 | Attr = ]

slserv.exe -> %System32%\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 2004-08-20 01:10:02 | Attr = ]

soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.09 | Size = 57344 bytes | Modified Date = 2003-08-05 14:59:54 | Attr = ]

sweetim.exe -> %ProgramFiles%\Macrogaming\SweetIM\SweetIM.exe -> MacroGaming LTD. [Ver = 1, 1, 0, 162 | Size = 40960 bytes | Modified Date = 2006-06-06 10:07:48 | Attr = R ]

teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 2007-08-31 16:46:28 | Attr = ]

usnsvc.exe -> %SystemRoot%\usnsvc.exe -> [Ver = | Size = 436224 bytes | Modified Date = 2007-09-11 18:03:46 | Attr = RHS]

vcsplay.exe -> %ProgramFiles%\Virtual CD v4 SDK\System\vcsplay.exe -> H+H Software GmbH [Ver = 4, 5, 0, 6 | Size = 299008 bytes | Modified Date = 2003-08-13 11:33:32 | Attr = ]

vcssecs.exe -> %ProgramFiles%\Virtual CD v4 SDK\System\vcssecs.exe -> H+H Software GmbH [Ver = 4, 3, 0, 1 | Size = 139264 bytes | Modified Date = 2002-05-16 12:17:32 | Attr = ]

wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 2003-08-04 12:22:08 | Attr = ]

winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 2007-09-04 10:47:26 | Attr = ]

 

[Win32 Services - Non-Microsoft Only]

(a2free) a-squared Free Service [Win32_Own | Auto | Running] -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 2007-08-31 20:24:24 | Attr = ]

(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0013 | Size = 114688 bytes | Modified Date = 2003-09-12 22:10:00 | Attr = ]

(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 14:31:10 | Attr = ]

(AVP) Kaspersky Internet Security 7.0 [Win32_Own | Auto | Running] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.0.123 | Size = 218376 bytes | Modified Date = 2007-06-20 13:04:00 | Attr = ]

(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 2004-08-20 01:09:52 | Attr = ]

(gay) SDIN Adapter [Win32_Shared | Auto | Stopped] -> %System32%\sdin.exe -> File not found

(Microsoft usnsvc Service) Microsoft usnsvc Service [Win32_Own | Auto | Running] -> %SystemRoot%\usnsvc.exe -> [Ver = | Size = 436224 bytes | Modified Date = 2007-09-11 18:03:46 | Attr = RHS]

(SLService) SmartLinkService [Win32_Own | Auto | Running] -> %System32%\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 2004-08-20 01:10:02 | Attr = ]

(VCSSecS) Virtual CD v4 Security service (SDK - Version) [Win32_Own | Auto | Running] -> %ProgramFiles%\Virtual CD v4 SDK\System\vcssecs.exe -> H+H Software GmbH [Ver = 4, 3, 0, 1 | Size = 139264 bytes | Modified Date = 2002-05-16 12:17:32 | Attr = ]

(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 2003-08-04 12:22:08 | Attr = ]

 

[Registry - Non-Microsoft Only]

< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 11:25:42 | Attr = ]

ACTIVBOARD -> %SystemDrive%\APPS\ABoard\ABOARD.EXE -> NEC Computers International [Ver = 1, 2, 0, 0 | Size = 24576 bytes | Modified Date = 2003-05-02 12:31:50 | Attr = ]

ATIModeChange -> %System32%\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 4.13.3 | Size = 28672 bytes | Modified Date = 2001-09-04 17:24:26 | Attr = ]

ATIPTA -> %SystemDrive%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5046 | Size = 335872 bytes | Modified Date = 2003-09-12 22:10:00 | Attr = ]

AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.0.123 | Size = 218376 bytes | Modified Date = 2007-06-20 13:04:00 | Attr = ]

CheckMedi8or -> %ProgramFiles%\Mediator 7 Pro\CheckNewUser.exe -> [Ver = | Size = 36864 bytes | Modified Date = 2002-10-29 17:00:26 | Attr = ]

CleanEasyImg -> %SystemDrive%\apps\easydvd\cleanall.exe -> File not found

gcasServ -> %ProgramFiles%\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe -> GIANT Company Software inc. [Ver = 1.00.0349 | Size = 462848 bytes | Modified Date = 2004-11-28 13:06:02 | Attr = ]

KernelFaultCheck -> -> File not found

QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 2006-06-29 12:01:42 | Attr = ]

SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.09 | Size = 57344 bytes | Modified Date = 2003-08-05 14:59:54 | Attr = ]

SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 2005-11-10 13:03:52 | Attr = ]

SweetIM -> %ProgramFiles%\Macrogaming\SweetIM\SweetIM.exe -> MacroGaming LTD. [Ver = 1, 1, 0, 162 | Size = 40960 bytes | Modified Date = 2006-06-06 10:07:48 | Attr = R ]

TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.1622 | Size = 151597 bytes | Modified Date = 2004-01-21 19:04:16 | Attr = ]

VCSPlayer -> %ProgramFiles%\Virtual CD v4 SDK\System\vcsplay.exe -> H+H Software GmbH [Ver = 4, 5, 0, 6 | Size = 299008 bytes | Modified Date = 2003-08-13 11:33:32 | Attr = ]

< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->

IMAIL -> Installed = 1 ->

MAPI -> Installed = 1 ->

MSFS -> Installed = 1 ->

< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 2007-08-31 16:46:28 | Attr = ]

< Common Startup > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage ->

%AllUsersStartup%\Lancement rapide d'Adobe Reader.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 2005-09-23 22:05:26 | Attr = ]

< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->

*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->

C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll -> Kaspersky Lab [Ver = 7.0.0.123 | Size = 91400 bytes | Modified Date = 2007-06-20 13:04:06 | Attr = ]

< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->

{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 2007-05-30 14:29:58 | Attr = ]

{9EF34FF2-3396-4527-9D27-04C8C1C67806} [HKLM] -> %ProgramFiles%\GIANT Company Software\GIANT AntiSpyware\gcasServHook.dll [GIANT AntiSpyware Service Hook] -> GIANT Company Software inc. [Ver = 1.00.0052 | Size = 61440 bytes | Modified Date = 2004-11-19 11:48:26 | Attr = ]

< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->

< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->

klogon -> %System32%\klogon.dll -> Kaspersky Lab [Ver = 7.0.0.123 | Size = 206088 bytes | Modified Date = 2007-06-20 13:04:12 | Attr = ]

< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\DisableRegistryTools -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 57344 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->

< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\DisableRegistryTools -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->

< HOSTS File > (183665 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->

< Internet Explorer Settings > -> ->

HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->

HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKLM: Local Page -> C:\windows\system32\blank.htm ->

HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->

HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->

HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->

HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKCU: Local Page -> C:\windows\system32\blank.htm ->

HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->

HKCU: URLSearchHooks\\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} [HKLM] -> %ProgramFiles%\Macrogaming\SweetIMBarForIE\toolbar.dll [sweetIM For Internet Explorer] -> File not found

HKCU: ProxyEnable -> 0 ->

< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

msn.com [ - ] -> ->

< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->

{00011268-E188-40DF-A514-835FCD78B1BF} [HKLM] -> %ProgramFiles%\IE7Pro\IE7Pro.dll [iE7Pro BHO] -> IE7Pro.com [Ver = 1, 1, 0, 4 | Size = 1780848 bytes | Modified Date = 2007-09-11 20:08:00 | Attr = ]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 2006-12-18 04:16:42 | Attr = ]

{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} [HKLM] -> %SystemDrive%\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll [sWEETIE Class] -> File not found

{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr = ]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [sSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 2005-11-10 13:22:12 | Attr = ]

< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->

{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->

{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} [HKLM] -> %ProgramFiles%\Macrogaming\SweetIMBarForIE\toolbar.dll [sweetIM For Internet Explorer] -> File not found

< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->

ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} [HKLM] -> %ProgramFiles%\Macrogaming\SweetIMBarForIE\toolbar.dll [sweetIM For Internet Explorer] -> File not found

< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->

{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} -> Reg Data - Value does not exist [buttonText: IE7Pro Preferences] -> File not found

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 2005-11-10 13:22:12 | Attr = ]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 2005-11-10 13:22:12 | Attr = ]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} -> Reg Data - Value does not exist [buttonText: Statistiques d’Anti-Virus Internet] -> File not found

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [buttonText: Recherche] -> File not found

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [buttonText: Real.com] -> File not found

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr = ]

< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->

&Search -> -> File not found

Ajouter à Kaspersky Anti-Bannière -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm -> [Ver = | Size = 1317 bytes | Modified Date = 2007-06-20 12:52:56 | Attr = ]

E&xporter vers Microsoft Excel -> -> File not found

< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->

SIMBAR Enabled -> ->

SIMBAR={A14C11FE-C9ED-40d3-B483-17CFBE138885} -> ->

SIMBAR=0 -> ->

SV1 -> ->

< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->

{C73E93B0-26A4-4DA5-B5DC-1A360C596DB6} -> (Carte réseau 1394) ->

{CB356C62-694E-485E-862E-A65BBD4A01ED} -> () ->

{CB5E3F15-5998-472A-81CA-8C557FEACF0F} -> () ->

{F4B731B3-8F47-4E76-9CBB-15ABC352CC88} -> () ->

{F9096451-6F47-434D-A53C-09C0620D43AE} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->

< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->

ipp -> Reg Data - Key not found -> File not found

msdaipp -> Reg Data - Key not found -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://webscanner.kaspersky.fr/kavwebscan_unicode.cab ->

{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->

{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->

DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->

Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

 

 

[Registry - Additional Scans - Non-Microsoft Only]

< Security Settings > -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Service de transfert intelligent en arrière-plan ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> Rpcss; ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfère des fichiers en tâche de fond en utilisant la bande passante du réseau lors de ses périodes d'inactivité. Si le service est arrêté, des fonctionnalités telles que Windows Update et MSN Explorer ne pourront plus télécharger automatiquement des programmes et d'autres informations. Si ce service est désactivé, tous les services qui en dépendent explicitement peuvent présenter des problèmes de transfert de fichiers s'ils ne disposent pas d'un mécanisme sûr de remplacement pour transférer les fichier ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> Root\LEGACY_BITS00 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Pare-feu Windows / Partage de connexion Internet ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique. ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 106 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\System32\yrdlvxlle.exe -> C:\WINDOWS\System32\yrdlvxlle.exe:*:Enabled:Log System ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\System32\ukrzhrlgf.exe -> C:\WINDOWS\System32\ukrzhrlgf.exe:*:Enabled:Microsoft OCX ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{F9096451-6F47-434D-A53C-09C0620D43AE} -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{CB5E3F15-5998-472A-81CA-8C557FEACF0F} -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{C73E93B0-26A4-4DA5-B5DC-1A360C596DB6} -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{E32B0B57-9DF7-4CDE-BE2E-0B8FEC666B36} -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{90292144-749B-46B5-A12F-F73500995EDC} -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{8838417F-18CB-419A-BB6A-5108E8BE7829} -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> Root\LEGACY_SHAREDACCESS00 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Active le téléchargement et l'installation de mises à jour Windows critiques. Si le service est désactivé, le système d'exploitation peut être mis à jour manuellement sur le site Web de Windows Update. ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\System32\wuauserv.dll ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> Root\LEGACY_WUAUSERV00 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->

< Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoRun -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\DisableServerCheck -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\LegacyPresence -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\CertificatePolicy\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\PortRange\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\CertificatePolicy\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^«0O•zI‰j

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> g°Ô‹4:?Ó¼éÜdgó” ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xÜþøÈ“ÜŠ°Ý„} ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> –; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> ½š*ÛBëØV%Mø/g ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_„ìöiÓk•j"À€ ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\\DoNotAllowXPSP2 -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\DomainProfile\\EnableFirewall -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\StandardProfile\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\StandardProfile\\EnableFirewall -> 0 ->

< Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->

HKEY_CURRENT_USER\Software\Policies\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Conferencing\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Word\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Word\DisabledCmdBarItemsCheckBoxes\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Word\DisabledCmdBarItemsCheckBoxes\\HelpRepair -> 3774 ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> ->

< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->

{07A1C2E1-76DD-11D6-9922-009027E9C183} -> Packard Bell InfoCentre ->

{09B44E78-A988-4BC0-962F-63ECD3333708} -> Packard Bell Companion ->

{22B3CC30-77B8-419C-AA4B-F571FDF5D66D} -> Windows Live Sign-in Assistant ->

{22D0716E-FCF8-452F-94B5-7E2C3C31D50D} -> ACDSee for Pentax 2.0 ->

{30BB4D60-81DB-11D5-BB77-00400536ABAC} -> OLYMPUS CAMEDIA Master 4.1 ->

{3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6 ->

{350C940c-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->

{3C8C9FB3-5FDF-40B4-B314-EAD722728C76} -> Macromedia Extension Manager ->

{53EF6570-21A4-47ED-A40A-E6470A5677A3} -> Studio 8 ->

{5827C8C9-A3C6-4E7C-AA70-F6AFAB52F981} -> Macrogaming SweetIM 1.2a ->

{5C29CB8B-AC1E-4114-8D68-9CD080140D4A} -> Sony USB Driver ->

{5FD788ED-1A37-4496-9BDD-463F493B27FA} -> Macromedia Dreamweaver 8 ->

{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} -> PartitionMagic ->

{77F09242-A107-4CB6-A295-D8656C2C3795} -> Samsung USB Driver (MCCI 4.24) ->

{9011040C-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003 ->

{9541FED0-327F-4DF0-8B96-EF57EF622F19} -> Sonic RecordNow! ->

{A19B094A-42EB-4D3F-A57E-0CDE052A1D80} -> DV 5700 ->

{AC76BA86-7AD7-1036-7B44-A70900000002} -> Adobe Reader 7.0.9 - Français ->

{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy ->

{BBB1528C-2F8C-4526-9C8E-699F17AF21CA} -> SweetIM For Internet Explorer 1.0a ->

{C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181) ->

{C774410D-3EF9-4DE7-AC01-332613163ECF} -> Kaspersky Internet Security 7.0 ->

{C797EAF2-707A-4239-BDF3-F2672314A734} -> First Step Guide ->

{CA0AD1D2-E6DB-4920-B54E-19C48E832C66}_is1 -> MyPixmania Online Printing ->

{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE} -> SAMSUNG PC Studio 2.0.9 ->

{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} -> Windows Live Messenger ->

{F8A8931E-5962-438E-AB09-AB94C5B63F84} -> GIANT AntiSpyware ->

{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538} -> ImageMixer VCD2 ->

a-squared Free_is1 -> a-squared Free 3.0 ->

AVGantiRootkit -> AVG Anti-Rootkit Free ->

AVGAntiSpyware75 -> AVG Anti-Spyware 7.5 ->

BSPlayer1 -> BSplayer ->

Cartoonist_is1 -> Cartoonist 1.1 ->

ConvertMovie 3.0 Bluesquad -> ConvertMovie 3.0 ->

DivX Codec -> Remove DivX Codec ->

DivX Player -> DivX Player ->

ELLE, 2000 Fiches Cuisine -> ELLE, 2000 Fiches Cuisine ->

eMule -> eMule ->

GSpot 2.21 Fr_is1 -> GSpot 2.21 Fr ->

HijackThis -> HijackThis 2.0.2 ->

Hollywood FX 4.6 -> Pinnacle Hollywood FX 4.6 ->

IE7Pro_is1 -> IE7Pro ->

ImageResiZor_is1 -> ImageResiZor 2.1.7 ->

InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} -> PowerQuest PartitionMagic 8.0 ->

InstallShield_{77F09242-A107-4CB6-A295-D8656C2C3795} -> Samsung USB Driver (MCCI 4.24) ->

InstallShield_{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE} -> SAMSUNG PC Studio 2.0.9 ->

InstallWIX_{C774410D-3EF9-4DE7-AC01-332613163ECF} -> Kaspersky Internet Security 7.0 ->

IZArc 3.4.1.5_is1 -> IZArc 3.4.1.5 ->

Kaspersky Online Scanner -> Kaspersky Online Scanner ->

KB873333 -> Correctif Windows XP - KB873333 ->

KB873339 -> Correctif Windows XP - KB873339 ->

KB885250 -> Correctif Windows XP - KB885250 ->

KB885492 -> Correctif Lecteur Windows Media 9 [Voir KB885492 pour plus d'informations] ->

KB885835 -> Correctif Windows XP - KB885835 ->

KB885836 -> Correctif Windows XP - KB885836 ->

KB885884 -> Correctif Windows XP - KB885884 ->

KB886185 -> Correctif Windows XP - KB886185 ->

KB887472 -> Correctif Windows XP - KB887472 ->

KB888113 -> Correctif Windows XP - KB888113 ->

KB888162 -> Correctif Windows XP - KB888162 ->

KB888302 -> Correctif Windows XP - KB888302 ->

KB890046 -> Mise à jour de sécurité pour Windows XP (KB890046) ->

KB890047 -> Correctif Windows XP - KB890047 ->

KB890175 -> Correctif Windows XP - KB890175 ->

KB890859 -> Correctif Windows XP - KB890859 ->

KB891781 -> Correctif Windows XP - KB891781 ->

KB892130 -> Windows Genuine Advantage Validation Tool (KB892130) ->

KB893756 -> Mise à jour de sécurité pour Windows XP (KB893756) ->

KB893803v2 -> Windows Installer 3.1 (KB893803) ->

KB896358 -> Mise à jour de sécurité pour Windows XP (KB896358) ->

KB896422 -> Mise à jour de sécurité pour Windows XP (KB896422) ->

KB896423 -> Mise à jour de sécurité pour Windows XP (KB896423) ->

KB896424 -> Mise à jour de sécurité pour Windows XP (KB896424) ->

KB896428 -> Mise à jour de sécurité pour Windows XP (KB896428) ->

KB898458 -> Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) ->

KB898461 -> Mise à jour pour Windows XP (KB898461) ->

KB899587 -> Mise à jour de sécurité pour Windows XP (KB899587) ->

KB899591 -> Mise à jour de sécurité pour Windows XP (KB899591) ->

KB900485 -> Mise à jour pour Windows XP (KB900485) ->

KB900725 -> Mise à jour de sécurité pour Windows XP (KB900725) ->

KB901017 -> Mise à jour de sécurité pour Windows XP (KB901017) ->

KB901214 -> Mise à jour de sécurité pour Windows XP (KB901214) ->

KB902400 -> Mise à jour de sécurité pour Windows XP (KB902400) ->

KB904706 -> Mise à jour de sécurité pour Windows XP (KB904706) ->

KB905414 -> Mise à jour de sécurité pour Windows XP (KB905414) ->

KB905749 -> Mise à jour de sécurité pour Windows XP (KB905749) ->

KB908519 -> Mise à jour de sécurité pour Windows XP (KB908519) ->

KB908531 -> Mise à jour de sécurité pour Windows XP (KB908531) ->

KB910437 -> Mise à jour pour Windows XP (KB910437) ->

KB911280 -> Mise à jour de sécurité pour Windows XP (KB911280) ->

KB911562 -> Mise à jour de sécurité pour Windows XP (KB911562) ->

KB911564 -> Mise à jour de sécurité pour Lecteur Windows Media (KB911564) ->

KB911565 -> Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565) ->

KB911927 -> Mise à jour de sécurité pour Windows XP (KB911927) ->

KB912919 -> Mise à jour de sécurité pour Windows XP (KB912919) ->

KB913446 -> Mise à jour de sécurité pour Windows XP (KB913446) ->

KB913580 -> Mise à jour de sécurité pour Windows XP (KB913580) ->

KB914388 -> Mise à jour de sécurité pour Windows XP (KB914388) ->

KB914389 -> Mise à jour de sécurité pour Windows XP (KB914389) ->

KB916595 -> Mise à jour pour Windows XP (KB916595) ->

KB917159 -> Mise à jour de sécurité pour Windows XP (KB917159) ->

KB917344 -> Mise à jour de sécurité pour Windows XP (KB917344) ->

KB917422 -> Mise à jour de sécurité pour Windows XP (KB917422) ->

KB917734_WMP9 -> Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734) ->

KB917953 -> Mise à jour de sécurité pour Windows XP (KB917953) ->

KB918118 -> Mise à jour de sécurité pour Windows XP (KB918118) ->

KB919007 -> Mise à jour de sécurité pour Windows XP (KB919007) ->

KB920213 -> Mise à jour de sécurité pour Windows XP (KB920213) ->

KB920670 -> Mise à jour de sécurité pour Windows XP (KB920670) ->

KB920683 -> Mise à jour de sécurité pour Windows XP (KB920683) ->

KB920685 -> Mise à jour de sécurité pour Windows XP (KB920685) ->

KB920872 -> Mise à jour pour Windows XP (KB920872) ->

KB921398 -> Mise à jour de sécurité pour Windows XP (KB921398) ->

KB921503 -> Mise à jour de sécurité pour Windows XP (KB921503) ->

KB921883 -> Mise à jour de sécurité pour Windows XP (KB921883) ->

KB922582 -> Mise à jour pour Windows XP (KB922582) ->

KB922616 -> Mise à jour de sécurité pour Windows XP (KB922616) ->

KB922819 -> Mise à jour de sécurité pour Windows XP (KB922819) ->

KB923191 -> Mise à jour de sécurité pour Windows XP (KB923191) ->

KB923414 -> Mise à jour de sécurité pour Windows XP (KB923414) ->

KB923689 -> Mise à jour de sécurité pour Windows XP (KB923689) ->

KB923723 -> Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) ->

KB923980 -> Mise à jour de sécurité pour Windows XP (KB923980) ->

KB924191 -> Mise à jour de sécurité pour Windows XP (KB924191) ->

KB924270 -> Mise à jour de sécurité pour Windows XP (KB924270) ->

KB924496 -> Mise à jour de sécurité pour Windows XP (KB924496) ->

KB924667 -> Mise à jour de sécurité pour Windows XP (KB924667) ->

KB925398_WMP64 -> Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) ->

KB925902 -> Mise à jour de sécurité pour Windows XP (KB925902) ->

KB926255 -> Mise à jour de sécurité pour Windows XP (KB926255) ->

KB926436 -> Mise à jour de sécurité pour Windows XP (KB926436) ->

KB927779 -> Mise à jour de sécurité pour Windows XP (KB927779) ->

KB927802 -> Mise à jour de sécurité pour Windows XP (KB927802) ->

KB927891 -> Mise à jour pour Windows XP (KB927891) ->

KB928255 -> Mise à jour de sécurité pour Windows XP (KB928255) ->

KB928843 -> Mise à jour de sécurité pour Windows XP (KB928843) ->

KB929123 -> Mise à jour de sécurité pour Windows XP (KB929123) ->

KB930178 -> Mise à jour de sécurité pour Windows XP (KB930178) ->

KB930916 -> Mise à jour pour Windows XP (KB930916) ->

KB931261 -> Mise à jour de sécurité pour Windows XP (KB931261) ->

KB931784 -> Mise à jour de sécurité pour Windows XP (KB931784) ->

KB932168 -> Mise à jour de sécurité pour Windows XP (KB932168) ->

KB933360 -> Mise à jour pour Windows XP (KB933360) ->

KB935839 -> Mise à jour de sécurité pour Windows XP (KB935839) ->

KB935840 -> Mise à jour de sécurité pour Windows XP (KB935840) ->

KB936021 -> Mise à jour de sécurité pour Windows XP (KB936021) ->

KB936357 -> Mise à jour pour Windows XP (KB936357) ->

KB936782_WMP9 -> Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782) ->

KB937143 -> Mise à jour de sécurité pour Windows XP (KB937143) ->

KB938127 -> Mise à jour de sécurité pour Windows XP (KB938127) ->

KB938828 -> Mise à jour pour Windows XP (KB938828) ->

KB938829 -> Mise à jour de sécurité pour Windows XP (KB938829) ->

Macromedia Dreamweaver 2 -> Macromedia Dreamweaver 2 ->

MatchWare Mediator 7 Pro -> MatchWare Mediator 7 Pro ->

Mozilla Firefox (2.0.0.7) -> Mozilla Firefox (2.0.0.7) ->

MSN Toolbar -> Barre d'outils MSN ->

PENTAX Optio 60 Driver -> PENTAX Optio 60 Driver ->

PhotoFiltre -> PhotoFiltre ->

QuickTime -> QuickTime ->

Shareaza_is1 -> Shareaza version 2.2.5.0 ->

ShockwaveFlash -> Macromedia Flash Player 8 ->

Ulead PhotoImpact 5.0 Bundled Edition -> Ulead PhotoImpact 5 Bundled Edition ->

Video Cleaner -> River Past Video Cleaner ->

ViewpointMediaPlayer -> Viewpoint Media Player ->

WGA -> Windows Genuine Advantage Validation Tool (KB892130) ->

Windows XP Service Pack -> Windows XP Service Pack 2 ->

 

[Files/Folders - Created Within 60 days]

aczzdozkf.exe -> %SystemDrive%\aczzdozkf.exe -> [Ver = | Size = 80384 bytes | Created Date = 2007-09-06 12:11:54 | Attr = RHS]

afohiionc.exe -> %SystemDrive%\afohiionc.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-06 14:47:27 | Attr = RHS]

augwzwwch.exe -> %SystemDrive%\augwzwwch.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-05 15:18:55 | Attr = RHS]

AUTORUN.INF -> %SystemDrive%\AUTORUN.INF -> [Ver = | Size = 135 bytes | Created Date = 2007-09-04 11:37:56 | Attr = H ]

cad.exe -> %SystemDrive%\cad.exe -> [Ver = | Size = 347 bytes | Created Date = 2007-09-26 13:39:26 | Attr = ]

ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2007-09-26 06:10:26 | Attr = ]

Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 2007-09-26 11:49:19 | Attr = HS]

dvqcrrcnb.exe -> %SystemDrive%\dvqcrrcnb.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-05 15:51:49 | Attr = RHS]

fefoehcst.exe -> %SystemDrive%\fefoehcst.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-06 11:00:51 | Attr = RHS]

flbahdsgh.exe -> %SystemDrive%\flbahdsgh.exe -> [Ver = | Size = 80384 bytes | Created Date = 2007-09-06 09:52:35 | Attr = RHS]

grmdnguak.exe -> %SystemDrive%\grmdnguak.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-05 15:19:44 | Attr = RHS]

hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Created Date = 1601-01-02 23:00:00 | Attr = HS]

ijcbudhzr.exe -> %SystemDrive%\ijcbudhzr.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-05 15:35:01 | Attr = RHS]

jaawtjelh.exe -> %SystemDrive%\jaawtjelh.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-05 15:49:23 | Attr = RHS]

jeaefljpe.exe -> %SystemDrive%\jeaefljpe.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-05 15:17:41 | Attr = RHS]

jjkgqewxw.exe -> %SystemDrive%\jjkgqewxw.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-05 15:17:35 | Attr = RHS]

jveebidtz.exe -> %SystemDrive%\jveebidtz.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-05 15:54:47 | Attr = RHS]

jzwlhhqof.exe -> %SystemDrive%\jzwlhhqof.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-05 15:49:16 | Attr = RHS]

mipxeuqwp.exe -> %SystemDrive%\mipxeuqwp.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-05 15:37:34 | Attr = RHS]

nltnuwsge.exe -> %SystemDrive%\nltnuwsge.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-05 16:12:10 | Attr = RHS]

olzixhjuf.exe -> %SystemDrive%\olzixhjuf.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-06 10:29:16 | Attr = RHS]

qkxmamnpw.exe -> %SystemDrive%\qkxmamnpw.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-05 15:17:54 | Attr = RHS]

qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 2007-09-26 06:11:19 | Attr = ]

qzxnwtndr.exe -> %SystemDrive%\qzxnwtndr.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-05 16:10:51 | Attr = RHS]

recxadbxb.exe -> %SystemDrive%\recxadbxb.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-06 09:36:03 | Attr = RHS]

SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 2007-09-26 07:24:40 | Attr = ]

umqvmqbff.exe -> %SystemDrive%\umqvmqbff.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-05 16:40:18 | Attr = RHS]

vlvgcweqr.exe -> %SystemDrive%\vlvgcweqr.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-05 15:43:28 | Attr = RHS]

VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 2007-09-24 22:10:55 | Attr = ]

vwilmjrgb.exe -> %SystemDrive%\vwilmjrgb.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-06 11:03:49 | Attr = RHS]

ycjorcbgo.exe -> %SystemDrive%\ycjorcbgo.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-06 12:10:56 | Attr = RHS]

yhuslowtx.exe -> %SystemDrive%\yhuslowtx.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-05 15:27:10 | Attr = RHS]

ykgkamnrp.exe -> %SystemDrive%\ykgkamnrp.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-06 09:41:39 | Attr = RHS]

yqxkcwesg.exe -> %SystemDrive%\yqxkcwesg.exe -> [Ver = | Size = 0 bytes | Created Date = 2007-09-06 09:52:11 | Attr = RHS]

$NtUninstallKB833407$ -> %SystemRoot%\$NtUninstallKB833407$ -> [Folder | Created Date = 2007-09-23 13:52:33 | Attr = H ]

$NtUninstallKB873333$ -> %SystemRoot%\$NtUninstallKB873333$ -> [Folder | Created Date = 2007-09-23 20:06:50 | Attr = H ]

$NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Created Date = 2007-09-23 20:08:22 | Attr = H ]

$NtUninstallKB885250$ -> %SystemRoot%\$NtUninstallKB885250$ -> [Folder | Created Date = 2007-09-23 20:09:27 | Attr = H ]

$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Created Date = 2007-09-23 20:10:26 | Attr = H ]

$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Created Date = 2007-09-23 20:11:23 | Attr = H ]

$NtUninstallKB885884$ -> %SystemRoot%\$NtUninstallKB885884$ -> [Folder | Created Date = 2007-09-24 20:35:37 | Attr = H ]

$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Created Date = 2007-09-24 20:35:51 | Attr = H ]

$NtUninstallKB888113$ -> %SystemRoot%\$NtUninstallKB888113$ -> [Folder | Created Date = 2007-09-23 20:12:19 | Attr = H ]

$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Created Date = 2007-09-23 20:13:14 | Attr = H ]

$NtUninstallKB890046$ -> %SystemRoot%\$NtUninstallKB890046$ -> [Folder | Created Date = 2007-09-23 20:14:10 | Attr = H ]

$NtUninstallKB890047$ -> %SystemRoot%\$NtUninstallKB890047$ -> [Folder | Created Date = 2007-09-23 20:15:08 | Attr = H ]

$NtUninstallKB890175$ -> %SystemRoot%\$NtUninstallKB890175$ -> [Folder | Created Date = 2007-09-23 20:16:09 | Attr = H ]

$NtUninstallKB890859$ -> %SystemRoot%\$NtUninstallKB890859$ -> [Folder | Created Date = 2007-09-23 20:17:08 | Attr = H ]

$NtUninstallKB891781$ -> %SystemRoot%\$NtUninstallKB891781$ -> [Folder | Created Date = 2007-09-23 20:18:12 | Attr = H ]

$NtUninstallKB893756$ -> %SystemRoot%\$NtUninstallKB893756$ -> [Folder | Created Date = 2007-09-23 20:19:08 | Attr = H ]

$NtUninstallKB896358$ -> %SystemRoot%\$NtUninstallKB896358$ -> [Folder | Created Date = 2007-09-23 20:20:03 | Attr = H ]

$NtUninstallKB896422$ -> %SystemRoot%\$NtUninstallKB896422$ -> [Folder | Created Date = 2007-09-23 20:20:57 | Attr = H ]

$NtUninstallKB896423$ -> %SystemRoot%\$NtUninstallKB896423$ -> [Folder | Created Date = 2007-09-23 20:21:52 | Attr = H ]

$NtUninstallKB896424$ -> %SystemRoot%\$NtUninstallKB896424$ -> [Folder | Created Date = 2007-09-23 20:22:48 | Attr = H ]

$NtUninstallKB896428$ -> %SystemRoot%\$NtUninstallKB896428$ -> [Folder | Created Date = 2007-09-23 20:23:49 | Attr = H ]

$NtUninstallKB899587$ -> %SystemRoot%\$NtUninstallKB899587$ -> [Folder | Created Date = 2007-09-23 20:24:47 | Attr = H ]

$NtUninstallKB899591$ -> %SystemRoot%\$NtUninstallKB899591$ -> [Folder | Created Date = 2007-09-23 20:25:42 | Attr = H ]

$NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Created Date = 2007-09-24 20:36:14 | Attr = H ]

$NtUninstallKB900725$ -> %SystemRoot%\$NtUninstallKB900725$ -> [Folder | Created Date = 2007-09-23 20:26:38 | Attr = H ]

$NtUninstallKB901017$ -> %SystemRoot%\$NtUninstallKB901017$ -> [Folder | Created Date = 2007-09-23 20:27:52 | Attr = H ]

$NtUninstallKB901214$ -> %SystemRoot%\$NtUninstallKB901214$ -> [Folder | Created Date = 2007-09-23 20:28:50 | Attr = H ]

$NtUninstallKB902400$ -> %SystemRoot%\$NtUninstallKB902400$ -> [Folder | Created Date = 2007-09-23 20:29:48 | Attr = H ]

$NtUninstallKB905414$ -> %SystemRoot%\$NtUninstallKB905414$ -> [Folder | Created Date = 2007-09-23 20:31:01 | Attr = H ]

$NtUninstallKB905749$ -> %SystemRoot%\$NtUninstallKB905749$ -> [Folder | Created Date = 2007-09-23 20:32:09 | Attr = H ]

$NtUninstallKB908519$ -> %SystemRoot%\$NtUninstallKB908519$ -> [Folder | Created Date = 2007-09-23 20:33:11 | Attr = H ]

$NtUninstallKB908531$ -> %SystemRoot%\$NtUninstallKB908531$ -> [Folder | Created Date = 2007-09-23 20:34:08 | Attr = H ]

$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Created Date = 2007-09-23 20:35:10 | Attr = H ]

$NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Created Date = 2007-09-23 20:36:09 | Attr = H ]

$NtUninstallKB911562$ -> %SystemRoot%\$NtUninstallKB911562$ -> [Folder | Created Date = 2007-09-23 20:37:05 | Attr = H ]

$NtUninstallKB911927$ -> %SystemRoot%\$NtUninstallKB911927$ -> [Folder | Created Date = 2007-09-23 20:38:03 | Attr = H ]

$NtUninstallKB912919$ -> %SystemRoot%\$NtUninstallKB912919$ -> [Folder | Created Date = 2007-09-23 20:39:03 | Attr = H ]

$NtUninstallKB913446$ -> %SystemRoot%\$NtUninstallKB913446$ -> [Folder | Created Date = 2007-09-23 20:40:03 | Attr = H ]

$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Created Date = 2007-09-23 20:41:02 | Attr = H ]

$NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Created Date = 2007-09-23 20:42:07 | Attr = H ]

$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Created Date = 2007-09-23 20:43:10 | Attr = H ]

$NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Created Date = 2007-09-24 20:36:40 | Attr = H ]

$NtUninstallKB917159$ -> %SystemRoot%\$NtUninstallKB917159$ -> [Folder | Created Date = 2007-09-23 20:44:11 | Attr = H ]

$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Created Date = 2007-09-23 20:45:12 | Attr = H ]

$NtUninstallKB917422$ -> %SystemRoot%\$NtUninstallKB917422$ -> [Folder | Created Date = 2007-09-23 20:46:10 | Attr = H ]

$NtUninstallKB917953$ -> %SystemRoot%\$NtUninstallKB917953$ -> [Folder | Created Date = 2007-09-23 20:47:09 | Attr = H ]

$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 2007-09-24 20:38:09 | Attr = H ]

$NtUninstallKB919007$ -> %SystemRoot%\$NtUninstallKB919007$ -> [Folder | Created Date = 2007-09-23 20:48:06 | Attr = H ]

$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Created Date = 2007-09-26 13:47:51 | Attr = H ]

$NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Created Date = 2007-09-23 20:49:14 | Attr = H ]

$NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Created Date = 2007-09-23 20:50:14 | Attr = H ]

$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Created Date = 2007-09-23 20:51:15 | Attr = H ]

$NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Created Date = 2007-09-24 20:36:55 | Attr = H ]

$NtUninstallKB921398$ -> %SystemRoot%\$NtUninstallKB921398$ -> [Folder | Created Date = 2007-09-23 20:52:30 | Attr = H ]

$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 2007-09-26 13:50:08 | Attr = H ]

$NtUninstallKB921883$ -> %SystemRoot%\$NtUninstallKB921883$ -> [Folder | Created Date = 2007-09-23 20:54:25 | Attr = H ]

$NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Created Date = 2007-09-24 20:36:28 | Attr = H ]

$NtUninstallKB922616$ -> %SystemRoot%\$NtUninstallKB922616$ -> [Folder | Created Date = 2007-09-23 20:55:29 | Attr = H ]

$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Created Date = 2007-09-23 20:56:29 | Attr = H ]

$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Created Date = 2007-09-23 20:57:29 | Attr = H ]

$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Created Date = 2007-09-23 20:58:30 | Attr = H ]

$NtUninstallKB923689$ -> %SystemRoot%\$NtUninstallKB923689$ -> [Folder | Created Date = 2007-09-26 13:52:48 | Attr = H ]

$NtUninstallKB923723$ -> %SystemRoot%\$NtUninstallKB923723$ -> [Folder | Created Date = 2007-09-26 13:48:17 | Attr = H ]

$NtUninstallKB923980$ -> %SystemRoot%\$NtUninstallKB923980$ -> [Folder | Created Date = 2007-09-24 20:37:12 | Attr = H ]

$NtUninstallKB924191$ -> %SystemRoot%\$NtUninstallKB924191$ -> [Folder | Created Date = 2007-09-23 20:59:28 | Attr = H ]

$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Created Date = 2007-09-24 20:37:04 | Attr = H ]

$NtUninstallKB924496$ -> %SystemRoot%\$NtUninstallKB924496$ -> [Folder | Created Date = 2007-09-23 21:00:30 | Attr = H ]

$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Created Date = 2007-09-24 20:37:52 | Attr = H ]

$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Created Date = 2007-09-26 13:49:40 | Attr = H ]

$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 2007-09-24 20:38:25 | Attr = H ]

$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Created Date = 2007-09-24 20:37:19 | Attr = H ]

$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Created Date = 2007-09-24 20:38:17 | Attr = H ]

$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Created Date = 2007-09-24 20:38:01 | Attr = H ]

$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Created Date = 2007-09-24 20:37:45 | Attr = H ]

$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 2007-09-26 13:48:27 | Attr = H ]

$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Created Date = 2007-09-24 20:37:28 | Attr = H ]

$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Created Date = 2007-09-24 20:37:37 | Attr = H ]

$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 2007-09-26 13:48:40 | Attr = H ]

$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 2007-09-24 20:38:48 | Attr = H ]

$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 2007-09-26 13:48:01 | Attr = H ]

$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 2007-09-24 20:38:55 | Attr = H ]

$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 2007-09-24 20:38:36 | Attr = H ]

$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 2007-09-26 13:47:38 | Attr = H ]

$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Created Date = 2007-09-26 13:52:02 | Attr = H ]

$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 2007-09-26 13:48:59 | Attr = H ]

$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 2007-09-26 13:48:50 | Attr = H ]

$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 2007-09-26 13:52:09 | Attr = H ]

$NtUninstallKB936357$ -> %SystemRoot%\$NtUninstallKB936357$ -> [Folder | Created Date = 2007-09-26 13:49:49 | Attr = H ]

$NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Created Date = 2007-09-26 13:51:18 | Attr = H ]

$NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Created Date = 2007-09-26 13:50:28 | Attr = H ]

$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Created Date = 2007-09-26 13:51:49 | Attr = H ]

$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 2007-09-26 13:49:58 | Attr = H ]

$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 2007-09-26 13:50:17 | Attr = H ]

b122.exe -> %SystemRoot%\b122.exe -> [Ver = | Size = 53248 bytes | Created Date = 2007-09-19 20:56:10 | Attr = ]

b128.exe.bin -> %SystemRoot%\b128.exe.bin -> [Ver = | Size = 155451 bytes | Created Date = 2007-09-23 09:16:10 | Attr = ]

b143.exe.bin -> %SystemRoot%\b143.exe.bin -> [Ver = | Size = 372 bytes | Created Date = 2007-09-23 12:37:12 | Attr = ]

b147.exe.bin -> %SystemRoot%\b147.exe.bin -> [Ver = | Size = 350 bytes | Created Date = 2007-09-23 09:11:04 | Attr = ]

catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Created Date = 2007-09-26 06:10:40 | Attr = ]

DUMP2710.tmp -> %SystemRoot%\DUMP2710.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 22:05:50 | Attr = ]

DUMP2aa9.tmp -> %SystemRoot%\DUMP2aa9.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2cad.tmp -> %SystemRoot%\DUMP2cad.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 22:05:50 | Attr = ]

DUMP2d1a.tmp -> %SystemRoot%\DUMP2d1a.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2d3b.tmp -> %SystemRoot%\DUMP2d3b.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2d5a.tmp -> %SystemRoot%\DUMP2d5a.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2d5b.tmp -> %SystemRoot%\DUMP2d5b.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2d79.tmp -> %SystemRoot%\DUMP2d79.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2d89.tmp -> %SystemRoot%\DUMP2d89.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-20 22:43:36 | Attr = ]

DUMP2d8a.tmp -> %SystemRoot%\DUMP2d8a.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2d8b.tmp -> %SystemRoot%\DUMP2d8b.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2d8c.tmp -> %SystemRoot%\DUMP2d8c.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2d98.tmp -> %SystemRoot%\DUMP2d98.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2d99.tmp -> %SystemRoot%\DUMP2d99.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2d9a.tmp -> %SystemRoot%\DUMP2d9a.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2daa.tmp -> %SystemRoot%\DUMP2daa.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2dab.tmp -> %SystemRoot%\DUMP2dab.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2dac.tmp -> %SystemRoot%\DUMP2dac.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2db8.tmp -> %SystemRoot%\DUMP2db8.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2db9.tmp -> %SystemRoot%\DUMP2db9.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2dba.tmp -> %SystemRoot%\DUMP2dba.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2dbb.tmp -> %SystemRoot%\DUMP2dbb.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2dc7.tmp -> %SystemRoot%\DUMP2dc7.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2dc8.tmp -> %SystemRoot%\DUMP2dc8.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2dc9.tmp -> %SystemRoot%\DUMP2dc9.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2dca.tmp -> %SystemRoot%\DUMP2dca.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2dcb.tmp -> %SystemRoot%\DUMP2dcb.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2dcc.tmp -> %SystemRoot%\DUMP2dcc.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2dd8.tmp -> %SystemRoot%\DUMP2dd8.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2dd9.tmp -> %SystemRoot%\DUMP2dd9.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2dda.tmp -> %SystemRoot%\DUMP2dda.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2de7.tmp -> %SystemRoot%\DUMP2de7.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2df5.tmp -> %SystemRoot%\DUMP2df5.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2df6.tmp -> %SystemRoot%\DUMP2df6.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e05.tmp -> %SystemRoot%\DUMP2e05.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e15.tmp -> %SystemRoot%\DUMP2e15.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e16.tmp -> %SystemRoot%\DUMP2e16.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e17.tmp -> %SystemRoot%\DUMP2e17.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e18.tmp -> %SystemRoot%\DUMP2e18.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e19.tmp -> %SystemRoot%\DUMP2e19.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e26.tmp -> %SystemRoot%\DUMP2e26.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e27.tmp -> %SystemRoot%\DUMP2e27.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e34.tmp -> %SystemRoot%\DUMP2e34.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e35.tmp -> %SystemRoot%\DUMP2e35.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e43.tmp -> %SystemRoot%\DUMP2e43.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e44.tmp -> %SystemRoot%\DUMP2e44.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e45.tmp -> %SystemRoot%\DUMP2e45.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e46.tmp -> %SystemRoot%\DUMP2e46.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e53.tmp -> %SystemRoot%\DUMP2e53.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e54.tmp -> %SystemRoot%\DUMP2e54.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e63.tmp -> %SystemRoot%\DUMP2e63.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e64.tmp -> %SystemRoot%\DUMP2e64.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e65.tmp -> %SystemRoot%\DUMP2e65.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e72.tmp -> %SystemRoot%\DUMP2e72.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e83.tmp -> %SystemRoot%\DUMP2e83.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2e91.tmp -> %SystemRoot%\DUMP2e91.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2ea2.tmp -> %SystemRoot%\DUMP2ea2.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

DUMP2ea3.tmp -> %SystemRoot%\DUMP2ea3.tmp -> [Ver = | Size = 65536 bytes | Created Date = 2007-09-21 05:25:34 | Attr = ]

erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2007-09-26 06:12:13 | Attr = ]

ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 2007-09-26 07:32:30 | Attr = ]

NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2007-09-26 06:10:40 | Attr = ]

peernet -> %SystemRoot%\peernet -> [Folder | Created Date = 2007-09-23 19:50:10 | Attr = ]

Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 2007-09-23 21:06:34 | Attr = ]

provisioning -> %SystemRoot%\provisioning -> [Folder | Created Date = 2007-09-23 19:50:04 | Attr = ]

usnsvc.exe -> %SystemRoot%\usnsvc.exe -> [Ver = | Size = 436224 bytes | Created Date = 2007-09-11 17:03:50 | Attr = RHS]

cwicnohfx.exe -> %System32%\cwicnohfx.exe -> [Ver = | Size = 19710 bytes | Created Date = 2007-09-06 09:21:29 | Attr = ]

delFSF.bat -> %System32%\delFSF.bat -> [Ver = | Size = 153 bytes | Created Date = 2007-09-19 15:06:12 | Attr = ]

Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 2007-09-25 20:24:56 | Attr = ]

moveex.exe -> %System32%\moveex.exe -> [Ver = | Size = 38400 bytes | Created Date = 2007-09-26 06:10:40 | Attr = ]

MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 118 bytes | Created Date = 2007-09-23 13:52:20 | Attr = ]

swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 2007-09-26 06:10:40 | Attr = ]

swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 2007-09-26 06:10:39 | Attr = ]

swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2007-09-26 06:10:39 | Attr = ]

tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3018 bytes | Created Date = 2007-09-23 08:47:21 | Attr = ]

VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2007-09-26 06:10:39 | Attr = ]

xpdx.sys -> %System32%\xpdx.sys -> [Ver = | Size = 55030 bytes | Created Date = 1601-01-02 23:00:00 | Attr = ]

AvgArCln.sys -> %System32%\drivers\AvgArCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 2007-09-24 19:13:32 | Attr = ]

AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 2007-09-23 07:09:56 | Attr = ]

fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 8384800 bytes | Created Date = 2007-09-19 08:59:52 | Attr = HS]

fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 114104 bytes | Created Date = 2007-09-19 08:59:52 | Attr = HS]

fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 262176 bytes | Created Date = 2007-09-19 08:59:52 | Attr = HS]

fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 27596 bytes | Created Date = 2007-09-19 08:59:52 | Attr = HS]

klick.dat -> %System32%\drivers\klick.dat -> [Ver = | Size = 82061 bytes | Created Date = 2007-09-19 09:00:42 | Attr = ]

klin.dat -> %System32%\drivers\klin.dat -> [Ver = | Size = 81549 bytes | Created Date = 2007-09-19 09:00:42 | Attr = ]

hosts.20070926-091600.backup -> %System32%\drivers\etc\hosts.20070926-091600.backup -> [Ver = | Size = 893 bytes | Created Date = 2007-09-26 08:16:00 | Attr = ]

hosts.20070926-122955.backup -> %System32%\drivers\etc\hosts.20070926-122955.backup -> [Ver = | Size = 183781 bytes | Created Date = 2007-09-26 11:29:55 | Attr = R ]

Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 2007-09-23 07:09:52 | Attr = ]

Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Created Date = 2007-09-19 08:59:55 | Attr = ]

Kaspersky Lab Setup Files -> %AllUsersAppData%\Kaspersky Lab Setup Files -> [Folder | Created Date = 2007-09-15 13:12:44 | Attr = ]

Prevx -> %AllUsersAppData%\Prevx -> [Folder | Created Date = 2007-09-23 08:31:47 | Attr = ]

Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 2007-09-23 07:10:05 | Attr = ]

IE7Pro -> %UserAppData%\IE7Pro -> [Folder | Created Date = 2007-09-23 13:36:49 | Attr = ]

a-squared -> %UserDocuments%\a-squared -> [Folder | Created Date = 2007-09-26 11:50:26 | Attr = ]

ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe -> %UserDocuments%\ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe -> [Ver = | Size = 19142000 bytes | Created Date = 2007-09-23 05:39:12 | Attr = ]

avg-anti-rootkit_avg_anti-rootkit_1.1.0.42_anglais_34515.exe -> %UserDocuments%\avg-anti-rootkit_avg_anti-rootkit_1.1.0.42_anglais_34515.exe -> [Ver = | Size = 423736 bytes | Created Date = 2007-09-23 05:46:51 | Attr = ]

avg-anti-spyware_avg_anti-spyware_7.5.1.36_francais_27645.exe -> %UserDocuments%\avg-anti-spyware_avg_anti-spyware_7.5.1.36_francais_27645.exe -> [Ver = | Size = 12413440 bytes | Created Date = 2007-09-23 05:41:19 | Attr = ]

Rappport Kaspersky ON LIne.html -> %UserDocuments%\Rappport Kaspersky ON LIne.html -> [Ver = | Size = 43412 bytes | Created Date = 2007-09-25 22:30:37 | Attr = ]

a-squared Free.lnk -> %AllUsersDesktop%\a-squared Free.lnk -> [Ver = | Size = 651 bytes | Created Date = 2007-09-26 11:50:46 | Attr = ]

AVG Anti-Rootkit Free.lnk -> %AllUsersDesktop%\AVG Anti-Rootkit Free.lnk -> [Ver = | Size = 831 bytes | Created Date = 2007-09-24 19:13:32 | Attr = ]

AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 852 bytes | Created Date = 2007-09-23 07:10:00 | Attr = ]

2007été -> %UserDesktop%\2007été -> [Folder | Created Date = 2007-09-19 09:05:19 | Attr = ]

ComboFix.exe -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1486342 bytes | Created Date = 2007-09-26 19:33:20 | Attr = ]

HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1737 bytes | Created Date = 2007-09-25 18:00:50 | Attr = ]

SDFix.exe -> %UserDesktop%\SDFix.exe -> [Ver = | Size = 1159146 bytes | Created Date = 2007-09-26 07:17:00 | Attr = ]

SmitfraudFix -> %UserDesktop%\SmitfraudFix -> [Folder | Created Date = 2007-09-23 08:46:50 | Attr = ]

SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe -> [Ver = | Size = 1006219 bytes | Created Date = 2007-09-23 06:49:14 | Attr = ]

Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 936 bytes | Created Date = 2007-09-26 07:43:05 | Attr = ]

VirtumundoBeGone.exe -> %UserDesktop%\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Created Date = 2007-09-23 09:54:01 | Attr = ]

vundofix_vundofix_6.5.4_anglais_25107.exe -> %UserDesktop%\vundofix_vundofix_6.5.4_anglais_25107.exe -> Atribune.org [Ver = 6.05.0004 | Size = 108544 bytes | Created Date = 2007-09-23 09:46:00 | Attr = ]

WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 2007-09-26 21:20:45 | Attr = ]

winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Created Date = 2007-09-26 21:19:57 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

 

[Files/Folders - Modified Within 60 days]

aczzdozkf.exe -> %SystemDrive%\aczzdozkf.exe -> [Ver = | Size = 80384 bytes | Modified Date = 2007-09-06 13:11:56 | Attr = RHS]

afohiionc.exe -> %SystemDrive%\afohiionc.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-06 15:47:28 | Attr = RHS]

augwzwwch.exe -> %SystemDrive%\augwzwwch.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-05 16:18:56 | Attr = RHS]

AUTORUN.INF -> %SystemDrive%\AUTORUN.INF -> [Ver = | Size = 135 bytes | Modified Date = 2007-09-19 15:45:28 | Attr = H ]

BOOT.INI -> %SystemDrive%\BOOT.INI -> [Ver = | Size = 291 bytes | Modified Date = 2007-09-24 20:20:16 | Attr = RHS]

cad.exe -> %SystemDrive%\cad.exe -> [Ver = | Size = 347 bytes | Modified Date = 2007-09-26 20:10:44 | Attr = ]

ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2007-09-26 21:18:58 | Attr = ]

Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2007-09-26 19:54:40 | Attr = HS]

Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 2007-09-23 08:14:00 | Attr = ]

dvqcrrcnb.exe -> %SystemDrive%\dvqcrrcnb.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-05 16:51:50 | Attr = RHS]

fefoehcst.exe -> %SystemDrive%\fefoehcst.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-06 12:00:52 | Attr = RHS]

flbahdsgh.exe -> %SystemDrive%\flbahdsgh.exe -> [Ver = | Size = 80384 bytes | Modified Date = 2007-09-06 10:52:36 | Attr = RHS]

grmdnguak.exe -> %SystemDrive%\grmdnguak.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-05 16:19:46 | Attr = RHS]

hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Modified Date = 2007-09-26 21:19:46 | Attr = HS]

ijcbudhzr.exe -> %SystemDrive%\ijcbudhzr.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-05 16:35:02 | Attr = RHS]

jaawtjelh.exe -> %SystemDrive%\jaawtjelh.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-05 16:49:24 | Attr = RHS]

jeaefljpe.exe -> %SystemDrive%\jeaefljpe.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-05 16:17:42 | Attr = RHS]

jjkgqewxw.exe -> %SystemDrive%\jjkgqewxw.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-05 16:17:36 | Attr = RHS]

jveebidtz.exe -> %SystemDrive%\jveebidtz.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-05 16:54:48 | Attr = RHS]

jzwlhhqof.exe -> %SystemDrive%\jzwlhhqof.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-05 16:49:18 | Attr = RHS]

mipxeuqwp.exe -> %SystemDrive%\mipxeuqwp.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-05 16:37:36 | Attr = RHS]

nltnuwsge.exe -> %SystemDrive%\nltnuwsge.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-05 17:12:12 | Attr = RHS]

ntdetect.com -> %SystemDrive%\ntdetect.com -> [Ver = | Size = 47564 bytes | Modified Date = 2007-09-23 20:29:14 | Attr = ]

olzixhjuf.exe -> %SystemDrive%\olzixhjuf.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-06 11:29:18 | Attr = RHS]

Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2007-09-26 22:10:32 | Attr = ]

qkxmamnpw.exe -> %SystemDrive%\qkxmamnpw.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-05 16:17:56 | Attr = RHS]

qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 2007-09-26 07:11:20 | Attr = ]

qzxnwtndr.exe -> %SystemDrive%\qzxnwtndr.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-05 17:10:52 | Attr = RHS]

recxadbxb.exe -> %SystemDrive%\recxadbxb.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-06 10:36:04 | Attr = RHS]

SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 2007-09-26 08:33:12 | Attr = ]

System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2007-09-26 21:13:52 | Attr = HS]

umqvmqbff.exe -> %SystemDrive%\umqvmqbff.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-05 17:40:20 | Attr = RHS]

vlvgcweqr.exe -> %SystemDrive%\vlvgcweqr.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-05 16:43:30 | Attr = RHS]

VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 2007-09-24 23:10:56 | Attr = ]

vwilmjrgb.exe -> %SystemDrive%\vwilmjrgb.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-06 12:03:50 | Attr = RHS]

WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-09-26 21:19:50 | Attr = ]

ycjorcbgo.exe -> %SystemDrive%\ycjorcbgo.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-06 13:10:58 | Attr = RHS]

yhuslowtx.exe -> %SystemDrive%\yhuslowtx.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-05 16:27:12 | Attr = RHS]

ykgkamnrp.exe -> %SystemDrive%\ykgkamnrp.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-06 10:41:40 | Attr = RHS]

yqxkcwesg.exe -> %SystemDrive%\yqxkcwesg.exe -> [Ver = | Size = 0 bytes | Modified Date = 2007-09-06 10:52:12 | Attr = RHS]

$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-09-26 14:48:26 | Attr = H ]

$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 2007-09-23 20:22:02 | Attr = H ]

$NtUninstallKB833407$ -> %SystemRoot%\$NtUninstallKB833407$ -> [Folder | Modified Date = 2007-09-23 20:07:08 | Attr = H ]

$NtUninstallKB873333$ -> %SystemRoot%\$NtUninstallKB873333$ -> [Folder | Modified Date = 2007-09-23 21:06:52 | Attr = H ]

$NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Modified Date = 2007-09-23 21:08:24 | Attr = H ]

$NtUninstallKB885250$ -> %SystemRoot%\$NtUninstallKB885250$ -> [Folder | Modified Date = 2007-09-23 21:09:28 | Attr = H ]

$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Modified Date = 2007-09-23 21:10:28 | Attr = H ]

$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Modified Date = 2007-09-23 21:11:24 | Attr = H ]

$NtUninstallKB885884$ -> %SystemRoot%\$NtUninstallKB885884$ -> [Folder | Modified Date = 2007-09-24 21:35:38 | Attr = H ]

$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Modified Date = 2007-09-24 21:35:52 | Attr = H ]

$NtUninstallKB887472$ -> %SystemRoot%\$NtUninstallKB887472$ -> [Folder | Modified Date = 2007-09-24 21:36:00 | Attr = H ]

$NtUninstallKB888113$ -> %SystemRoot%\$NtUninstallKB888113$ -> [Folder | Modified Date = 2007-09-23 21:12:20 | Attr = H ]

$NtUninstallKB888162$ -> %SystemRoot%\$NtUninstallKB888162$ -> [Folder | Modified Date = 2007-09-23 20:06:22 | Attr = H ]

$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Modified Date = 2007-09-23 21:13:16 | Attr = H ]

$NtUninstallKB890046$ -> %SystemRoot%\$NtUninstallKB890046$ -> [Folder | Modified Date = 2007-09-23 21:14:14 | Attr = H ]

$NtUninstallKB890047$ -> %SystemRoot%\$NtUninstallKB890047$ -> [Folder | Modified Date = 2007-09-23 21:15:10 | Attr = H ]

$NtUninstallKB890175$ -> %SystemRoot%\$NtUninstallKB890175$ -> [Folder | Modified Date = 2007-09-23 21:16:10 | Attr = H ]

$NtUninstallKB890859$ -> %SystemRoot%\$NtUninstallKB890859$ -> [Folder | Modified Date = 2007-09-23 21:17:12 | Attr = H ]

$NtUninstallKB891781$ -> %SystemRoot%\$NtUninstallKB891781$ -> [Folder | Modified Date = 2007-09-23 21:18:14 | Attr = H ]

$NtUninstallKB893756$ -> %SystemRoot%\$NtUninstallKB893756$ -> [Folder | Modified Date = 2007-09-23 21:19:10 | Attr = H ]

$NtUninstallKB896358$ -> %SystemRoot%\$NtUninstallKB896358$ -> [Folder | Modified Date = 2007-09-23 21:20:06 | Attr = H ]

$NtUninstallKB896422$ -> %SystemRoot%\$NtUninstallKB896422$ -> [Folder | Modified Date = 2007-09-23 21:21:00 | Attr = H ]

$NtUninstallKB896423$ -> %SystemRoot%\$NtUninstallKB896423$ -> [Folder | Modified Date = 2007-09-23 21:21:54 | Attr = H ]

$NtUninstallKB896424$ -> %SystemRoot%\$NtUninstallKB896424$ -> [Folder | Modified Date = 2007-09-23 21:22:50 | Attr = H ]

$NtUninstallKB896428$ -> %SystemRoot%\$NtUninstallKB896428$ -> [Folder | Modified Date = 2007-09-23 21:23:52 | Attr = H ]

$NtUninstallKB899587$ -> %SystemRoot%\$NtUninstallKB899587$ -> [Folder | Modified Date = 2007-09-23 21:24:50 | Attr = H ]

$NtUninstallKB899591$ -> %SystemRoot%\$NtUninstallKB899591$ -> [Folder | Modified Date = 2007-09-23 21:25:44 | Attr = H ]

$NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Modified Date = 2007-09-24 21:36:16 | Attr = H ]

$NtUninstallKB900725$ -> %SystemRoot%\$NtUninstallKB900725$ -> [Folder | Modified Date = 2007-09-23 21:26:42 | Attr = H ]

$NtUninstallKB901017$ -> %SystemRoot%\$NtUninstallKB901017$ -> [Folder | Modified Date = 2007-09-23 21:27:54 | Attr = H ]

$NtUninstallKB901214$ -> %SystemRoot%\$NtUninstallKB901214$ -> [Folder | Modified Date = 2007-09-23 21:28:52 | Attr = H ]

$NtUninstallKB902400$ -> %SystemRoot%\$NtUninstallKB902400$ -> [Folder | Modified Date = 2007-09-23 21:29:52 | Attr = H ]

$NtUninstallKB905414$ -> %SystemRoot%\$NtUninstallKB905414$ -> [Folder | Modified Date = 2007-09-23 21:31:04 | Attr = H ]

$NtUninstallKB905749$ -> %SystemRoot%\$NtUninstallKB905749$ -> [Folder | Modified Date = 2007-09-23 21:32:12 | Attr = H ]

$NtUninstallKB908519$ -> %SystemRoot%\$NtUninstallKB908519$ -> [Folder | Modified Date = 2007-09-23 21:33:14 | Attr = H ]

$NtUninstallKB908531$ -> %SystemRoot%\$NtUninstallKB908531$ -> [Folder | Modified Date = 2007-09-23 21:34:10 | Attr = H ]

$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Modified Date = 2007-09-23 21:35:12 | Attr = H ]

$NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Modified Date = 2007-09-23 21:36:12 | Attr = H ]

$NtUninstallKB911562$ -> %SystemRoot%\$NtUninstallKB911562$ -> [Folder | Modified Date = 2007-09-23 21:37:08 | Attr = H ]

$NtUninstallKB911927$ -> %SystemRoot%\$NtUninstallKB911927$ -> [Folder | Modified Date = 2007-09-23 21:38:06 | Attr = H ]

$NtUninstallKB912919$ -> %SystemRoot%\$NtUninstallKB912919$ -> [Folder | Modified Date = 2007-09-23 21:39:06 | Attr = H ]

$NtUninstallKB913446$ -> %SystemRoot%\$NtUninstallKB913446$ -> [Folder | Modified Date = 2007-09-23 21:40:06 | Attr = H ]

$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Modified Date = 2007-09-23 21:41:06 | Attr = H ]

$NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Modified Date = 2007-09-23 21:42:10 | Attr = H ]

$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Modified Date = 2007-09-23 21:43:14 | Attr = H ]

$NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Modified Date = 2007-09-24 21:36:42 | Attr = H ]

$NtUninstallKB917159$ -> %SystemRoot%\$NtUninstallKB917159$ -> [Folder | Modified Date = 2007-09-23 21:44:14 | Attr = H ]

$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Modified Date = 2007-09-23 21:45:14 | Attr = H ]

$NtUninstallKB917422$ -> %SystemRoot%\$NtUninstallKB917422$ -> [Folder | Modified Date = 2007-09-23 21:46:12 | Attr = H ]

$NtUninstallKB917953$ -> %SystemRoot%\$NtUninstallKB917953$ -> [Folder | Modified Date = 2007-09-23 21:47:12 | Attr = H ]

$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Modified Date = 2007-09-24 21:38:12 | Attr = H ]

$NtUninstallKB919007$ -> %SystemRoot%\$NtUninstallKB919007$ -> [Folder | Modified Date = 2007-09-23 21:48:08 | Attr = H ]

$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Modified Date = 2007-09-26 14:47:54 | Attr = H ]

$NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Modified Date = 2007-09-23 21:49:16 | Attr = H ]

$NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Modified Date = 2007-09-23 21:50:16 | Attr = H ]

$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Modified Date = 2007-09-23 21:51:18 | Attr = H ]

$NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Modified Date = 2007-09-24 21:36:58 | Attr = H ]

$NtUninstallKB921398$ -> %SystemRoot%\$NtUninstallKB921398$ -> [Folder | Modified Date = 2007-09-23 21:52:32 | Attr = H ]

$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 2007-09-26 14:50:10 | Attr = H ]

$NtUninstallKB921883$ -> %SystemRoot%\$NtUninstallKB921883$ -> [Folder | Modified Date = 2007-09-23 21:54:28 | Attr = H ]

$NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Modified Date = 2007-09-24 21:36:30 | Attr = H ]

$NtUninstallKB922616$ -> %SystemRoot%\$NtUninstallKB922616$ -> [Folder | Modified Date = 2007-09-23 21:55:32 | Attr = H ]

$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Modified Date = 2007-09-23 21:56:32 | Attr = H ]

$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Modified Date = 2007-09-23 21:57:32 | Attr = H ]

$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Modified Date = 2007-09-23 21:58:32 | Attr = H ]

$NtUninstallKB923689$ -> %SystemRoot%\$NtUninstallKB923689$ -> [Folder | Modified Date = 2007-09-26 14:52:50 | Attr = H ]

$NtUninstallKB923723$ -> %SystemRoot%\$NtUninstallKB923723$ -> [Folder | Modified Date = 2007-09-26 14:48:20 | Attr = H ]

$NtUninstallKB923980$ -> %SystemRoot%\$NtUninstallKB923980$ -> [Folder | Modified Date = 2007-09-24 21:37:14 | Attr = H ]

$NtUninstallKB924191$ -> %SystemRoot%\$NtUninstallKB924191$ -> [Folder | Modified Date = 2007-09-23 21:59:30 | Attr = H ]

$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Modified Date = 2007-09-24 21:37:06 | Attr = H ]

$NtUninstallKB924496$ -> %SystemRoot%\$NtUninstallKB924496$ -> [Folder | Modified Date = 2007-09-23 22:00:32 | Attr = H ]

$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Modified Date = 2007-09-24 21:37:54 | Attr = H ]

$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Modified Date = 2007-09-26 14:49:44 | Attr = H ]

$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 2007-09-24 21:38:28 | Attr = H ]

$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Modified Date = 2007-09-24 21:37:22 | Attr = H ]

$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Modified Date = 2007-09-24 21:38:20 | Attr = H ]

$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Modified Date = 2007-09-24 21:38:04 | Attr = H ]

$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Modified Date = 2007-09-24 21:37:48 | Attr = H ]

$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 2007-09-26 14:48:30 | Attr = H ]

$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Modified Date = 2007-09-24 21:37:30 | Attr = H ]

$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Modified Date = 2007-09-24 21:37:40 | Attr = H ]

$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Modified Date = 2007-09-26 14:48:42 | Attr = H ]

$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 2007-09-24 21:38:50 | Attr = H ]

$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 2007-09-26 14:48:04 | Attr = H ]

$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 2007-09-24 21:38:58 | Attr = H ]

$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 2007-09-24 21:38:40 | Attr = H ]

$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 2007-09-26 14:47:40 | Attr = H ]

$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Modified Date = 2007-09-26 14:52:04 | Attr = H ]

$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Modified Date = 2007-09-26 14:49:02 | Attr = H ]

$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Modified Date = 2007-09-26 14:48:54 | Attr = H ]

$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 2007-09-26 14:52:12 | Attr = H ]

$NtUninstallKB936357$ -> %SystemRoot%\$NtUninstallKB936357$ -> [Folder | Modified Date = 2007-09-26 14:49:52 | Attr = H ]

$NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Modified Date = 2007-09-26 14:51:20 | Attr = H ]

$NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Modified Date = 2007-09-26 14:50:34 | Attr = H ]

$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Modified Date = 2007-09-26 14:51:52 | Attr = H ]

$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Modified Date = 2007-09-26 14:50:00 | Attr = H ]

$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 2007-09-26 14:50:20 | Attr = H ]

ACD Wallpaper.bmp -> %SystemRoot%\ACD Wallpaper.bmp -> [Ver = | Size = 2359350 bytes | Modified Date = 2007-09-05 18:01:50 | Attr = ]

AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2007-09-23 22:05:48 | Attr = ]

b122.exe -> %SystemRoot%\b122.exe -> [Ver = | Size = 53248 bytes | Modified Date = 2007-09-19 18:56:10 | Attr = ]

b128.exe.bin -> %SystemRoot%\b128.exe.bin -> [Ver = | Size = 155451 bytes | Modified Date = 2007-09-23 10:16:12 | Attr = ]

b143.exe.bin -> %SystemRoot%\b143.exe.bin -> [Ver = | Size = 372 bytes | Modified Date = 2007-09-23 13:37:14 | Attr = ]

b147.exe.bin -> %SystemRoot%\b147.exe.bin -> [Ver = | Size = 350 bytes | Modified Date = 2007-09-23 10:11:06 | Attr = ]

bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-09-26 21:19:50 | Attr = S]

Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2007-09-23 22:12:14 | Attr = ]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2007-09-25 21:24:58 | Attr = S]

DUMP2710.tmp -> %SystemRoot%\DUMP2710.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 23:06:52 | Attr = ]

DUMP29de.tmp -> %SystemRoot%\DUMP29de.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:32:56 | Attr = ]

DUMP2aa9.tmp -> %SystemRoot%\DUMP2aa9.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:50:06 | Attr = ]

DUMP2b65.tmp -> %SystemRoot%\DUMP2b65.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-19 16:15:38 | Attr = ]

DUMP2cad.tmp -> %SystemRoot%\DUMP2cad.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-22 07:02:18 | Attr = ]

DUMP2ccc.tmp -> %SystemRoot%\DUMP2ccc.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:12:50 | Attr = ]

DUMP2cec.tmp -> %SystemRoot%\DUMP2cec.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:09:44 | Attr = ]

DUMP2d1a.tmp -> %SystemRoot%\DUMP2d1a.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:19:52 | Attr = ]

DUMP2d2a.tmp -> %SystemRoot%\DUMP2d2a.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:16:10 | Attr = ]

DUMP2d2b.tmp -> %SystemRoot%\DUMP2d2b.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:28:30 | Attr = ]

DUMP2d3a.tmp -> %SystemRoot%\DUMP2d3a.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:24:38 | Attr = ]

DUMP2d3b.tmp -> %SystemRoot%\DUMP2d3b.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:54:14 | Attr = ]

DUMP2d49.tmp -> %SystemRoot%\DUMP2d49.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:27:50 | Attr = ]

DUMP2d59.tmp -> %SystemRoot%\DUMP2d59.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:26:00 | Attr = ]

DUMP2d5a.tmp -> %SystemRoot%\DUMP2d5a.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:46:44 | Attr = ]

DUMP2d5b.tmp -> %SystemRoot%\DUMP2d5b.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:58:22 | Attr = ]

DUMP2d78.tmp -> %SystemRoot%\DUMP2d78.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:19:24 | Attr = ]

DUMP2d79.tmp -> %SystemRoot%\DUMP2d79.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:51:56 | Attr = ]

DUMP2d88.tmp -> %SystemRoot%\DUMP2d88.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:22:08 | Attr = ]

DUMP2d89.tmp -> %SystemRoot%\DUMP2d89.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 06:19:06 | Attr = ]

DUMP2d8a.tmp -> %SystemRoot%\DUMP2d8a.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:16:12 | Attr = ]

DUMP2d8b.tmp -> %SystemRoot%\DUMP2d8b.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:32:06 | Attr = ]

DUMP2d8c.tmp -> %SystemRoot%\DUMP2d8c.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:48:48 | Attr = ]

DUMP2d97.tmp -> %SystemRoot%\DUMP2d97.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:21:26 | Attr = ]

DUMP2d98.tmp -> %SystemRoot%\DUMP2d98.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:18:44 | Attr = ]

DUMP2d99.tmp -> %SystemRoot%\DUMP2d99.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:23:06 | Attr = ]

DUMP2d9a.tmp -> %SystemRoot%\DUMP2d9a.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:55:22 | Attr = ]

DUMP2da7.tmp -> %SystemRoot%\DUMP2da7.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-19 16:11:30 | Attr = ]

DUMP2da8.tmp -> %SystemRoot%\DUMP2da8.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:20:04 | Attr = ]

DUMP2da9.tmp -> %SystemRoot%\DUMP2da9.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:20:46 | Attr = ]

DUMP2daa.tmp -> %SystemRoot%\DUMP2daa.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:15:32 | Attr = ]

DUMP2dab.tmp -> %SystemRoot%\DUMP2dab.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:33:26 | Attr = ]

DUMP2dac.tmp -> %SystemRoot%\DUMP2dac.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 20:00:12 | Attr = ]

DUMP2db7.tmp -> %SystemRoot%\DUMP2db7.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:27:10 | Attr = ]

DUMP2db8.tmp -> %SystemRoot%\DUMP2db8.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:12:58 | Attr = ]

DUMP2db9.tmp -> %SystemRoot%\DUMP2db9.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:13:40 | Attr = ]

DUMP2dba.tmp -> %SystemRoot%\DUMP2dba.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:30:16 | Attr = ]

DUMP2dbb.tmp -> %SystemRoot%\DUMP2dbb.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:56:32 | Attr = ]

DUMP2dc6.tmp -> %SystemRoot%\DUMP2dc6.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:18:14 | Attr = ]

DUMP2dc7.tmp -> %SystemRoot%\DUMP2dc7.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:20:34 | Attr = ]

DUMP2dc8.tmp -> %SystemRoot%\DUMP2dc8.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:21:44 | Attr = ]

DUMP2dc9.tmp -> %SystemRoot%\DUMP2dc9.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:26:06 | Attr = ]

DUMP2dca.tmp -> %SystemRoot%\DUMP2dca.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:34:36 | Attr = ]

DUMP2dcb.tmp -> %SystemRoot%\DUMP2dcb.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:36:26 | Attr = ]

DUMP2dcc.tmp -> %SystemRoot%\DUMP2dcc.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:43:06 | Attr = ]

DUMP2dd6.tmp -> %SystemRoot%\DUMP2dd6.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:23:58 | Attr = ]

DUMP2dd7.tmp -> %SystemRoot%\DUMP2dd7.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:25:20 | Attr = ]

DUMP2dd8.tmp -> %SystemRoot%\DUMP2dd8.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:23:48 | Attr = ]

DUMP2dd9.tmp -> %SystemRoot%\DUMP2dd9.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:51:16 | Attr = ]

DUMP2dda.tmp -> %SystemRoot%\DUMP2dda.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 20:00:54 | Attr = ]

DUMP2de6.tmp -> %SystemRoot%\DUMP2de6.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-19 16:09:36 | Attr = ]

DUMP2de7.tmp -> %SystemRoot%\DUMP2de7.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:35:16 | Attr = ]

DUMP2df5.tmp -> %SystemRoot%\DUMP2df5.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:39:26 | Attr = ]

DUMP2df6.tmp -> %SystemRoot%\DUMP2df6.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:57:42 | Attr = ]

DUMP2e05.tmp -> %SystemRoot%\DUMP2e05.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:12:18 | Attr = ]

DUMP2e14.tmp -> %SystemRoot%\DUMP2e14.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:22:50 | Attr = ]

DUMP2e15.tmp -> %SystemRoot%\DUMP2e15.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:24:58 | Attr = ]

DUMP2e16.tmp -> %SystemRoot%\DUMP2e16.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:26:48 | Attr = ]

DUMP2e17.tmp -> %SystemRoot%\DUMP2e17.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:42:24 | Attr = ]

DUMP2e18.tmp -> %SystemRoot%\DUMP2e18.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:44:14 | Attr = ]

DUMP2e19.tmp -> %SystemRoot%\DUMP2e19.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 20:02:02 | Attr = ]

DUMP2e24.tmp -> %SystemRoot%\DUMP2e24.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:11:26 | Attr = ]

DUMP2e25.tmp -> %SystemRoot%\DUMP2e25.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:12:08 | Attr = ]

DUMP2e26.tmp -> %SystemRoot%\DUMP2e26.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:37:36 | Attr = ]

DUMP2e27.tmp -> %SystemRoot%\DUMP2e27.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:40:34 | Attr = ]

DUMP2e34.tmp -> %SystemRoot%\DUMP2e34.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:14:22 | Attr = ]

DUMP2e35.tmp -> %SystemRoot%\DUMP2e35.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:29:06 | Attr = ]

DUMP2e43.tmp -> %SystemRoot%\DUMP2e43.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:31:24 | Attr = ]

DUMP2e44.tmp -> %SystemRoot%\DUMP2e44.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:38:16 | Attr = ]

DUMP2e45.tmp -> %SystemRoot%\DUMP2e45.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:47:52 | Attr = ]

DUMP2e46.tmp -> %SystemRoot%\DUMP2e46.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:59:32 | Attr = ]

DUMP2e53.tmp -> %SystemRoot%\DUMP2e53.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:11:36 | Attr = ]

DUMP2e54.tmp -> %SystemRoot%\DUMP2e54.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:17:34 | Attr = ]

DUMP2e63.tmp -> %SystemRoot%\DUMP2e63.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:22:24 | Attr = ]

DUMP2e64.tmp -> %SystemRoot%\DUMP2e64.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:32:46 | Attr = ]

DUMP2e65.tmp -> %SystemRoot%\DUMP2e65.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:53:04 | Attr = ]

DUMP2e72.tmp -> %SystemRoot%\DUMP2e72.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:08:52 | Attr = ]

DUMP2e82.tmp -> %SystemRoot%\DUMP2e82.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-20 23:10:46 | Attr = ]

DUMP2e83.tmp -> %SystemRoot%\DUMP2e83.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:45:24 | Attr = ]

DUMP2e91.tmp -> %SystemRoot%\DUMP2e91.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:10:14 | Attr = ]

DUMP2ea1.tmp -> %SystemRoot%\DUMP2ea1.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-19 16:13:48 | Attr = ]

DUMP2ea2.tmp -> %SystemRoot%\DUMP2ea2.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:27:56 | Attr = ]

DUMP2ea3.tmp -> %SystemRoot%\DUMP2ea3.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-21 19:41:44 | Attr = ]

DUMP2ee0.tmp -> %SystemRoot%\DUMP2ee0.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-19 16:13:00 | Attr = ]

DUMP2f6c.tmp -> %SystemRoot%\DUMP2f6c.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2007-09-19 16:14:46 | Attr = ]

EHome -> %SystemRoot%\EHome -> [Folder | Modified Date = 2007-09-23 20:11:52 | Attr = ]

erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2007-09-26 07:12:14 | Attr = ]

ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 2007-09-26 08:32:32 | Attr = ]

Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2007-09-23 22:05:46 | Attr = R S]

Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2007-09-23 20:51:14 | Attr = ]

ime -> %SystemRoot%\ime -> [Folder | Modified Date = 2007-09-23 20:51:06 | Attr = ]

imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2007-09-26 14:52:14 | Attr = ]

inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-09-26 14:52:54 | Attr = H ]

Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-09-26 14:51:36 | Attr = HS]

Media -> %SystemRoot%\Media -> [Folder | Modified Date = 2007-09-23 20:50:06 | Attr = ]

Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2007-09-26 21:19:50 | Attr = ]

msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 2007-09-26 19:54:40 | Attr = ]

peernet -> %SystemRoot%\peernet -> [Folder | Modified Date = 2007-09-23 20:50:12 | Attr = ]

Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2007-09-26 22:27:38 | Attr = ]

provisioning -> %SystemRoot%\provisioning -> [Folder | Modified Date = 2007-09-23 20:50:06 | Attr = ]

security -> %SystemRoot%\security -> [Folder | Modified Date = 2007-09-23 22:30:18 | Attr = ]

setupapi.log.1.old -> %SystemRoot%\setupapi.log.1.old -> [Ver = | Size = 1086100 bytes | Modified Date = 2007-09-23 21:06:24 | Attr = ]

srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 2007-09-23 20:39:00 | Attr = ]

SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 2007-09-23 10:35:14 | Attr = ]

system -> %SystemRoot%\system -> [Folder | Modified Date = 2007-09-23 20:36:24 | Attr = ]

system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 620 bytes | Modified Date = 2007-09-24 20:20:16 | Attr = ]

system32 -> %System32% -> [Folder | Modified Date = 2007-09-26 19:54:40 | Attr = ]

Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2007-09-26 22:46:20 | Attr = ]

usnsvc.exe -> %SystemRoot%\usnsvc.exe -> [Ver = | Size = 436224 bytes | Modified Date = 2007-09-11 18:03:46 | Attr = RHS]

Web -> %SystemRoot%\Web -> [Folder | Modified Date = 2007-09-23 20:30:06 | Attr = R ]

win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 896 bytes | Modified Date = 2007-09-24 20:20:16 | Attr = ]

WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2007-09-26 14:51:36 | Attr = ]

WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 2007-09-23 22:11:30 | Attr = ]

SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-09-26 21:19:56 | Attr = H ]

CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 2007-09-25 06:47:18 | Attr = ]

CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-09-26 21:22:26 | Attr = ]

Com -> %System32%\Com -> [Folder | Modified Date = 2007-09-23 21:30:24 | Attr = ]

cwicnohfx.exe -> %System32%\cwicnohfx.exe -> [Ver = | Size = 19710 bytes | Modified Date = 2007-09-06 10:23:14 | Attr = ]

delFSF.bat -> %System32%\delFSF.bat -> [Ver = | Size = 153 bytes | Modified Date = 2007-09-19 16:06:14 | Attr = ]

dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-09-26 19:54:40 | Attr = RHS]

drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-09-26 21:17:08 | Attr = ]

FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 487496 bytes | Modified Date = 2007-09-24 22:41:14 | Attr = ]

Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 2007-09-25 21:24:58 | Attr = ]

MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 118 bytes | Modified Date = 2007-09-23 14:52:22 | Attr = ]

mui -> %System32%\mui -> [Folder | Modified Date = 2007-09-23 20:51:06 | Attr = ]

npp -> %System32%\npp -> [Folder | Modified Date = 2007-09-23 20:39:04 | Attr = ]

oobe -> %System32%\oobe -> [Folder | Modified Date = 2007-09-23 20:51:10 | Attr = ]

perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 40836 bytes | Modified Date = 2007-09-24 22:45:56 | Attr = ]

perfc00C.dat -> %System32%\perfc00C.dat -> [Ver = | Size = 49494 bytes | Modified Date = 2007-09-24 22:45:56 | Attr = ]

perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 314508 bytes | Modified Date = 2007-09-24 22:45:56 | Attr = ]

perfh00C.dat -> %System32%\perfh00C.dat -> [Ver = | Size = 370414 bytes | Modified Date = 2007-09-24 22:45:56 | Attr = ]

PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 782748 bytes | Modified Date = 2007-09-24 22:45:56 | Attr = ]

QTJava.zip -> %System32%\QTJava.zip -> [Ver = | Size = 1051565 bytes | Modified Date = 2007-09-04 13:18:06 | Attr = ]

ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 2007-09-23 20:22:36 | Attr = ]

Restore -> %System32%\Restore -> [Folder | Modified Date = 2007-09-26 21:13:52 | Attr = ]

Setup -> %System32%\Setup -> [Folder | Modified Date = 2007-09-23 20:51:08 | Attr = ]

tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3018 bytes | Modified Date = 2007-09-24 23:08:06 | Attr = ]

usmt -> %System32%\usmt -> [Folder | Modified Date = 2007-09-23 20:36:44 | Attr = ]

wbem -> %System32%\wbem -> [Folder | Modified Date = 2007-09-24 20:45:50 | Attr = ]

wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 2007-09-26 21:44:18 | Attr = ]

xpdx.sys -> %System32%\xpdx.sys -> [Ver = | Size = 55030 bytes | Modified Date = 2007-09-25 18:59:58 | Attr = ]

etc -> %System32%\drivers\etc -> [Folder | Modified Date = 2007-09-26 12:29:56 | Attr = ]

fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 8384800 bytes | Modified Date = 2007-09-26 22:45:04 | Attr = HS]

fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 114104 bytes | Modified Date = 2007-09-26 21:14:28 | Attr = HS]

fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 262176 bytes | Modified Date = 2007-09-26 21:14:28 | Attr = HS]

fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 27596 bytes | Modified Date = 2007-09-26 21:14:28 | Attr = HS]

klick.dat -> %System32%\drivers\klick.dat -> [Ver = | Size = 82061 bytes | Modified Date = 2007-09-19 10:55:04 | Attr = ]

klif.sys -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.299 | Size = 186640 bytes | Modified Date = 2007-09-19 10:55:12 | Attr = ]

klin.dat -> %System32%\drivers\klin.dat -> [Ver = | Size = 81549 bytes | Modified Date = 2007-09-19 10:55:04 | Attr = ]

hosts.20070926-091600.backup -> %System32%\drivers\etc\hosts.20070926-091600.backup -> [Ver = | Size = 893 bytes | Modified Date = 2007-09-24 19:25:40 | Attr = ]

hosts.20070926-122955.backup -> %System32%\drivers\etc\hosts.20070926-122955.backup -> [Ver = | Size = 183781 bytes | Modified Date = 2007-09-26 09:16:02 | Attr = R ]

Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 2007-09-23 08:09:54 | Attr = ]

Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Modified Date = 2007-09-26 21:41:42 | Attr = ]

Kaspersky Lab Setup Files -> %AllUsersAppData%\Kaspersky Lab Setup Files -> [Folder | Modified Date = 2007-09-15 14:12:46 | Attr = ]

Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 2007-09-23 12:53:04 | Attr = S]

Prevx -> %AllUsersAppData%\Prevx -> [Folder | Modified Date = 2007-09-23 10:34:00 | Attr = ]

Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 2007-09-26 12:32:24 | Attr = ]

Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 2007-09-23 08:10:06 | Attr = ]

IE7Pro -> %UserAppData%\IE7Pro -> [Folder | Modified Date = 2007-09-23 14:37:00 | Attr = ]

Lavasoft -> %UserAppData%\Lavasoft -> [Folder | Modified Date = 2007-09-23 12:53:06 | Attr = ]

Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 2007-09-24 20:31:18 | Attr = S]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 84480 bytes | Modified Date = 2007-09-26 20:15:44 | Attr = ]

GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 110968 bytes | Modified Date = 2007-09-25 06:42:10 | Attr = ]

IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 2660694 bytes | Modified Date = 2007-09-22 06:46:24 | Attr = H ]

Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 2007-09-25 21:50:52 | Attr = ]

a-squared -> %UserDocuments%\a-squared -> [Folder | Modified Date = 2007-09-26 13:05:06 | Attr = ]

ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe -> %UserDocuments%\ad-aware_ad-aware_2007_7.0.2.2_anglais_12797.exe -> [Ver = | Size = 19142000 bytes | Modified Date = 2007-09-23 06:40:22 | Attr = ]

anti virus -> %UserDocuments%\anti virus -> [Folder | Modified Date = 2007-09-06 15:47:28 | Attr = ]

avg-anti-rootkit_avg_anti-rootkit_1.1.0.42_anglais_34515.exe -> %UserDocuments%\avg-anti-rootkit_avg_anti-rootkit_1.1.0.42_anglais_34515.exe -> [Ver = | Size = 423736 bytes | Modified Date = 2007-09-23 06:46:48 | Attr = ]

avg-anti-spyware_avg_anti-spyware_7.5.1.36_francais_27645.exe -> %UserDocuments%\avg-anti-spyware_avg_anti-spyware_7.5.1.36_francais_27645.exe -> [Ver = | Size = 12413440 bytes | Modified Date = 2007-09-23 06:42:20 | Attr = ]

desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 119 bytes | Modified Date = 2007-09-23 22:12:28 | Attr = HS]

famille CONTE -> %UserDocuments%\famille CONTE -> [Folder | Modified Date = 2007-09-24 22:45:22 | Attr = ]

La Baule -> %UserDocuments%\La Baule -> [Folder | Modified Date = 2007-09-09 16:42:58 | Attr = ]

logiciels -> %UserDocuments%\logiciels -> [Folder | Modified Date = 2007-09-04 13:12:56 | Attr = ]

Ma musique -> %UserDocuments%\Ma musique -> [Folder | Modified Date = 2007-09-23 22:12:28 | Attr = R ]

Mes images -> %UserDocuments%\Mes images -> [Folder | Modified Date = 2007-09-24 22:46:52 | Attr = R ]

Rappport Kaspersky ON LIne.html -> %UserDocuments%\Rappport Kaspersky ON LIne.html -> [Ver = | Size = 43412 bytes | Modified Date = 2007-09-25 23:30:38 | Attr = ]

a-squared Free.lnk -> %AllUsersDesktop%\a-squared Free.lnk -> [Ver = | Size = 651 bytes | Modified Date = 2007-09-26 12:50:48 | Attr = ]

AVG Anti-Rootkit Free.lnk -> %AllUsersDesktop%\AVG Anti-Rootkit Free.lnk -> [Ver = | Size = 831 bytes | Modified Date = 2007-09-24 20:13:34 | Attr = ]

AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 852 bytes | Modified Date = 2007-09-23 08:10:02 | Attr = ]

2007été -> %UserDesktop%\2007été -> [Folder | Modified Date = 2007-09-24 23:25:40 | Attr = ]

classe de neige 2007 -> %UserDesktop%\classe de neige 2007 -> [Folder | Modified Date = 2007-09-26 20:15:14 | Attr = ]

ComboFix.exe -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1486342 bytes | Modified Date = 2007-09-26 06:39:54 | Attr = ]

HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1737 bytes | Modified Date = 2007-09-25 19:00:52 | Attr = ]

Larbi -> %UserDesktop%\Larbi -> [Folder | Modified Date = 2007-09-24 23:40:14 | Attr = ]

Mopti-Ségou BOULAB -> %UserDesktop%\Mopti-Ségou BOULAB -> [Folder | Modified Date = 2007-09-24 23:31:56 | Attr = ]

Nouveau dossier -> %UserDesktop%\Nouveau dossier -> [Folder | Modified Date = 2007-09-24 23:31:42 | Attr = ]

Photos Aurianne -> %UserDesktop%\Photos Aurianne -> [Folder | Modified Date = 2007-09-26 20:15:24 | Attr = ]

photos cheval ml -> %UserDesktop%\photos cheval ml -> [Folder | Modified Date = 2007-09-24 23:36:40 | Attr = ]

Photos Mopti-Ségou -> %UserDesktop%\Photos Mopti-Ségou -> [Folder | Modified Date = 2007-09-24 23:44:28 | Attr = ]

photos papier -> %UserDesktop%\photos papier -> [Folder | Modified Date = 2007-09-24 23:44:08 | Attr = ]

SDFix.exe -> %UserDesktop%\SDFix.exe -> [Ver = | Size = 1159146 bytes | Modified Date = 2007-09-26 06:38:38 | Attr = ]

SmitfraudFix -> %UserDesktop%\SmitfraudFix -> [Folder | Modified Date = 2007-09-24 23:08:20 | Attr = ]

SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe -> [Ver = | Size = 1006219 bytes | Modified Date = 2007-09-23 07:49:26 | Attr = ]

Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 936 bytes | Modified Date = 2007-09-26 08:43:06 | Attr = ]

VirtumundoBeGone.exe -> %UserDesktop%\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Modified Date = 2007-09-23 10:53:14 | Attr = ]

vundofix_vundofix_6.5.4_anglais_25107.exe -> %UserDesktop%\vundofix_vundofix_6.5.4_anglais_25107.exe -> Atribune.org [Ver = 6.05.0004 | Size = 108544 bytes | Modified Date = 2007-09-23 10:45:58 | Attr = ]

WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 2007-09-26 22:27:28 | Attr = ]

winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Modified Date = 2007-09-26 22:20:00 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 2007-09-26 14:48:44 | Attr = ]

 

[File String Scan - Non-Microsoft Only]

WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.01 | Size = 10433024 bytes | Modified Date = 2003-08-05 16:51:00 | Attr = ]

PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 2002-08-30 14:00:00 | Attr = ]

FSG! , -> %System32%\divxdec.ax -> DivXNetworks, Inc. [Ver = 5.1.1.1031 | Size = 236544 bytes | Modified Date = 2003-12-10 16:36:10 | Attr = ]

UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 2007-07-22 18:39:28 | Attr = ]

winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2002-08-30 14:00:00 | Attr = ]

WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2002-08-30 14:00:00 | Attr = ]

PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 2004-08-04 07:41:38 | Attr = ]

abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts -> [Ver = | Size = 183665 bytes | Modified Date = 2007-09-26 12:29:56 | Attr = R ]

abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.20070926-122955.backup -> [Ver = | Size = 183781 bytes | Modified Date = 2007-09-26 09:16:02 | Attr = R ]

File scan skipped for file %UserDocuments%\film jp 69 70.mpg -> File size too big (312803428 bytes) ->

File scan skipped for file %UserDocuments%\film jp fin.mpg -> File size too big (432549852 bytes) ->

File scan skipped for file %UserDocuments%\film jp 67 68.mpg -> File size too big (226801484 bytes) ->

File scan skipped for file %UserDocuments%\film jp 68 69.mpg -> File size too big (385944356 bytes) ->

UPX! , UPX0 , -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1486342 bytes | Modified Date = 2007-09-26 06:39:54 | Attr = ]

WSUD , -> %UserDesktop%\convertmovie_3_0_bluesquad_fr.exe -> [Ver = | Size = 13115171 bytes | Modified Date = 2007-03-28 15:14:42 | Attr = ]

Thawte Consulting , -> %UserDesktop%\videocleaner_wmf_setup.exe -> [Ver = | Size = 6624984 bytes | Modified Date = 2007-03-28 15:45:56 | Attr = ]

PEC2 , PECompact2 , -> %UserDesktop%\vundofix_vundofix_6.5.4_anglais_25107.exe -> Atribune.org [Ver = 6.05.0004 | Size = 108544 bytes | Modified Date = 2007-09-23 10:45:58 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

WSUD , -> %UserDesktop%\zvcd2000.exe -> ZillaSoft [Ver = | Size = 14671730 bytes | Modified Date = 2007-03-28 15:05:54 | Attr = ]

 

< End of report >

 

 

[Thanos]

salut

 

Voici la suite des manipulations >

 

Je vois que tu as mis en route le TeaTimer de Spybot S&D ! > Désactive le teatimer de Spybot en passant par les options de Spybot: Une fois dans le logiciel, il faut aller dans le menu "Mode" => coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Teatimer" . Tu ne doit plus voir l'icône du Teatimer dans la barre de tâches!

Ne fais pas l'impasse sur cette étape, car ca peut faire échouer la procédure de désinfection !

 

1) Passe par le Panneau de Configuration > Ajouter/Supprimer des Programmes et désinstalle >

 

SweetIM For Internet Explorer 1.0a

 

2) Démarre WinPFind3U en double cliquant sur WinPFind3U.exe et copie/colle le texte ci dessous (ne copie pas le mot CODE) dans le Panneau Paste fix here , puis clique sur le bouton Run Fix.

[Win32 Services - Non-Microsoft Only]
YY -> (gay) SDIN Adapter [Win32_Shared | Auto | Stopped] -> %System32%\sdin.exe
YY -> (Microsoft usnsvc Service) Microsoft usnsvc Service [Win32_Own | Auto | Running] -> %SystemRoot%\usnsvc.exe
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> KernelFaultCheck -> 
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\DisableRegistryTools -> 0
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\DisableRegistryTools -> 0
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
[Registry - Additional Scans - Non-Microsoft Only]
< Security Settings > -> 
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\System32\yrdlvxlle.exe -> C:\WINDOWS\System32\yrdlvxlle.exe:*:Enabled:Log System
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\System32\ukrzhrlgf.exe -> C:\WINDOWS\System32\ukrzhrlgf.exe:*:Enabled:Microsoft OCX
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
YN -> {BBB1528C-2F8C-4526-9C8E-699F17AF21CA} -> SweetIM For Internet Explorer 1.0a
[Files/Folders - Created Within 60 days]
NY -> aczzdozkf.exe -> %SystemDrive%\aczzdozkf.exe
NY -> afohiionc.exe -> %SystemDrive%\afohiionc.exe
NY -> augwzwwch.exe -> %SystemDrive%\augwzwwch.exe
NY -> cad.exe -> %SystemDrive%\cad.exe
NY -> dvqcrrcnb.exe -> %SystemDrive%\dvqcrrcnb.exe
NY -> fefoehcst.exe -> %SystemDrive%\fefoehcst.exe
NY -> flbahdsgh.exe -> %SystemDrive%\flbahdsgh.exe
NY -> grmdnguak.exe -> %SystemDrive%\grmdnguak.exe
NY -> ijcbudhzr.exe -> %SystemDrive%\ijcbudhzr.exe
NY -> jaawtjelh.exe -> %SystemDrive%\jaawtjelh.exe
NY -> jeaefljpe.exe -> %SystemDrive%\jeaefljpe.exe
NY -> jjkgqewxw.exe -> %SystemDrive%\jjkgqewxw.exe
NY -> jveebidtz.exe -> %SystemDrive%\jveebidtz.exe
NY -> jzwlhhqof.exe -> %SystemDrive%\jzwlhhqof.exe
NY -> mipxeuqwp.exe -> %SystemDrive%\mipxeuqwp.exe
NY -> nltnuwsge.exe -> %SystemDrive%\nltnuwsge.exe
NY -> olzixhjuf.exe -> %SystemDrive%\olzixhjuf.exe
NY -> qkxmamnpw.exe -> %SystemDrive%\qkxmamnpw.exe
NY -> qzxnwtndr.exe -> %SystemDrive%\qzxnwtndr.exe
NY -> recxadbxb.exe -> %SystemDrive%\recxadbxb.exe
NY -> SDFix -> %SystemDrive%\SDFix
NY -> umqvmqbff.exe -> %SystemDrive%\umqvmqbff.exe
NY -> vlvgcweqr.exe -> %SystemDrive%\vlvgcweqr.exe
NY -> VundoFix Backups -> %SystemDrive%\VundoFix Backups
NY -> vwilmjrgb.exe -> %SystemDrive%\vwilmjrgb.exe
NY -> ycjorcbgo.exe -> %SystemDrive%\ycjorcbgo.exe
NY -> yhuslowtx.exe -> %SystemDrive%\yhuslowtx.exe
NY -> ykgkamnrp.exe -> %SystemDrive%\ykgkamnrp.exe
NY -> yqxkcwesg.exe -> %SystemDrive%\yqxkcwesg.exe
NY -> b122.exe -> %SystemRoot%\b122.exe
NY -> b128.exe.bin -> %SystemRoot%\b128.exe.bin
NY -> b143.exe.bin -> %SystemRoot%\b143.exe.bin
NY -> b147.exe.bin -> %SystemRoot%\b147.exe.bin
NY -> DUMP2710.tmp -> %SystemRoot%\DUMP2710.tmp
NY -> DUMP2aa9.tmp -> %SystemRoot%\DUMP2aa9.tmp
NY -> DUMP2cad.tmp -> %SystemRoot%\DUMP2cad.tmp
NY -> DUMP2d1a.tmp -> %SystemRoot%\DUMP2d1a.tmp
NY -> DUMP2d3b.tmp -> %SystemRoot%\DUMP2d3b.tmp
NY -> DUMP2d5a.tmp -> %SystemRoot%\DUMP2d5a.tmp
NY -> DUMP2d5b.tmp -> %SystemRoot%\DUMP2d5b.tmp
NY -> DUMP2d79.tmp -> %SystemRoot%\DUMP2d79.tmp
NY -> DUMP2d89.tmp -> %SystemRoot%\DUMP2d89.tmp
NY -> DUMP2d8a.tmp -> %SystemRoot%\DUMP2d8a.tmp
NY -> DUMP2d8b.tmp -> %SystemRoot%\DUMP2d8b.tmp
NY -> DUMP2d8c.tmp -> %SystemRoot%\DUMP2d8c.tmp
NY -> DUMP2d98.tmp -> %SystemRoot%\DUMP2d98.tmp
NY -> DUMP2d99.tmp -> %SystemRoot%\DUMP2d99.tmp
NY -> DUMP2d9a.tmp -> %SystemRoot%\DUMP2d9a.tmp
NY -> DUMP2daa.tmp -> %SystemRoot%\DUMP2daa.tmp
NY -> DUMP2dab.tmp -> %SystemRoot%\DUMP2dab.tmp
NY -> DUMP2dac.tmp -> %SystemRoot%\DUMP2dac.tmp
NY -> DUMP2db8.tmp -> %SystemRoot%\DUMP2db8.tmp
NY -> DUMP2db9.tmp -> %SystemRoot%\DUMP2db9.tmp
NY -> DUMP2dba.tmp -> %SystemRoot%\DUMP2dba.tmp
NY -> DUMP2dbb.tmp -> %SystemRoot%\DUMP2dbb.tmp
NY -> DUMP2dc7.tmp -> %SystemRoot%\DUMP2dc7.tmp
NY -> DUMP2dc8.tmp -> %SystemRoot%\DUMP2dc8.tmp
NY -> DUMP2dc9.tmp -> %SystemRoot%\DUMP2dc9.tmp
NY -> DUMP2dca.tmp -> %SystemRoot%\DUMP2dca.tmp
NY -> DUMP2dcb.tmp -> %SystemRoot%\DUMP2dcb.tmp
NY -> DUMP2dcc.tmp -> %SystemRoot%\DUMP2dcc.tmp
NY -> DUMP2dd8.tmp -> %SystemRoot%\DUMP2dd8.tmp
NY -> DUMP2dd9.tmp -> %SystemRoot%\DUMP2dd9.tmp
NY -> DUMP2dda.tmp -> %SystemRoot%\DUMP2dda.tmp
NY -> DUMP2de7.tmp -> %SystemRoot%\DUMP2de7.tmp
NY -> DUMP2df5.tmp -> %SystemRoot%\DUMP2df5.tmp
NY -> DUMP2df6.tmp -> %SystemRoot%\DUMP2df6.tmp
NY -> DUMP2e05.tmp -> %SystemRoot%\DUMP2e05.tmp
NY -> DUMP2e15.tmp -> %SystemRoot%\DUMP2e15.tmp
NY -> DUMP2e16.tmp -> %SystemRoot%\DUMP2e16.tmp
NY -> DUMP2e17.tmp -> %SystemRoot%\DUMP2e17.tmp
NY -> DUMP2e18.tmp -> %SystemRoot%\DUMP2e18.tmp
NY -> DUMP2e19.tmp -> %SystemRoot%\DUMP2e19.tmp
NY -> DUMP2e26.tmp -> %SystemRoot%\DUMP2e26.tmp
NY -> DUMP2e27.tmp -> %SystemRoot%\DUMP2e27.tmp
NY -> DUMP2e34.tmp -> %SystemRoot%\DUMP2e34.tmp
NY -> DUMP2e35.tmp -> %SystemRoot%\DUMP2e35.tmp
NY -> DUMP2e43.tmp -> %SystemRoot%\DUMP2e43.tmp
NY -> DUMP2e44.tmp -> %SystemRoot%\DUMP2e44.tmp
NY -> DUMP2e45.tmp -> %SystemRoot%\DUMP2e45.tmp
NY -> DUMP2e46.tmp -> %SystemRoot%\DUMP2e46.tmp
NY -> DUMP2e53.tmp -> %SystemRoot%\DUMP2e53.tmp
NY -> DUMP2e54.tmp -> %SystemRoot%\DUMP2e54.tmp
NY -> DUMP2e63.tmp -> %SystemRoot%\DUMP2e63.tmp
NY -> DUMP2e64.tmp -> %SystemRoot%\DUMP2e64.tmp
NY -> DUMP2e65.tmp -> %SystemRoot%\DUMP2e65.tmp
NY -> DUMP2e72.tmp -> %SystemRoot%\DUMP2e72.tmp
NY -> DUMP2e83.tmp -> %SystemRoot%\DUMP2e83.tmp
NY -> DUMP2e91.tmp -> %SystemRoot%\DUMP2e91.tmp
NY -> DUMP2ea2.tmp -> %SystemRoot%\DUMP2ea2.tmp
NY -> DUMP2ea3.tmp -> %SystemRoot%\DUMP2ea3.tmp
NY -> cwicnohfx.exe -> %System32%\cwicnohfx.exe
NY -> delFSF.bat -> %System32%\delFSF.bat
NY -> xpdx.sys -> %System32%\xpdx.sys
NY -> SDFix.exe -> %UserDesktop%\SDFix.exe
NY -> SmitfraudFix -> %UserDesktop%\SmitfraudFix
NY -> SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe
NY -> VirtumundoBeGone.exe -> %UserDesktop%\VirtumundoBeGone.exe
NY -> vundofix_vundofix_6.5.4_anglais_25107.exe -> %UserDesktop%\vundofix_vundofix_6.5.4_anglais_25107.exe
[Files/Folders - Modified Within 60 days]
NY -> aczzdozkf.exe -> %SystemDrive%\aczzdozkf.exe
NY -> afohiionc.exe -> %SystemDrive%\afohiionc.exe
NY -> augwzwwch.exe -> %SystemDrive%\augwzwwch.exe
NY -> cad.exe -> %SystemDrive%\cad.exe
NY -> dvqcrrcnb.exe -> %SystemDrive%\dvqcrrcnb.exe
NY -> fefoehcst.exe -> %SystemDrive%\fefoehcst.exe
NY -> flbahdsgh.exe -> %SystemDrive%\flbahdsgh.exe
NY -> grmdnguak.exe -> %SystemDrive%\grmdnguak.exe
NY -> ijcbudhzr.exe -> %SystemDrive%\ijcbudhzr.exe
NY -> jaawtjelh.exe -> %SystemDrive%\jaawtjelh.exe
NY -> jeaefljpe.exe -> %SystemDrive%\jeaefljpe.exe
NY -> jjkgqewxw.exe -> %SystemDrive%\jjkgqewxw.exe
NY -> jveebidtz.exe -> %SystemDrive%\jveebidtz.exe
NY -> jzwlhhqof.exe -> %SystemDrive%\jzwlhhqof.exe
NY -> mipxeuqwp.exe -> %SystemDrive%\mipxeuqwp.exe
NY -> nltnuwsge.exe -> %SystemDrive%\nltnuwsge.exe
NY -> olzixhjuf.exe -> %SystemDrive%\olzixhjuf.exe
NY -> qkxmamnpw.exe -> %SystemDrive%\qkxmamnpw.exe
NY -> qzxnwtndr.exe -> %SystemDrive%\qzxnwtndr.exe
NY -> recxadbxb.exe -> %SystemDrive%\recxadbxb.exe
NY -> umqvmqbff.exe -> %SystemDrive%\umqvmqbff.exe
NY -> vlvgcweqr.exe -> %SystemDrive%\vlvgcweqr.exe
NY -> VundoFix Backups -> %SystemDrive%\VundoFix Backups
NY -> vwilmjrgb.exe -> %SystemDrive%\vwilmjrgb.exe
NY -> ycjorcbgo.exe -> %SystemDrive%\ycjorcbgo.exe
NY -> yhuslowtx.exe -> %SystemDrive%\yhuslowtx.exe
NY -> ykgkamnrp.exe -> %SystemDrive%\ykgkamnrp.exe
NY -> yqxkcwesg.exe -> %SystemDrive%\yqxkcwesg.exe
NY -> b122.exe -> %SystemRoot%\b122.exe
NY -> b128.exe.bin -> %SystemRoot%\b128.exe.bin
NY -> b143.exe.bin -> %SystemRoot%\b143.exe.bin
NY -> b147.exe.bin -> %SystemRoot%\b147.exe.bin
NY -> DUMP2710.tmp -> %SystemRoot%\DUMP2710.tmp
NY -> DUMP29de.tmp -> %SystemRoot%\DUMP29de.tmp
NY -> DUMP2aa9.tmp -> %SystemRoot%\DUMP2aa9.tmp
NY -> DUMP2b65.tmp -> %SystemRoot%\DUMP2b65.tmp
NY -> DUMP2cad.tmp -> %SystemRoot%\DUMP2cad.tmp
NY -> DUMP2ccc.tmp -> %SystemRoot%\DUMP2ccc.tmp
NY -> DUMP2cec.tmp -> %SystemRoot%\DUMP2cec.tmp
NY -> DUMP2d1a.tmp -> %SystemRoot%\DUMP2d1a.tmp
NY -> DUMP2d2a.tmp -> %SystemRoot%\DUMP2d2a.tmp
NY -> DUMP2d2b.tmp -> %SystemRoot%\DUMP2d2b.tmp
NY -> DUMP2d3a.tmp -> %SystemRoot%\DUMP2d3a.tmp
NY -> DUMP2d3b.tmp -> %SystemRoot%\DUMP2d3b.tmp
NY -> DUMP2d49.tmp -> %SystemRoot%\DUMP2d49.tmp
NY -> DUMP2d59.tmp -> %SystemRoot%\DUMP2d59.tmp
NY -> DUMP2d5a.tmp -> %SystemRoot%\DUMP2d5a.tmp
NY -> DUMP2d5b.tmp -> %SystemRoot%\DUMP2d5b.tmp
NY -> DUMP2d78.tmp -> %SystemRoot%\DUMP2d78.tmp
NY -> DUMP2d79.tmp -> %SystemRoot%\DUMP2d79.tmp
NY -> DUMP2d88.tmp -> %SystemRoot%\DUMP2d88.tmp
NY -> DUMP2d89.tmp -> %SystemRoot%\DUMP2d89.tmp
NY -> DUMP2d8a.tmp -> %SystemRoot%\DUMP2d8a.tmp
NY -> DUMP2d8b.tmp -> %SystemRoot%\DUMP2d8b.tmp
NY -> DUMP2d8c.tmp -> %SystemRoot%\DUMP2d8c.tmp
NY -> DUMP2d97.tmp -> %SystemRoot%\DUMP2d97.tmp
NY -> DUMP2d98.tmp -> %SystemRoot%\DUMP2d98.tmp
NY -> DUMP2d99.tmp -> %SystemRoot%\DUMP2d99.tmp
NY -> DUMP2d9a.tmp -> %SystemRoot%\DUMP2d9a.tmp
NY -> DUMP2da7.tmp -> %SystemRoot%\DUMP2da7.tmp
NY -> DUMP2da8.tmp -> %SystemRoot%\DUMP2da8.tmp
NY -> DUMP2da9.tmp -> %SystemRoot%\DUMP2da9.tmp
NY -> DUMP2daa.tmp -> %SystemRoot%\DUMP2daa.tmp
NY -> DUMP2dab.tmp -> %SystemRoot%\DUMP2dab.tmp
NY -> DUMP2dac.tmp -> %SystemRoot%\DUMP2dac.tmp
NY -> DUMP2db7.tmp -> %SystemRoot%\DUMP2db7.tmp
NY -> DUMP2db8.tmp -> %SystemRoot%\DUMP2db8.tmp
NY -> DUMP2db9.tmp -> %SystemRoot%\DUMP2db9.tmp
NY -> DUMP2dba.tmp -> %SystemRoot%\DUMP2dba.tmp
NY -> DUMP2dbb.tmp -> %SystemRoot%\DUMP2dbb.tmp
NY -> DUMP2dc6.tmp -> %SystemRoot%\DUMP2dc6.tmp
NY -> DUMP2dc7.tmp -> %SystemRoot%\DUMP2dc7.tmp
NY -> DUMP2dc8.tmp -> %SystemRoot%\DUMP2dc8.tmp
NY -> DUMP2dc9.tmp -> %SystemRoot%\DUMP2dc9.tmp
NY -> DUMP2dca.tmp -> %SystemRoot%\DUMP2dca.tmp
NY -> DUMP2dcb.tmp -> %SystemRoot%\DUMP2dcb.tmp
NY -> DUMP2dcc.tmp -> %SystemRoot%\DUMP2dcc.tmp
NY -> DUMP2dd6.tmp -> %SystemRoot%\DUMP2dd6.tmp
NY -> DUMP2dd7.tmp -> %SystemRoot%\DUMP2dd7.tmp
NY -> DUMP2dd8.tmp -> %SystemRoot%\DUMP2dd8.tmp
NY -> DUMP2dd9.tmp -> %SystemRoot%\DUMP2dd9.tmp
NY -> DUMP2dda.tmp -> %SystemRoot%\DUMP2dda.tmp
NY -> DUMP2de6.tmp -> %SystemRoot%\DUMP2de6.tmp
NY -> DUMP2de7.tmp -> %SystemRoot%\DUMP2de7.tmp
NY -> DUMP2df5.tmp -> %SystemRoot%\DUMP2df5.tmp
NY -> DUMP2df6.tmp -> %SystemRoot%\DUMP2df6.tmp
NY -> DUMP2e05.tmp -> %SystemRoot%\DUMP2e05.tmp
NY -> DUMP2e14.tmp -> %SystemRoot%\DUMP2e14.tmp
NY -> DUMP2e15.tmp -> %SystemRoot%\DUMP2e15.tmp
NY -> DUMP2e16.tmp -> %SystemRoot%\DUMP2e16.tmp
NY -> DUMP2e17.tmp -> %SystemRoot%\DUMP2e17.tmp
NY -> DUMP2e18.tmp -> %SystemRoot%\DUMP2e18.tmp
NY -> DUMP2e19.tmp -> %SystemRoot%\DUMP2e19.tmp
NY -> DUMP2e24.tmp -> %SystemRoot%\DUMP2e24.tmp
NY -> DUMP2e25.tmp -> %SystemRoot%\DUMP2e25.tmp
NY -> DUMP2e26.tmp -> %SystemRoot%\DUMP2e26.tmp
NY -> DUMP2e27.tmp -> %SystemRoot%\DUMP2e27.tmp
NY -> DUMP2e34.tmp -> %SystemRoot%\DUMP2e34.tmp
NY -> DUMP2e35.tmp -> %SystemRoot%\DUMP2e35.tmp
NY -> DUMP2e43.tmp -> %SystemRoot%\DUMP2e43.tmp
NY -> DUMP2e44.tmp -> %SystemRoot%\DUMP2e44.tmp
NY -> DUMP2e45.tmp -> %SystemRoot%\DUMP2e45.tmp
NY -> DUMP2e46.tmp -> %SystemRoot%\DUMP2e46.tmp
NY -> DUMP2e53.tmp -> %SystemRoot%\DUMP2e53.tmp
NY -> DUMP2e54.tmp -> %SystemRoot%\DUMP2e54.tmp
NY -> DUMP2e63.tmp -> %SystemRoot%\DUMP2e63.tmp
NY -> DUMP2e64.tmp -> %SystemRoot%\DUMP2e64.tmp
NY -> DUMP2e65.tmp -> %SystemRoot%\DUMP2e65.tmp
NY -> DUMP2e72.tmp -> %SystemRoot%\DUMP2e72.tmp
NY -> DUMP2e82.tmp -> %SystemRoot%\DUMP2e82.tmp
NY -> DUMP2e83.tmp -> %SystemRoot%\DUMP2e83.tmp
NY -> DUMP2e91.tmp -> %SystemRoot%\DUMP2e91.tmp
NY -> DUMP2ea1.tmp -> %SystemRoot%\DUMP2ea1.tmp
NY -> DUMP2ea2.tmp -> %SystemRoot%\DUMP2ea2.tmp
NY -> DUMP2ea3.tmp -> %SystemRoot%\DUMP2ea3.tmp
NY -> DUMP2ee0.tmp -> %SystemRoot%\DUMP2ee0.tmp
NY -> DUMP2f6c.tmp -> %SystemRoot%\DUMP2f6c.tmp
NY -> usnsvc.exe -> %SystemRoot%\usnsvc.exe
NY -> cwicnohfx.exe -> %System32%\cwicnohfx.exe
NY -> delFSF.bat -> %System32%\delFSF.bat
NY -> xpdx.sys -> %System32%\xpdx.sys
NY -> SDFix.exe -> %UserDesktop%\SDFix.exe
NY -> SmitfraudFix -> %UserDesktop%\SmitfraudFix
NY -> SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe
NY -> VirtumundoBeGone.exe -> %UserDesktop%\VirtumundoBeGone.exe
NY -> vundofix_vundofix_6.5.4_anglais_25107.exe -> %UserDesktop%\vundofix_vundofix_6.5.4_anglais_25107.exe

Le Fix va se faire rapidement, puis il te sera peut être demandé de redémarrer ton pc : accepte en cliquant sur Yes.

 

3) Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFix.exe ***

 

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

• Redémarre ton ordinateur
  
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  
• Choisis ton compte.
  

Déroule la liste des instructions ci-dessous :

• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  
• Appuie sur Y pour commencer le processus de nettoyage.
  
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  
• Appuie sur une touche pour redémarrer le PC.
  
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
  

Une fois le pc redémarré >

 

-Poste le rapport qui se trouve dans le dossier WinPFind3u ( c'est un rapport qui a pour nom la date du jour\mois\année\heure).

 

-Poste le rapport de SDFix.

 

courage

 

Edit pour correction du fix!

Modifié le 27 septembre 2007 par charles ingals